Modern life has been enriched and facilitated by various network services, such as social networking services, messenger services, real-time chatting services, on-line shopping, trading and/or bidding services, mail services, calendar and scheduling services, media streaming services, news broadcasting and/or feeding services, forum services, gaming services, cloud storage and/or file sharing services, search engine services, knowledge management and/or learning services, on-line payment, financial and/or banking services, language translation services, monitoring and surveillance services, anti-virus services, locating and navigating services, as well as public government services. As a network service is implemented by a remote application server, a user utilizes a user equipment to communicate with the application server; for example, the user equipment may be a mobile phone, a tablet, a wearable device, etc.
Because network service may be personalized and customized respectively for different users, a user may need to be authenticated by an application server to be identified, and then be allowed to access one's own personalized network service provided by the application server. Prior art for a user to be authenticated by an application server requires the user to log in by manually inputting a username (user identity) and a password, which are embedded in a log-in request message and sent to the application server by a user equipment of the user.
However, as each one of various network services requires a username-password set, a user needs many username-password sets respectively for many network services. It is difficult, inconvenient and infeasible for a user to remember many username-password sets. A user may choose to use a same username-password set for all network services, but will suffer potential security issues; for example, if one of the network services is compromised to leak the username-password set, personal information of all other network services are exposed to malicious eavesdropper. A user may choose to write down or record the username-password sets on paper or in user equipment, but it still has potential security issues, such as peeking.