201143342 六、發明說明: 【發明所屬之技術領域】 本發明係為應用程式登入方法,詳而言之, ’係關於一 種利用介接服務登入應用程式之方法。 【先前技術】 隨著電腦軟硬體發展與網際網路的普及化,藉由特— 的帳號及/或密碼登入特定的應用程式,以進行庇 . 呢'用程式的201143342 VI. Description of the Invention: [Technical Field of the Invention] The present invention is an application login method, in detail, a method for logging in an application using an interface service. [Prior Art] With the development of computer software and hardware and the popularity of the Internet, you can use a special account and/or password to log in to a specific application to perform the application.
使用操作,或進一步利用該應用程式透過網路 '^订料傳 輸,已相當的普及,該些應用程式可例如為網路瀏覽、電 子郵件收發、即時通訊、線上遊戲等需要透過網路進行資 料傳輸的應用程式。此外,即便非必要透過網路進行資= 傳輸的應用程式,如文書處理、多媒體播放、數位出版品 閱讀等應用程式,為限定只有如合法被授權者之特定使用 者可以使用,往往在開啟並進入使用該些應用程式前,會 要求使用者輸入帳號及/或密碼,並於完成身分認證後,始 提供完整的應用程式服務。 以逍過網際網路使用的即時通訊應用程式為例,使用 者通常需要先向提供即時通題叙業者的服糾服器申 請至少-組帳號及/或密碼,並將相應的應雜式下载於電 腦中,而於下載並安裝完成後,即可啟動㈣肺式,並 依據該應隸式的要求,輪入先前中請之帳號及/或密碼, =過該應肺式登人業者的服_服進而使 時通訊服務。於此過程中,服盘, 入之帳狀/絲碼對㈣者進彳二鞋乃㈣使用者所輪 爷進仃身份驗證,因此,若使用 111606 3 1 , 201143342 者不慎輸入錯誤的帳號及/或密碼,即無法利用該應用程式 登入業者的服務伺服器使用即時通訊服務。 問題是,既然業者的服務伺服器可藉由帳號及/或密碼 來對使用者進行身份驗證,理應能充分地保障使用者的資 訊安全,但為何關於使用者之身份遭到冒用或使用者之資 訊遭到竊取的資安事件,仍然不斷地頻繁發生。究其原因, 主要在於帳號及/或密碼是經由應用程式輸入並透過網路 提供予服務伺服器,以致帳號及/或密碼非常容易遭到竊 取。亦即,由於使用者在開啟應用程式時,皆需先輸入帳馨 號及/或密碼予應用程式,使得安裝有應用程式的資料處理 裝置中會儲存有使用者之帳號及/或密碼等記錄,增加了帳 號及/或密碼遭到竊取的風險。又,縱使使用者於應用程式 的設定選項中設定不對帳號及/或密碼進行記錄,^在 輸入帳號及/或密碼的過程中,仍然得以藉由如後門(木馬) 程式或側錄程式等惡意應用程式連結上該應用程式或側錄 輸入狀態,進而竊取帳號及/或密碼。 、 有鑑於此,如何提供一種身分認證方法,能令使用者眷 以不需輸入帳號及/或密碼予應用程式之方式使用應用程 式’以充分保障育訊安全’實為業界所亟需解決之課題。 【發明内容】 為解決上述先前技術之缺失及達到其他目的,本發明 遂提供一種一種身分認證方法,係應用於透過網路相互連 接之應用程式及認證伺服器間,該身分認證方法包括以下 步驟:⑴令該應用程式判斷是否具有由該認證飼服器所 111606 4The use of the operation, or further use of the application through the network '^ order material transmission, has been quite popular, such applications can be used for Internet browsing, e-mail, instant messaging, online games, etc. Transferred application. In addition, applications that are not necessarily transmitted over the Internet, such as word processing, multimedia playback, digital publishing, etc., are limited to specific users who are only legally authorized, and are often turned on. Before entering the application, the user will be required to enter an account number and/or password, and after completing the identity authentication, a complete application service will be provided. For example, an instant messaging application that is used over the Internet, users usually need to apply for at least a group account and/or password to the service corrector who provides the instant-time expert, and download the corresponding application. In the computer, after downloading and installing, you can start (4) lung type, and according to the requirements of the affiliation, turn in the account number and / or password of the previous request, = pass the lungs of the applicant Service _ service and then time communication services. In this process, the service disk, into the account / silk code pair (four) into the second shoe is (four) the user's wheel into the identity verification, therefore, if you use 111606 3 1 , 201143342 accidentally enter the wrong account And/or password, that is, the service server of the application cannot be used to access the instant messaging service. The problem is that since the service server of the operator can authenticate the user by using the account number and/or password, it should be able to fully protect the user's information security, but why the identity of the user is fraudulent or user The security incidents in which information was stolen continue to occur frequently. The reason is mainly that the account number and/or password are input through the application and provided to the service server through the network, so that the account and/or password are very easy to be stolen. That is, since the user needs to input the account number and/or password to the application when the application is opened, the data processing device installed with the application stores the user's account and/or password. Increases the risk of account and/or password being stolen. Moreover, even if the user does not record the account number and/or password in the setting options of the application, ^ in the process of inputting the account number and/or password, it is still possible to be malicious by such as a backdoor (trojan) program or a side recording program. The application links to the application or logs the input status to steal the account and/or password. In view of this, how to provide an identity authentication method that enables users to use the application 'in order to fully protect the security of education' without having to input an account number and/or password to the application is really needed in the industry. Question. SUMMARY OF THE INVENTION In order to solve the above-mentioned problems of the prior art and achieve other purposes, the present invention provides an identity authentication method for application between an application and an authentication server connected to each other through a network. The identity authentication method includes the following steps. : (1) Let the application determine if there is a certified feeding device 111606 4
I 201143342 提供之識別碼,若是’則進至步驟(2),若否,則進至步 驟(4); (2)令該應用程式利用該識別碼透過該網路向該 認證伺服器進行認證’若認證成功,則進至步驟(3),若 認證失敗’則進至步驟U); (3)令該應用程式提供服務, 並結束流程步驟;以及(4)令該應用程式向該認證伺服器 進行驗證’並令該認證伺服器提供識別碼予通過驗證之應 用程式。 於本發明之一實施態樣中’於步驟(1 )之前,復包 鲁括令該應用程式向該認證伺服器進行驗證,以令該認證伺 服器提供識別碼予通過驗證之應用程式之步驟。 於本發明之又一實施態樣中,於步驟(1)之前,當 D玄》心》伺服器提供識別碼予通過驗證之應用程式時,令該 應用程式針對該認證伺服器提供之識別碼設定有效期限及 /或使用-人數上限,且於步驟(2 )中,係令該應用程式利 用具有該有效期限及/或使用次數上限之識別碼向該認證 鲁祠服器進行認證。 於本發明之另一實施態樣中,於步驟(4 )中之令該 應用程式向該認證伺服器進行驗證的步驟,係令該應=程 f提供帳號及/或密碼予該認證伺服器,以令該認證伺服器 藉由該帳號及/或密碼對該應用程式進行身份驗證。 該步驟(3)復包括令 丨民器’以令該服務伺服 於本發明之再一實施態樣中,該主 °玄應用私式透過该網路登入服務飼服器 器透過該應用程式提供服務。 該步驟(4)係令該 於本發明之又再一實施態樣中, 111606 5 201143342 應用程式提供帳號及/或密碼予該認證伺服器,以令該認證 伺服器藉由該帳號及/或密碼對該應用程式進行身份驗證。 於本發明之復又一實施態樣中,該步驟(4)復包括 令通過驗證之應用程式針對該認證伺服器提供之識別碼設 定有效期限及/或使用次數上限之步驟。 綜上所述,本發明之身分認證方法,係可令應用程式 藉由網路以認證伺服器先前所提供之識別碼向認證伺服器 進行認證,並於認證通過後再令應用程式提供服務,或藉 由網路登入相對應的服務伺服器。而該識別碼係為應用程 式透過網路將帳號及/或密碼提供予該認證伺服器進行驗 證通過所取得者。因此,透過本發明之身分認證方法得以 供會員以不需輸入帳號及/或密碼予應用程式之方式,啟動 應用程式登入於預定的服務伺服器以使用特定的線上服 務,故不但使用方便,更可避免身分認證資料遭到惡意程 式或未經授權者盜用。 【實施方式】 以下藉由特定的具體實施例說明本發明之實施方 式,熟悉此技術之人士可由本說明書所揭示之内容輕易地 了解本發明之其他優點與功效’亦可藉由其他不同的具體 實施例加以施行或應用。 請參閱第1圖,係繪示本發明提供之身分認證方法之 步驟流程圖。而本發明之身分認證方法,係應用於透過網 路相互連接之應用程式及認證伺服器間,其中,應用程式 係可為線上通訊軟體、線上遊戲軟體、線上金融交易軟體 111606 6 201143342 式’或如文書處理、多媒體播放、數位出版品閱 ^應m,且該錢⑽式可安裝於例如為個人電 腦、筆記型電腦、智慧型手機、及個人數位助理等呈有網 =結功能的資料處理裝置中。該些應用程式可以透過網 j入線上服務業者所架設之服務舰器,亦可直接在資 =里)中運作欠。而認證飼服器係可為網路服務供應商 置之㈣處理平台’並透過網路與資料處理裝 置進行賢料傳輸,一般而言,認證飼服器且具有較一般資 料處理裝置強大的運算古 又、 之網踗hi 的貝訊安全規格。所述 上如為有線網路或無線網路之網路,俾資 料處理裝置與認證伺服肢歸聽難連結。 、 如第1圖所示,於步驟S11中 檢測,以_是_ 7應用知式進仃自我 則進至牛驟川 讀供之識別碼,若是, η別否’則進至步驟…。於本實施例中, 可例如為由數字、字母、圖帛 或付號所組成之戽號而丨,ΛΛ. 〜像及/ 具有專屬之尉鹿Γ ’ °付記(token)’且與應用程式 同應用程式;;二:及安裝在同-資料處理裝置的不 或安裝在同-_處理=料理裝置的同—應用程式; 識別碼。 下的應用程式,都會有不同的對應 較佳者,可進—牛入 ,7k應用程式向該認證伺服器進行 而補充說明者,於其他實施態樣中 别,復可包㈣該制程式询 執仃 击办 /土 4sf_ —1- _ 111606 7 201143342 驗證,以令該認證伺服器提供識別碼予通過驗證之應用程 · 式。 於步驟S12中,令應用程式利用所具有之識別碼向認 證伺服器提出欲進行認證之要求,亦即,係透過網路要求 認證伺服器判斷識別碼與應用程式的對應關係是否正確無 誤,並依據判斷結果進行認證。若判斷出對應關係乃正確 無誤,則代表認證成功,並接著進至步驟S13 ;而若判斷 出對應關有錯誤’代表認證失敗,則進至步驟S14。 於步驟S13中,令應用程式啟動或透過網路登入預定 籲 之服務伺服器以提供服務,亦即,當認證伺服器確認應用 程式與識別碼之對應關為正確無誤後,即可提供使用者透 過資料處理裝置操作使用應用程式,或開放應用程式透過 網路登入預定之服務伺服器,以令使用者得以透過應用程 式於服務伺服器中使用相關的線上服務或進行資料傳輸, 例如即時通訊或線上遊戲。 而於步驟S14巾,令應用程式向認證祠服器進行驗 證,以令認證祠服器提供專屬之識別碼予通過驗證之應用 程式,接著進至步驟S15。具體而言,由於應用程式發現 其並未具有由認證伺服器提供之識別碼,故應用程式會引 導使用者輸人賊及/或密碼予紐伺服器,例如,以自動 開啟新視窗之方式料❹者輸人帳敍/或密碼予認證 祠服器,而認證伺服器則會在接收到帳號及/或密碼後,藉 由核對帳號及/或密碼之方式來對使用應用程式之使用者 進行身份驗證程序,並於身份驗證程序完成後,由認證祠 111606 8 201143342 •服器提供專屬之識別碼予應用程式,並令應用程式相應地 儲存得到之識別碼。於本實施例中,使用者所輸入之密碼, 係可為靜態密碼或動態密碼。 於步驟S15中,令通過驗證之應用程式透過網路登入 預定之服務伺服器’換言之,當認證伺服器藉由帳號及/ 或密碼完成身份確認後,即可於提供專屬之識別碼予應用 程式之同時,一併開放應用程式藉由網路登入預定之服務 伺服器,以令使用者透過應用程式於服務伺服器中使用相 籲關的線上服務。如前所述,若該應用程式不需要透過讀服 務伺服器即可提供服務,則令通過驗證之應用程式直接啟 動以供使用者進行操作即可。 於其他貫施態樣中,於執行前述步驟S11前,復可先 令應用程式先向認證伺服器進行驗證,以令認證伺服器提 供專屬之谶別碼予通過驗證之應用程式,當然,應用程式 亦會將所得到之識別碼儲存於資料處理裝置中。較佳者, #當認證祠服器提供識別碼予通過驗證之應用程式時,通過 驗證之應用程式復可同時針對認證祠服器提供之識別碼進 =設定’例=設定有效祕及/或使用錄上限,具體而 &,可a又疋彳寸到之硪別碼的有效期限為丨週,或是最多僅 能使用10次。藉此,於執行前述步驟S12時,認證伺服 器除了可對識別碼及應用程式之對應關係進行認證外,更 可判斷識觸之有㈣限及/或❹次數上限,亦即,認證 饲服器可針對識別石馬之有效期限及/或使用次數上限做出 有效性的判斷,並將此一併作為應用程式認證通過與否之 111606 9 201143342 依據。 同理,於執行前述步驟S14時,復可令通過驗證之應 用程式針對認證伺服器提供之識別碼進行設定,以設定識 別碼之有效期限及/或使用次數上限。 為了進一步清楚說明本發明之身分認證方法,請再參 閱第2圖,其係繪示本發明之身分認證方法之時序流程圖。 於步驟S21中,使用者a可對應用程式b進行初次啟 動;此時,應用程式b即會開始進行自我檢測程序,以判 斷是否具有由認證伺服器c提供之識別碼,而由於使用者 a係為初次啟動應用程式b,應用程式b會發現其並未具有 由認證伺服器c提供之識別碼,如步驟S22所示。 接著,於步驟S23中,應用程式b會引導使用者a輸 入帳號及/或密碼予認證伺服器c,以進行身份驗證;當驗 證通過時,認證伺服器c遂會進一步提供專屬之識別碼予 應用程式b,並開放應用程式b登入預定的服務伺服器(未 圖示),以供使用者藉由應用程式b於服務伺服器中使用相 關的線上服務。與其他實施態樣中,若該應用程式不需要 透過服務伺服器即可提供服務,則亦可免除登入預定的服 務伺服器之步驟,而直接由應用程式提供使用者服務。 而假設使用者a使用完畢相關的線上服務,且已將應 用程式b予以關閉,而欲再次啟動應用程式或欲透過該應 用程式登入預定的服務伺服器以使用相關的線上服務,此 時,即可再次啟動應用程式b,如步驟S31所示。 而於步驟S32中,應用程式b同樣地會進行自我檢 10 111606I 201143342 provides the identification code, if it is 'to proceed to step (2), if not, go to step (4); (2) let the application use the identification code to authenticate to the authentication server through the network' If the authentication is successful, proceed to step (3), if the authentication fails, then go to step U); (3) let the application provide the service, and end the process steps; and (4) let the application to the authentication server The device performs verification' and causes the authentication server to provide an identification code to the authenticated application. In an embodiment of the present invention, before step (1), the step of encapsulating the application to the authentication server to enable the authentication server to provide the identification code to the verified application step . In another embodiment of the present invention, before the step (1), when the D Xuan heart server provides the identification code to the verified application, the application provides the identification code for the authentication server. The expiration date and/or the usage-number limit is set, and in step (2), the application is authenticated to the authentication reckless device using an identification code having the expiration date and/or the maximum number of uses. In another embodiment of the present invention, the step of verifying, by the application, the authentication server in step (4) is to cause the account to provide an account number and/or password to the authentication server. So that the authentication server authenticates the application with the account and/or password. The step (3) includes the following: in order to enable the service to be served in a further embodiment of the present invention, the main application is provided through the network login service feeder through the application. service. In this embodiment (4), in another embodiment of the present invention, the 111606 5 201143342 application provides an account and/or password to the authentication server to enable the authentication server to use the account and/or The password authenticates the application. In still another embodiment of the present invention, the step (4) includes the step of setting an expiration date and/or an upper limit of the number of uses for the authentication code provided by the verified application for the authentication server. In summary, the identity authentication method of the present invention enables the application to authenticate to the authentication server by using the identification code previously provided by the authentication server through the network, and then the application is provided after the authentication is passed. Or log in to the corresponding service server via the Internet. The identification code is an application for the account and/or password to be provided to the authentication server via the network for verification. Therefore, the identity authentication method of the present invention allows members to log in to a predetermined service server to use a specific online service without requiring an account and/or password to be applied to the application, so that it is convenient to use and more convenient. It can prevent identity authentication data from being stolen by malicious programs or unauthorized persons. [Embodiment] Hereinafter, embodiments of the present invention will be described by way of specific embodiments, and those skilled in the art can easily understand other advantages and functions of the present invention by the contents disclosed in the present specification. The embodiments are implemented or applied. Please refer to FIG. 1 , which is a flow chart showing the steps of the identity authentication method provided by the present invention. The identity authentication method of the present invention is applied to an application and an authentication server connected to each other through a network, wherein the application system can be an online communication software, an online game software, or an online financial transaction software 111606 6 201143342 type or Such as document processing, multimedia playback, digital publications, and the money (10) can be installed in, for example, personal computers, notebook computers, smart phones, and personal digital assistants, etc. In the device. These applications can be accessed through the network j into the service ship set up by the online service provider, or directly in the account. The certified feeding device can be used by the network service provider to create a (four) processing platform and transmit the information through the network and the data processing device. Generally, the certified feeding device has a powerful operation compared with the general data processing device. The ancient and the net 踗hi's Beixun safety specifications. If the network is a wired network or a wireless network, the data processing device and the authentication servo are hard to connect. As shown in Fig. 1, it is detected in step S11, and the _ is _ 7 application knowledge into the self, then enters the identification code of the yue chuanchuan read, and if η, no, then proceeds to step... In this embodiment, for example, an apostrophe composed of a number, a letter, a figure, or a pay number may be used, ΛΛ. ~. and / have an exclusive 尉鹿Γ '°付记(token)' and the application The same application;; 2: and installed in the same - data processing device is not installed in the same -_ processing = cooking device - the application; identification code. Under the application, there will be different corresponding better, you can enter - cattle, 7k application to the authentication server to add a description, in other implementations, the complex package (4) the system programming Sniper Office / Earth 4sf_ — 1- _ 111606 7 201143342 Verification, so that the authentication server provides the identification code to the validated application. In step S12, the application is requested by the application to use the identification code to authenticate the authentication server, that is, the authentication server is required to determine whether the correspondence between the identification code and the application is correct through the network, and According to the judgment result, the certification is performed. If it is judged that the correspondence is correct, the authentication is successful, and then proceeds to step S13; and if it is judged that the corresponding error is indicated, the authentication fails, and the process proceeds to step S14. In step S13, the application is launched or accessed through a network to subscribe to the service server to provide the service, that is, when the authentication server confirms that the application and the identification code are correct, the user can be provided. Operation of the application through the data processing device or the application of the open application to log in to the service server through the Internet, so that the user can use the relevant online service or data transmission in the service server through the application, such as instant messaging or Online game. In step S14, the application is authenticated to the authentication server so that the authentication server provides the exclusive identification code to the authenticated application, and then proceeds to step S15. Specifically, since the application finds that it does not have the identification code provided by the authentication server, the application will guide the user to input the thief and/or password to the new server, for example, to automatically open a new window. The user enters the account and/or password to authenticate the server, and the authentication server will check the account and/or password to authenticate the user using the application after receiving the account and/or password. The authentication program, and after the authentication process is completed, the authentication code is provided by the authentication device 111606 8 201143342 • The server provides the identification code to the application and causes the application to store the identification code accordingly. In this embodiment, the password input by the user may be a static password or a dynamic password. In step S15, the authenticated application is logged into the predetermined service server through the network. In other words, when the authentication server confirms the identity by using the account number and/or password, the application can provide the exclusive identification code to the application. At the same time, the open application is used to log in to the scheduled service server through the Internet, so that the user can use the online service of the call through the application in the service server. As mentioned earlier, if the application does not need to be serviced by reading the service server, the authenticated application can be launched directly for the user to operate. In other implementations, before performing the foregoing step S11, the re-execution application first authenticates to the authentication server, so that the authentication server provides the exclusive identification code to the verified application, of course, the application. The program will also store the obtained identification code in the data processing device. Preferably, when the authentication server provides the identification code to the verified application, the verified application can simultaneously provide the identification code provided for the authentication server. The use of the upper limit, specifically &, can be used to mark the validity period of the week, or can only be used up to 10 times. Therefore, when performing the foregoing step S12, the authentication server can not only authenticate the correspondence between the identification code and the application, but also determine the limit of the (4) limit and/or the number of times of the identification, that is, the authentication service. The device can determine the validity of the stone horse's expiration date and/or the upper limit of the number of uses, and use this as the basis for the application of the certification of 111606 9 201143342. Similarly, when the foregoing step S14 is performed, the verification application is configured to set the identification code provided by the authentication server to set the expiration date and/or the upper limit of the usage number of the identification code. In order to further clarify the identity authentication method of the present invention, please refer to FIG. 2, which is a timing chart of the identity authentication method of the present invention. In step S21, the user a can start the application b for the first time; at this time, the application b starts the self-detection process to determine whether there is an identification code provided by the authentication server c, and since the user a To launch the application b for the first time, the application b will find that it does not have the identification code provided by the authentication server c, as shown in step S22. Next, in step S23, the application b guides the user a to input an account number and/or password to the authentication server c for identity verification; when the verification is passed, the authentication server c further provides a unique identification code. The application b and the open application b are logged into a predetermined service server (not shown) for the user to use the relevant online service in the service server by the application b. In other implementations, if the application does not need to be serviced through the service server, the application server can be directly provided by the application by eliminating the step of logging in to the scheduled service server. Assume that user a has used the relevant online service and has closed application b, and wants to launch the application again or want to log in to the predetermined service server through the application to use the related online service. The application b can be launched again, as shown in step S31. In step S32, the application b will perform a self-test as well.
I 201143342 • 測,此際,由於認證伺服器c已經於前述步驟S24中將專 屬之識別碼提供予應用程式b,所以應用程式b即會判斷 出其具有由認證伺服器c所提供之識別碼。 緊接著,於步驟S33中,應用程式b會自動地利用判 斷到之識別碼向認證伺服器c進行認證。而於步驟S34中, 認證伺服器c會對應用程式b及其所具有之識別碼進行認 證,並於認證成功後開放應用程式b登入預定的服務伺服 器,以供使用者啟動應用程式,或藉由應用程式b再次於 •服務伺服器中使用相關的線上服務。 值得一提的是,於步驟S24中,使用者a可同步地對 認證伺服器c所提供之識別碼進行有效期限及/或使用次 數上限之設定,因此,後續於步驟S33中,認證伺服器c 除了可對識別碼及應用程式b之對應關係進行認證外,更 可進一步針對識別碼之有效期限及/或使用次數上限進行 判斷,如是否超過該有效期限或啟動及/或登入的次數是否 $ 超過次數上限。 綜上所述,藉由本發明之身分認證方法,使用者僅需 將帳號及/或密碼提供給第三方之認證伺服器,由認證伺服 器提供特定的識別碼予應用程式,於啟動應用程式或欲藉 由應用程式透過網路登入服務伺服器時,不需將帳號及/ 或密碼輸入予應用程式,而直接由認證伺服器針對應用程 式進行認證,藉由認證伺服器通常所具有的較高資訊安全 規格,可減低會員資訊外洩的風險,進而降低使用者身份 遭到冒用的機率。再者,由於應用程式會儲存認證伺服器 11 111606 201143342 所提供之識別碼,故於有效期限内及/或使用次數上限未到 達時,使用者皆可於啟動該應用程式後,自動地讓使用者 登入預定的服務伺服器,相較於先前技術,更具有較佳的 使用便利性。 以上實施例僅用以例示性說明本發明之原理及功 效,而非用於限制本發明。任何熟習此項技術之人士均可 在不違背本發明之精神及範疇下,對上述實施例進行修飾 與改變。因此,本發明之權利保護範圍,應如後述之申請 專利範圍所列。 【圖式簡單說明】 第1圖係為本發明之身分認證方法之步驟流程圖;以 及 第2圖係為本發明之身分認證方法之時序流程圖。 【主要元件符號說明】 a 使用者 b 應用程式 c 認證伺服器 S11 〜S15、S21 〜S24、S31 〜S34 步驟 12 111606I 201143342 • Test, at this time, since the authentication server c has provided the exclusive identification code to the application b in the foregoing step S24, the application b will judge that it has the identification code provided by the authentication server c. . Next, in step S33, the application b automatically authenticates to the authentication server c using the identified identification code. In step S34, the authentication server c authenticates the application b and the identification code it has, and after the authentication succeeds, the application b is opened to log in to the predetermined service server for the user to launch the application, or Use the application b to use the relevant online service again in the service server. It is to be noted that, in step S24, the user a can synchronously set the expiration date and/or the upper limit of the number of uses of the identification code provided by the authentication server c. Therefore, in step S33, the authentication server is subsequently authenticated. c In addition to authenticating the correspondence between the identification code and the application b, it is further possible to judge whether the identification code is valid and/or the upper limit of the number of uses, such as whether the expiration date or the number of activations and/or logins is exceeded. $ exceeds the maximum number of times. In summary, with the identity authentication method of the present invention, the user only needs to provide the account and/or password to the authentication server of the third party, and the authentication server provides the specific identification code to the application to start the application or If you want to use the application to log in to the service server through the Internet, you do not need to enter the account and / or password into the application, but the authentication server directly authenticates the application, which is usually higher by the authentication server. Information security specifications can reduce the risk of leakage of member information, thereby reducing the chances of user identity being fraudulently used. Furthermore, since the application stores the identification code provided by the authentication server 11 111606 201143342, the user can automatically use the application after the application is started within the expiration date and/or the upper limit of the usage limit is not reached. The user is logged into the predetermined service server, which is more convenient to use than the prior art. The above embodiments are merely illustrative of the principles and advantages of the invention and are not intended to limit the invention. Modifications and variations of the above-described embodiments can be made by those skilled in the art without departing from the spirit and scope of the invention. Therefore, the scope of protection of the present invention should be as listed in the scope of the patent application to be described later. BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a flow chart showing the steps of the identity authentication method of the present invention; and FIG. 2 is a timing flow chart of the identity authentication method of the present invention. [Main component symbol description] a User b Application c Authentication server S11 ~ S15, S21 ~ S24, S31 ~ S34 Step 12 111606