主权项 |
1. A method, comprising:
receiving, at a server computer, a provisioning request to provision a credential to a user device, wherein the credential is associated with an account of a user, and wherein the provisioning request includes a first risk level indicating a perceived risk of provisioning the credential to the user device; determining, by the server computer, that the provisioning request includes a non-override condition, wherein the non-override condition recommends setting the first risk level as a final risk decision value; determining, by the server computer, a second risk level associated with the provisioning request, wherein the second risk level indicates a second perceived risk of provisioning the credential to the user device different than the first perceived risk; comparing, at the server computer, the first risk level to the second risk level; when the first risk level is lower than the second risk level:
setting the second risk level as the final risk decision value even when the non-override condition exists; andpreventing the credential from being provisioned onto the user device without further authentication; when the first risk level is higher than the second risk level:
setting the first risk level as the final risk decision value; andcausing the credential to be provisioned onto the user device. |