主权项 |
1. A system comprising:
a processor and a computer-readable device having computer readable code for instructing the processor to perform a method, the method comprising: authenticating a user via a user device communicating over a network with a service provider; creating in response to authentication of the user a master token on the user device, wherein the master token includes one or more parameters, including an expiration time beyond which the master token is not valid, wherein at least one master token parameter has a quality; checking, by an app on the user device, if the master token is present on the user device; creating for the app a sub-token of the master token that is distinct for the app, is used only by the app, and has sub-token parameters in line with a service provider risk policy and distinct from the master token, including an expiration time distinct from that of the master token and determined according to the service provider risk policy; evaluating, by the app using the sub-token, the level of security provided by the authentication based on the quality of at least one of the master token parameters and whether the quality is in line with the service provider risk policy for the sub-token; and proceeding, by the app on the user device when the app is launched, directly without requiring user login beyond the authentication, to validating a transaction according to the level of security evaluated by the app. |