Applications login using a mechanism relating sub-tokens to the quality of a master token

摘要

Methods and systems allow a user to log in to a device so that a number of apps become accessible on the device without the user repeatedly logging in to each different app as the user launches multiple apps. A mechanism of providing a master token with a quality score and providing sub-tokens for each app that can use the sub-token and the score quality to evaluate the level of security provided by the initial login allows each app to skip its own login process and provides a level of enhanced efficiency and convenience for the user. A method includes authenticating a user; creating a master token on the user device; creating a sub-token of the master token for an app launched on the device; the app skipping the login process of the app in response to the sub-token so that the app proceeds directly to validating a transaction.

主权项

1. A system comprising:
a processor and a computer-readable device having computer readable code for instructing the processor to perform a method, the method comprising: authenticating a user via a user device communicating over a network with a service provider; creating in response to authentication of the user a master token on the user device, wherein the master token includes one or more parameters, including an expiration time beyond which the master token is not valid, wherein at least one master token parameter has a quality; checking, by an app on the user device, if the master token is present on the user device; creating for the app a sub-token of the master token that is distinct for the app, is used only by the app, and has sub-token parameters in line with a service provider risk policy and distinct from the master token, including an expiration time distinct from that of the master token and determined according to the service provider risk policy; evaluating, by the app using the sub-token, the level of security provided by the authentication based on the quality of at least one of the master token parameters and whether the quality is in line with the service provider risk policy for the sub-token; and proceeding, by the app on the user device when the app is launched, directly without requiring user login beyond the authentication, to validating a transaction according to the level of security evaluated by the app.