The same authentication is resubmitted by the known identity, in order to commit a transaction that has been fully prepared during the session under the same assurance strength (this is deemed to be further protection from session hijacking). Alternately, the re-authentication may be required to step up the assurance strength, so as to enact a transaction that requires higher security (such as two or three factors).