Service channel authentication processing hub

What is claimed is: 1. An apparatus comprising: at least one memory device; at least one processor coupled to the at least one memory device and configured to perform, based on instructions stored in the at least one memory device: receiving a service request over a first service channel from a user device, wherein the first service channel is one of a plurality of service channels and wherein each of the plurality of service channels is uniquely specified by a device type of the user device and a service type of the requested service; initiating a first challenge message to the user device requesting initial authentication information based on a set of authenticators, wherein a plurality of authenticators includes the set of authenticators; in response to receiving the initial authentication information from the user device, determining an initial level of authentication, wherein the initial level of authentication is one of a plurality of authentication levels; when the initial level of authentication is not sufficient for the first service channel, generating a second challenge message to the user device requesting a further authentication information based on at least one additional authenticator; determining an achieved level of authentication based on the further authentication information; and when the achieved level of authentication is at least as great as a first target authentication level for the first service channel, continue processing the service request by the first service channel. 2. The apparatus of claim 1 , wherein the at least one processor is further configured to perform: transferring the service request to a second service channel, wherein the plurality of service channels includes the second service channel and wherein the second service channel is different than the first service channel; when a second target authentication level for the second service channel is greater than the achieved level of authentication, generating a third challenge message to the user device requesting additional authentication information based on another authenticator; and when the additional authentication is validated, processing the service request on the second service channel. 3. The apparatus of claim 1 , wherein the at least one processor is further configured to perform: recommending the other authenticator from the plurality of authenticators. 4. The apparatus of claim 3 , wherein the at least one processor is further configured to perform: recommending an alternative authenticator when the other authenticator is not available. 5. The apparatus of claim 1 , wherein the at least one processor is further configured to perform: mapping the plurality of service channels to the plurality of authentication levels. 6. The apparatus of claim 1 , wherein the service request includes an authentication token and wherein the at least one processor is further configured to perform: extracting the initial level of authentication from the authentication token. 7. The apparatus of claim 1 , wherein the at least one processor is further configured to perform: mapping the plurality of authentication levels to a plurality of authenticator combinations. 8. The apparatus of claim 1 , the at least one processor is further configured to perform: accessing a first protected resource through the first service channel; and when a required authentication level for the first protected resource is not reached, generating a fourth challenge message to the user device requesting additional authentication information until the required authentication level is reached. 9. The apparatus of claim 8 , the at least one processor is further configured to perform: accessing a second protected resource through the first service channel, wherein the second protected resource has a different authentication level from the required authentication level for the first protected resource. 10. The apparatus of claim 9 , wherein the at least one processor is further configured to perform: mapping a plurality of protected resources to the plurality of authentication levels, wherein the plurality of protected resources includes the first protected resource and the second protected resource. 11. The apparatus of claim 1 , wherein the service request includes an authentication token and wherein the at least one processor is further configured to perform: inserting the achieved level of authentication in the authentication token; and returning the authentication token to the user device. 12. The apparatus of claim 1 , wherein the service request includes an authentication token and wherein the at least one processor is further configured to perform: receiving, with the user device, a received set of attributes of the user device; determining, from the authentication token, a signed set of attributes of an authenticated device when the authentication token was created; and when the received set of attributes and the signed set of attributes do not match, denying the service request. 13. The apparatus of claim 12 , wherein the at least one processor is further configured to perform: receiving a plurality of device attributes from the authenticated device; selecting a subset of device attributes from the plurality of device attributes; obtaining the signed set of attributes from the subset of device attributes; and sending the authentication token to the authenticated device, wherein the authentication token includes the signed set of attributes. 14. The apparatus of claim 13 , wherein the at least one processor is further configured to perform: after the sending, changing the selected subset of device attributes; generating an updated authentication token from the changed subset of device attributes; and sending the updated token to the authenticated device. 15. The apparatus of claim 13 , wherein the subset of device attributes comprises at least one physical characteristic of the authenticated device and at least one browser setting executing on the authenticated device. 16. A computer-assisted method for authenticating a user device, the method comprising: receiving a plurality of device attributes from an authenticated device; selecting a subset of device attributes from the plurality of device attributes of the authenticated device; obtaining the signed set of attributes from the subset of device attributes; sending the authentication token to the authenticated device, wherein the authentication token includes the signed set of attributes; receiving a service request over a first service channel from the user device, wherein the first service channel is one of a plurality of service channels and wherein the service request comprises the authentication token having the signed set of attributes when the user device is the authenticated device; initiating a first challenge message to the user device requesting initial authentication information based on a set of authenticators, wherein a plurality of authenticators includes the set of authenticators; in response to receiving the initial authentication information from the user device, determining an initial level of authentication, wherein the initial level of authentication is one of a plurality of authentication levels; when the initial level of authentication is not sufficient for the first service channel, generating a second challenge message to the user device requesting further authentication information based on at least one additional authenticator; determining an achieved level of authentication based on the ini