How to evaluate a security token?