Abstract: We propose a method of authenticating a client device with a provider. The method includes receiving an authentication request from the client device at an authentication server. The method includes sending a challenge to a hardware-based security module of the client device based on the authentication request. The method includes receiving a response to the challenge and identifying the provider corresponding to the authentication request. The method includes authenticating the client device with the provider based on the authentication request and the response to the challenge.