Abstract: A computer-implemented method for authenticating a user using a service provider server and an authentication server, the user communicating with at least one of the service provider server and the authentication server using a user browser. The method includes requesting, using the user browser, the authenticating with the service provider server. The method also includes authenticating, using the user browser, a secure communication channel with the authentication server. The method also includes receiving, using the user browser, a Next Pre-Authentication Anchor (NPAA) value from the authentication server. The method additionally includes temporarily storing the Next Pre-Authentication Anchor (NPAA) value in a user browser cookie associated with the user browser, wherein the Next Pre-Authentication Anchor (NPAA) value is protected by employing Same Origin Policy (SOP).

Abstract: The present invention discloses a token provisioning method for a token provisioning system. The token provisioning method includes steps of generating at least one encryption key at a customer side; generating a plurality of seed numbers corresponding to a plurality of electronic serial numbers (ESNs) at the customer side, respectively; encrypting the plurality of seed numbers and the plurality of corresponding ESNs with the at least one encryption key at the customer side; decrypting the plurality of seed numbers and the plurality of corresponding ESNs with the at least one encryption key; and programming a plurality of tokens with the plurality of seed numbers and the plurality of corresponding ESNs.

Abstract: A method for multi-factor authenticating of a user using an application server and an authentication server is disclosed. The method includes receiving from the application server a first source IP address associated with a request for authenticating from the user browser program to the application server. The method also includes receiving from the user browser program a request to perform additional authentication between the user browser program and the authentication server using a separate communication channel. The method additionally includes comparing the first source IP address with a second source IP address associated with the request to perform the additional authentication and failing, if the first source IP address does not match the second source IP address, authentication of the user.