Abstract: A processing device is configured to obtain an address and a public key, both associated with an authentication service, to generate a symmetric key as a function of the public key, to configure an authentication token to incorporate the symmetric key, to encrypt the symmetric key utilizing the public key, and to transmit the encrypted symmetric key to the address so as to permit the authentication service to bind the symmetric key to an identifier of the authentication token. By way of example, the authentication token may comprise a software authentication token implemented on the processing device. One or more tokencodes generated by the authentication token utilizing the symmetric key are transmitted to the authentication service for authentication. The authentication by the authentication service is based on the symmetric key bound to the identifier of the authentication token.

Abstract: A technique of authenticating a user involves storing a set of expected OTPs in memory of a mobile device, the set of expected OTPs having been previously generated by and acquired from an external authentication server. The technique further involves receiving, after the set of expected OTPs is stored in the memory, an authentication request from a user of the mobile device, the authentication request including a user-provided OTP. The technique further involves performing, by processing circuitry of the mobile device, a local authentication operation which provides an authentication result based on a comparison between the user-provided OTP and an expected OTP of the set of expected OTPs stored in the memory. The authentication result indicates whether authentication of the user is successful or unsuccessful.