1. You open the website for Soft-Token creation, or an admin prepares to manually assign a token.
2. Then, the user who already has the token application installed prepares to load; the application shows an 8-digit loading code.
3. The user enters the 8-digit loading code into the site, or the admin into the admin console.
4. The token seed data is automatically loaded, and protected using public-private keypair crypto in a fashion which only allows the specific application which requested the load to decrypt the seed, regardless of whoever intercepts data in the middle.