The loading method of a Mi-Token soft-token involves firstly generating a private-public keypair specific to that device and valid only during that session. The public key is then conveyed all the way to the customer-site installation of Mi-Token, where it is then subsequently used to load the token-seed into the soft-token. This seed is generated on the customer-site directly. The transit of this information is mediated by a reverse proxy service either hosted by Mi-Token, a managed service provider, or the customer themselves.