A mobile computing device includes a secure token, having an embedded processor, a secure persistent storage medium, and a read only memory; and, an application processor and application memory separate from the embedded processor, the secure persistent storage medium, and the read only memory. The application memory stores application instructions for execution by the application processor. The secure persistent storage medium is configured by the embedded processor to store a master secret for an application executing on a remote host. The read only memory stores a security application for receiving, from the remote host, an identifier associated with the master secret; generating, using at least the identifier, a decryption key; obtaining, using the decryption key, from the secure persistent storage medium the master secret; constructing, using the master secret as an input, a pseudorandom result of a cryptographic operation; and returning it to the application executing at the remote host.
