An authentication token configured to generate authentication information comprises an attestation module. The attestation module of the authentication token is configured to receive an attestation generated by an attestation module of a client, to perform a check on the received attestation, and to release the authentication information to a designated entity if the check indicates that the attestation is valid. The designated entity may comprise the client itself or another entity that participates in an authentication process involving at least one of the authentication token and the client. The authentication token in performing the check on the attestation received from the client may determine if the received attestation conforms to a predetermined policy. The attestation may comprise a platform attestation generated by the client for a given instantiated software stack of the client.