So would it be fair say this is sort of like using a smartcard in that you need both possession of the token and knowledge of a PIN? And that the KDC guards the PIN against brute force guessing, because each guess requires a transaction against the KDC? So stealing the token gets the attacker nothing?