Ming and Andrea just recently submitted the merged IETF KEYPROV protocol proposal, called DSKPP. Here is the abstract:
DSKPP is a client-server protocol for initialization (and configuration) of cryptographic tokens. The protocol requires neither private-key capabilities in the cryptographic tokens, nor an established public-key infrastructure. The four-pass variant of the protocol ensures that a provisioned (or generated) symmetric key will only be available to the server and the cryptographic token itself. Two-pass (i.e., one round-trip) and one-pass (i.e., one message) variants enable secure and efficient download and installation of a symmetric key to a cryptographic token.