Method and apparatus for seamless out-of-band authentication

What is claimed is: 1. At least one non-transitory computer readable storage medium comprising instructions that when executed enable a system to: request, by an authentication logic of the system during a multi-factor authentication of a user of the system to obtain access to a first service, a token to be sent from a second system associated with the first service to a third system associated with the user, the third system coupled to the first system via a wireless personal area network, the request including a nonce; receive, in the authentication logic, an encrypted token from the third system without user involvement via a secure channel of the wireless personal area network, wherein the encrypted token is received in the third system from the second system responsive to the request, the encrypted token including the token having an authentication value and the nonce; decrypt the encrypted token using a shared key, the shared key pre-shared between the system and the third system and stored in a non-volatile storage of the system; and update the nonce and send an updated token from the authentication logic to the second system to authenticate the user, the updated token including the authentication value and the updated nonce. 2. The at least one non-transitory computer readable medium of claim 1 , further comprising instructions that when executed enable the system to access the first service, responsive to the authentication of the user by the second system. 3. The at least one non-transitory computer readable medium of claim 1 , wherein the multi-factor authentication comprises an out-of-band (OOB) multi-factor authentication, and further comprising instructions that when executed enable the system to determine that the user is present in a proximity to the system before the updated token is sent to the second system. 4. The at least one non-transitory computer readable medium of claim 1 , further comprising instructions that when executed enable the system to: responsive to receipt of a user request by the user of the system to access the first service, access a policy associated with the first service stored in a policy storage to determine the multi-factor authentication, and request the token based on the policy, wherein the token comprises a short message service message including an authentication code. 5. The at least one non-transitory computer readable medium of claim 1 , wherein the third system comprises a mobile device, the system comprises a client computer system, and the wireless personal area network comprises a Bluetooth™network. 6. The at least one non-transitory computer readable medium of claim 1 , wherein the multi-factor authentication is to enable at least one of: recovery of an authentication code of the user; enrollment of the user to the first service; and step-up authentication of the user to enable the user to access secure information. 7. A processor comprising: at least one core to execute instructions; and a manageability engine coupled to the at least one core to perform security operations, the manageability engine including: a multi-factor authentication logic to cause a request for an out-of-band (OOB) authentication to be sent from a system including the processor to a backend system associated with an application to which a user seeks access; a wireless authentication logic to create a secure channel between the system and a mobile device in proximity to the system, the mobile device comprising an authorized device of the user, and to receive via the secure channel an OOB authentication value from the mobile device seamlessly to the user, the mobile device to receive the OOB authentication value from the backend system responsive to the OOB authentication request, wherein the multi-factor authentication logic is to: cause the mobile device to be securely paired with the system and to create at least one shared key; receive from the mobile device an encrypted token including the OOB authentication value and a nonce, the nonce included in the OOB authentication request; decrypt the encrypted token using the at least one shared key; and update the nonce and send an updated token to the backend system, the updated token including the OOB authentication value and the updated nonce. 8. The processor of claim 7 , wherein the multi-factor authentication logic is to cause the OOB authentication request to be sent responsive to a policy associated with the application accessed from a policy storage, wherein the policy identifies an OOB-short message service authentication factor. 9. The processor of claim 7 , wherein the processor further comprises a cryptographic logic to receive an encrypted message from the mobile device including the OOB authentication value and to decrypt the encrypted message to obtain the OOB authentication value.