He's talking about an authentication token, not SSO. A real cryptographic token with take a challenge from the website and sign it with your key (possibly after entering a PIN) to prove that you are in possession of the token (and know the PIN). There's no way that this is tied to any one provider, because it's not SSO. (See PIV, OpenPGP card or any number of similar approaches.)
The tokens in use now are all TOTP or HOTP-type tokens where you generate a hash that proves that you and the authentication server both know the same secret. Microsoft, Google, and Facebook's systems are incompatible because there's no secret that you know that they don't. Making them work together would mean sharing the means to log into your account with all of them (and every shady website that you want to use the token with).