At a high-level the Yubico technology and ecosystem comprises of following main parts:
a. YubiKey hardware token that generates one time passwords (OTPs)
b. Yubico Validation server that validates the OTPs generated by YubiKeys and
c. Validation Protocol that defines the client-server communication protocol between the clients and Yubico Validation server
The link http://www.yubico.com/technical-description
gives an overview and details of various components mentioned above. This page has several links on the left side for further reading on each component.
We further recommend the following links:
1. For more information on Yubico Validation Server please visit http://www.yubico.com/validation-server
and look for Yubico PHP server which is free open-source project you can download and deploy in your environment to meet your requirements. The Validation server has a dependency on key storage module for secure storage of Secret AES keys. Yubico YK-KSM is an open-source implementation of secure key storage module and YubiHSM is hardware based solution that offers much stronger security of the key storage module. Please visit http://www.yubico.com/yubihsm
for more information on YubiHSM.
2. Yubico also offers open-source client implementation in a number of programming languages (including for .NET) to make it easy for customers to implement YubiKey based strong 2 factor authentication. Please visit http://www.yubico.com/web-api-clients
for more details on the validation clients and links to Validation Protocol.
3. Most relevant to your needs could be YubiRADIUS solution from Yubico which is enterprise class software for secure remote access with YubiKey two-factor authentication. It provides 3 potential ways of integrating YubiKey based authentication into your environments:
b) Web API for YubiKey based two-factor authentication. (In both a) and b) one of the factors for authentication is standard username + password based on AD binding and the second factor is YubiKey OTP)
c) Web API for validating the YubiKey OTPs
The solution is based on FreeRADIUS and open source components and is offered as a free virtual appliance for easy download and quick installation. YubiRADIUS virtual appliance has a pre-configured instance of the Yubico PHP validation server that can be used for OTP validation and an option to use YK-KSM and YubiHSM for secure key storage.
4. Finally, Yubico offers guidelines and best practices on how YubiKey based two-factor authentication can be implemented. Please visit http://www.yubico.com/development-guidelines
for more details.
Hope this helps.
Thanks and best regards,