Assuming that I got you correctly, you're actually preempting some features that "are in the oven" at present. Among some other things
We will provide support for a static identity that can be read via the USB descriptors, where each Yubikey will be serialized with a unique number. This number will then reflect the serial number that is present on the sticker. For anyone who would prefer a more "anonymous" mode, this serial number can be hidden. We will however ensure that all devices are serialized at time of manufacturing.
Maybe this simple function would be sufficient for the application you're calling for ? By simply using standard OS API calls, the serial number can then be read and used as a very basic identification means for a particular user. It probably goes without saying that this number can be spoofed, someone can make a fake Yubikey with the same number, a hook in the driver chain could mimic a genuine Yubikey etc.
As an alternative, we'll provide support for challenge-response via API calls. This is a configurable option on a per configuration slot basis so anyone who don't want the feature can turn it off. This allows a client application to pro grammatically interact with the Yubikey, which is useful in certain configurations.
As the question has been brought up, we're planning to test out the functionality with some selected customers. Please let me know if you have a particular application in mind and would like to participate. Please send me an e-mail at jakob at yubico dot com and give a short description of the use case and we'll provide a sample key with sample code when we have it available for beta testing.
With the best regards,
JakobE
Hardware- and firmware guy @ Yubico
Login
FAQ
Search
