Let’s take a quick look at the options for security of a USB Token. Perhaps the most important thing to determine is whether the token is a flash drive that operates as a regular hard drive or an authentication device that basically has the same insides as a smartcard. After that, you can have:
- strong authentication via biometric (fingerprint is most popular)
- encrypted file system
- programs that install with the driver to install a virtual machine window and contain activity
- programs that kickoff a scan of the host system
- programs that protect against keyloggers by re-routing the keystrokes to the appropriate window
- programs to erase all traces of the drive after it is removed
On the host side of the USB equation, there are a handful of solutions that can 1) delineate between a flash drive and some other USB device; 2) monitor the data that is being shared with the drive; 3) block access based on device identity (and possibly other attributes).