They can be simple credentials such as usernames and passwords, or more complex forms such as PKI based X509 certificates or claims based assertions in SAML tokens. To be really useful in today’s identity infrastructures an identity device must be more than a secure store of static credentials. It must also be able to generate cryptographic keys, perform digital signature operations, parse request messages and emit security tokens in standard formats. One doesn’t normally associate these operations with USB storage.
In fact, digital identity functions are very different from mass storage, but that doesn’t mean that they cannot exist on the same device, just as digital cameras now exist on cell phones. After all, digital identity devices already exist in other form factors such as smart cards and yes, USB key fobs.
Portability has been the Achilles’ heel of smart cards and USB tokens.
Even when you have deployed a smart card solution with all of the required components and middleware, you’ll probably find that the solution won’t work with another brand of smart card without swapping in new middleware components. The U.S. Government has addressed these interoperability challenges by developing GSC-IS (Government Smart Card Interoperability Specification) so that they can deploy smart cards to federal employees without being tied to one smart card or middleware provider.
This opens up a whole new set of possibilities for security operations as much more data can be sent and retrieved than what was previously possible on devices such as smart cards. The widespread native support and high bandwidth of the USB mass storage interface enables a digital identity device to be truly portable and accept high level application messages through a protocol that is as simple as reading and writing to a file.
http://www.it-observer.com/articles/1104/new_security_directions_removable_usb_devices/