The identity token is included in an identification payload which is symmetrically encrypted and included in the AS_REQ authorization field.
Any reason why this couldn't be implemented as a preauthentication type (especially with the PAL in 1.6)? Might give you more flexibility with respect to multiple exchanges or when a principal requires this type of authentication. This might even fit into the SAM(2) preauth type.
Operationally, users might just stick their USB key in and leave it there (same as copying to filesystem). From there, it's just filesystem privileges that separate an attacker from the real user.
-Ken Renard
