Does any USB host device provides any unique IDs which are available from USB controller to device? At software side, I can get the vendor ID (along with other hardware identification data such as BIOS and hard drive IDs), but looking for the way to implement a basic USB key-based protection by looking onto USB host data which is available from both software and hardware side.
In my particular case, I am interested in any fingerprint data that is leaked from standard USB host controllers found in nowadays PCs: BIOS-extended data, PnP/non-PnP requests (for example, will a BIOS trying to negotiate with USB flash key send any host IDs?), a presence signs of other presumably internal USB devices like laptop cardreaders which sit on the same bus, etc.
Best Answer
There is nothing in the USB spec that forces a host to identify itself, and there is no standard way a device can request such information. Without a cooperating driver in the operating system, there is no way for a ordinary device to know details about the host, like what operating system it is running, what processor it is using, etc.
I have, however, noticed that different operating systems tend to have their own quirks about what they request in what order during enumeration. You might be able to do some testing and find a way to distinguish a few of the major operating systems. However, that would not be guaranteed, could easily change at minor revisions, and can certainly be deliberately spoofed.
If you want a device to know it is connected to a trusted host, you will have to previously load software on that host. The device could, for example, send out a randomly generated string of bits when asked the right way by your software on the host. The host must then respond with a reply that is hashed from the original bits in a particular way envolving a password. Only a host with the right algorithm and password could reply correctly.
Of course that is just simple scheme. It can get a lot more complicated depending on what level of attacker you want to protect youself from. For example, the simple scheme I described above would be no good against a man in the middle attack.