Just wondering why not support Umikeys first? Since it is robust and much more affordable to all.
I've been using Umikey on Mashedlife and it works like a dream. The auto-navigation and OTP generation work on both my German keyboard and English keyboard, and on Linux, Mac and PC. And the price is reasonable that I bought a bunch with ~ $5 each.
Thanks for inputs
At the moment I have implemented support for Yubikey (http://yubico.com/products/yubikey/). It does not offer all the same functions as Umikey, but all you need to pay for is the hardware itself. Yubico provides a validation API that is free to use, and open source libraries to interact with the API. I used 10 minutes to fully integrate Yubikey support in my application.
The users also have an option to recieve a one time password in a GPG signed email. This email also contains information that will help protecting against man in the middle attacks (if the user is educated).