Client-Server Authentication Using Pairings

What would be the ideal attributes of a client-server authentication scheme? One might like an identity based scheme not requiring PKI, plus support for multi-factor authentication based on a token, a PIN number, and optionally a biometric. The former might hold a high-entropy secret, and the latter may be represented as relatively low-entropy parameters. However, it would be preferred if the token could be in the form of a relatively inexpensive USB stick rather than a Smart-Card. The user should be at complete liberty to choose and change a PIN number, but if they forget it a recovery mechanism should be available. A fuzzy biometric measurement could be supported and accepted if accurate within certain limits.