Make a secure USB (unique identifier)

Background: There is a requirement for the system security that I have to only allow the company approved USB devices (e.g., USB mass storage, keyboard, mouse, Bluetooth,, etc.,) and block all the rest (non-approved).

Even though PID, VID, serial number are unique identifiers to USB devices, but, if somebody knows those information he/she can easily create a USB with the identifiers mentioned above and produce an approved USB.

Problem: Is there any way that I can add unique and secure identifiers to USBs (except VID,PID, S/N) and setup a mechanism to differentiate between company approved USBs and non-approved ones and allow only the approved ones?

Expected result: Secure USB for devices that are left unattended (e.g., kiosk) in the public places.

Thank you!