USB regulatory body launches USB-C authentication programme
FYI, this story is more than a year old
The USB Implementers Forum (USB-IF), the support organisation for the advancement and adoption of USB technology, has announced the launch of its USB Type-C Authentication Program, marking a milestone for the optional USB security protocol.
The USB Type-C Authentication specification defines cryptographic-based authentication for USB Type-C chargers and devices.
USB Type-C Authentication empowers host systems to protect against non-compliant USB chargers and to mitigate risks from malicious firmware/hardware in USB devices attempting to exploit a USB connection.
Using this protocol, host systems can confirm the authenticity of a USB device, USB cable or USB charger, including such product aspects as the capabilities and certification status.
All of this happens right at the moment a connection is made – before inappropriate power or data can be transferred.
USB-IF president and COO Jeff Ravencraft says, “USB-IF is excited to launch the USB Type-C Authentication Program, providing OEMs with the flexibility to implement a security framework that best fits their specific product requirements.”
“As the USB Type-C ecosystem continues to grow, companies can further provide the security that consumers have come to expect from certified USB devices.”
Key characteristics of the USB Type-C Authentication solution include:
- A standard protocol for authenticating certified USB Type-C chargers, devices, cables and power sources
- Support for authenticating over either USB data bus or USB Power Delivery communications channels
- Products that use the authentication protocol retain control over the security policies to be implemented and enforced
- Relies on 128-bit security for all cryptographic methods
- Specification references existing internationally-accepted cryptographic methods for certificate format, digital signing, hash and random number generation
- USB-IF selected DigiCert to manage the PKI and certificate authority services for the USB Type-C Authentication Program.
“DigiCert is excited to work with USB-IF and its CA Program Participants from the industry at large to provide the technical expertise and scale needed for the USB Type-C Authentication Program, and we look forward to implementation,” says DigiCert IoT and business development vice president Geoffrey Noakes.
The non-profit USB Implementers Forum was formed to provide a support organisation and forum for the advancement and adoption of USB technology as defined in the USB specifications.
USB-IF facilitates the development of high-quality compatible USB devices through its logo and compliance programme and promotes the benefits of USB and the quality of products that have passed compliance testing.