USB 3.0 Promoter Group Defines Authentication Protocol for USB Type-C
Specification defines policy for product OEMs to mitigate risks from non-compliant devices
The USB 3.0 Promoter Group today announced the USB Type-CTM Authentication specification, defining cryptographic-based authentication for USB Type-CTM chargers and devices. Using this protocol, host systems can confirm the authenticity of a USB device or USB charger, including such product aspects as the descriptors/capabilities and certification status. All of this happens right at the moment a wired connection is made – before inappropriate power or data can be transferred.
USB Type-CTM Authentication empowers host systems to protect against non-compliant USB Chargers and to mitigate risks from maliciously embedded hardware or software in USB devices attempting to exploit a USB connection. For a traveler concerned about charging their phone at a public terminal, their phone can implement a policy only allowing charge from certified USB chargers. A company, tasked with protecting corporate assets, can set a policy in its PCs granting access only to verified USB storage devices.
“USB is well-established as the favored choice for connecting and charging devices,” said Brad Saunders, USB 3.0 Promoter Group Chairman. “In support of the growing USB Type-C ecosystem, we anticipated the need for a solution extending the integrity of the USB interface. The new USB Type-C Authentication protocol equips product OEMs with the proper tools to defend against ‘bad’ USB cables, devices and non-compliant USB Chargers.”
“USB-IF is unwavering in our mission to solidify USB Type-C as the single cable of the future,” said Jeff Ravencraft, USB-IF President and COO. “USB Type-C Authentication is an important contribution to enable a thriving ecosystem of compliant, interoperable products.”
Key characteristics of the USB Type-CTM Authentication solution include:
- A standard protocol for authenticating certified USB Type-CTM Chargers, devices, cables and power sources
- Support for authenticating over either USB data bus or USB Power Delivery communications channels
- Products that use the authentication protocol retain control over the security policies to be implemented and enforced
- Relies on 128-bit security for all cryptographic methods
- Specification references existing internationally-accepted cryptographic methods for certificate format, digital signing, hash and random number generation
“With its long experience and success in embedded-device security, STMicroelectronics, a USB-IF Board member and Promoter, knows how important authentication, validation, and protection is to the success and fast adoption of USB Type-C,” said Joel Huloux, Director Standards & Industry Alliances at STMicroelectronics. “Consumers and the entire industry can rest-assured knowing strong authentication for USB Type-C is the key security pillar of this specification.”
To further enable USB Type-CTM Authentication and the USB Type-CTM ecosystem, the USB 3.0 Promoter Group also released one revision and one new specification. The following updates are developer-only; the recommended consumer and end-user terminology for USB Power Delivery (USB PD) is unchanged.
USB Power Delivery 3.0, the new revision of the USB Power Delivery specification, adds incremental features to the existing USB Power Delivery 2.0 specification. These features include enabling authentication message exchange over the USB PD communications channel for standard USB Type-CTM to USB Type-CTM cables. The new USB Type-CTM Bridging specification provides the necessary method for bridging messages to and from a USB PD link over the USB data bus. USB Type-CTM Bridging enables a USB host to communicate with the USB PD interface of a downstream port in a connected USB hub, among other capabilities.
About the USB 3.0 Promoter Group
The USB 3.0 Promoter Group, comprised of Hewlett-Packard Company, Intel Corporation, Microsoft Corporation, Renesas Electronics, STMicroelectronics, and Texas Instruments, developed the USB 3.0 Specification that was released in November 2008. In addition to maintaining and enhancing this specification, the USB 3.0 Promoter Group develops specification addendums (USB Power Delivery, USB Type-C, and others) to extend or adapt its specifications to support more platform types or use cases where adopting USB 3.0 technology will be beneficial in delivering a more ubiquitous, richer user experience.
About the USB-IF
The non-profit USB Implementers Forum, Inc. was formed to provide a support organization and forum for the advancement and adoption of USB technology as defined in the USB specifications. The USB-IF facilitates the development of high-quality compatible USB devices through its logo and compliance program, and promotes the benefits of USB and the quality of products that have passed compliance testing. Further information, including postings of the most recent product and technology announcements, is available by visiting the USB-IF website at www.usb.org.