The USB Implementers Forum (USB-IF) on Wednesday announced the launch of the USB Type-C Authentication Program, which aims to protect host systems against non-compliant chargers and potentially malicious devices.
The USB Type-C Authentication specification, unveiled by the USB-IF and the USB 3.0 Promoter Group in 2016, provides the cryptographic mechanisms needed for authenticating various types of USB Type-C devices, including chargers, cables, storage drives and power sources.
This optional security protocol allows OEMs to confirm the authenticity of USB chargers, cables and devices. Using certificates, companies can protect their products against both non-compliant chargers that can deliver damaging power surges and USB devices that may carry a malicious payload.
The authentication process takes place immediately after a wired connection is made, before any power or data exchange.
The use case examples described by the USB-IF and USB 3.0 Promoter Group when they unveiled the new specification included travelers concerned about charging their phones at a public terminal and enterprises protecting corporate assets by ensuring that only verified USB storage devices can be connected to their PCs.
The USB Type-C Authentication protocol provides support for authenticating over either the USB Power Delivery or USB data bus channels, it offers 128-bit security, and gives products control over security policies.
DigiCert has been selected to operate registration and certificate authority services for the new specification. The company will work with the over 1,000 member companies of the USB-IF.
“USB-IF is excited to launch the USB Type-C Authentication Program, providing OEMs with the flexibility to implement a security framework that best fits their specific product requirements,” said USB-IF President and COO Jeff Ravencraft. “As the USB Type-C ecosystem continues to grow, companies can further provide the security that consumers have come to expect from certified USB devices.”