USB 3.0 Promoter Group Defines Authentication Protocol for USB Type-C™

The USB 3.0 Promoter Group today announced the USB Type-C™ Authentication specification, defining cryptographic-based authentication for USB Type-C™ chargers and devices. Using this protocol, host systems can confirm the authenticity of a USB device or USB charger, including such product aspects as the descriptors/capabilities and certification status. All of this happens right at the moment a wired connection is made – before inappropriate power or data can be transferred.

USB Type-C™ Authentication empowers host systems to protect against non-compliant USB Chargers and to mitigate risks from maliciously embedded hardware or software in USB devices attempting to exploit a USB connection. For a traveler concerned about charging their phone at a public terminal, their phone can implement a policy only allowing charge from certified USB chargers. A company, tasked with protecting corporate assets, can set a policy in its PCs granting access only to verified USB storage devices.

“USB is well-established as the favored choice for connecting and charging devices,” said Brad Saunders, USB 3.0 Promoter Group Chairman. “In support of the growing USB Type-C ecosystem, we anticipated the need for a solution extending the integrity of the USB interface. The new USB Type-C Authentication protocol equips product OEMs with the proper tools to defend against ‘bad’ USB cables, devices and non-compliant USB Chargers.”

“USB-IF is unwavering in our mission to solidify USB Type-C as the single cable of the future,” said Jeff Ravencraft, USB-IF President and COO. “USB Type-C Authentication is an important contribution to enable a thriving ecosystem of compliant, interoperable products.”

Key characteristics of the USB Type-C™ Authentication solution include:

  • A standard protocol for authenticating certified USB Type-C™ Chargers, devices, cables and power sources
  • Support for authenticating over either USB data bus or USB Power Delivery communications channels
  • Products that use the authentication protocol retain control over the security policies to be implemented and enforced
  • Relies on 128-bit security for all cryptographic methods
  • Specification references existing internationally-accepted cryptographic methods for certificate format, digital signing, hash and random number generation

“With its long experience and success in embedded-device security, STMicroelectronics, a USB-IF Board member and Promoter, knows how important authentication, validation, and protection is to the success and fast adoption of USB Type-C,” said Joel Huloux, Director Standards & Industry Alliances at STMicroelectronics. “Consumers and the entire industry can rest assured knowing strong authentication for USB Type-C is the key security pillar of this specification.”

Developer Update

To further enable USB Type-C™ Authentication and the USB Type-C™ ecosystem, the USB 3.0 Promoter Group also released one revision and one new specification. The following updates are developer-only; the recommended consumer and end-user terminology for USB Power Delivery (USB PD) is unchanged.

USB Power Delivery 3.0, the new revision of the USB Power Delivery specification, adds incremental features to the existing USB Power Delivery 2.0 specification. These features include enabling authentication message exchange over the USB PD communications channel for standard USB Type-C™ to USB Type-C™ cables. The new USB Type-C™ Bridging specification provides the necessary method for bridging messages to and from a USB PD link over the USB data bus. USB Type-C™ Bridging enables a USB host to communicate with the USB PD interface of a downstream port in a connected USB hub, among other capabilities.