Skip to main content

USB-C Authentication Program could let OEMs clampdown on ‘non-compliant’ USB chargers

Avatar for Abner Li  | Jan 2 2019 - 11:31 am PT
0 Comments
USB-C

With USB-C seeing wide adoption on Android phones, tablets, and Chromebooks, the dream of having one convenient connection is here. The USB-IF standards body today officially launched the USB Type-C Authentication Program that will allow OEMs to “protect against non-compliant USB chargers.”

This USB security protocol is considered “optional” and “defines cryptographic-based authentication for USB Type-C chargers and devices.” In practice, this allows for host devices to confirm the capabilities and certification status of other USB devices, cables, and chargers.

Authentication occurs “right at the moment a connection is made” and before power or data transfer occurs. This handshake can be conducted over the USB data bus or USB Power Delivery communications channels.

One possible upside to this is preventing physical damage to a device, as well as mitigating “malicious firmware/hardware in USB devices attempting to exploit a USB connection.” The USB Implementers Forum notes that end products and OEMs “retain control over the security policies to be implemented and enforced.”

However, the USB Type-C Authentication Program could also be used by manufacturers to prevent anything but first-party or other approved accessories from working with devices. If taken to this extreme, it would be a step back in regards to the open future promised by one unified connector. OEMs have yet to announce support for this standard.

The full characteristics of the USB security protocol are below:

  • A standard protocol for authenticating certified USB Type-C chargers, devices, cables and power sources
  • Support for authenticating over either USB data bus or USB Power Delivery communications channels
  • Products that use the authentication protocol retain control over the security policies to be implemented and enforced
  • Relies on 128-bit security for all cryptographic methods
  • Specification references existing internationally-accepted cryptographic methods for certificate format, digital signing, hash and random number generation

Check out 9to5Google on YouTube for more news:

Add 9to5Google to your Google News feed. 

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Check out 9to5Google on YouTube for more news:

Comments

Guides

Android

Android

Breaking news for Android. Get the latest on app…
USB-C

USB-C

Author

Avatar for Abner Li Abner Li

Editor-in-chief. Interested in the minutiae of Google and Alphabet. Tips/talk: abner@9to5g.com