Today the USB-IF, the non-profit behind the USB standard's marketing and specifications, revealed the formal launch of its "USB Type-C™ Authentication Program," originally announced back in 2016. The optional program "defines cryptographic-based authentication for USB Type-C chargers and devices." If that sounds like a thinly veiled euphemism for hardware DRM to you, that's because it is.
The new authentication mechanism "empowers" vendors to "protect" us customers against "non-compliant USB chargers." Bad chargers and cables are/were a legitimate problem for the USB Type-C ecosystem (praise be to Benson), but the USB-IF's program allows for vendors to use this means of accessory certification for anything they choose. This isn't just a standard set by the USB-IF for cables and chargers to meet, any OEM can use it to bake-in support for only "approved" devices if they like. Remember when Apple clamped down on third-party hardware with its MFi certification program? Now USB-C-wielding OEMs can get in on some of that licensing action, and better, it's being done in the name of security.
In addition to pushing PD compliance, the nascent standard is being spun as a security enhancement, protecting us consumers from malicious firmware and hardware attached to USB devices. But even the marketing PR can't help but point out how useful it will be for OEMs in other, less consumer-friendly ways: "Using this protocol, host systems can confirm the authenticity of a USB device, USB cable or USB charger, including such product aspects as the capabilities and certification status."
USB-IF President and COO Jeff Ravencraft even included a quote: "USB-IF is excited to launch the USB Type-C Authentication Program, providing OEMs with the flexibility to implement a security framework that best fits their specific product requirements" (emphasis added). Furthermore, "products that use the authentication protocol retain control over the security policies to be implemented and enforced." So while the USB Type-C Authentication Program could be used to enhance security and ensure hardware is tested to meet spec, the standard is more than open enough to allow vendors to use it as they see fit.
DigiCert was selected to manage registration and certificates for the new DRM spec.
The existence of this new program isn't a guarantee that hardware OEMs like Samsung, LG, or even Google will use it to lock consumers into only purchasing/using "supported" accessories, but by providing the means, it opens the door. Mutually incompatible hardware fast-charging standards may have just been the start for USB-C. The day may come when different OEMs are all using the same licensed third-party charging spec, but thanks to hardware DRM, you'll need to buy different chargers for different phones anyway.
USB-IF Launches USB Type-C™ Authentication Program
DigiCert, Inc. selected to manage PKI and certificate authority services
January 02, 2019 08:00 AM Eastern Standard Time
BEAVERTON, Ore.--(BUSINESS WIRE)--USB Implementers Forum (USB-IF), the support organization for the advancement and adoption of USB technology, today announced the launch of its USB Type-C™ Authentication Program, marking an important milestone for the optional USB security protocol. The USB Type-C Authentication specification defines cryptographic-based authentication for USB Type-C chargers and devices.
USB Type-C Authentication empowers host systems to protect against non-compliant USB chargers and to mitigate risks from malicious firmware/hardware in USB devices attempting to exploit a USB connection. Using this protocol, host systems can confirm the authenticity of a USB device, USB cable or USB charger, including such product aspects as the capabilities and certification status. All of this happens right at the moment a connection is made – before inappropriate power or data can be transferred.
“USB-IF is excited to launch the USB Type-C Authentication Program, providing OEMs with the flexibility to implement a security framework that best fits their specific product requirements,” said USB-IF President and COO Jeff Ravencraft. “As the USB Type-C ecosystem continues to grow, companies can further provide the security that consumers have come to expect from certified USB devices.”
Key characteristics of the USB Type-C Authentication solution include:
A standard protocol for authenticating certified USB Type-C chargers, devices, cables and power sources
Support for authenticating over either USB data bus or USB Power Delivery communications channels
Products that use the authentication protocol retain control over the security policies to be implemented and enforced
Relies on 128-bit security for all cryptographic methods
Specification references existing internationally-accepted cryptographic methods for certificate format, digital signing, hash and random number generation
USB-IF selected DigiCert to manage the PKI and certificate authority services for the USB Type-C Authentication Program. For further details, read the DigiCert announcement.
“DigiCert is excited to work with USB-IF and its CA Program Participants from the industry at large to provide the technical expertise and scale needed for the USB Type-C Authentication Program, and we look forward to implementation,” said Geoffrey Noakes, Vice President, IoT Business Development at DigiCert.
To participate in the USB Type-C Authentication Program, contact [email protected]
Meet With USB-IF at CES 2019
USB-IF will participate at CES 2019 in Las Vegas, January 8-11. To request a briefing, please contact [email protected]
The non-profit USB Implementers Forum, Inc. was formed to provide a support organization and forum for the advancement and adoption of USB technology as defined in the USB specifications. USB-IF facilitates the development of high-quality compatible USB devices through its logo and compliance program, and promotes the benefits of USB and the quality of products that have passed compliance testing. Further information, including postings of the most recent product and technology announcements, is available by visiting the USB-IF website at www.usb.org.
USB Type-C™ and USB-C™ are trademarks of USB Implementers Forum.