The USB Implementers Forum (USB-IF) has announced the launch of its USB Type-C Authentication Program. The specification defines cryptography-based authentication for USB-C chargers and devices.
USB-IF is a non-profit organization working on the promotion and adoption of USB technology. The new program, which comes with a specification, aims to prevent malware from spreading from infected devices and to prevent data from being leaked if a device falls into the wrong hands. This is possible via USB.
The protocol allows systems to confirm the authenticity of a USB device, cable or charger. This includes the capabilities of the device and the status of the certificate. This all happens at the moment that a connection is made, but before electricity or data can be transported.
For example, if a user wants to charge his phone with a public charger, for example in a shopping mall, the device remains safe. For example, the phone could use a policy that only certified chargers can charge it. A company can set up policies for its PCs, allowing them to access only verified USB storage devices.
Recommendation
Products that use the protocol maintain control over the security policies that are implemented and maintained. The protocol also uses 128-bit security for all cryptographic methods.
At the moment, the programme is only a recommendation. The program gives OEMs the “flexibility to implement a security framework that best suits their specific product requirements,” said Jeff Ravencraft, president and COO of USB-IF. “As the USB C ecosystem continues to grow, companies can continue to offer the security that consumers have come to expect from certified USB devices.
This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.