USB Type-C Authentication Protocol announced - Peripherals

USB Type-C Authentication Protocol announced - Peripherals

At launch, the program is optional but with more and more manufacturers including USB-C connectivity on their devices, it's a welcome addition to the security toolkit.

Though USB-C is undeniably the cable standard of the future, living the 'dongle life' isn't as simple as it should be given cables adopt varied standards and purposes.

"USB Type-C Authentication empowers host systems to protect against non-compliant USB chargers and to mitigate risks from malicious firmware/hardware in USB devices attempting to exploit a USB connection".

The USB Implementers Forum (USB-IF) has announced the official launch of the USB Type-C Authentication Programme, an effort through which it hopes to protect devices against malicious and unsafe accessories.

Relies on 128-bit security for all cryptographic methods.

More news: Netflix warns against 'Bird Box' challenge after memes go wrong

When the Authentication Program comes into existence, hardware manufacturers will be able to build this technology into, say, a PC, which will then be able to confirm that any USB device plugged into a port isn't malicious by nature. The attractive part of the scenario is that the authentication happens immediately, allowing the machine to determine the authenticity of the device before any data or power is transferred between the connection.

This means that users can charge a device at a terminal, knowing that it is a certified charger.

The organization has partnered with Digicert as the certification authority for the protocol.

It is optional for OEMs to participate in the Authentication program as of now. The practicality of such restrictions seems meager, though; that would be an awfully aggressive vertical integration strategy. This handshaking, the USB-IF explains, can take place either over the USB data bus or the USB Power Delivery (PD) communication channel.

In theory, this stops the spread of malware and other unwanted software over USB-C. It will surely be relishing the prospect of the payments that will flow when the USB Type-C Authentication Protocol is implemented. More security is always a good thing, right?