Information Technology News.


USB Type-C gets a new authentication specification

Share on Twitter.

Sponsered ad: Get a Linux Enterprise server with 92 Gigs of RAM, 16 CPUs and 8 TB of storage at our liquidation sale. Only one left in stock.

Sponsered ad: Order the best SMTP service for your business. Guaranteed or your money back.

April 13, 2016

The so-called 'USB 3.0 Promoter Group' has announced that it has implemented and will adopt a new USB Type-C Authentication specification sometime in the second quarter.

The new specification simply means that makers of USB devices will be able to encode them with data about their source and function.

When connecting to those various devices, computers or phones will be able to read that descriptor and choose to connect or not, depending on various policies.

The 'USB 3.0 Promoter Group' says-- “For a traveler concerned about charging their phone at a public terminal, their phone can implement a policy only allowing a battery charge from certified USB chargers.”

Or perhaps you're worried that your organization's laptop fleet could be compromised by rogue USB devices, in which case you can set a policy in its PCs granting access only to verified USB storage devices.

For now, it's not yet clear if that will allow organizations to specify individual devices, or just devices whose manufacturers have implemented the new specification.

To be sure, USB-C needs this specification for two reasons. One is that users usually don't know exactly how it works. Once USB-C becomes ubiquitous and makes a single wire responsible for carrying power and data, even unsophisticated hackers will likely try an opportunity to craft crooked chargers or other rogue devices.

The second reason is that there are lots of potential attackers churning out second-rate electronics to make a fast buck.

We already know that poorly-wired cables capable of frying devices are enough of a menace that Amazon recently banned the sale of non-compliant cables on its site.

If devices red-flag such things as sub-standard, or refuse to connect to them, it's therefore a win for everybody.

The 'USB Promoters Group' hasn't detailed the specification yet, beyond saying it “Relies on 128-bit security for all cryptographic methods” and that it “references existing internationally-accepted cryptographic methods for certificate format, digital signing, hash and random number generation.”

It's doubtless that a tremendously long document describing the various nuances will emerge in due course.

Source: The USB 3.0 Promoter Group.

Sponsered ad: Get a Linux Enterprise server with 92 Gigs of RAM, 16 CPUs and 8 TB of storage at our liquidation sale. Only one left in stock.

Sponsered ad: Order the best SMTP service for your business. Guaranteed or your money back.

Share on Twitter.

IT News Archives | Site Search | Advertise on IT Direction | Contact | Home

All logos, trade marks or service marks on this site are the property of their respective owners.

Sponsored by Sure Mail™, Avantex and
by Montreal Server Colocation.

       © IT Direction. All rights reserved.