BS EN IEC 62680-1-4:2018
$198.66
Universal Serial Bus interfaces for data and power – Common components. USB Type-CTM Authentication Specification
| Published By | Publication Date | Number of Pages |
| BSI | 2018 | 64 |
IEC 62680-1-4:2018 provides a means for authenticating Products with regard to identification and configuration. Authentication is performed via USB Power Delivery message communications and/or via USB data bus control transactions. This specification defines the architecture and methodology for unilateral Product Authentication. It is intended to be fully compatible with and extend existing PD and USB infrastructure. Information is provided to allow for Policy enforcement, but individual Policy decisions are not specified.
PDF Catalog
| PDF Pages | PDF Title |
|---|---|
| 2 | undefined |
| 5 | CONTENTS |
| 13 | 1 Introduction 1.1 Scope 1.2 Overview |
| 14 | 1.3 Related Documents |
| 16 | 1.4 Terms and Abbreviations Tables Table 1-1: Terms and Abbreviations |
| 17 | 1.5 Conventions 1.5.1 Precedence 1.5.2 Keywords |
| 18 | 1.5.3 Numbering 1.5.4 Byte Ordering 2 Overview 2.1 Topology |
| 19 | 2.2 Cryptographic Methods 2.2.1 Random Numbers Figures Figure 2-1 Sample Topology Table 2-1: Summary of Cryptographic Methods |
| 20 | 2.3 Security Overview 2.3.1 Periodic Re-Authentication 2.3.2 Secret Key Storage and Protection 2.3.3 Security Evaluation Criteria 2.4 Impact to Existing Ecosystem |
| 21 | 2.4.1 Proxy Capabilities (PD traversing the Hub topology) 3 Authentication Architecture 3.1 Certificates 3.1.1 Format 3.1.2 Textual Format 3.1.3 Attributes and Extensions |
| 23 | 3.2 Certificate Chains 3.2.1 Provisioning Table 3-1: Certificate Chain Format |
| 24 | 3.3 Private Keys 4 Authentication Protocol 4.1 Digest Query 4.2 Certificate Chain Read |
| 25 | 4.3 Authentication Challenge 4.4 Errors and Alerts 4.4.1 Invalid Request 4.4.2 Unsupported Protocol Version 4.4.3 Busy 4.4.4 Unspecified 5 Authentication Messages |
| 26 | 5.1 Header 5.1.1 USB Type-C Authentication Protocol Version 5.1.2 Message Type 5.1.3 Param1 5.1.4 Param2 5.2 Authentication Requests Table 5-1: Authentication Message Header Table 5-2: USB Type-C Authentication Protocol Version |
| 27 | 5.2.1 GET_DIGESTS 5.2.2 GET_CERTIFICATE Table 5-3: Authentication Request Types Table 5-4: GET_DIGESTS Request Header Table 5-5: GET_CERTIFICATE Request Header |
| 28 | 5.2.3 CHALLENGE 5.3 Authentication Responses Table 5-6: GET_CERTIFICATE Request Payload Table 5-7: CHALLENGE Request Header Table 5-8: CHALLENGE Request Payload Table 5-9: Authentication Response Types |
| 29 | 5.3.1 DIGESTS 5.3.2 CERTIFICATE Table 5-10: DIGESTS Response Header Table 5-11: DIGESTS Response Payload Table 5-12: CERTIFICATE Response Header |
| 30 | 5.3.3 CHALLENGE_AUTH Table 5-13: CERTIFICATE Response Payload Table 5-14: CHALLENGE_AUTH Response Header |
| 31 | 5.3.4 ERROR Table 5-15: CHALLENGE_AUTH Response Payload Table 5-16: Message Contents for ECDSA Digital Signature |
| 32 | 6 Authentication of PD Products 6.1 Transfers less than or equal to MaxExtendedMsgLen Table 5-17: ERROR Response Header Table 5-18: ERROR Codes |
| 33 | 6.2 Transfers greater than MaxExtendedMsgLen |
| 34 | Figure 6-1 Example Security Transfer Process for an Authentication Initiator |
| 35 | Figure 6-2 Example Security Transfer Process for an Authentication Responder |
| 36 | 6.3 Timing Requirements for PD Security Extended Messages 6.3.1 Authentication Initiator Figure 6-3 Example 612-Byte Certificate Chain Read Table 6-1: Timeout Values for a PD Authentication Initiator |
| 37 | 6.3.2 Authentication Responder Table 6-2: Timing Requirements for PD Authentication Responder |
| 38 | 6.4 Context Hash 7 Authentication of USB Products 7.1 Descriptors 7.1.1 Authentication Capability Descriptor Table 7-1: Authentication Capability Descriptor |
| 39 | 7.2 Mapping Authentication Messages to USB 7.2.1 Authentication IN Table 7-2: Authentication Capability Descriptor Types Table 7-3: Authentication Message bRequest Values Table 7-4: Authentication IN Control Request Fields Table 7-5: Authentication Message Header Mapping |
| 40 | 7.2.2 Authentication OUT 7.3 Authentication Protocol 7.3.1 Digest Query Table 7-6: Authentication OUT Control Request Fields Table 7-7: GET_DIGESTS Authentication IN Control Request Fields |
| 41 | 7.3.2 Certificate Read 7.3.3 Authentication Challenge Table 7-8: GET_CERTIFICATE Authentication OUT Control Request Fields Table 7-9: CERTIFICATE Authentication IN Control Request Fields Table 7-10: CHALLENGE Authentication OUT Control Request Fields |
| 42 | 7.3.4 Errors 7.4 Timing Requirements for USB 7.4.1 USB Host Timing Requirements Table 7-11: CHALLENGE_AUTH Authentication IN Control Request Fields Table 7-12: Authentication Initiator Timeout Values |
| 43 | 7.4.2 USB Device Timing Requirements Table 7-13: Authentication Responder Response Times |
| 44 | 7.5 Context Hash 8 Protocol Constants Table 8-1: Protocol Constants |
| 45 | A ACD A.1. ACD Formatting Table A-1: TLV General Format Table A-2: TLV Types Table A-3: Version TLV Fields |
| 46 | Figure A-1: Bitmap of Version TLV Data Figure A-1: Bitmap of Version TLV Data Table A-4: ACD Version Encoding Table A-5: XID TLV Fields Table A-6: Power Source Capabilities TLV Fields |
| 47 | Table A-7: Power Source Capabilities TLV Data Table A-8: Power Source Certifications TLV Fields |
| 48 | Table A-9: Cable Capabilities TLV Fields Table A-10: Cable Capabilities TLV Data Table A-11: Security Description TLV Fields Table A-12: Security Data |
| 49 | Figure A-2: Bitmap of the Common Criteria Identifier Table A-13: FIPS/ISO Level Identifiers Table A-14: Vulnerability Assessment |
| 50 | Table A-15: EAL Encodings Table A-16: Protection Profile Encoding |
| 51 | Figure A-3: Bitmap of the Security Analysis Identifier Table A-17: Development Security Table A-18: Certification Maintenance |
| 52 | Table A-19: Testing Method Encoding Table A-20: Vulnerability Assessment |
| 53 | A.2. ACD for a PD Product Table A-21: Playpen TLV Fields Table A-22: Vendor Extension TLV Fields Table A-23: Vendor Extension TLV Data Table A-24: Extension TLV Fields |
| 54 | A.3. ACD for a USB Product Table A-25: PD Product ACD TLVs Table A-26: USB Product ACD TLVs |
| 55 | B Cryptographic Examples B.1. Example Authentication Sequence B.2. Example Certificate Chain Topology |
| 59 | Table B-1: Version TLV Fields Table B-2: XID TLV Fields Table B-3: Power Source Capabilities TLV Fields Table B-4: Security Description TLV Fields |
| 60 | Table B-5: Playpen TLV Fields Table B-6: Vendor Extension TLV Fields |
| 62 | B.3. Example Authentication Signature Verification |
| 63 | C Potential Attack Vectors |
