The Wireless Power Consortium (WPC) has been very busy in the last few years, updating the ubiquitous Qi standard in many ways, and certainly as the world becomes more and more connected, security will remain top-of-mind when it comes to wireless charging. Version 1.3 of the Qi wireless charging specification added secure authentication.
Version 1.3 allowed Qi-enabled devices to verify the identity of chargers and their adherence to the Qi specification (Fig. 1). This made it possible to determine whether a charger is compatible with Qi standards so that it cannot damage or destroy the product it is charging. It’s essentially an extension of Qi Version 1.2 but adds a layer of protection (authentication) to ensure the phone and charger can work together. Qi 1.3 defines two power profiles, the baseline power profile that delivers an output up to 5 W and the extended power profile that increases this to 15 W.
Figure 1: One-way authentication via CryptoAuthLib (Source: Microchip Technology Inc.)
In brief, before charging can begin, the device to be charged (typically a smartphone) confirms that it is interacting with a Qi-certified charging device, and if it is, the smartphone, as an example, requests the most appropriate and safest level of charging. If authentication fails, the phone will cancel the request or reduce its output power to the 5 W (baseline) level.
To achieve authentication, charger manufacturers must include a public key infrastructure (PKI) called “Product Unit Certificates” embedded in their products. The key function refers to secure elements that create a secure vault next to the microcontroller embedded in the charger that stores critical information (Fig. 2). PKI is a very robust technique for providing authentication because it uses its own dedicated processor and memory rather than shared resources which would add a level of vulnerability.
Figure 2: Secure provisioning is mandated by the Qi 1.3 standard. (Source: Microchip Technology Inc.)
The concept of secure elements has been used in many applications for more than 15 years and is employed in credit cards, smart payment systems and cryptocurrency trading servers. Today, every smartphone manufacturer uses secure elements.
Secure authentication involves a secure manufacturing flow combined with a process that results in a Secure Storage Subsystem (SSS), commonly called a secure key storage device or secure elements. The phone will request a certificate and signature from the charger to verify that it is a WPC-certified product with a private key and sign a challenge issued by the phone proving knowledge of a secret without compromising it. The Qi 1.3 standard mandates that the private key be stored and protected by a certified SSS. Both the Elliptic Curve Digital Signature Algorithm and private key must be embedded within the same location to ensure its level of trust in authentication.
The SSS must prove its robustness to protect cryptographic keys based on the Common Criteria Joint Interpretation Library (JIL) vulnerability scoring system, first introduced in the mid-2000s to improve the efficiency and security of smart cards. It is now a robust benchmark for many other applications requiring security.
Other steps are also required to protect the level of trust when the charger is manufactured, with the goal of removing exposure to the private keys. To create this chain of trust, all private keys must be in a hardware secure module (HSM) at manufacturing sites or in the SSS in the charger. It then must determine how keys are generated, stored and chained together, which is achieved through a key ceremony. After completion, the chain of trust is now cryptographically established without exposure to external contract manufacturers or third parties. As a result, trust is created between WPC, the phone and the charger.
The certification process established by the WPC is quite complex and presents challenges for charger manufacturers, except for those with extensive expertise in compliance. As the microcontroller is the component that performs all the steps necessary for compliant operation, the certification process can be made much easier if designers work directly with the microcontroller manufacturer.
For example, Microchip was one of the first companies to combine all elements of this process, helping designers work through the various steps without the need to rely on multiple sources using what it calls the Trust Platform that allows onboarding of the company’s secure elements.
Microchip is a WPC-licensed manufacturing Certificate Authority and offers preconfigured secure storage subsystem solutions that handle the entire key ceremony with the WPC root certificate authority. It provides a certified reference design that includes the MCU, the Qi 1.3 software stack, SSS with a supporting crypto library and provisioning services for both automotive and consumer applications. Credentials are generated inside each secure element’s boundary with the company’s HSMs that are installed in Microchip’s factories.
Moving to Qi Rev 2
The next step for the WPC will be implementing the Qi Rev 2 standard, which is expected to be introduced later this year. It will make Qi charging more versatile while retaining all the critical security features established by Qi 1.3.
With a very high level of security already established, the Qi wireless charging standard will continue to evolve to meet the needs of more types of devices, especially those whose form factors have made them inaccessible to its impressive capabilities.
Advertisement
Learn more about Microchip Technology
