“Why do wireless chargers need safety certification? The short answer is that Qi v1.3 of the Wireless Power Consortium (WPC) mandates safety certification because unsafe wireless chargers not only pose a security threat, but also affect user experience and safety. For example, the device could charge too slowly or too quickly, causing it to overheat (or worse, catch fire), or the battery could be damaged due to a mismanaged charging algorithm.
“
Author: Jeff Shepard
Why do wireless chargers need safety certification? The short answer is that Qi v1.3 of the Wireless Power Consortium (WPC) mandates safety certification because unsafe wireless chargers not only pose a security threat, but also affect user experience and safety. For example, the device could charge too slowly or too quickly, causing it to overheat (or worse, catch fire), or the battery could be damaged due to a mismanaged charging algorithm.
Regarding cybersecurity, identified attack vectors include side-channel attacks1 and hijacking and eavesdropping attacks2. Some “evil” chargers that people use in public places could exploit these vulnerabilities to allow the charger to access data on the phone, or simply disrupt the phone’s operation.
WPC is determined to tackle cybersecurity, user experience and security head-on. Now, if a user’s phone or other device is designed to the new Qi v1.3 standard, it must be charged with a Qi v1.3 charger, or it may not be able to charge. Even if it can be charged, it will be limited to charging at the slowest charging rate. To ensure this, Qi v1.3 mandates that a private key, including an X.509 certificate, is stored and protected by a certified Secure Storage Subsystem (SSS) in the charger to cryptographically authenticate the charging source.
When the device is placed on the charger, it requests safety certification. If a verified private key is not obtained from the charger, the device may reject the charger. The end result: older devices will continue to work under the new standard, but Qi v1.3 devices may not be able to charge with older chargers (Figure 1).
Figure 1: Devices using the new Qi v1.3 standard cannot be charged with uncertified chargers or chargers using earlier versions of the Qi standard. (Image source: Microchip Technology
To avoid private keys being exposed in any way and to support the chain of trust, all private keys involved must be stored in the charger’s SSS. WPC specifies three steps to secure the chain of trust for private keys (Figure 2):
・ A third-party root certificate authority (CA) creates a root certificate and its associated root private key, which are used to sign Manufacturer Certificate Signing Requests (CSRs). The manufacturer’s certificate is unique to each wireless charger company, and the product certificate is unique to each charger.
・Manufacturer CA (MFG Cert) creates a manufacturer certificate and protects its associated private key in a certified SSS.
• The public/private key pairs required for product authentication are generated and protected during the manufacturing process of the SSS. The private key is preconfigured within SSS in the charger, and SSS sends the CSR to the manufacturer CA that has been signed by the root certificate.
Figure 2: Using three steps to secure the chain of trust for private keys within SSS and secure authentication. (Image source: Microchip Technology)
Designers of wireless chargers can use Microchip’s ECC608-TFLXWPC as a preconfigured secure element that meets the safety certification requirements specified in Qi v1.3 (Figure 3). In addition to supporting Qi v1.3 secure authentication, the element also supports code authentication (secure boot), message authentication code (MAC) generation, trusted firmware updates, various key management protocols, and other root-of-trust-based operations. This component is designed to provide safety services to the microcontroller (MCU) or microprocessor (MPU) in the charger.
Figure 3: The ECC608-TFLXWPC is a preconfigured secure element that meets the security certification requirements specified in Qi v1.3. (Image source: Microchip Technology)
To help users get started, the CryptoAuthentication SOIC Xplained Pro Starter Kit includes the SAMD21-XPRO and AT88CKSCKTSOIC-XPRO socket boards and the Crypto Authentication sample device. This starter kit works with Microchip Technology’s CAL library and CAL Python tool; it supports I2C, Single Wire Interface (SWI) and SPI interface devices by setting the required switches on the socket board.
Figure 4: The CryptoAuthentication SOIC Xplained Pro Starter Kit includes the SAMD21-XPRO (Blue Board) and AT88CKSCKTSOIC-XPRO Socket Board (Red Board) as well as sample devices. (Image source: Microchip Technology)
Summarize
Wireless chargers designed according to the new Qi v1.3 standard must include security authentication using a mandatory chain of trust to ensure a good user experience and security, and to prevent cyber-attacks. Devices such as mobile phones that conform to the earlier Qi standard can be charged using chargers made to the v1.3 standard, but there is no guarantee that devices made to the v1.3 standard can be charged using older chargers. Therefore, it is the designer’s responsibility to implement Qi V1.3 quickly. As shown in this article, a number of ICs and development kits are available to advance Qi v1.3 development.
The Links: G170EG01 V0 2MB1300NB-060