How to ensure the safety of Qi wireless charging?

okhxyyo · Published on 2023-12-20 10:27

How to ensure the safety of Qi wireless charging? [Copy link]

Share a piece of news with you, you can follow to learn how to ensure the safety of Qi wireless charging

Original text: https://news.eeworld.com.cn/dygl/ic657347.html

Over the past few years, the Wireless Power Consortium (WPC) has been busy updating the widely adopted Qi standard in a number of ways. Of course, as the world becomes more connected, wireless charging security is always a top concern. Version 1.3 of the Qi wireless charging specification adds secure authentication capabilities.

Version 1.3 allows Qi-enabled devices to verify the identity of a charger and its compliance with the Qi specification (Figure 1) . This allows for determination of the charger's compliance with the Qi standard to ensure it does not damage or destroy the product being charged. It is essentially an extension of Qi version 1.2, but with an added layer of protection (authentication) to ensure the phone and charger can work together. Qi 1.3 defines two power profiles, a baseline power profile that can deliver up to 5W of output, and an extended power profile that increases output to 15W.

Figure 1. One-way authentication via CryptoAuthLib

In simple terms, before charging begins, the device to be charged (usually a smartphone) confirms that it is interacting with a Qi-certified charging device. For example, if it is a smartphone, it will request the most appropriate and safest charging power. If the authentication fails, the phone will cancel the request or the charger will reduce its output power to 5W (baseline).

To achieve authentication, charger manufacturers must include a public key infrastructure (PKI) called a “product unit certificate” in their products. This critical function is achieved by creating a secure element that sits next to the microcontroller embedded in the charger to store critical information (Figure 2). PKI is an ultra-reliable technology for providing authentication because it uses its own dedicated processor and memory rather than shared resources, thereby reducing security risks.

Figure 2. Qi 1.3 standard requires security configuration

The concept of secure elements has been used in many applications for more than 15 years and is widely adopted in credit cards, smart payment systems and cryptocurrency exchange servers. Today, every smartphone manufacturer uses secure elements.

Secure authentication involves a secure production process combined with the use of a process that forms a secure storage subsystem (SSS), often referred to as a secure key storage device or secure element. The phone will ask the charger for a certificate and signature to verify that it is a WPC certified product with a private key and to sign the challenge issued by the phone, proving that it has access to the confidential information and has not disclosed it. The Qi 1.3 standard requires that the private key must be stored and protected by a certified SSS. Both the ECDSA and the private key must be in the same location to ensure its level of trust in authentication.

SSS must demonstrate its robustness in protecting cryptographic keys according to the Common Criteria Joint Interpretation Library (JIL) vulnerability scoring system, which was first introduced in the mid-2000s to improve the efficiency and security of smart cards. It has now become a robust benchmark for many other applications that require security features.

When manufacturing the charger, additional steps are required to protect the trust level, with the goal of eliminating exposure to private keys. To build this chain of trust, all private keys must be located in a hardware security module (HSM) at the production site or within the SSS of the charger. Then, it must be determined how these private keys are generated, stored, and form a chain of trust, which is achieved through key ceremonies. Once completed, the chain of trust has now been established through cryptographic means without being exposed to external contract manufacturers or third parties. As a result, trust is established between the WPC, the phone, and the charger.

The certification process established by WPC is quite complex and poses challenges to all but those manufacturers with extensive expertise in compliance. Since the MCU is the component that performs all the necessary compliance steps, the certification process can be greatly simplified if the designer works directly with the MCU manufacturer.

Towards Qi version 2

The next step for the WPC is to implement the Qi version 2 standard, which is expected to be launched later this year. It will enable more diverse ways to charge with Qi while retaining all the key safety features established by Qi 1.3.

The Qi wireless charging standard has established an extremely high level of safety and is constantly being improved to meet the needs of more types of devices, especially those whose excellent functions are out of reach due to their form factor.