Uniform communication protocols for communication between controllers and accessories
First Claim
1. A method performed by a controller device, the method comprising:
- transmitting, by the controller device, a pair setup start request to an accessory device;
receiving, from the accessory device, a random salt and a first public key;
acquiring a setup code;
creating, by the controller device, a secure remote password session with the accessory device based at least in part on the setup code;
generating, by the controller device, a second public key;
generating, by the controller device, a controller proof for proving controller identity of the controller device; and
during the secure remote password session;
transmitting, to the accessory device, a verification request including the second public key and the first identity proof;
receiving, from the accessory device, an accessory proof for proving accessory identity of the accessory device;
verifying the accessory proof;
encrypting, using an encryption key, a controller long term public key to generate encrypted data and a first authentication tag;
transmitting, to the accessory device, the encrypted data and the first authentication tag;
receiving, from the accessory device, a second authentication tag; and
when the second authentication tag is verified, establishing a pairing with the accessory device in response to decrypting and storing an accessory long term public key.
0 Assignments
0 Petitions
Accused Products
Abstract
A uniform protocol can facilitate secure, authenticated communication between a controller device and an accessory device that is controlled by the controller. An accessory and a controller can establish a pairing, the existence of which can be verified at a later time and used to create a secure communication session. The accessory can provide an accessory definition record that defines the accessory as a collection of services, each service having one or more characteristics. Within a secure communication session, the controller can interrogate the characteristics to determine accessory state and/or modify the characteristics to instruct the accessory to change its state.
104 Citations
17 Claims
-
1. A method performed by a controller device, the method comprising:
-
transmitting, by the controller device, a pair setup start request to an accessory device; receiving, from the accessory device, a random salt and a first public key; acquiring a setup code; creating, by the controller device, a secure remote password session with the accessory device based at least in part on the setup code; generating, by the controller device, a second public key; generating, by the controller device, a controller proof for proving controller identity of the controller device; and during the secure remote password session; transmitting, to the accessory device, a verification request including the second public key and the first identity proof; receiving, from the accessory device, an accessory proof for proving accessory identity of the accessory device; verifying the accessory proof; encrypting, using an encryption key, a controller long term public key to generate encrypted data and a first authentication tag; transmitting, to the accessory device, the encrypted data and the first authentication tag; receiving, from the accessory device, a second authentication tag; and when the second authentication tag is verified, establishing a pairing with the accessory device in response to decrypting and storing an accessory long term public key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A non-transitory computer-readable storage medium having stored therein program code that, when executed by one or more processors of a controller device, cause the one or more processors to perform operations comprising:
-
transmitting a pair setup start request to an accessory device; receiving, from the accessory device, a random salt and a first public key; acquiring a setup code; creating a secure remote password session with the accessory device based at least in part on the setup code; generating a second public key; generating a controller proof for proving controller identity of the controller device; and during the secure remote password session; transmitting, to the accessory device, a verification request including the second public key and the first identity proof; receiving, from the accessory device, an accessory proof for proving accessory identity of the accessory device; verifying the accessory proof; encrypting, using an encryption key, a controller long term public key to generate encrypted data and a first authentication tag; transmitting, to the accessory device, the encrypted data and the first authentication tag; receiving, from the accessory device, a second authentication tag; and when the second authentication tag is verified, establishing a pairing with the accessory device in response to decrypting and storing an accessory long term public key. - View Dependent Claims (11, 12, 13)
-
-
14. A controller device, comprising:
-
a wireless communication interface to communicate with an accessory; and one or more processors coupled to the wireless communication interface, the one or more processors being configured to; transmit a pair setup start request to an accessory device; receive, from the accessory device, a random salt and a first public key; acquire a setup code; create a secure remote password session with the accessory device based at least in part on the setup code; generate a second public key; generate a controller proof for proving controller identity of the controller device; and during the secure remote password session; transmit, to the accessory device, a verification request including the second public key and the first identity proof; receive, from the accessory device, an accessory proof for proving accessory identity of the accessory device; verify the accessory proof; encrypt, using an encryption key, a controller long term public key to generate encrypted data and a first authentication tag; transmit, to the accessory device, the encrypted data and the first authentication tag; receive, from the accessory device, a second authentication tag; and when the second authentication tag is verified, establish a pairing with the accessory device in response to decrypting and storing an accessory long term public key. - View Dependent Claims (15, 16, 17)
-
Specification