SECURE WIRELESS COMMUNICATION BETWEEN CONTROLLERS AND ACCESSORIES
First Claim
1. A method for controlling an accessory using a controller, the method comprising:
- establishing, by the controller, a session key usable to encrypt messages exchanged with the accessory;
determining, by the controller, write data to be written to a target characteristic of the accessory;
generating, by the controller, a first payload that comprises the write data and an identifier of the target characteristic, the first payload being encrypted with the session key;
sending, by the controller, a first instruction to the accessory, the first instruction comprising the first payload and an indication that the accessory should temporarily store the write data;
receiving, by the controller, a first response from the accessory, the first response comprising a first signed data block indicating that the accessory received the first instruction;
in response to receiving the first response, sending, by the controller, a second instruction to the accessory, the second instruction comprising a second payload indicating that the accessory should write the write data from the first payload to the target characteristic; and
receiving, by the controller, a second response from the accessory, the second response comprising a second signed data block indicating that the accessory received and executed the second instruction.
1 Assignment
0 Petitions
Accused Products
Abstract
A controller and an accessory controllable by the controller can communicate using secure read and write procedures. The procedures can include encrypting identifiers of accessory characteristics targeted by a read or write operation as well as any data being read or written. The procedures can also include the accessory returning a cryptographically signed response verifying receipt and execution of the read or write instruction. In some instances, a write procedure can be implemented as a timed write in which a first instruction containing the write data is sent separately from a second instruction to execute the write operation; the accessory can disregard the write data if the second instruction is not received within a timeout period after receiving the first instruction.
25 Citations
27 Claims
-
1. A method for controlling an accessory using a controller, the method comprising:
-
establishing, by the controller, a session key usable to encrypt messages exchanged with the accessory; determining, by the controller, write data to be written to a target characteristic of the accessory; generating, by the controller, a first payload that comprises the write data and an identifier of the target characteristic, the first payload being encrypted with the session key; sending, by the controller, a first instruction to the accessory, the first instruction comprising the first payload and an indication that the accessory should temporarily store the write data; receiving, by the controller, a first response from the accessory, the first response comprising a first signed data block indicating that the accessory received the first instruction; in response to receiving the first response, sending, by the controller, a second instruction to the accessory, the second instruction comprising a second payload indicating that the accessory should write the write data from the first payload to the target characteristic; and receiving, by the controller, a second response from the accessory, the second response comprising a second signed data block indicating that the accessory received and executed the second instruction. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An electronic device, comprising:
-
a wireless communication interface to communicate with an accessory; one or more processors coupled to the wireless communication interface, the one or more processors being configured to; establish, via the wireless communication interface, a session key usable to encrypt messages exchanged with the accessory; determine write data to be written to a target characteristic of the accessory; generate a first payload that comprises the write data and an identifier of the target characteristic, the first payload being encrypted with the session key; send, via the wireless communication interface, a first instruction to the accessory, the first instruction comprising the first payload and an indication that the accessory should temporarily store the write data; receive, via the wireless communication interface, a first response from the accessory, the first response comprising a first signed data block indicating that the accessory received the first instruction; send, in response to receiving the first response, a second instruction to the accessory via the wireless communication interface, the second instruction comprising a second payload indicating that the accessory should write the write data from the first payload to the target characteristic; and receive, via the wireless communication interface, a second response from the accessory, the second response comprising a second signed data block indicating that the accessory received and executed the second instruction. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A computer-readable storage medium having stored therein program code that, when executed by one or more processors of an accessory device, cause the one or more processors to perform operations comprising:
-
establishing a session key usable to encrypt messages exchanged with the controller; receiving a first instruction from the controller, the first instruction comprising a first payload encrypted with the session key; extracting from the first payload write data and an identifier of a target characteristic to which the write data is to be written; sending a first response to the controller, the first response comprising a first signed data block indicating that the accessory received the first instruction; receiving a second instruction from the controller, the second instruction comprising a second payload indicating that the accessory should write the write data from the first payload to the target characteristic; determining whether the second instruction is received within a time to live after sending the first response; in response to determining that the second instruction is not received within the time to live, ignoring the second instruction; and in response to determining that the second instruction is received within the time to live, executing the second instruction, the execution of the second instruction comprising writing the write data from the first payload to the target characteristic. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
-
21. An electronic device, comprising:
-
a wireless communication interface to communicate with a controller; one or more processors coupled to the wireless communication interface, the one or more processors being configured to; establish, via the wireless communication interface, a session key usable to encrypt messages exchanged with the controller; receive, via the wireless communication interface, a first instruction from the controller, the first instruction comprising a first payload encrypted with the session key; extract, from the first payload, write data and an identifier of a target characteristic to which the write data is to be written; send, via the wireless communication interface, a first response to the controller, the first response comprising a first signed data block indicating that the electronic device received the first instruction; receive, via the wireless communication interface, a second instruction from the controller, the second instruction comprising a second payload indicating that the electronic device should write the write data from the first payload to the target characteristic; determine whether the second instruction is received within a time to live after sending the first response; in response to determining that the second instruction is not received within the time to live, ignore the second instruction; and in response to determining that the second instruction is received within the time to live, execute the second instruction, the execution of the second instruction comprising writing the write data from the first payload to the target characteristic. - View Dependent Claims (22, 23, 24, 25, 26, 27)
-
Specification