HK1114196B - Portable electronic device for receiving accessory devices - Google Patents
Portable electronic device for receiving accessory devices Download PDFInfo
- Publication number
- HK1114196B HK1114196B HK08103946.1A HK08103946A HK1114196B HK 1114196 B HK1114196 B HK 1114196B HK 08103946 A HK08103946 A HK 08103946A HK 1114196 B HK1114196 B HK 1114196B
- Authority
- HK
- Hong Kong
- Prior art keywords
- authentication
- accessory
- host
- accessory device
- media
- Prior art date
Links
Description
Technical Field
The present invention relates to electronic devices, and more particularly to electronic devices that receive accessory devices, such as media players.
The media player stores media assets, such as audio tracks or photos, that can be displayed or played on the media player. An example of a media player is available from Apple Computer, Inc. of Cupertino, CAA media player. Typically, a media player obtains its media assets from a host computer, which functions to enable a user to manage the media assets. As an example, the host computer mayTo execute a media management application for managing media assets. An example of a media management application is that available from Apple Computer corporation
A media player typically includes one or more connectors or ports that can be used as an interface with the media player. For example, a connector or port enables the media player to couple to a host computer, plug into a docking system, or receive an accessory device. There are currently many different types of accessory devices that can be interconnected to a media player. For example, a remote controller may be connected to a connector or port to allow a user to remotely control the media player. As another example, an automobile may include a connector and a media player may be inserted into the connector so that a media system of the automobile may interact with the media player to allow media content on the media player to be played within the automobile.
Currently, the connectors or ports of media players are generally free for use as long as compatible connectors or ports are used. Accordingly, many third parties have developed accessory devices for media players of other manufacturers. One difficulty is that the manufacturer of the media player cannot control the various accessory devices that can be connected to the coal player. This is problematic because third party accessory devices can be inferior, error prone, disruptive (e.g., resource leaking), or even damaging to the media player itself. Another problem is that third party accessory devices that are not authorized by the manufacturer of the media player may attempt to use the features of the media player in an inappropriate or undesirable manner.
Accordingly, there is a need for improved techniques that enable manufacturers of electronic devices to control the nature and extent of accessory devices that may be used with their electronic devices.
Disclosure of Invention
Broadly speaking, the present invention pertains to improved techniques for controlling the use of accessory devices with electronic devices. The improved techniques may use cryptographic methods to authenticate electronic devices, i.e., electronic devices that are interconnected and in communication with each other.
One aspect of the present invention pertains to techniques for authenticating an electronic device, such as an accessory device. Another aspect of the invention pertains to providing software features (e.g., functionality) by or for an electronic device, such as a host device. Different electronic devices may be provided, for example, according to different degrees or levels of authentication or according to manufacturer or product. Another aspect of the invention pertains to converting an external device (e.g., a USB device) to a host device (e.g., a USB host) using an accessory (or adapter). Embodiments of the invention may relate to one or more of these or other aspects disclosed herein.
The invention can be implemented in numerous ways, including as a method, system, device, apparatus (including graphical user interface), or computer readable medium. Several embodiments of the invention are described below.
As a portable electronic device, one embodiment of the invention includes at least: a media storage device storing media content for one or more media items; a media presentation module that retrieves media content for at least one of the media items from a media storage device and causes the media content to be presented to a user of the portable electronic device; an authentication table storing authentication information for various accessory devices authorized to couple to and interact with the portable electronic device; and an authentication module that determines whether a particular accessory device coupled to the portable electronic device is authorized to interoperate with the portable electronic device based on at least a portion of the authentication information stored in the authentication table.
As an accessory device for a portable electronic device, one embodiment of the invention includes at least: an input/output port for interacting with a portable electronic device; an authentication algorithm; an authentication key associated with the accessory device; an authentication controller operatively connected to the input/output port for performing an authentication operation using at least the authentication algorithm and the authentication key; accessory circuitry that performs operations associated with an accessory device.
As a connector for connecting an accessory device to a media player, one embodiment of the invention includes at least: a connector body; a plurality of electrical contacts attached within the connector body and for providing an electrical connection between the accessory device and the media player; and a controller disposed within the connector body and providing an authentication key that allows the accessory device to be authenticated by the media player.
As a method for authorizing an accessory device for use with an electronic device, one embodiment of the invention includes at least the following activities: receiving a device identifier from an accessory device; receiving an authentication value from an accessory device; determining whether the accessory device is authentic based on the authentication value; and authorizing the accessory device for use with the electronic device when the accessory device is determined to be authentic.
As a method of authorizing an accessory device for use with an electronic device, another embodiment of the invention includes at least the following activities: detecting attachment of an accessory device to an electronic device; upon detecting attachment of the accessory device, sending a random number to the accessory device; subsequently receiving an encoded value from the accessory device; receiving a device identifier from an accessory device; obtaining a cryptographic key based on the device identifier; decoding the encoded value using the cryptographic key to produce a decoded value; determining whether the decoded value corresponds to the random number; and authorizing the accessory device for use with the electronic device when the decoded value is determined to correspond to the random number.
As a method for authorizing an accessory device for use with an electronic device, another embodiment of the invention includes at least the following activities: detecting attachment of an accessory device to an electronic device; upon detecting attachment of the accessory device, sending an authentication request including at least one random number to the accessory device; subsequently receiving an authentication response from the accessory device, the authentication response being a response to the authentication request and the authentication response including at least the encoded value and the device identifier of the accessory device; obtaining a cryptographic key based on the device identifier; decoding the encoded value using the cryptographic key to produce a decoded value; and authorizing the accessory device for use with the electronic device based on a correspondence between the decoded value and the random number.
As a method for authorizing an accessory device for use with an electronic device, another embodiment of the invention includes at least the following activities: receiving a random number from an electronic device; encoding the random number using a cryptographic key provided within the accessory device, thereby generating an encoded value; and transmitting the encoded value and the device identifier to the electronic device.
As a method of controlling interaction between a media player and an accessory device, one embodiment of the invention includes at least the following activities: determining a classification of the accessory device; identifying an authorization level of the accessory device; and selectively activating a feature of a media device that can be used in conjunction with the accessory device based on the classification and authorization level of the accessory device.
As a media player system, one embodiment of the invention includes at least: a media player that stores media content and supports a plurality of predetermined functions, and an accessory device that is connectable to the media player. The media player interacts with the accessory device to perform an authentication process, and based on the authentication process, specific functions of the media player are selectively activated so as to be available for use by the accessory device.
Other aspects and advantages of the present invention will become apparent from the following detailed description, taken in conjunction with the accompanying drawings, illustrating by way of example the principles of the invention.
Drawings
The present invention will be readily understood by the following detailed description in conjunction with the accompanying drawings, wherein like reference numerals designate like structural elements, and in which:
FIG. 1A is a block diagram of an accessory authentication system according to one embodiment of the present invention;
FIG. 1B is a block diagram of an accessory authentication system according to another embodiment of the present invention;
FIG. 1C is a block diagram of an accessory authentication system according to another embodiment of the present invention;
FIG. 2A is a block diagram of an authentication controller according to one embodiment of the present invention;
FIG. 2B is a block diagram of an authentication manager according to one embodiment of the invention;
FIG. 3 is a block diagram of an authentication device according to one embodiment of the present invention;
FIG. 4A is a flow diagram of a host authentication process according to one embodiment of the invention;
FIG. 4B is a flow diagram of accessory authentication processing according to one embodiment of the invention;
FIGS. 5A and 5B are a flow diagram of host device processing according to one embodiment of the invention;
FIGS. 6A and 6B are flow diagrams of accessory device processing according to one embodiment of the invention;
FIG. 6C is a diagram of an authorization table according to one embodiment of the invention;
FIGS. 7A and 7B are a flow diagram of accessory device processing according to one embodiment of the invention;
8A-8C are flow diagrams of host device processing according to one embodiment of the invention;
9A-9C are flow diagrams of accessory device processing according to one embodiment of the invention;
FIGS. 10A and 10B are a flow diagram of host device processing according to one embodiment of the invention;
FIG. 11 is a block diagram of a media management system according to one embodiment of the invention;
fig. 12 is a block diagram of a media player according to one embodiment of the invention.
Detailed Description
The present invention pertains to improved techniques for controlling the use of accessory devices with electronic devices. The improved techniques may use cryptographic methods to authenticate electronic devices, i.e., electronic devices that are interconnected and in communication with each other.
The improved techniques are particularly applicable to electronic devices, such as media devices, that can receive accessory devices. One example of a media device is a media player, such as a handheld media player (e.g., a music player), that can render (e.g., play) media items (or media assets). Examples of accessories for media devices include: tape recorders, FM transceivers, peripheral bus devices (e.g., FireWire)Or a USB device), a media device (e.g., a media reader, a display, a camera, etc.), a power source (e.g., a power adapter, a battery pack, etc.), a speaker (e.g., a headset or speaker system), a remote control device, a network device, or an automotive integrated unit.
One aspect of the present invention pertains to techniques for authenticating an electronic device, such as an accessory device. Another aspect of the invention pertains to providing software features (e.g., functions) by or for an electronic device (e.g., a host device). Different electronic devices may be provided, for example, according to different degrees or levels of authentication or according to manufacturer or product. Another aspect of the invention pertains to converting a peripheral device (e.g., a USB device) to a host device (e.g., a USB host) using an accessory (or adapter). Embodiments of the invention may relate to one or more of these or other aspects disclosed herein.
Embodiments of the present invention are discussed below with reference to fig. 1-12. However, those skilled in the art will readily appreciate that the detailed description given herein with respect to these figures is for explanatory purposes as the invention extends beyond these limited embodiments.
FIG. 1A is a block diagram of an accessory authentication system 100 according to the present invention. The accessory authentication system 100 includes a mobile computing device 102. The mobile computing device 102 may also be referred to as a host device. Additionally, the mobile computing device 102 may pertain to, for example, a media player, a personal digital assistant, or a mobile telephone. The mobile computing device 102 includes a connector port 104 for receiving a connector.
The accessory authentication system 100 also includes an authentication device 106 having a connector 108 and a connector port 110. The authentication device 106 may be attached to the mobile computing device 102. Specifically, when the authentication device 106 is attached to the mobile computing device 102, the connector 108 of the authentication device 106 is received by the connector port 104 of the mobile computing device 102. When the connector 108 is coupled within the connector port 104, the authentication device 106 physically and electronically connects to the mobile computing device 102.
The accessory authentication system 100 also includes an accessory device 112. When the accessory device 112 is interconnected with the mobile computing device 102 through the authentication device 106, the accessory device 112 provides certain functionality to the mobile computing device 102. To facilitate such interconnection, accessory device 112 includes a connector 114 and a cable 116. A cable 116 connects the connector 114 to the accessory device 112. The connector 114 may be coupled to the connector port 110 of the authentication device 106. When such a connection is made, the accessory device 112 is in electronic communication with the mobile computing device 102 through the authentication device 106.
Although the accessory authentication system 100 includes the connector 114 and the end of the cable 116, the connector 114 may be integrated within the accessory device 112. In other words, in another embodiment, the cable 116 is not required.
According to one aspect of the invention, the authentication device 106 functions to authenticate itself to the mobile computing device 102. Authentication-enabled device and mobile computingThe devices 102 interact. In addition, once authorized, the nature and extent of interaction between the authenticated device 106 (or the accessory device 102) and the mobile computing device 102 can be controlled. Thus, once authorized, the mobile computing device 102 may consider the authentication device 106 to be a trusted partner, allowing it to access functions, features, or operations of the mobile computing device 102. On the other hand, if the mobile computing device 102 determines that the authentication device 106 is not associated with a trusted partner, the mobile computing device 102 may block or limit interaction with the authentication device 106 or the accessory device 112. The authentication device 106 itself may be considered an accessory device of the mobile computing device 102. In one embodiment, authentication device 106 functions as a bus interface adapter such as USB or FireWireThe function of the adapter. In such embodiments, the authentication device 106 functions to enable the mobile computing device 102 to communicate with a bus host device (e.g., USB or FireWire)Host) of the matching. Accessory device 112 advantageously need only be a bus peripheral (e.g., USB or FireWire)Device) operation.
FIG. 1B is a block diagram of an accessory authentication system 150 according to another embodiment of the invention. The accessory authentication system 150 includes a mobile computing device 152 having a connector port 154. The mobile computing device 152 may also be referred to as a host device. Additionally, the mobile computing device 152 may pertain to, for example, a media player, a personal digital assistant, or a mobile telephone.
The accessory authentication system 150 also includes an accessory device 156. The accessory device 156 includes a connector 158 and an authentication device 160. In this embodiment, the authentication device 160 is built into the accessory device 156. The accessory device 156 can be coupled to the mobile computing device 152 by inserting the connector 158 into the connector port 154. Once such a connection is established, the accessory device 156 is electronically connected to the mobile computing device 152. However, the mobile computing device 152 can interact with the authentication device 160 to enable the mobile computing device 152 to authenticate the accessory device 156. When authenticated, the accessory device 156 is considered authorized to interact with the mobile computing device 152. Once authorized, the nature and extent of interaction between the accessory device 156 and the mobile computing device 152 can be controlled. Thus, once authorized, mobile computing device 152 can consider accessory 156 to be a trusted partner (or associated with a trusted partner), allowing it to access functions, features, or operations of mobile computing device 152. On the other hand, if the mobile computing device 152 determines that the accessory device 156 is not a trusted partner (or is not associated with a trusted partner), the mobile computing device 152 may prevent or limit interaction with the accessory device 156.
Fig. 1C is a block diagram of an accessory authentication system 170 according to another embodiment of the invention. The accessory authentication system 170 includes a mobile computing device 172 having a connector port 174. The mobile computing device 172 may also be referred to as a host device. The mobile computing device 172 may, for example, pertain to a media player, a personal digital assistant, or a mobile telephone. The accessory authentication system 170 also includes an accessory device 176. The accessory device 176 includes a connector 178 and an authentication device 180. In this embodiment, the authentication device 180 is coupled to the connector 178 or integrated with the connector 178. The authentication device may be relatively small and thus coupled to the connector 178 or integrated with the connector 178. By providing the authentication device 180 within the connector 178, an accessory device providing an authentication function can be easily manufactured.
The accessory device 176 can be coupled to the mobile computing device 172 by inserting the connector 178 into the connector port 174. Once such a connection is established, the accessory device 176 is electronically connected to the mobile computing device 172. However, the mobile computing device 172 may interact with the authentication device 180 to enable the mobile computing device 172 to authenticate the accessory device 176. When authenticated, the accessory device 176 is considered authorized to interact with the mobile computing device 172. Once authorized, the nature and extent of interaction between the accessory device 176 and the mobile computing device 172 can be controlled. Thus, once authorized, mobile computing device 172 may consider accessory 176 as a trusted partner (or associated with a trusted partner), allowing it to access functions, features, or operations of mobile computing device 172. On the other hand, if the mobile computing device 172 determines that the accessory device 176 is not a trusted partner (or is not associated with a trusted partner), the mobile computing device 172 may prevent or limit interaction with the accessory device 172.
In addition, although fig. 1A-1C refer to an authentication device for authenticating an accessory device for a mobile computing device, it should be understood that such an authentication device may alternatively be used to authenticate a mobile computing device for an accessory device. In any case, the authentication to be performed is performed in a secure manner, such as using cryptographic techniques. Cryptographic techniques not only serve primarily to prevent the use of fake accessory devices, but also reduce the chance of "spoofing". In one embodiment, the cryptographic technique forms a valid digital signature using a public-private key set.
Fig. 2A is a block diagram of an authentication controller 200 according to one embodiment of the present invention. The authentication controller 200 includes a processor 202, Random Access Memory (RAM)204, and Read Only Memory (ROM) 206. The ROM206 includes a private key 208 and an authentication algorithm 210. The authentication controller 200 also receives a power line 212 and a communication bus (link) 214. For example, the power line 212 and the communication bus 214 may be provided by a connector of the authentication controller 200, such as the connector 108 shown in fig. 1A, the connector 158 shown in fig. 1B, or the connector 178 shown in fig. 1C.
The processor 202 typically interacts with the mobile computing device (via the communication bus 214) to authenticate the accessory device (or authentication device). During the authentication process, the processor 202 uses an authentication algorithm 210 and a private key 208 stored within the authentication controller 200. Authentication algorithm 210 may vary from implementation to implementation, and suitable authentication algorithms are known to those skilled in the art.
Although not shown in fig. 2A, the authentication controller 200 or an authentication device or accessory device that includes or utilizes the authentication controller 200 may also include a device identifier and additional circuitry. The device identifier may for example belong to a product identifier and/or a manufacturer identifier. The additional circuitry may vary from implementation to implementation. When the additional circuitry is within the accessory device, the additional circuitry may be referred to as accessory circuitry.
In one embodiment, authentication controller 200 is implemented on a single integrated circuit (i.e., a single chip). By providing authentication controller 200 on a single integrated circuit, external access to private key 208 and authentication algorithm 210 may be substantially avoided. As a result, the authentication process is not only cryptographically secure, but also physically secure due to limited physical access.
Fig. 2B is a block diagram of authentication manager 250 according to one embodiment of the invention. The authentication manager 250 is provided within an electronic device, such as the mobile computing device 102 shown in fig. 1A, the mobile computing device 152 shown in fig. 1B, or the mobile computing device 172 shown in fig. 1C, for example. In this embodiment, the authentication manager 250 of the electronic device authenticates the accessory device (or authentication device).
Authentication manager 250 includes authentication module 252, authorization table 254, and port interface 256. Authentication module 252 operates to assess whether a particular accessory device (or authentication device) coupled to port interface 256 is authentic and thereby allows interoperability with the electronic device. Port interface 256 may provide a power and communication bus 258 to an accessory device (or authentication device). Authorization table 254 stores authentication information used by authentication module 252 to evaluate whether an accessory device (or authentication device) is authentic. As previously described, authentication manager 250 is provided within an electronic device, which may be referred to as a host device.
An electronic device (or host device) typically has various operating features that can be invoked or utilized. In one embodiment, an accessory device authenticated by authentication manager 250 can have full access to all available features on an electronic device (or host device). In another embodimentIn an embodiment, authorization table 254 may control the manner in which features of an electronic device or host device are available to an accessory device. As an example, if the electronic device (or host device) provides a number of different features that may be utilized, authorization table 254 may contain an indication of which of these available features are allowed to be utilized by a particular accessory device. For example, the authorizations may be ranked or categorized, each of them having a different authorization. Authorization may also indicate the manner in which different features are authorized for use. Thus, the use of features is authorized in a limited manner. For example, a feature is authorized for use on a slow communication interface (e.g., serial) with an electronic device, and a fast communication interface (e.g., FireWire) with an electronic device is not authorizedOr USB). In other words, in this example, the features are only authorized for use on certain interface mechanisms.
Fig. 3 is a block diagram of an authentication device 300 according to one embodiment of the present invention. In this embodiment, the authentication device 300 contains not only circuitry for authentication of itself or an accessory device coupled thereto, but also additional circuitry for providing other functionality by the authentication device 300. Specifically, the authentication device 300 is designed to be coupled to an electronic device and connected to an accessory device. As shown in fig. 3, the authentication device 300 includes a controller 302 that includes a memory 304. As an example, the controller 302 may belong to the authentication controller 200 shown in fig. 2A. The controller 302 may be coupled to a port connector 306, which port connector 306 may in turn be connected to an electronic device. The port connector 306 may provide power from the electronics to the controller 302 and the boost converter 308 via a power line (Pin). In addition, the controller 302 may communicate with the electronic device through the port connector 306 by means of transmission and reception communication lines (TX, RX). Through such communication, the electronic device can determine whether the authentication device 300 is authorized for use with the electronic device. If the electronic device determines that authentication device 300 is authorized, controller 302 may enable boost converter 208 using an enable credit (EN). Once enabled, the boost converter 308, which receives an input voltage on the power line (Pin) from the port connector 306, may output a boosted output voltage on the power line (Pout) to the USB connector 310. For example, the input voltage may be 3.3V and the boosted output voltage may be 5.0V. The USB connector 310 also receives a pair of differential data lines (D +, D-) from the port connector 306 to allow data transfer between the electronic device and an accessory device that may be coupled to the USB connector 310.
In this embodiment, the authentication device 300 may operate to convert an electronic device into a host device, such as a USB host. Typically, the electronic device is a USB device, not a host device, but the attachment of authentication device 300 to the electronic device may convert the electronic device to a host device. The host device may be USB compatible so that any USB device may be connected to USB connector 310. In this case, any accessory with a USB port can be connected to the electronic device through the authentication device 300.
The authentication techniques employed by the present invention can be used to allow the host device to authenticate the accessory device, or can allow the accessory device to authenticate the host device. The authentication process between the host device and the accessory device can be initiated at any time during the coupling between the authentication device and the host device. For example, the authentication process can be initiated upon connecting the accessory device to the host device, upon first using the restricted feature, or periodically.
Fig. 4A is a flow diagram of an authentication process 400 according to one embodiment of the invention. Host authentication process 400 is performed by, for example, a host device.
Host authentication process 400 initially receives 402 a device identifier associated with an accessory device to be authenticated. Additionally, an authentication value is received 404 from the accessory device. Here, the host device performs authentication processing; thus, the accessory device provides the authentication value to the host device. In one embodiment, the accessory device utilizes a random number and a private key in determining the authentication value. The random number may be provided to the accessory device by the host device or may be derived from the accessory device.
Next, host authentication process 400 determines 406 whether the accessory device is authentic based on the authentication value and the device identifier. A decision 408 then determines whether the accessory device is authentic based on the determination made at block 406. When the decision 408 determines that the accessory device has been determined to be authentic, then the accessory device is authorized 410 for use with the host device. The nature of authorization 410 usage may vary depending on the implementation. For example, use of authorization 410 may allow full use of the accessory device or may allow limited use of the accessory device.
On the other hand, when the decision 408 determines that the accessory device is not trusted, then block 410 is bypassed such that the accessory device is not authorized for use with the host device. In this case, the accessory device is generally restricted or prevented from being used with the host device because the accessory device is not determined to be authentic. After block 410 or bypass block 410, the host authentication process 400 is complete and ends.
FIG. 4B is a flow diagram of accessory authentication processing according to one embodiment of the invention. The accessory authentication process 450 is performed by, for example, an accessory device.
The accessory authentication process 450 sends 452 a private key identifier associated with the accessory device to the host device. The host device uses the private key identifier to obtain the appropriate private key that the host device uses in generating the authentication value that is sent to the accessory device. The accessory device receives 454 the authentication value from the host device.
Next, accessory authentication process 450 determines 456 whether the host device is authentic based on the authentication value and the public key. Typically, the public key is provided internally to the accessory device. A decision 458 then determines whether the host device is determined to be trusted. When the decision 458 determines that the host device has been deemed trusted, then the host device is authorized 460 for use with the accessory device. The nature of the authorization 460 usage may vary depending on the implementation. For example, use of authorization 460 may allow full use of the host device, or may allow limited use of the host device.
On the other hand, when the decision 458 determines that the host device is not trusted, then block 460 is bypassed, thereby substantially limiting or preventing use of the host device with the accessory device. After block 460 or bypass block 460, the accessory authentication process 450 is complete and ends.
Fig. 5A and 5B are a flow diagram of host device processing 500 according to one embodiment of the invention. Host device process 500 is performed by an electronic device, such as mobile computing device 152 shown in fig. 1A, mobile computing device 152 shown in fig. 1B, or mobile computing device 172.
The host device process 500 begins with a decision 502, decision 502 determining whether authentication information has been received from the accessory device. When the decision 502 determines that authentication information has not been received, the host device process 500 waits for receipt of authentication information. Once the decision 502 determines that authentication information has been received at the host device, the host device process 500 continues. That is, a random number is generated 504 at the host device. Typically, the random number is randomly generated 504 at the host device, such as using a random number generator. Next, an authentication request is sent 506 to the accessory device. Here, the authentication request includes at least a random number.
A decision 508 then determines whether an authentication response has been received from the accessory device. When the decision 508 determines that an authentication response has not yet been received, then the host device process 500 awaits receipt of such an authentication response. Once the decision 508 determines that an authentication response has been received, the encoded digits and the device identifier are extracted 510 from the authentication response.
Using the device identifier, a public key may then be obtained 512. In one embodiment, the host device includes a plurality of public keys assigned to respective different accessory devices. In such embodiments, the device identifier may be used to specify a particular accessory device and thereby allow selection of an appropriate one of the public keys. The encoded number is then cryptographically decoded 514 using the public key to produce a decoded number. The decoded number is then compared 516 to a random number. In other words, a decoded number derived from the encoded number received from the accessory device in the authentication response is compared to the random number previously sent to the accessory device in the authentication request. A decision 518 then determines whether the decoded number matches a random number. When the decision 518 determines that the decoded number does not match the random number, the user can optionally be notified that the accessory device is unauthorized. Such notification may be accomplished by visual means or audio means. For example, the visual notification can be presented on a display device associated with the host device or the accessory device.
In another aspect, when the decision 518 determines that the decoded number does not match the random number, a characterization of the authorization associated with the device identifier is obtained 522. Then, use of the authorized feature is enabled 524. Next, a decision 526 can determine whether to remove (or detach) the accessory device from the host device. When the determination 526 does not remove the accessory device, then the host device process 500 can continue to allow use of the authorized features. However, once the decision 526 determines that the accessory device has been removed, use of all features of the host device is disabled 528. In other words, as an example, it may be considered that the use of authorized features is enabled during one session. The session can remain active as long as the accessory device remains attached to the host device. Once disassembled, the session ends and subsequent re-attachments require re-authentication. After operation 528, and after operation 520, the host device process 500 is complete and ends.
Fig. 6A and 6B are flow diagrams of accessory device processing 600 according to one embodiment of the invention. The accessory device process 600 is performed by an accessory device, such as accessory device 112 shown in FIG. 1A, accessory device 156 shown in FIG. 1B, or accessory device 176 shown in FIG. 1C. Accessory device process 600 represents the pairing process of host device process 500 shown in fig. 5A and 5B.
The accessory device processing 600 begins with a decision 602, where the decision 602 determines whether to power the accessory device. When the decision 602 determines that the accessory device is not powered, the accessory device process 600 waits for available power. Typically, once the accessory device is connected to the host device, power is supplied to the accessory device. Thus, alternatively the decision 602 can determine whether the accessory device is connected to the host device.
Once the decision 602 determines that power has been supplied to the accessory device, authentication information can be sent 604 to the host device. In one embodiment, the authentication information may include information indicating one or more authentication versions supported. A decision 606 then determines whether an authentication request has been received. When the decision 606 determines that an authentication request has not been received, then the accessory device process 600 awaits such a request. Once the decision 606 determines that an authentication request has been received, the random number provided in the authentication request is extracted 608. A private key is obtained 610 from an authentication device. For security reasons, the private key may be stored inside the authentication device and cannot be easily accessed from outside the authentication device. The random number is then cryptographically encoded 612 using a key private key to produce an encoded number.
Thereafter, an authentication response is sent 614 to the host device. Here, the authentication response includes at least the encoded number and the device identifier. After the authentication response has been sent 614, a decision 616 determines whether access to features of the host device has been authorized. Decision 616 may be determined actively or passively. For example, the host device can notify the accessory device that it is authorized to access one or more features of the host device. As another example, the host device may not notify the accessory device, but rather allow the accessory device to access one or more features of the authorized host device. In any case, when the decision 616 determines that access to certain features on the host device is not authorized, operation 620 of the accessory device is disabled, if any, from using certain features of the host device. Indeed, in one embodiment, the host device can prevent any operation of the accessory device. As an example, the host device can block communication with the accessory device and/or cease to provide power to the accessory device.
On the other hand, when the decision 616 determines that access to certain features of the host device has been authorized, then the accessory device can be operated 618 in accordance with the authorized features. In other words, if authorized, the accessory device can interact with the host device to take advantage of certain features provided by the host device.
Following operations 618 and 620, a decision 622 determines whether the accessory device has been removed, i.e., whether the accessory device has been disconnected from the host device. When the decision 622 determines that the accessory device remains connected or attached to the host device, then the appropriate operation 618 or 620 can continue. Alternatively, when the decision 622 determines that the accessory device has been removed, then the accessory device is no longer authorized to interact with the host device and, thus, the previously authorized features supported by the host device can no longer be utilized. In this case, the accessory device process 600 ends. However, by again performing the accessory device process 600, the accessory device can be subsequently re-authorized.
In accessory device processing 600, a device identifier is provided with the authentication response. In alternative embodiments, the device identifier may be provided to the host device differently, such as with authentication information. The device identifier may also be provided separately to the host device.
Fig. 6C is a diagram of an authorization table 650 according to one embodiment of the invention. The authorization table is suitable for use, for example, as the authorization table 254 shown in FIG. 2B. Generally, authorization table 650 can be used to determine authorization characteristics for a given accessory device. Authorization table 650 includes a device identifier column 652, a public key column 654, and an authorization characteristic column 656. Authorization table 650 associates device identifiers, public keys, and authorized features together. Using the device identifier, the host device can determine the appropriate public key to use in determining whether the accessory device identified using the particular device identifier can be authenticated. In the event that authentication of the accessory device is successful, authorized features associated with the device identifier may be identified in the authorized features column 656.
According to one aspect of the invention, a host device can operate to authenticate an accessory device coupled to the host device. Allowing those accessory devices that can be authenticated to interoperate with the host device to a greater extent. The host device can thus control the nature and degree to which the accessory device can interoperate with the host device. For example, when the accessory device cannot be authenticated, the host device can limit, restrict, or prevent the accessory device from interoperating with the host device. Alternatively, the host device may allow more interoperation with the host device when the accessory device is authenticated.
Fig. 7A and 7B are a flow diagram of accessory device processing 700 according to one embodiment of the invention. Figures 8A-8C are flow diagrams of host device processing 800 according to one embodiment of the invention. Accessory device process 700 is performed by the accessory device during an authentication process with the host device. Host device process 800 is performed by a host device during an authentication process with an accessory device. Host device process 800 is a pairing process of accessory device process 700. In other words, in the authentication process, there is an exchange of information between the host devices within the accessory device. Thus, fig. 7A and 7B represent processing performed by an accessory device and fig. 8A-8C represent processing performed by a host device in one embodiment of authentication processing. It should be appreciated that while the authentication processes shown in these figures are shown as being generally sequential, in general, the authentication processes may be considered a protocol that the accessory device and host device use to exchange information not only for authentication, but also for subsequent operations. In one embodiment, such protocols may be considered substantially parallel, such as in a client-server or master-slave implementation.
Fig. 7A and 7B are a flow diagram of accessory device processing 700 according to one embodiment of the invention. Accessory device processing 700 begins with decision 702. A decision 702 determines whether an accessory device is connected to the host device. Typically, the decision 702 detects a most recent connection of the accessory device to the host device via the connector. In any case, when the decision 702 determines that the accessory device is not connected to the host device, the accessory device processing 700 can effectively wait for such a connection. In other words, accessory device process 700 can be considered invoked when the accessory device is connected to the host device.
Once the decision 702 determines that the accessory device is connected to the host device, the accessory device processing 700 continues. When accessory device processing 700 continues, authentication control information is sent 704 from the accessory device to the host device. As examples, the authentication control information may indicate a type of the accessory device, whether authentication is supported, when authentication is to be performed, and/or a power requirement of the accessory device. Specific examples of types of accessory devices are: a microphone, a simple remote, a display remote, a remote user interface, an RF transmitter, and a USB control host. The authentication state of the accessory device is cleared 706 at an initial power-up of the accessory device or in response to a command or acknowledgement from the host device. Here, by clearing 706 the authentication state when the accessory device is connected, the accessory device can know that it must be authenticated by the host device.
Next, a decision 710 determines whether a device authentication information request has been received. Here, a device authentication information request is sent by the host device to the accessory device. The device authentication information request functions to request certain information from the accessory device that the host device uses during the authentication process. When the decision 710 determines that a device authentication information request has not yet been received, the accessory device processing 700 awaits such a request. Once the decision 710 determines that a device authentication information request has been received, device authentication information is obtained 712 from the accessory device. As an example, the device authentication information may include a device identifier and a version indicator. The device identifier may belong to a vendor identifier, a product identifier, or both. The version indicator may belong to a supported protocol version. The device authentication information is then sent 714 to the host device.
A decision 716 then determines whether an authentication request has been received from the host device. Here, the authentication request is a request from the host device to provide an authentication response containing a digital signature for authenticating the accessory device. When the decision 716 determines that an authentication request has not been received, the accessory device processing 700 awaits such a request. Once the decision 716 determines that an authentication request has been received, a host random number is extracted 718 from the authentication request. The authentication request includes at least a host random number used in the authentication process.
A private key internal to the accessory device is then obtained 720. The device digital signature may then be calculated 722 using at least the host random number, the private key, and the device random number. The device nonce is generated or available within the accessory device. The device digital signature is a cryptographic value that the host device will use to authenticate the accessory device. An authentication response is sent 724 to the host device. The authentication response is formed such that it includes at least the device digital signature.
A decision 726 then determines whether a device authentication status has been received from the host device. When the decision 726 determines that a device authentication status has not been received, the accessory device processing 700 waits for such information. Once the decision 726 determines that a device authentication status has been received, the device authentication status can be stored 728 on the accessory device. After block 728, accessory device processing 700 ends.
Figures 8A-8C are flow diagrams of host device processing 800 according to one embodiment of the invention. The host device processing 800 begins at decision 802, where a decision 802 determines whether authentication control information has been received from an accessory device. When the decision 802 determines that authentication control information has not been received, the host device process 800 waits for such information. Once the decision 802 determines that authentication control information has been received, the host device process 800 continues. In other words, the host device process 800 is effectively invoked upon receipt of authentication control information.
When the host device process 800 continues, the device authentication state may be reset (i.e., cleared) 804. Thus, the accessory device is deemed to be untrusted until the authentication process can authenticate the accessory device. This operation may have occurred automatically at the host device, such as when the accessory device is disconnected from the host device.
A decision 806 then determines whether the accessory device supports authentication based on the authentication control information. When the decision 806 determines that the accessory device does not support authentication, the host device process 800 ends without authenticating the accessory device. In this case, the accessory device can be constrained, or even prevented, from interoperating with the host device.
In another aspect, when the decision 806 determines that the accessory device supports authentication, the host device processing 800 continues. At this point, a device authentication information request is sent 808 to the accessory device. A decision 810 then determines whether device authentication information has been received. When the decision 810 determines that device authentication information has not been received, the host device process 800 waits to receive such information. Once the decision 810 determines that device authentication information has been received, a decision 812 determines whether authentication is to be performed at this time. It should be understood herein that the host device process 800 can perform authentication immediately upon connecting the accessory device to the host device, or can defer authentication until a later time, such as periodically when the accessory device wishes (e.g., for the first time) to use an extended feature of the host device that is only available to the authenticated device. Thus, when the decision 812 determines that authentication is not immediately needed, the host device process 800 can wait for the appropriate time to perform the authentication process. Once the decision 812 determines that authentication should be performed, a host random number is generated 814. Next, an authentication request is sent 816 to the accessory device. The authentication request includes at least the host random number that has been generated 814.
A decision 818 then determines whether an authentication response has been received from the accessory device. When the decision 818 determines that an authentication response has been received, the device digital signature is extracted 820 from the authentication response. A public key for the accessory device is also obtained 822. In one embodiment, the host device includes a plurality of public keys associated with different device identifiers. Thus, the device authentication information from the accessory device can include a device identifier for the accessory device. The device identifier may be used in obtaining 822 a public key for the accessory device. As an example, the public key may be obtained using an authentication table, such as authentication table 650 shown in fig. 6C.
The device digital signature is then verified 824 using the public key. In one embodiment, the verification 824 of the digital device signature also uses a host random number. A decision 826 then determines whether the digital device signature has been verified. When the decision 826 determines that the digital device signature has been verified, the accessory device is considered 828 authentic. Command access permissions associated with the accessory device can be updated 830 so that the host device allows the accessory device to use those commands that are allowed by the authenticated device. On the other hand, when the decision 826 determines that the digital device signature is not verified, the accessory device is deemed 832 to be untrusted. After blocks 830 and 832, a device authentication status is sent 834 to the accessory device. The device authentication state functions to inform the accessory device whether the host device has authenticated the accessory device.
If the device authentication state indicates that the accessory device is deemed trusted, the accessory device can then interact with the host device according to a degree of authorization for use. As another example, when the device authentication status indicates that the accessory device is deemed to be untrusted, the accessory device may be restricted or even prevented from interacting with the host device. In any case, the accessory device is more authorized for use with the host device when the accessory device is deemed authentic.
9A-9C are flow diagrams of accessory device processing 900 according to one embodiment of the invention. Fig. 10A and 10B are a flow diagram of host device processing 1000 according to one embodiment of the invention. The accessory device process 900 is performed by the accessory device when attempting to authenticate the host device in an authentication process. In the authentication process with respect to the accessory device, the host device process 1000 is performed by the host device. Host device process 1000 is a pairing process of accessory device process 900. In other words, in the authentication process, there is an exchange of information between the host devices within the accessory device. 9A-9C illustrate processes performed by an accessory device and FIGS. 10A and 10B illustrate processes performed by a host device in one embodiment of an authentication process. It should be appreciated that while the authentication processes shown in these figures are shown as being substantially sequential, the authentication processes may be considered a protocol that the accessory device and host device use to exchange information not only for authentication, but also for subsequent operations. In one embodiment, such protocols may be considered substantially parallel, such as in a client-server or master-slave implementation.
9A-9C are flow diagrams of accessory device processing 900 according to one embodiment of the invention. Accessory device processing 900 is performed by an accessory device when attempting to authenticate a host device connected to the accessory device.
Accessory device processing 900 begins at decision 902. A decision 902 determines whether an accessory device is connected to the host device. When the decision 902 determines that the accessory device is not connected to the host device, the accessory device processing 900 waits for such a connection. In other words, accessory device process 900 is effectively invoked when the accessory device is connected to the host device. In one embodiment, the accessory device process 900 is invoked upon determining that the accessory device has just been newly connected to the host device. However, in other embodiments, the authentication process may be performed later (e.g., deferred).
Once the decision 902 determines that the accessory device is connected to the host device, authentication control information is sent 904 to the host device. A decision 906 then determines whether the authentication control information is validated. When the decision 906 determines that the authentication control information has been validated, the authentication state of the accessory device can be cleared 908. Here, the authentication is performed by the accessory device when the host device is connected, by clearing 908 the authentication state.
A host authentication information request is then sent 910 to the host device. A decision 912 then determines whether host authentication information has been received from the host device. When the decision 912 determines that host authentication information has not been received from the host device, the accessory device processing 900 waits for such information.
Once the decision 912 determines that host authentication information has been received, a decision 914 determines whether authentication should be performed at this point. Here, it should be noted that the authentication process may be performed immediately, such as immediately after the connection is detected, or may be deferred until a later point in time, such as when a command or extended function of the host device is required. In any case, when the decision 914 determines that authentication processing is not to be performed at this time, the accessory device processing 900 can wait for the appropriate time to perform authentication.
Once the decision 914 determines that authentication should be performed, a device random number is generated 916. An authentication request is then sent 918 to the host device. The authentication request typically includes at least a device nonce and a private key number. The private key number is used to select the private key at the host device.
Next, a decision 920 determines whether an authentication response has been received from the host device. When the decision 920 determines that an authentication response has not been received, then the accessory device process 900 waits for such a response. Once the decision 920 determines that an authentication response has been received, a host digital signature is extracted 922 from the authentication response. In addition, a public key is obtained 924 based on the public key index. In one embodiment, the public key index is provided to the accessory device along with the host authentication information. In one embodiment, the public key is determined at the accessory device using a public key index. For example, the accessory device can include a plurality of different public keys, and an appropriate one of the public keys to use can be identified by a public key index.
The host digital signature is then verified 926 using the public key. The verification 926 also uses the device nonce. Thereafter, a decision 928 determines whether the host digital signature has been verified. When the decision 928 determines that the host digital signature has been verified, the host device is considered 930 authentic. Thus, the command access permissions used by the host device are updated 932. For example, as a result of authenticating the host device, it is believed that interaction between the host device and the accessory device is authorized, at least to the extent of command access permissions. Alternatively, when the decision 928 determines that the host device is not authenticated, the host device is deemed 934 to be untrusted. After blocks 932 and 934, the host authentication status may be sent 936 to the host device. Here, the host authentication state notifies the host device of the result of the authentication process. After block 936, the accessory device processing 900 is complete and ends.
Fig. 10A and 10B are a flow diagram of host device processing 1000 according to one embodiment of the invention. Host device processing 1000 is performed on the host device while interacting with the accessory device. Host device process 1000 represents the pairing process of accessory device process 900 in the authentication process.
The host device process 1000 begins at decision 1002, where a decision 1002 determines whether authentication control information has been received from an accessory device. When the decision 1002 determines that authentication control information has not been received, the host device process 1000 waits for such information. Once the decision 1002 determines that authentication control information has been received, the host device process 1000 continues. In other words, the host device process 1000 is effectively invoked upon receipt of authentication control information.
When the host device process 1000 continues, the device authentication state is reset 1004, clearing any previous authentication state it may have. A decision 1006 then determines whether a host authentication information request has been received. When the decision 1006 determines that a host authentication information request has not been received, the host device process 1000 waits for such a request. Once the decision 1006 determines that a host authentication information request has been received, host authentication information is obtained 1008 at the host device. The host authentication information is then sent 1010 to the accessory device. In one embodiment, the host authentication information includes at least version information and a public key index.
Next, a decision 1012 determines whether an authentication request has been received. When the decision 1012 determines that an authentication request has not been received, the host device process 1000 waits for such a request. Once the decision 1012 determines that an authentication request has been received, the device random number and private key number are extracted 1014 from the authentication request. In this embodiment, it should be understood that the authentication request received from the accessory device includes at least a device nonce and a private key number that may be used by the host device. The private key is then obtained 1016 based on the number of private keys. Here, the private key to be obtained 1016 is internal to the host device and is identified by using the private key number.
The host digital signature is then calculated 1018 using the device random number, the private key, and the host random number. The host random number may be generated or available at the host device. The host device process 1000 then sends 1020 an authentication response to the accessory device. The authentication response includes at least a host digital signature.
Thereafter, a decision 1022 determines whether a host authentication status has been received. When the decision 1022 determines that the host authentication status has not been received, the host device process 1000 waits for such information. Once the decision 1022 determines that a host authentication status has been received, the host authentication status is stored 1024 at the host device. At this point, the host device knows the authentication status it has with respect to the accessory device and can operate accordingly. After block 1024, the host device process 1000 is complete and ends.
According to another aspect of the invention, the electronic device or host device may also be connected to a host computer, such as a personal computer. The personal computer may store, use and manage media items. Management of media items may be directed not only to the host computer, but also to the electronic device.
Fig. 11 is a block diagram of a media management system 1100 according to one embodiment of the invention. The media management system 1100 includes a host computer 1102 and a media player 1104. The host computer 1102 is typically a personal computer. The host computer includes, among other conventional components, a management module 1106, the management module 1106 being a software module. The management module 1106 provides centralized management of media items (and/or playlists) not only on the host computer 1102, but also on the media player 1104. More specifically, the management module 1106 manages media items stored in a media store 1108 associated with the host computer 1102. Management module 1106 also interacts with media database 1110 to store media information associated with media items within media store 1108.
The media information is related to a characteristic or attribute of the media item. For example, in the case of audio or audiovisual media, the media information may include one or more of the following: title, album, track, actors, author, and genre. These types of media information are specific to a particular media item. Additionally, the media information may relate to quality characteristics of the media item. Examples of quality characteristics of the media item include one or more of the following: bit rate, sampling rate, equalizer settings, volume adjustments, start/stop, and total time.
In addition, the host computer 1102 includes a play module 1112. The play module 1112 is a software module that may be used to play certain media items stored within the media storage 1108. The play module 1112 may also display (on a display screen) or use media information from the media database 1110. Typically, the media information of interest corresponds to the media item to be played by the play module 1112.
The host computer 1102 also includes a communication module 1114 that is coupled to a corresponding communication module 1116 within the media player 1104. A connection or link 1118 removably couples the communication modules 1114 and 1116. In one embodiment, connection or link 1118 is a cable that provides a data bus, such as an FIREWIRETM bus or a USB bus, as is well known in the art. In another embodiment, connection or link 1118 is a wireless channel or connection through a wireless network. Thus, depending on the implementation, the communication modules 1114 and 1116 may communicate in a wired or wireless manner.
The media player 1104 also includes a media store 1120 that stores media items within the media player 1104. Optionally, the media storage 1120 may also store data, i.e., a non-media item store. The media items stored to media storage 1120 are typically received from host computer 1102 over connection or link 1118. More specifically, the management module 1106 sends all or some of the media items residing on the media store 1108 over the connection or link 1118 to the media store 1120 within the media player 1104. In addition, corresponding media information for media items also transferred from the host computer 1102 to the media player 1104 may be stored in the media database 1122. In this regard, certain media information from the media database 1110 within the host computer 1102 may be sent over a connection or link 1118 to the media database 1122 within the media player 1104. Additionally, playlists identifying certain media items can be sent by the management module 1106 over the connection or link 1118 to the media store 1120 or media database 1122 within the media player 1104.
In addition, the media player 1104 includes a play module 1124 coupled to a media store 1120 and a media database 1122. The play module 1124 is a software module that can be used to play certain media items stored in the media store 1120. The play module 1124 may also display (on a display screen) or use media information from the media database 1122. Typically, the media information of interest corresponds to the media item to be played by the play module 1124.
To support the authentication process on the media player 1104, according to one embodiment, the media player 1104 may also include an authentication module 1126 and an authentication table 1128. In one implementation, authentication module 1126 and authentication table 1128 may correspond to authentication module 252 and authentication table 254, respectively, described above with reference to fig. 2B.
As previously described, an accessory device can be coupled to the media player. Thus, FIG. 11 also shows an accessory device 1130 that can be coupled to the media player 1104. According to one embodiment, the accessory device 1130 can also include an authentication device 1132. According to one embodiment, the authentication device 1132 operates to support an authentication process on the media player 1104. In one implementation, authentication device 1132 may correspond to authentication controller 200 described above with reference to fig. 2A.
In one embodiment, the media player 1104 has limited or no ability to manage media items on the media player 1104. However, the management module 1106 within the host computer 1102 can indirectly manage the media items residing on the media player 1104. For example, to "add" a media item to the media player 1104, the management module 1106 acts to identify a media item in the media store 1108 to be added to the media player 1104, and then cause the identified media item to be passed to the media player 1104. As another example, to "delete" a media item from the media player 1104, the management module 1106 functions to identify the media item to be deleted from the media store 1108, and then cause the identified media item to be deleted from the media player 1104. As another example, if a change (i.e., alteration) of a characteristic of a media item is made at the host computer 1102 using the management module 1106, such characteristic can also be extended to the corresponding media item on the media player 1104. In one implementation, additions, deletions, and/or changes occur in the batch process during synchronization of media items on the media player 1104 and media items on the host computer 1102.
In another embodiment, the media player 1104 has limited or no ability to manage playlists on the media player 1104. However, the management module 1106 within the host computer 1102 may indirectly manage playlists residing on the media player 1104 through management of playlists residing on the host computer. In this regard, the addition, deletion, or change to the playlist can be performed on the host computer 1102 and then, when passed to the media player 1104, extended to the media player 1104.
As mentioned previously, synchronization is a form of media management. The ability to automatically initiate synchronization is also discussed above and in the related applications mentioned above. In addition, however, synchronization between devices may be limited, thereby preventing automatic synchronization when the host computer and the media player do not recognize each other.
According to one embodiment, when the media player is first connected to the host computer (or even more generally, when no matching identifier is present), the user of the media player is queried as to whether the user wishes to include the media player in, assign to, or otherwise lock the media player with respect to the host computer. When a user of the media player chooses to incorporate the media player into, assign to, or otherwise lock the media player with respect to the host computer, a pseudo-random identifier is obtained and stored in a media database or files of both the host computer and the media player. In one implementation, the identifier is an identifier associated with (e.g., known or generated by) the host computer or its management module, and such identifier is transmitted and stored within the media player. In another implementation, the identifier is associated with the media player (e.g., known or generated by the media player) and sent to and stored in a file or media database of the host computer.
Fig. 12 is a block diagram of a media player 1200 according to one embodiment of the invention. The media player 1200 includes a processor 1202 associated with a microprocessor or controller for controlling the overall operation of the media player 1200. The media player 1200 stores media data related to media items in a file system 1204 and a cache 1206. The file system 1204 is typically a storage device. The file system 1204 typically provides high capacity storage capability for the media player 1200. For example, the storage device may be a semiconductor-based memory, such as a FLASH memory. The file system 1204 may store not only media data, but also non-media data (e.g., when operating in a data mode). However, since the access time to the file system 1204 is relatively slow, the media player 1200 may also include a cache 1206. The cache 1206 is a Random Access Memory (RAM) provided, for example, as a semiconductor memory. The relative access time to the cache 1206 is substantially shorter than for the file system 1204. However, the cache 1206 does not have the large storage capacity of the file system 1204. Additionally, the file system 1204, when active, consumes more power than the cache 1206. Power consumption is often critical when the media player 1200 is a portable media player that is powered by a battery (not shown). The media player 1200 also includes RAM1220 and Read Only Memory (ROM) 1222. The ROM1222 may store programs, tools, or processes to be executed in a nonvolatile manner. The RAM1220, such as the cache 1206, provides volatile data storage. In one embodiment, RAM1220 and ROM1222 may be provided by a storage device that provides file system 1204.
The media player 1200 also includes a user input device 1208 that allows a user of the media player 1200 to interact with the media player 1200. For example, the user input device 1208 may take various forms, such as a button, a keyboard, a dial, and so forth. In addition, the media player 1200 includes a display 1210 (screen display) that can be controlled by the processor 1202 to display information to the user. In the case of a touch screen, the user input device 1208 and the display 1210 may also be combined. The data bus 1211 may facilitate data transfer between at least the file system 1204, the buffer 1206, the processor 1202, and the CODEC 1212.
In one embodiment, the media player 1200 functions to store a plurality of media items (e.g., songs) within the file system 1204. When a user desires to have the media player play a particular media item, a list of available media items is displayed on the display 1210. The user may then select one of the available media items using the user input device 1208. Upon receiving a selection of a particular media item, the processor 1202 provides media data (e.g., a sound file) for the particular media item to a coder/decoder (CODEC) 1212. The CODEC1212 then generates analog output credits for the speaker 1214. The speaker 1214 can be a speaker internal to the media player 1200 or external to the media player 1200. For example, consider an earphone (headphone or earphone) connected to the media player 1200 as an external speaker.
The media player 1200 also includes a network/bus interface 1216 coupled to a data link 1218. Data link 1218 allows media player 1200 to be coupled to a host computer or an accessory device. The data link 1218 may be provided over a wired connection or a wireless connection. In the case of a wireless connection, the network/bus interface 1216 may include a wireless transceiver.
In one embodiment, the host computer may utilize an application resident on the host computer to allow use of playlists (including lists of media devices) and to provide management of playlists. One such application is available from Apple Computer, Inc. of Cupertino, CAVersion 4.2.
Media items (media assets) can relate to one or more different types of media content. In one embodiment, the media item is an audio track. In another embodiment, the media item is an image (e.g., a photograph). However, in other embodiments, the media items may be any combination of audio, graphical or video content.
The above discussion refers to a random number used in a cryptographic method to authenticate an accessory device or a host device. The cryptographic methods discussed above may use random numbers, public-private key pairs, and authentication algorithms. The random number may also be referred to as a random digest. The public-private key pair and the authentication algorithm may use a public-private code system, such as the well-known RSA algorithm or Elliptic Curve Cryptography (ECC) algorithm. It is advantageous to use an ECC algorithm that provides reduced memory consumption with a relatively small key (e.g., 160 bits) compared to the typically larger key (e.g., 1024 bits) of an RSA implementation. In a related U.S. patent application entitled "SMALL MEMORY FOOTPRINT FAST ELLIPTIC ENCRPTION" filed on 3.2.2005: an example of an ECC algorithm to reduce memory is described in 11/____, incorporated by reference.
Various aspects, embodiments, implementations or features of the invention may be used alone or in any combination.
The present invention can be realized in software, hardware, or a combination of hardware and software. The present invention can also be expressed as computer-readable codes on a computer-readable medium. The computer readable medium is any data storage device that can store data which can thereafter be read by a computer system. Examples of the computer readable medium include read-only memory, random-access memory, CD-ROMs, DVDs, magnetic tape, optical data storage devices, and carrier waves. The computer readable medium can also be distributed over network coupled computer systems so that the computer readable code is stored and executed in a distributed fashion.
The advantages of the present invention are numerous. Different aspects, embodiments or implementations may yield one or more of the following advantages. One advantage of the present invention is that interaction of an accessory device with a host device can be controlled. As a result, the electronic device may limit use of some or all of its features to only accessory devices deemed authorized. Another advantage of the present invention is to provide the ability to manage the quality of those accessory devices that are allowed for use with a host device. By managing the quality of the accessory device, the operation of the electronic device is less likely to be contaminated by the attachment of inferior accessory devices. Another advantage of the present invention is that the authentication process can control access to certain features of the electronic device based on the manufacturer or device.
The many features and advantages of the invention are apparent from the written description and, thus, it is intended by the appended claims to cover all such features and advantages of the invention. Further, since numerous modifications and changes will readily occur to those skilled in the art, the invention is not limited to the exact construction and operation shown and described. Accordingly, all suitable modifications and equivalents may be resorted to, falling within the scope of the invention.
Claims (3)
1. A portable electronic device comprising:
a media storage device storing media content for one or more media items;
a media presentation module that retrieves media content for at least one of the media items from the media storage device and causes the media content to be presented to a user of the portable electronic device;
an authentication table storing authentication information for various accessory devices authorized to interact with the portable electronic device, wherein the authentication information includes information indicating a degree to which each accessory device is authorized to interoperate with the portable electronic device; and
an authentication module that determines whether a particular accessory device coupled to the portable media device is authorized to interoperate with the portable electronic device based on at least a portion of the authentication information stored within the authentication table.
2. A portable electronic device as recited in claim 1, wherein the authentication information includes at least an authentication key and a device identifier for each of the respective accessory devices.
3. A portable electronic device as claimed in claim 2,
wherein the particular accessory device includes a paired authentication key and device identifier, an
Wherein the authentication module further determines whether the accessory device is authorized to interoperate with the portable electronic device based on the paired authentication key and device identifier.
Applications Claiming Priority (5)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US64234005P | 2005-01-07 | 2005-01-07 | |
| US60/642,340 | 2005-01-07 | ||
| US11/051,499 US7823214B2 (en) | 2005-01-07 | 2005-02-03 | Accessory authentication for electronic devices |
| US11/051,499 | 2005-02-03 | ||
| PCT/US2005/045040 WO2006073702A1 (en) | 2005-01-07 | 2005-12-13 | Accessory authentication for electronic devices |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| HK1114196A1 HK1114196A1 (en) | 2008-10-24 |
| HK1114196B true HK1114196B (en) | 2012-09-21 |
Family
ID=
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101699458B (en) | Accessory authentication for electronic devices | |
| KR101396756B1 (en) | Accessory device authentication | |
| AU2013203800B2 (en) | Accessory device authentication | |
| HK1114196B (en) | Portable electronic device for receiving accessory devices |