HK1135203B - Method and system for authenticating an accessory - Google Patents

Description

Method and system for authenticating an accessory

Technical Field

The present invention relates generally to electronic devices, and more particularly to electronic devices such as media players that communicate with accessory devices.

Background

The media player stores media assets, such as audio tracks or photos, that can be played or displayed on the media player. One example of a media player is the iPod offered by Apple Inc. of Cupertino, CA^TMA media player. Often, media players obtain their media assets from a host computer that enables users to manage the media assets. As one example, a host computer may execute a media management application to manage media assets. One example of a media management application is produced by Apple incVersion 6.0.

Media players typically include one or more connectors or ports that can be used to interface with the media player. For example, a connector or port may enable the media player to couple to a host computer, plug into a docking system, or receive an accessory device. There are now many different types of accessory devices that can be interconnected with a media player. For example, a remote control device may be connected to the connector or port to allow a user to remotely control the media player. As another example, an automobile may include a connector and a media player may be plugged into the connector such that an automobile media system may interact with the media player to enable media content on the media player to be played within the automobile.

Many third parties have developed accessories for use with media players. The accessory can be used with the media player as long as a compatible connector or port is used. The accessory interacts with the media player using an accessory protocol (access protocol). One example of an accessory protocol is the IPod Accessory Protocol (iAP) available from Apple inc. The accessory protocol includes commands that are generally already freely accessible by accessory developers. A problem with having free access to these commands is that they may be used by unauthorized or counterfeit accessory devices.

One solution is to perform an authentication operation on the accessory device. Thus, the accessory device cannot access the media player until the authentication process is complete.

Accordingly, there is a need for improved techniques for controlling the characteristics (nature) and extent to which accessory devices can be used with other electronic devices.

Disclosure of Invention

A method, system, and connector interface for authenticating an accessory are disclosed. In one aspect, the method includes performing an authentication operation, and during the authentication operation, allowing the accessory to access the media player; if the authentication operation fails, any further access by the accessory to the media player is disabled (lock out). The authentication operation may include, for example, validating authentication information included in an authentication certificate provided by the accessory and/or validating a digital signature provided by the accessory.

According to the systems and methods disclosed herein, a media player and accessory can use a variety of commands to control access to the media player in a variety of environments, such as in a connector interface system environment.

Drawings

Fig. 1A and 1B show a base (docking) connector according to the present invention.

Fig. 2A is a front view and a top view of a remote connector according to the present invention.

Fig. 2B shows a plug that may be used in the remote connector of fig. 2A.

Fig. 2C shows the plug of fig. 2B inserted into the remote connector of fig. 2A.

Fig. 3A shows a connector pin assignment (pin assignment) of the docking connector.

Fig. 3B illustrates the connection pin assignment of the remote connector.

Fig. 4A shows a typical FireWire connector interface for a docking connector.

Fig. 4B shows a reference schematic of the accessory power supply.

Fig. 4C shows a reference schematic diagram of a system for detecting and identifying (identity) an accessory for a dock connector.

Fig. 4D is a reference schematic diagram of an electret microphone that may be connected to a remote connector.

Fig. 5A shows a media player coupled to different accessories.

FIG. 5B shows the media player coupled to a computer.

Fig. 5C shows the media player coupled to a car or home stereo system.

Fig. 5D shows the media player coupled to a dongle (dongle) that wirelessly communicates with other accessories.

Fig. 5E shows the media player coupled to a speaker system.

Fig. 6 is a flow chart illustrating a process for controlling access to a media player.

FIG. 7 is a flow chart illustrating a process for authenticating an accessory.

Detailed Description

The present invention relates generally to electronic devices, and more particularly to electronic devices such as media players that communicate with accessory devices. The following description is presented to enable one of ordinary skill in the art to make and use the invention and is provided in the context of a patent application and its requirements. Various modifications to the preferred embodiments and the generic principles and features described herein will be readily apparent to those skilled in the art. Thus, the present invention is not intended to be limited to the embodiments shown, but is to be accorded the widest scope consistent with the principles and features described herein.

A method for authenticating an accessory according to the present invention includes performing a first authentication operation on the accessory by a media player, wherein an authentication certificate is validated. In one embodiment, the authentication operation is conducted in the background such that the media player is operable to process commands after authentication has begun but before authentication has completed. This allows the media player and accessory to interact instantaneously, rather than waiting until the authentication process has been successfully completed. The method also includes performing, by the media player, a second authentication operation on the accessory, wherein the authentication signature is validated. In one embodiment, the media player verifies (verify) the authentication signature using a public key provided in the certificate. The media player and accessory can use a variety of commands in a variety of environments to help control access to the media player. One such environment is within a connector interface system such as described in detail below.

Although authentication of an accessory is described below, those skilled in the art will recognize that the processes described below are applicable to authentication of a media player, and such applications are within the spirit and scope of the present invention.

Overview of connector interface System

To describe the features of the connector interface system according to the present invention in more detail, reference is made to the following description taken in conjunction with the accompanying drawings.

Base connector

Fig. 1A and 1B show a docking connector 100 according to the present invention. Referring first to fig. 1A, a keying feature 102 has a custom length 104. In addition, a specific key arrangement (arrangement) is used in which one set of keys is separated by one length at the bottom of the connector and another set of keys is separated by another length at the top of the connector. With this key arrangement, incompatible connectors may be prevented from being inserted and causing potential damage to the device. The power connector uses the Firewire power specification. The connector includes first make/last break contacts (first make/last break contacts) to implement this scheme. Fig. 1B shows the make-before/break-after contact 202, and also shows the ground pin and power pin associated with providing the appropriate make-before/break-after contact. In this example, the ground pin 204 is longer than the power pin 206. Thus, the ground pin 204 will contact a mating pin in the base accessory before the power pin 206, thereby minimizing internal electrical damage to the electronic components of the device.

In addition, the connector interface system according to the present invention uses Universal Serial Bus (USB), Universal Asynchronous Receiver Transmitter (UART), and Firewire interfaces as part of the same dock connector alignment, thereby making the design more compatible with different types of interfaces, as will be discussed in detail below. In this way, more remote accessories can interact with the media player.

Remote connector

The connection interface system also includes a remote connector that provides output and input audio capabilities, provides an I/O serial protocol, and provides a video output. Fig. 2A is a front view and a top view of a remote connector 200 according to the present invention. As shown, the remote connector 200 includes a top headphone jack 202, and a second jack 204 for the remote device. Fig. 2B shows a plug 300 to be used in a remote connector. The plug 300 allows functionality to be provided via a remote connector. Fig. 2C shows plug 300 inserted into remote connector 200. To date, all of these features have not been implemented in remote connectors. Thus, not only standard earphone cables can be plugged in, but dedicated remote control cables, microphone cables and video cables can also be used with the remote connector.

To describe the features of the connector interface system in more detail, the base connector, remote connector and command set according to the present invention are described functionally below.

Base and remote connector specifications

For use with an iPod such as that provided by Apple Inc^TMExamples of connector pin assignments for both the docking connector and the remote connector of a media player, such as a device, are now described with reference to fig. 3A and 3B. Fig. 3A shows the connector pin assignment of the docking connector. Fig. 3B illustrates the connection pin assignment of the remote connector.

Specification of base connector

Fig. 4A shows a typical Firewire connector interface for a docking connector. The following are some exemplary specifications: firewire power (8V-30V DC IN, 10W Max). In one embodiment, the Firewire may be designed to the IEEE1394A specification (400 Mb/s).

USB interface

The media player provides two configurations or modes of operation of the USB device: mass storage and media player USB interface (mpii). The MPUI allows control of a media player using the Media Player Attachment Protocol (MPAP), described in more detail below, using a USB Human Interface Device (HID) as the transport mechanism.

Accessory 3.3V power supply

Fig. 4B shows an accessory power supply. The media player accessory power pins provide a voltage on the docking connector and remote connector (if present) of, for example, 3.0V to 3.3V +/-5% (2.85V to 3.465V). The maximum current is shared between the base and the remote connector.

By default, the media player provides a certain current, such as 5 mA. Appropriate software accessory detection is required to turn on high power (e.g., up to 100mA) during active device usage. When a device is inactive, it must consume less than a predetermined amount of power, such as 5mA of current.

The accessory power supply is grounded through a Digital GND pin.

Fig. 4C shows a reference schematic diagram of a system for detecting and identifying accessories for the dock connector. The system includes a grounding resistor that enables the device to determine what has been plugged into the dock connector. There is an internal pull-up (pullup) on the accessory identification pin (accesoryidentify) within the media device. Two pins are used (accessory identification and accessory detection).

Fig. 4D is a reference schematic diagram of an electret microphone that may be connected to a remote connector.

Serial protocol communication:

a) two pins (Rx and Tx) for communicating with a device

b) Input (Input) and Output (Output) (0V Low, 3.3V High)

As mentioned previously, the media player is connected to various accessories. Fig. 5A through 5E illustrate a media player 500 coupled to different accessories. Fig. 5A shows a media player 500 coupled to a docking station 502. Fig. 5B shows a media player 500' coupled to a computer 504. Fig. 5C shows the media player 500 "coupled to a car or home stereo system 506. Fig. 5D shows the media player 500 "' coupled to the dongle 508 that wirelessly communicates with other devices. Fig. 5E shows the media player 500 "", coupled to a speaker system 510. As shown, references to accessories include, but are not limited to, docking stations, chargers, car stereos, microphones, home stereos, computers, speakers, and accessories that communicate wirelessly with other devices.

As previously mentioned, the connector interface system can be used with a command set for authenticating an accessory. In one embodiment, the accessory can be a host computer or any other electronic device or system that can communicate with the media player. It should be understood by those skilled in the art that while the above-described connector interface system may be used with a command set, various other connectors or systems may be used and are within the spirit and scope of the present invention.

As described above, the accessory interacts with the media player using a media player accessory protocol. One example of such a media player accessory protocol is the IPod Accessory Protocol (iAP). A media player accessory protocol refers to a software component executing on a media player that communicates with an accessory at a given transport layer. The application of the media player may be, for example, a media player application framework (framework) that presents menus/screens to the user. The media player commands are associated with processing voice, video, and other data between the media player and the accessory. For example, commands may be associated with read operations and write operations to transfer and store information between the media player and the accessory. Thus, in one embodiment, for each media player related command, there is a relative (recircucal) command for the accessory. In one embodiment, commands may be grouped and associated with a particular accessory function.

Command function

Although a number of commands are described below, those skilled in the art will recognize that many other commands may be used and their use is within the spirit and scope of the present invention. Thus, the following list of commands is representative and not exhaustive of the types of commands that may be used to authenticate an accessory. Moreover, those skilled in the art will also appreciate that a subset of these commands may also be used by a media player or accessory and that its use is within the spirit and scope of the present invention. The function of some of these commands is described below.

Authentication of accessories

In previous authentication methods, the accessory sends an identification message to the media player, where the identification message indicates that the accessory supports certain commands and that authentication is supported. The media player then sends an acknowledgement message to the accessory. The media player prevents access by the accessory until the entire authentication process is complete. The media player may display a "connect. The media player then verifies (confirm) that the authentication version number provided by the accessory is the correct version number. If so, the media player sends a challenge (challenge) to be signed by the device. The media player then validates the authentication signature with a public key based on the device ID from the accessory. The following describes improvements over previous authentication methods in accordance with the present invention.

Fig. 6 is a flow chart illustrating a process for controlling access to a media player in accordance with the present invention. As shown in fig. 6, the process begins at step 602, where the media player performs a background authentication operation on the accessory, where the authentication certificate is validated. More specifically, during a background authentication operation, the accessory sends authentication information to the media player, which receives and validates the certificate contained in the authentication information. In one embodiment, the authentication information may also include an authentication version number. The certificate of authenticity is described in more detail below. As described in detail below, the media player does not wait until the entire authentication process is complete, but rather allows some access before the authentication process is complete. Next, at step 604, the media player performs a second authentication operation on the accessory, wherein the authentication signature is validated. More specifically, during the second authentication operation, the accessory sends an authentication signature to the media player, which receives and validates the authentication signature. In one embodiment, the media player utilizes a public key to verify the authentication signature. A more detailed embodiment of the background verification and second verification operations is described below with reference to FIG. 7.

Although authentication of an accessory is described herein, those skilled in the art will recognize that the processes described herein are also applicable to authentication of a media player, and such applications are within the spirit and scope of the present invention. For example, the accessory can authenticate the media player using the same or similar steps described above in fig. 6 and/or below in fig. 7.

Authentication certificate

A standard certificate of authenticity serves as a container (container) for data such as the certificate creator (issuer, country, etc.), certificate type, certificate validity date range, and other metadata. A verification certificate, also referred to as a certificate or cert, is generated and signed by one or more Certificate Authorities (CAs) and has a unique serial number. In one embodiment, the certificate may be stored in an authentication coprocessor chip on the accessory. As described in more detail below, a certificate of authenticity according to the present invention contains not only metadata as in a standard certificate of authenticity, but also device class (class) information and a public key.

As described in more detail below, the media player verifies the certificate with the public key issued by the CA. The media player may also verify the signed challenge using the public key. The certificate is used to pass the public key and other accessory-specific information to the media player. Such accessory-specific information may, for example, contain device class information about the accessory. The device class determines what commands the accessory is allowed to use for the media player. In one embodiment, the media player may add a new device class or add allowed commands to an existing class through a media player firmware update. When the CA issues a new certificate to the accessory vendor, the media player may support the new accessory.

In one embodiment, if a certificate is compromised (cloned) in some way or cloned in a counterfeit device, the compromised serial number may be added to the certificate revocation list (or CRL) on the media player to prevent successful authentication of the device using the certificate. If the media player's certificate parser (parser) does not recognize the cert's device class, the media player rejects the certificate. In one embodiment, the certificate to be used for device authentication may have a preset lifetime (e.g., in the range of 1 to 5 years, etc.), which may be set by a date, for example. In one embodiment, certificate expiration may be accomplished by adding the device serial number to the CRL after the expiration date has passed.

FIG. 7 is a flow chart illustrating a process for authenticating an accessory according to the present invention. As shown in fig. 7, the process begins at step 702, where the media player and the accessory exchange messages to determine whether the accessory supports certain commands and supports immediate authentication. More specifically, in one embodiment, the accessory sends an identification message to the media player. The identification message includes a device Identification (ID) and an indication that the accessory supports certain commands and supports authentication. In some embodiments, support for immediate authentication is required. The media player then sends an acknowledgement message to the accessory. In one embodiment, the media player notifies an application of the media player that the accessory is attempting to access the media player.

As described above, in one embodiment, the authentication operation is performed in the background to allow the use of multiple encryption technology options (e.g., RSA or SFEE) with/without hardware acceleration. Thus, the media player is operable to process device commands after authentication has begun, before authentication has completed, and during its successful completion. When device authentication fails (e.g., the retry count and/or maximum time has expired), the media player may disable processing of incoming commands and prevent the device from interacting with the media player. Once authentication has begun, the media player application may allow for non-hazardous device use. Dangerous behavior is defined as any behavior that may permanently alter the behavior of a media player or download unsafe media. Examples of dangerous behavior to avoid include downloading executable media or firmware updates to the media player. If the authentication fails at some later time, the application of the media player may cancel any device-related behavior and may report an error message to the user (e.g., "device not supported").

Still referring to FIG. 7, during a background authentication operation, the media player sends an authentication information request to the accessory at step 704. In one embodiment, the media player starts a timeout timer. The accessory then sends the authentication information to the media player at step 706. In one embodiment, the authentication information includes an authentication major version, an authentication minor version, and a public certificate (public certificate), wherein if the certificate is large (e.g., greater than 500 bytes), it may be split into multiple parts. If the certificate is divided into portions, the media player reassembles the certificate after receiving the authentication information. When the credentials are fully combined, the credentials are analyzed to determine device class information. The media player then converts the class number from the device class information into an allowed command mask (mask). The mask is used to confirm that the command recognized by the device is allowed by the certificate. In other words, the media player validates the certificate based at least in part on the device class information.

The media player then validates the authentication information at step 708. The authentication information may be invalid for a variety of reasons. For example, the authentication information may be invalid if the authentication version is not valid, if the public certificate has expired, or if the public certificate is on a Certificate Revocation List (CRL). If any of the authentication information is invalid, the background authentication operation fails. Failure will restart the authentication process (if the retry count and timeout limits have not been exceeded). If the authentication version is validated, and if the certificate class command has been determined to match or exceed the certificate class command required by the media player's identification command, and if the certificate chain has been verified, the background authentication operation passes. In one embodiment, non-hazardous media player command application functions and command processing are allowed while the authentication process continues. In one embodiment, the media player can send a message to the accessory to indicate the version information status.

Then, during a second authentication operation, the media player sends an authentication signature request to the accessory, at step 710. The verification signature request includes a random nonce (nonce)/challenge to be signed by the device. The specific instantaneous value/interrogation length is variable and will depend on the specific configuration. Next, at step 712, the accessory sends a verification signature (i.e., a message with the signed challenge/signature) to the media player. Then, upon receiving the verification signature, the media player validates the verification signature (i.e., the signed challenge), at step 714. In one embodiment, the media player verifies the signed nonce/challenge with the public key based on the device ID from the accessory. In a preferred embodiment, the media player verifies the signed nonce/challenge using a public key from a certificate provided by the accessory.

In one embodiment, the accessory authentication process is based on a public/private key system, where the accessory has a private key and the media player has an associated public key. The accessory authentication process is tightly coupled with the accessory protocol commands.

Before completing the authentication process, the media player sends an authentication status message to the accessory to indicate the signature status and the authentication process is complete. If the media player verifies the authentication signature, the authentication is passed. Otherwise, the verification process fails. If the authentication is passed, the application of the media player is un-disabled to allow the user to access the device.

If the authentication process fails, the device port of the media player will disable the accessory. Also, upon failure, the media player de-authorizes the accessory to prevent the accessory from utilizing the media player resources. In one embodiment, the media player may also send an authentication status to the application of the media player. For example, if the authentication fails, the application of the media player may display a "connection failure" message.

In one embodiment, the authentication operation may use a retry count and a maximum timeout. Thus, in one embodiment, if the retry counter or maximum timeout is exceeded, the verification will also fail. Disabling the port prevents the accessory from falsely detaching or re-identifying in order to reset the authentication retry/timeout counter. In one embodiment, incoming packets may be deleted if the device port verification status is set to "disabled". This will prevent any prohibited device packets from being processed. In one embodiment, if the failure is due to the accessory recognizing more commands than the certificate allows, the device disable is not activated upon authentication failure and the accessory may be allowed to re-recognize.

A method, system, and connector interface for authenticating an accessory have been disclosed. The method includes performing, by the media player, a first authentication operation on the accessory, wherein the authentication certificate is validated. The method also includes performing, by the media player, a second authentication operation on the accessory, wherein the authentication signature is validated. According to the systems and methods disclosed herein, a media player and accessory can use a variety of commands to control access to the media player in a variety of environments, such as in a connector interface system environment.

While the invention has been described in terms of the illustrated embodiments, those skilled in the art will recognize that changes may be made to the embodiments and that such changes are within the spirit and scope of the invention. For example, the present invention may be implemented using hardware, software, a computer readable medium containing program instructions, or a combination thereof. Software written according to the present invention will be stored in some form of computer readable medium, such as memory or CD-ROM, or will be transmitted over a network and executed by a processor. Thus, a computer-readable medium would comprise, for example, a computer-readable signal transmittable over a network. Accordingly, many modifications may be made by one of ordinary skill in the art without departing from the spirit and scope of the appended claims.

Claims (42)

1. A method usable by a media player to interact with an accessory, the method comprising:

performing an authentication operation to authenticate the accessory;

receiving a device identification message from the accessory, the device identification message including an indication of a command set supported by the accessory;

allowing the accessory to access the media player during the authentication operation;

determining whether the verification operation completed successfully or failed;

continuing to allow the accessory to access the media player if the authentication operation is successfully completed; and

if the authentication operation fails, then any further access to the media player by the accessory is prohibited.

2. The method of claim 1, wherein the step of performing an authentication operation comprises:

obtaining an authentication certificate from the accessory; and

validating the authentication information included in the authentication certificate.

3. The method of claim 2, further comprising:

determining an allowed command set for the accessory based on authentication information included in the authentication certificate; and

comparing the allowed command set with the supported command set,

wherein the verification operation fails if the allowed command set does not match the supported command set.

4. The method of claim 2, wherein the step of performing an authentication operation further comprises:

sending a digital signature request to the accessory, the digital signature request comprising a random challenge;

receiving a digitally signed version of the random challenge from the accessory; and

the digital signature is validated.

5. The method of claim 4, wherein the digitally signed version of the random challenge is signed by the accessory using a private key, and wherein the step of validating the digital signature comprises:

extracting a public key from the certificate of authenticity; and

validating the digital signature using the public key.

6. The method of claim 1, wherein the first and second light sources are selected from the group consisting of a red light source, a green light source, and a blue light source,

wherein, during the authentication operation, the accessory is allowed to access the media player using any command in a set of commands supported by the accessory.

7. The method of claim 1, wherein the first and second light sources are selected from the group consisting of a red light source, a green light source, and a blue light source,

wherein the set of commands includes a first command for hazardous behavior and a second command for non-hazardous behavior,

wherein during the authentication operation, the accessory is allowed to access the media player using the second command but is not allowed to access the media player using the first command.

8. The method of claim 1, wherein the step of determining whether the verification operation completed successfully or failed comprises:

detecting when a timeout period measured from a start time of the authentication operation ends,

wherein the validation operation fails if the validation operation is not successfully completed before the expiration of the timeout period.

9. The method of claim 8, wherein the step of performing an authentication operation comprises:

in the event of an error during the verification operation, retrying the verification operation if the timeout period has not ended.

10. The method of claim 9, wherein retrying the verification comprises updating a count of retries, and wherein the verification operation fails if the count of retries exceeds a retry limit.

11. The method of claim 1, further comprising:

if the verification operation fails, a notification is generated for the user.

12. The method of claim 11, wherein the notification comprises a message displayed on a display screen of the media player.

13. A method usable by an accessory to interact with a media player, the method comprising:

performing an authentication operation to authenticate the media player;

receiving a device identification message from the media player, the device identification message including an indication of a command set supported by the media player;

allowing the media player to access the accessory during the authentication operation;

determining whether the verification operation completed successfully or failed;

continuing to allow the media player to access the accessory if the authentication operation completes successfully; and

if the authentication operation fails, then any further access to the accessory by the media player is prohibited.

14. A method usable by an accessory to interact with a media player, the method comprising:

receiving an authentication request from the media player, the authentication request initiating an authentication operation;

in response to the authentication request, sending authentication information to the media player, the authentication information usable by the media player in the authentication operation;

accessing a media player function prior to completion of the authentication operation, wherein the media player allows the access;

sending a verification signature to the media player for validation, wherein the verification operation is completed after validation of the verification signature,

wherein if the authentication operation fails, the accessory becomes unable to continue to access the media player function.

15. The method of claim 14, wherein the authentication information comprises an authentication certificate.

16. The method of claim 14, further comprising:

sending a device identification message to the media player, the device identification message including an indication of a command set supported by the accessory,

wherein the verification operation fails if the supported command set does not match an allowed command set determined based on the verification information.

17. The method of claim 16, wherein accessing media player functionality comprises sending commands from the supported command set to the media player.

18. The method of claim 14, further comprising:

receiving a digital signature request from the media player, the digital signature request comprising a random challenge; and

generating a digitally signed version of the random challenge,

wherein the verification signature comprises a digitally signed version of the random challenge.

19. The method of claim 18, wherein the digitally signed version of the random challenge is signed by the accessory using a private key, and wherein the verification information includes a public key corresponding to the private key, the public key usable to validate the digitally signed version of the random challenge.

20. The method of claim 14, further comprising:

sending a device identification message to the media player, the device identification message including an indication of a set of commands supported by the accessory, wherein the set of commands includes a first command for dangerous behavior and a second command for non-dangerous behavior,

wherein the accessory is allowed to access the first media player function associated with the second command but is not allowed to access the second media player function associated with the first command before the authentication operation is complete.

21. The method of claim 14, further comprising:

receiving a verification status message from the media player indicating whether the verification operation was successfully completed.

22. An apparatus usable by a media player to interact with an accessory, the apparatus comprising:

means for performing an authentication operation to authenticate the accessory;

means for receiving a device identification message from the accessory, the device identification message including an indication of a command set supported by the accessory;

means for allowing the accessory to access the media player during the authentication operation;

means for determining whether the verification operation completed successfully or failed;

means for continuing to allow the accessory access to the media player if the authentication operation completes successfully; and

means for disabling any further access to the media player by the accessory if the authentication operation fails.

23. The apparatus of claim 22, wherein the means for performing an authentication operation to authenticate the accessory comprises:

means for obtaining an authentication certificate from the accessory; and

means for validating the authentication information included in the authentication certificate.

24. The apparatus of claim 23, further comprising:

means for determining an allowed command set for the accessory based on authentication information included in the authentication certificate; and

means for comparing the allowed command set with the supported command set,

wherein the verification operation fails if the allowed command set does not match the supported command set.

25. The apparatus of claim 23, wherein the means for performing an authentication operation to authenticate the accessory further comprises:

means for sending a digital signature request to the accessory, the digital signature request comprising a random challenge;

means for receiving a digitally signed version of the random challenge from the accessory; and

means for validating the digital signature.

26. The apparatus of claim 25, wherein a digitally signed version of the random challenge is signed by the accessory using a private key, and wherein the means for validating the digital signature comprises:

means for extracting a public key from the certificate of authenticity; and

means for validating the digital signature using the public key.

27. The apparatus as set forth in claim 22,

wherein, during the authentication operation, the accessory is allowed to access the media player using any command in a set of commands supported by the accessory.

28. The apparatus as set forth in claim 22,

wherein the set of commands includes a first command for hazardous behavior and a second command for non-hazardous behavior,

wherein during the authentication operation, the accessory is allowed to access the media player using the second command but is not allowed to access the media player using the first command.

29. The apparatus of claim 22, wherein the means for determining whether the authentication operation completed successfully or failed comprises:

means for detecting when a timeout period measured from a start time of the authentication operation ends,

wherein the validation operation fails if the validation operation is not successfully completed before the expiration of the timeout period.

30. The apparatus of claim 29, wherein the means for performing an authentication operation to authenticate the accessory comprises:

means for retrying the verification operation if the timeout period has not ended in the event of an error during the verification operation.

31. The apparatus of claim 30, wherein the means for retrying authentication if the timeout period has not ended in the event of an error occurring during the authentication operation comprises means for updating a count of retries, and wherein the authentication operation fails if the count of retries exceeds a retry limit.

32. The apparatus of claim 22, further comprising:

means for generating a notification for a user if the verification operation fails.

33. The apparatus of claim 22, wherein the notification comprises a message displayed on a display screen of the media player.

34. An apparatus usable by an accessory to interact with a media player, the apparatus comprising:

means for performing an authentication operation to authenticate the media player;

means for receiving a device identification message from the media player, the device identification message including an indication of a command set supported by the media player;

means for allowing the media player to access the accessory during the authentication operation;

means for determining whether the verification operation completed successfully or failed;

means for continuing to allow the media player to access the accessory if the authentication operation completes successfully; and

means for disabling any further access to the accessory by the media player if the authentication operation fails.

35. An apparatus usable by an accessory to interact with a media player, the apparatus comprising:

means for receiving an authentication request from the media player, the authentication request initiating an authentication operation;

means for sending authentication information to the media player in response to the authentication request, the authentication information usable by the media player in the authentication operation;

means for accessing a media player function prior to completion of the authentication operation, wherein the media player allows the access;

means for sending a verification signature to the media player for validation, wherein the verification operation is completed after validation of the verification signature,

wherein if the authentication operation fails, the accessory becomes unable to continue to access the media player function.

36. The apparatus of claim 35, wherein the authentication information comprises an authentication certificate.

37. The apparatus of claim 35, further comprising:

means for sending a device identification message to the media player, the device identification message including an indication of a command set supported by the accessory,

wherein the verification operation fails if the supported command set does not match an allowed command set determined based on the verification information.

38. The apparatus of claim 37, wherein the means for accessing media player functionality prior to completion of the authentication operation comprises means for sending a command from the supported command set to the media player.

39. The apparatus of claim 35, further comprising:

means for receiving a digital signature request from the media player, the digital signature request comprising a random challenge; and

means for generating a digitally signed version of the random challenge,

wherein the verification signature comprises a digitally signed version of the random challenge.

40. The device of claim 39, wherein the digitally signed version of the random challenge is signed by the accessory using a private key, and wherein the verification information includes a public key corresponding to the private key, the public key usable to validate the digitally signed version of the random challenge.

41. The apparatus of claim 35, further comprising:

means for sending a device identification message to the media player, the device identification message including an indication of a set of commands supported by the accessory, wherein the set of commands includes a first command for dangerous behavior and a second command for non-dangerous behavior,

wherein the accessory is allowed to access the first media player function associated with the second command but is not allowed to access the second media player function associated with the first command before the authentication operation is complete.

42. The apparatus of claim 35, further comprising:

means for receiving a verification status message from the media player indicating whether the verification operation completed successfully.