Secure wireless communication between controllers and accessories

What is claimed is: 1 . A method for controlling an accessory using a controller, the method comprising: establishing, by the controller, a session key usable to encrypt messages exchanged with the accessory; determining, by the controller, write data to be written to a target characteristic of the accessory; generating, by the controller, a first payload that comprises the write data and an identifier of the target characteristic, the first payload being encrypted with the session key; sending, by the controller, a first instruction to the accessory, the first instruction comprising the first payload and an indication that the accessory should temporarily store the write data; receiving, by the controller, a first response from the accessory, the first response comprising a first signed data block indicating that the accessory received the first instruction; in response to receiving the first response, sending, by the controller, a second instruction to the accessory, the second instruction comprising a second payload indicating that the accessory should write the write data from the first payload to the target characteristic; and receiving, by the controller, a second response from the accessory, the second response comprising a second signed data block indicating that the accessory received and executed the second instruction. 2 . The method of claim 1 , wherein the first payload further comprises a time to live parameter, the time to live parameter indicating a time to live for the first instruction, wherein the accessory executes the second instruction only if the second instruction is received before the time to live expires. 3 . The method of claim 1 , wherein the controller sends the second instruction only if the first response is received within a timeout period after sending the first instruction. 4 . The method of claim 1 , wherein writing the write data to the target characteristic results in changing an aspect of a physical state of the accessory. 5 . The method of claim 1 , wherein the first payload further comprises a transaction identifier generated by the controller and wherein the first response comprises a response payload signed by the accessory, the response payload comprising the transaction identifier. 6 . The method of claim 1 , wherein the controller communicates with the accessory using a Bluetooth LE transport and wherein the first instruction is sent as a GATT write request identifying the target characteristic. 7 . The method of claim 1 , wherein the controller communicates with the accessory using an HTTP transport and wherein the first instruction is sent as an HTTP POST request to a first URL defined at the accessory. 8 . The method of claim 6 , wherein the first payload also comprises an identifier of the target characteristic. 9 . An electronic device, comprising: a wireless communication interface to communicate with an accessory; one or more processors coupled to the wireless communication interface, the one or more processors being configured to: establish, via the wireless communication interface, a session key usable to encrypt messages exchanged with the accessory; determine write data to be written to a target characteristic of the accessory; generate a first payload that comprises the write data and an identifier of the target characteristic, the first payload being encrypted with the session key; send, via the wireless communication interface, a first instruction to the accessory, the first instruction comprising the first payload and an indication that the accessory should temporarily store the write data; receive, via the wireless communication interface, a first response from the accessory, the first response comprising a first signed data block indicating that the accessory received the first instruction; send, in response to receiving the first response, a second instruction to the accessory via the wireless communication interface, the second instruction comprising a second payload indicating that the accessory should write the write data from the first payload to the target characteristic; and receive, via the wireless communication interface, a second response from the accessory, the second response comprising a second signed data block indicating that the accessory received and executed the second instruction. 10 . The electronic device of claim 9 , wherein the wireless communication interface is configured to communicate with the accessory using a Bluetooth LE protocol and wherein the processing subsystem is further configured to send the first instruction and the second instruction as GATT write requests conforming to the Bluetooth LE protocol. 11 . The electronic device of claim 10 , wherein the processing subsystem is further configured to send a GATT read request to the accessory after sending the first instruction and wherein the first response is received as a response to the GATT read request. 12 . The electronic device of claim 9 , wherein the wireless communication interface is configured to communicate with the accessory using an HTTP-based protocol and wherein the processing subsystem is further configured to send the first instruction and the second instruction as HTTP POST requests addressed to two different URLs at the accessory. 13 . The electronic device of claim 9 , wherein the first payload further comprises a time to live parameter, the time to live parameter indicating a time to live for the first instruction, wherein the accessory executes the second instruction only if the second instruction is received before the time to live expires. 14 . A computer-readable storage medium having stored therein program code that, when executed by one or more processors of an accessory device, cause the one or more processors to perform operations comprising: establishing a session key usable to encrypt messages exchanged with the controller; receiving a first instruction from the controller, the first instruction comprising a first payload encrypted with the session key; extracting from the first payload write data and an identifier of a target characteristic to which the write data is to be written; sending a first response to the controller, the first response comprising a first signed data block indicating that the accessory received the first instruction; receiving a second instruction from the controller, the second instruction comprising a second payload indicating that the accessory should write the write data from the first payload to the target characteristic; determining whether the second instruction is received within a time to live after sending the first response; in response to determining that the second instruction is not received within the time to live, ignoring the second instruction; and in response to determining that the second instruction is received within the time to live, executing the second instruction, the execution of the second instruction comprising writing the write data from the first payload to the target characteristic. 15 . The computer-readable storage medium of claim 14 , wherein executing the second instruction further comprises changing an aspect of a physical state of the accessory based on the write data and the target characteristic. 16 . The computer-readable storage medium of claim 14 , further comprising: extracting, by the accessory, a time to live parameter from the first payload, wherein the time to live is determined based on the time to live parameter. 17 . The computer-readable storage medium of claim 1