Securely connecting control device to target device

What is claimed is: 1. A method comprising: using a target computing device, receiving a pairing request from a controller computing device, the pairing request including controller credentials that were previously received by the controller computing device from an authentication server computer and encrypted under a service key that is not available to the controller computing device and the target computing device; using the target computing device, sending at least a portion of the pairing request to a target application executing on the target computing device that is configured determine whether to accept or reject the pairing request based on one or more criteria; using the target computing device, in response to receiving a communication from the target application indicating that the target application has accepted the pairing request, forwarding the pairing request to the authentication server computer, the authentication server computer being configured to return a pairing response based at least in part on the controller credentials; using the target computing device, receiving the pairing response from the authentication server computer, wherein the pairing response includes a shared secret encrypted under a target device key and the same shared secret encrypted under a controller key, the controller key being unavailable to the target computing device and the target device key being unavailable to the controller computing device; using the target computing device, decrypting the shared secret encrypted under the target device key; using the target computing device, forwarding the shared secret encrypted under the controller key to the controller computing device; using the target computing device, establishing a secure connection to the controller computing device using the decrypted shared secret; using the target computing device, receiving, over the secure connection, one or more control messages from the controller computing device that are configured to control one or more functions of the target computing device. 2. The method of claim 1 , wherein the target computing device is configured to present multimedia content and the method further comprising: using the target computing device, receiving, over the secure connection, an instruction from a second screen user interface application executing on the controller computing device which causes the target computing device to modify presentation of the multimedia content. 3. The method of claim 2 , further comprising modifying the presentation of the multimedia content by one or more of: changing volume of the target device, enabling or disabling closed captioning on the multimedia content, beginning playback of the multimedia content, pausing the multimedia content, switching presentation to different multimedia content, changing playback of the multimedia content to resume at a different point in time within the multimedia content, ending playback of the multimedia content, or displaying title recommendations. 4. The method of claim 2 , further comprising: the controller computing device determining that a period of time has elapsed without receiving input from a user and in response entering a power saving mode and locking the controller computing device to prevent user access to one or more functions of the controller computing device; in response to exiting the power saving mode, the controller computing device displaying a user interface that allows the user to unlock the controller computing device, wherein the user interface includes one or more options that, when selected, cause the target computing device to modify presentation of the multimedia content. 5. The method of claim 2 , further comprising: using the controller computing device, determining that the target computing device has finished playback of the multimedia content and in response displaying one or more titles; using the controller computing device, in response to receiving user input specifying selection of a particular title of the one or more titles, sending a message to the target computing device over the secure connection that causes the target computing device to begin presentation of the particular title. 6. The method of claim 1 , further comprising: using the target computing device, sending at least a portion of the pairing response to a target application executing on the target computing device that is configured determine whether to accept or reject the pairing response based on one or more criteria; forwarding the shared secret encrypted under the controller key to the controller computing device in response to receiving a communication from the target application indicating that the target application has accepted the pairing response. 7. The method of claim 1 , wherein the controller computing device and the target computing device are communicatively coupled by a local area network. 8. The method of claim 1 , wherein the controller computing device is any of a smartphone, a tablet computer, or a wearable computing device. 9. The method of claim 1 , wherein the target computing device is one or more of: a television, a projector, a game console, a set-top-box, or a disc player. 10. The method of claim 1 , wherein the pairing response includes target device credentials for the target computing device that are encrypted under the service key. 11. A non-transitory computer-readable medium storing one or more instructions, which when executed by one or more processors, cause the one or more processors to perform steps comprising: using a target computing device, receiving a pairing request from a controller computing device, the pairing request including controller credentials that were previously received by the controller computing device from an authentication server computer and encrypted under a service key that is not available to the controller computing device and the target computing device; using the target computing device, sending at least a portion of the pairing request to a target application executing on the target computing device that is configured determine whether to accept or reject the pairing request based on one or more criteria; using the target computing device, in response to receiving a communication from the target application indicating that the target application has accepted the pairing request, forwarding the pairing request to the authentication server computer, the authentication server computer being configured to return a pairing response based at least in part on the controller credentials; using the target computing device, receiving the pairing response from the authentication server computer, wherein the pairing response includes a shared secret encrypted under a target device key and the same shared secret encrypted under a controller key, the controller key being unavailable to the target computing device and the target device key being unavailable to the controller computing device; using the target computing device, decrypting the shared secret encrypted under the target device key; using the target computing device, forwarding the shared secret encrypted under the controller key to the controller computing device; using the target computing device, establishing a secure connection to the controller computing device using the decrypted shared secret; using the target computing device, receiving, over the secure connection, one or more control messages from the controller computing device that are configured to control one or more functions of the target computing device. 12. The non-transitory computer-readable medium of claim 11 , wherein the target computin