3.1.5.2 Challenge
When the client receives a Challenge message (section 2.2.3.1) in the WAITING_FOR_CHALLENGE_REQUEST state, the client MUST compute the response value (as specified in section 3.2.1) using the challenge value of the Challenge message (section 2.2.3.1), the Shared Secret, and the Numeric Value. The client MUST send a Response message (section 2.2.3.5) to the server containing the computed response value.
The client MUST then create a random challenge value and send a Challenge message to the server containing the challenge value. The client MUST compute and store the Expected Response (as specified in section 3.2.1) for this challenge value. The client MUST restart the ClientGuardTimer (section 3.1.2) and transition to the WAITING_FOR_CHALLENGE_RESPONSE state.
When the client receives the client message in any other state, the client MUST initiate a disconnect of the control channel, stop the ClientGuardTimer, and transition to the FATAL_ERROR state.