3.4.5.3 Meter Challenge Processing

After the MAS receives the metering challenge message, it MUST first verify the signature of the contents of the DATA element using the CERTIFICATE element and MSDRM_SIGNATURE_VALUE element. These elements are base64-encoded as documented in [MS-DRM] section 2.2.1.1. The MAS MUST then build a digital signature using the MSDRM ECC signature creation algorithms and process (section 2.2.1.6).

Additionally, the MAS [MSDN-MAS] MUST verify that the CERTIFICATE element chains to a trusted root certificate key using certificate chain validation mechanisms as described in [RFC2459].

The base64-decoded MID in the challenge MUST match the MID in the metering aggregation server's preconfigured metering certificate.

The contents of the RECORDS element are then base64-decoded and decrypted using the MAS's metering certificate's private key using the algorithm described in section 2.2.1.6. The decrypted information SHOULD be stored in the MAS's database for tracking content statistics.

Finally, using data from the challenge, the MAS creates a metering response message, as detailed in section 3.4.5.4.