3.3.4.3 Validate Response
This action is supported only when TrustState is 3 (Validating). On this action, the following checks MUST be performed:
The <DeviceValidateNonce> (_DeviceValidateNonceIter) element MUST be syntactically validated.
The <Iteration> number MUST be equal to the device's current iteration number, Iter.
The value of HMAC(_DevicetValidateNonceIter, UTF-8(Iter + OTPIter + _DeviceID + _DeviceCertificate) ), calculated as specified in section 3.1.1, MUST match the _DeviceValidateAuthenticatorIter obtained in the Commit response.
If successful, and this is not the last iteration, the service:
MUST increment the iteration number, Iter.
MUST change TrustState from 3 (Validating) to 2 (Committing).
MUST set the following elements and send them in a Commit Message (section 3.2.4.2.1.1):
<HostID>, as acquired in section 3.1.4.1.
<Iteration>, as the new Iter value.
<HostValidateAuthenticator>, an HMAC, as specified in section 3.1.1, calculated as:
Base64( HMAC(_HostValidateNonceIter, UTF-8 (Iter + OTPIter + _HostID + _HostCertificate) ).
If successful and this is the last iteration, the service:
MUST increment the iteration number, Iter.
MUST change TrustState from 3 (Validating) to 4 (Committing).
MUST set the following elements and send them in a Confirm Message (section 3.2.4.4.1.1):
<HostID>, as acquired in section 3.1.4.1.
<IterationsRequired>, as acquired in section 3.1.4.1.
<HostConfirmNonce>, as used in section 3.2.4.4.2.1.
If this action fails, the control point MUST change TrustState to 0 (Idle), cancel the DTAG protocol, and report an error to the control point user of this protocol.