3.3.4.3 Validate Response

This action is supported only when TrustState is 3 (Validating). On this action, the following checks MUST be performed:

  1. The <DeviceValidateNonce> (_DeviceValidateNonceIter) element MUST be syntactically validated.

  2. The <Iteration> number MUST be equal to the device's current iteration number, Iter.

  3. The value of  HMAC(_DevicetValidateNonceIterUTF-8(Iter + OTPIter + _DeviceID + _DeviceCertificate) ), calculated as specified in section 3.1.1, MUST match the _DeviceValidateAuthenticatorIter obtained in the Commit response.

If successful, and this is not the last iteration, the service:

  1. MUST increment the iteration number, Iter.

  2. MUST change TrustState from 3 (Validating) to 2 (Committing).

  3. MUST set the following elements and send them in a Commit Message (section 3.2.4.2.1.1):

    • <HostID>, as acquired in section 3.1.4.1.

    • <Iteration>, as the new Iter value.

    • <HostValidateAuthenticator>, an HMAC, as specified in section 3.1.1, calculated as:

      Base64( HMAC(_HostValidateNonceIter, UTF-8 (Iter + OTPIter + _HostID + _HostCertificate) ).

If successful and this is the last iteration, the service:

  1. MUST increment the iteration number, Iter.

  2. MUST change TrustState from 3 (Validating) to 4 (Committing).

  3. MUST set the following elements and send them in a Confirm Message (section 3.2.4.4.1.1):

    • <HostID>, as acquired in section 3.1.4.1.

    • <IterationsRequired>, as acquired in section 3.1.4.1.

    • <HostConfirmNonce>, as used in section 3.2.4.4.2.1.

If this action fails, the control point MUST change TrustState to 0 (Idle), cancel the DTAG protocol, and report an error to the control point user of this protocol.