Share via

3.1.1 Abstract Data Model

  • Article

This section describes a conceptual model of possible data organization that an implementation maintains to participate in this protocol. The described organization is provided to facilitate the explanation of how the protocol behaves. This document does not mandate that implementations adhere to this model as long as their external behavior is consistent with that described in this document.

The device and control point start the trust agreement process when a one-time password (OTP) is made available to the two endpoints. Throughout the trust agreement process, the device and control point MUST synchronize the state to perform each action.

The following diagram provides an overview of the state machine common to the device and control point.

DTAG message sequence to establish trust agreement

Figure 3: DTAG message sequence to establish trust agreement

TrustState: The current setting of the service's state machine. The following states are specified for this state variable.

TrustState

State

Description

0

Idle

The trust agreement process is not started. The device and control point wait for a one-time password (OTP) event.

1

Exchanging

The device and control point exchange certificates and endpoint identifiers, along with the authentication code based on the entire OTP string. This authentication code will be examined in the last Confirming state. The Exchange action is processed in this state.

2

Committing

The device and control point exchange the authentication code based on OTP substrings. The Commit action and timeout event are processed in this state.

3

Validating

The device and control point validate the authentication code exchanged on the previous Commit action. The Validate action and timeout event are processed in this state.

4

Confirming

The device and control point finalize the validation of the authentication code obtained in the Exchange action. The Confirm action and timeout event are processed in this state.

N: The number of rounds required for the Commit-Validate actions that will be perfomed by the protocol. The value of this state variable is selected at run-time.

Iter: The current iteration number at which Commit-Validate actions are performed. This state variable is only valid up to N.

OTP: The one-time password (OTP).

OTPIter: The substring OTP for the indicated iteration.

The OTP and its substrings are obtained by the following rule.

The OTP is divided up into N substrings. These substrings are denoted as OTP1, OTP2, ... OTPn. The rule for generating the substring OTPs from the OTP is as follows:

  • Individual characters in an OTP are not broken up.

  • The number of characters in the OTP MUST be greater than or equal to the number of rounds specified in the state variable N.

  • If L is the number of characters in the OTP, then each substring will be either L divN or L divN+1 characters long. The last L modN substrings will have L divN+1 characters. All of the other substrings will have L divN characters.

  • The characters of the OTP are broken up in order into their substrings.

For example, if the value of N is 4 and the value of the OTP is "ThatCat", then the first substring, OTP1 would be "T", the second, OTP2 would be "ha", the third, OTP3 would be "tC", and the fourth, OTP4 would be "at".

_DeviceCertificate: The certificate of the device that is associated with the _DeviceID state variable and which MUST remain stable for the lifetime of the device.

_DeviceConfirmAuthenticator: The authentication code made by the device for the Exchange and Confirm actions.

_DeviceConfirmNonce: A 20-octet nonce made by the device for the Exchange and Confirm actions.

_DeviceID: The UUID of the device.

_DeviceValidateAuthenticatorIter: The authentication code of the device for the indicated iteration of Commit-Validate actions.

_DeviceValidateNonceIter: A 20-octet nonce of the device for the indicated iteration of Commit-Validate actions.

_HostCertificate: The certificate of the control point that is associated with the _HostID state variable and which MUST remain stable for the lifetime of the control point.

_HostConfirmAuthenticator: The authentication code of the control point for the Exchange and Confirm actions.

_HostConfirmNonce: A 20-octet nonce of the control point for the Exchange and Confirm actions.

_HostID: The UUID of the control point.

_HostValidateAuthenticatorIter: The authentication code of the control point for the indicated iteration of the Commit-Validate action.

_HostValidateNonceIter: A 20-octet nonce of the control point for the indicated iteration of the Commit-Validate action.

The _DeviceValidateAuthenticatorIter, _DeviceConfirmAuthenticator, _HostValidateAuthenticatorIter, and _HostConfirmAuthenticator are the 160-bit (20-octet) result of the HMAC-SHA-1 message authentication code [RFC2104]. The HMAC-SHA-1 function takes two parameters, a 20-octet key and some variable-length text, and returns a 20-octet message authentication code.

The HMAC-SHA-1 function key is a nonce.

The HMAC-SHA-1 function text is the UTF-8 representation [RFC3629] of the concatenation of the following items in the order presented:

  • N (or Iter), encoded as a decimal number string

  • An OTP string (or OTPIter substring)

  • The endpoint identifier

  • A certificate, encoded as a base64 string

Therefore, the HMAC-SHA-1 results are denoted in this specification as:

_DeviceConfirmAuthenticator

= HMAC( _DeviceConfirmNonce, UTF-8( N + OTP + _DeviceID + _DeviceCertificate )

_HostConfirmAuthenticator

= HMAC( _HostConfirmNonce, UTF-8( N + OTP + _HostID + _HostCertificate )

_DeviceValidateAuthenticatorIter

= HMAC( _DeviceValidateNonceIter, UTF-8( IterIter + OTPIter + _DeviceID + _DeviceCertificate )

_HostValidateAuthenticatorIter

= HMAC( _HostValidateNonceIter, UTF-8( IterIter + OTPIter + _HostID + _HostCertificate )