3.8.5 Message Processing Events and Sequencing Rules
If the Remote Assistance Initiation protocol is used to transfer the Remote Assistance Connection String, the novice MUST use either the version 1 or 2 protocol (as specified in section 3.6). If the Remote Assistance Initiation over PNRP Protocol was used to transfer Remote Assistance Connection String, the novice MUST use the version 3 protocol (specified below) for session initialization after the Remote Assistance connection is established.
After the RC_CTL virtual channel has been established between the novice and the expert, the novice MUST send the expert a REMOTEDESKTOP_CTL_TOKEN_PACKET containing a novice session authorization token as specified in section 2.2.4.
After the expert verifies the novice token, the novice MUST receive a REMOTEDESKTOP_CTL_TOKEN_PACKET containing an expert session authorization token as specified in section 2.2.4.
The novice MUST create an expert token and compare it with the token received from the expert to verify that the two tokens match. After this is verified, the novice MUST receive permission from the user to allow the connection before granting a view of the desktop.
If either side cannot confirm that the two tokens match, or if the user does not grant permission to view the desktop, the Remote Assistance connection MUST be terminated.