3.3.5.2 Proximity Detection

  • Article

The transmitter MUST perform proximity detection using the following steps:

  1. After the transmitter receives the proximity start message, it MUST generate a sequence number and a nonce. (The nonce is a 128-bit random value that MUST be generated by a pseudo-random number generator that is cryptographically random in a manner consistent with the compliance rules [CR-WMDRM] for transmitter.)

  2. Then the transmitter MUST send the receiver a proximity challenge message. The message MUST contain the sequence number, the session ID, and the nonce. If IPv4 is used, the time-to-live (TTL) field in the IPv4 header of the IP datagram carrying the proximity challenge message MUST be set to 3. If IPv6 is used, the Hop Count field in the IPv6 header MUST be set to 3. The sequence number is incremented by one for each proximity challenge message that is sent to the receiver.

  3. The transmitter MUST start a counter and measure the time it takes for the receiver to reply with the proximity response message.

  4. The transmitter MUST stop the counter when it receives the Proximity Response message. The transmitter MUST then validate the encrypted Nonce. The transmitter determines, based on the computed round-trip time (RTT), whether the receiver is in proximity. If the RTT is 7 milliseconds or less, proximity detection succeeds. The proximity detection procedure MUST fail if the receiver is not in proximity.

  5. Finally, the transmitter MUST send a proximity result message to the receiver indicating whether the proximity detection procedure was successful. An error code of 0 MUST be used in case of success, while a failure is indicated via error code 106 (Unable to Verify Proximity). If IPv4 is used, the TTL field in the IPv4 header of the IP datagram carrying the proximity result message MUST be set to 3. If IPv6 is used, the Hop Count field in the IPv6 header MUST be set to 3.

If the proximity result message is lost by the network, the receiver can send a new proximity start message. If the proximity detection procedure already succeeded, the transmitter MAY immediately reply with a proximity result message after it receives the new proximity start message from the receiver.

The transmitter MUST securely store the validation states of all receivers in its database, and the transmitter MUST require proximity detection every 48 hours as part of the revalidation procedure. If more than 48 hours has elapsed since a receiver performed a successful proximity detection procedure, then the transmitter MUST NOT deliver content to that receiver until the receiver has been revalidated.