3.1.5.1 Message Integrity Checking
Both the server and client add a MAC checksum to licensing messages to allow the recipient to validate the integrity of the licensing data that is contained in the message.
The sender MUST generate the MAC checksum (see section 5.1.5) on selected fields of a licensing message (for fields that are used to generate the MAC checksum, see the MACData fields in sections 2.2.2.3 through 2.2.2.6). It then MUST encrypt those fields of the licensing message (see Encrypting Licensing Session Data (section 5.1.3)). Next, it MUST transmit the licensing message (see Licensing PDU (section 2.2.2)) containing the encrypted fields and the MAC checksum to the receiver.
The receiver MUST decrypt the encrypted fields of the received licensing message (see Decrypting Licensing Session Data (section 5.1.4)), and then MUST generate a MAC checksum over the decrypted fields. Next, it MUST compare the generated checksum with the received checksum. If they do not match, The receiver MAY send a Licensing Error Message (section 2.2.2.8) with an error code ERR_INVALID_MAC and a state transition code of ST_TOTAL_ABORT to the sender.