3.2.4.3.1 New Account and Device Registration

For a new account, the client sends to a relay server the SecAccountRegister account-layer message within the SecDeviceAccountRegister message. The client retrieves the secret account key and the public key information from the current account object, and then constructs the SecAccountRegister message as specified in section 2.2.14. The value of the UserPreAuthToken in the SecAccountRegister message SHOULD come from one of identity objects associated with the current account object<5>. The client retrieves the secret device key and the public key information from the current device object, and then constructs the SecDeviceAccountRegister message as specified in section 2.2.12. The client sends an SSTP Register command to start the new account registration sequence.

After sending the SecDeviceAccountRegister message with the SecAccountRegister message to the relay server, the client transitions into the DeviceAccountRegistering state.