public FidoDeviceRegistration FinishRegistration(FidoStartedRegistration startedRegistration, 
			FidoRegisterResponse registerResponse, IEnumerable<FidoFacetId> trustedFacetIds)
        {
            if (startedRegistration == null) throw new ArgumentNullException("startedRegistration");
            if (registerResponse == null) throw new ArgumentNullException("registerResponse");
            if (trustedFacetIds == null) throw new ArgumentNullException("trustedFacetIds");

            registerResponse.Validate();

            var clientData = registerResponse.ClientData;

            ExpectClientDataType(clientData, RegisterType);

            if (clientData.Challenge != startedRegistration.Challenge)
                throw new InvalidOperationException("Incorrect challenge signed in client data");

            ValidateOrigin(trustedFacetIds, new FidoFacetId(clientData.Origin));

            var registrationData = registerResponse.RegistrationData;
            VerifyResponseSignature(startedRegistration.AppId, registrationData, clientData);

            return new FidoDeviceRegistration(registrationData.KeyHandle, registrationData.UserPublicKey,
                registrationData.AttestationCertificate, 0);
        }