Saturn 3
Payment Demo
Payment Session Debug Information 

The following page shows the messages (here slightly edited for brevity) exchanged between a Merchant (Payee), Merchant Bank, Wallet (Payer), and User Bank (Payment provider).  For traditional card payments there is also an Acquirer (aka "card processor") involved. The numbers shown in the different steps are supposed to match those of the [SATURN] presentation.

Saturn uses a JSON based message notation described in [YASMIN].

Current mode: Card Payment

1

The user performs "Checkout" (after optionally selecting payment method), causing the Merchant server returning a currently platform dependent Wallet invocation Web-page. Then the invoking Web-page waits for a ready signal from the Wallet.

2

When the ready signal has been received the Merchant sends a list of accepted payment methods and a "paymentRequest" object to the Wallet:

{
    "@context": "https://webpki.github.io/saturn/v3",
    "@qualifier": "PaymentClientRequest",
    "supportedPaymentMethods": [{
        "paymentMethod": "https://bankdirect.net",
        "payeeAuthorityUrl": "https://payments.bigbank.com/payees/86344"
    },{
        "paymentMethod": "https://supercard.com",
        "payeeAuthorityUrl": "https://secure.cardprocessor.com/payees/1077342"
    }],
    "paymentRequest": {
        "payee": {
            "commonName": "Demo Merchant",
            "homePage": "demomerchant.com"
        },
        "amount": "550.00",
        "currency": "EUR",
        "referenceId": "#1000005",
        "timeStamp": "2020-05-17T16:51:46Z",
        "expires": "2020-05-17T17:22:00Z",
        "software": {
            "name": "WebPKI.org - Payee",
            "version": "1.00"
        }
    }
}
Note that payment networks would normally host their own Merchant authority objects (and associated keys), which is why there is a "payeeAuthorityUrl" for each "paymentMethod".
2a

After an optional selection of account (card) in the Wallet UI (accomplished through "swiping" card logotypes in the reference application), the user authorizes the payment request, using a PIN or biometric operation:

The "Balance" field could also function as a touch button for showing a list of recent transactions for the selected virtual card account.

The "Payee" field could also function as a touch button to trigger a Merchant lookup service by using the "payeeAuthorityUrl" associated with the selected virtual card.

2b

The result of this process is not supposed be directly available to the Merchant since it contains potentially sensitive user data.  For an example turn to Unencrypted User Authorization.

3

Therefore the result is encrypted (using a key supplied by the User Bank as a part of the payment credential) before it is returned to the Merchant:

{
    "@context": "https://webpki.github.io/saturn/v3",
    "@qualifier": "PayerAuthorization",
    "providerAuthorityUrl": "https://payments.mybank.com/authority",
    "paymentMethod": "https://supercard.com",
    "encryptedAuthorization": {
        "algorithm": "A128CBC-HS256",
        "keyEncryption": {
            "algorithm": "ECDH-ES+A128KW",
            "publicKey": {
                "kty": "EC",
                "crv": "P-256",
                "x": "TfCrhFwZRU_ea7lUWwRi3HkuyT2yF9IxN5xKh2khjlk",
                "y": "nZFwxLP0TvFXD2xPKzRTIGevgLjpiMw2BP86hszj5x4"
            },
            "ephemeralKey": {
                "kty": "EC",
                "crv": "P-256",
                "x": "BUAQGG3foC0zzMmsfiexdwrtu3InMRjLXsC_5CdimVg",
                "y": "n_IJRZC8q3jz_5O_haXJtzmg8d0wJ9fUN6s1-P-V_g4"
            },
            "encryptedKey": "Pqu24TyPMRgoGYw-oi_cPN77lOJEppxVlV6fGT7OdBE4mooTn-pj2A"
        },
        "iv": "Gd7yjeRuT3cVOqoqzThlZA",
        "tag": "7wCxovYiMXWMi3p-x3g6zQ",
        "cipherText": "6E34VOtXN1YWS70WxS9RB8_bG1fUYWPb....inWyMYrcsbs75DhmI5VMfJ0EoDUWJaJw"
    }
}
For details on the encryption scheme, see [ENCRYPTION]. Note that "providerAuthorityUrl" and "paymentMethod" are sent in clear as well (otherwise the Merchant would not know what to do with the received data). To maintain privacy, the issuer specific encryption public key is preferably shared by many (> 100000) users.

Note that public key data ("publicKey") may equally well be represented by a "keyId".

3a

After receiving the Wallet response, the Merchant uses the supplied "providerAuthorityUrl" to retrieve the associated "ProviderAuthority" object of the User Bank claimed to be the user's account holder for the selected card:

{
    "@context": "https://webpki.github.io/saturn/v3",
    "@qualifier": "ProviderAuthority",
    "httpVersion": "HTTP/1.1",
    "providerAuthorityUrl": "https://payments.mybank.com/authority",
    "homePage": "https://mybank.com",
    "serviceUrl": "https://payments.mybank.com/service",
    "supportedPaymentMethods": {
        "https://bankdirect.net": ["https://sepa.payments.org/saturn/v3#account", "https://bankgirot.se/saturn/v3#account"],
        "https://supercard.com": ["https://sepa.payments.org/saturn/v3#account"]
    },
    "extensions": {
        "https://webpki.github.io/saturn/v3/extensions#hybrid": "https://payments.mybank.com/hybridpay",
        "https://webpki.github.io/saturn/v3/extensions#balance": "https://192.168.1.79:8442/webpay-payerbank/balancereq"
    },
    "signatureProfiles": [
        "https://webpki.github.io/saturn/v3/signatures#ES256.P-256",
        "https://webpki.github.io/saturn/v3/signatures#RS256.2048"
    ],
    "encryptionParameters": [{
        "dataEncryptionAlgorithm": "A128CBC-HS256",
        "keyEncryptionAlgorithm": "ECDH-ES",
        "publicKey": {
            "kty": "EC",
            "crv": "P-256",
            "x": "TfCrhFwZRU_ea7lUWwRi3HkuyT2yF9IxN5xKh2khjlk",
            "y": "nZFwxLP0TvFXD2xPKzRTIGevgLjpiMw2BP86hszj5x4"
        }
    }],
    "timeStamp": "2020-05-17T16:45:45Z",
    "expires": "2020-05-17T17:45:46Z",
    "issuerSignature": {
        "algorithm": "ES256",
        "certificatePath": ["MIIBtTCCAVmgAwIB....3FwxFeOawwmz1bM6", "MIIDcjCCAVqgAwIB....e_-5TddhlTUMNPvw"],
        "value": "ZgbMp1NRKpNq4Km_W3Jk8cSkJdB_o6Is....x9Ek-mnpqqPhY19nV1vgduIoFhVszXIQ"
    }
}
"ProviderAuthority" is an object that normally would be cached until it has expired.  It has the following tasks:
  • Enabling other parties discovering data about an entity before interacting with the entity.
  • Through a signature attesting the authenticity of core parameters including service end points, encryption keys, supported payment methods, extensions, and algorithms.
4

After receiving the "ProviderAuthority" object including the "serviceUrl", the Merchant creates and sends a counter signed "AuthorizationRequest" object (comprising of the user's encrypted authorization and the merchant's associated "paymentRequest"), to the User Bank:

{
    "@context": "https://webpki.github.io/saturn/v3",
    "@qualifier": "AuthorizationRequest",
    "recipientUrl": "https://payments.mybank.com/service",
    "payeeAuthorityUrl": "https://secure.cardprocessor.com/payees/1077342",
    "paymentMethod": "https://supercard.com",
    "paymentRequest": {
        "payee": {
            "commonName": "Demo Merchant",
            "homePage": "demomerchant.com"
        },
        "amount": "550.00",
        "currency": "EUR",
        "referenceId": "#1000005",
        "timeStamp": "2020-05-17T16:51:46Z",
        "expires": "2020-05-17T17:22:00Z",
        "software": {
            "name": "WebPKI.org - Payee",
            "version": "1.00"
        }
    },
    "encryptedAuthorization": {
        "algorithm": "A128CBC-HS256",
        "keyEncryption": {
            "algorithm": "ECDH-ES+A128KW",
            "publicKey": {
                "kty": "EC",
                "crv": "P-256",
                "x": "TfCrhFwZRU_ea7lUWwRi3HkuyT2yF9IxN5xKh2khjlk",
                "y": "nZFwxLP0TvFXD2xPKzRTIGevgLjpiMw2BP86hszj5x4"
            },
            "ephemeralKey": {
                "kty": "EC",
                "crv": "P-256",
                "x": "BUAQGG3foC0zzMmsfiexdwrtu3InMRjLXsC_5CdimVg",
                "y": "n_IJRZC8q3jz_5O_haXJtzmg8d0wJ9fUN6s1-P-V_g4"
            },
            "encryptedKey": "Pqu24TyPMRgoGYw-oi_cPN77lOJEppxVlV6fGT7OdBE4mooTn-pj2A"
        },
        "iv": "Gd7yjeRuT3cVOqoqzThlZA",
        "tag": "7wCxovYiMXWMi3p-x3g6zQ",
        "cipherText": "6E34VOtXN1YWS70WxS9RB8_bG1fUYWPb....inWyMYrcsbs75DhmI5VMfJ0EoDUWJaJw"
    },
    "payeeReceiveAccount": {
        "@context": "https://sepa.payments.org/saturn/v3#account",
        "iban": "FR7630004003200001019471656",
        "nonce": "nZFwxLP0TvFXD2xPKzRTIGevgLjpiMw2BP86hszj5x4"
    },
    "referenceId": "#1000006",
    "clientIpAddress": "220.13.198.144",
    "timeStamp": "2020-05-17T16:51:54Z",
    "software": {
        "name": "WebPKI.org - Payee",
        "version": "1.00"
    },
    "requestSignature": {
        "algorithm": "ES256",
        "publicKey": {
            "kty": "EC",
            "crv": "P-256",
            "x": "t4DjDTgLk6PIAX9bn46JybFgWOv0npE2iEQs0P2kzjs",
            "y": "YcrZeO3SQZgxAyRI8myWlapaNHOBqGL5Pqi5xDXiNt8"
        },
        "value": "cFpUT0mo_-1NTa59mlOYcVve28sPTz8M....s5Eu1ACTgA72_Hs_XxDdWey-CX-bvYuw"
    }
}
Note the use of "payeeReceiveAccount" which holds data needed for the actual payment method.
4a

After receiving the "AuthorizationRequest" object, the User Bank uses the enclosed "payeeAuthorityUrl" to retrieve the Merchant "PayeeAuthority" object:

{
    "@context": "https://webpki.github.io/saturn/v3",
    "@qualifier": "PayeeAuthority",
    "payeeAuthorityUrl": "https://secure.cardprocessor.com/payees/1077342",
    "providerAuthorityUrl": "https://secure.cardprocessor.com/authority",
    "localPayeeId": "1077342",
    "commonName": "Demo Merchant",
    "homePage": "https://demomerchant.com",
    "accountVerifier": {
        "algorithm": "S256",
        "hashedPayeeAccounts": ["kUwpqk-cbkDaBjwDD_etPSh_FtC-Ap2K_A2MQzXNy_U"]
    },
    "signatureParameters": [{
        "algorithm": "ES256",
        "publicKey": {
            "kty": "EC",
            "crv": "P-256",
            "x": "t4DjDTgLk6PIAX9bn46JybFgWOv0npE2iEQs0P2kzjs",
            "y": "YcrZeO3SQZgxAyRI8myWlapaNHOBqGL5Pqi5xDXiNt8"
        }
    }],
    "timeStamp": "2020-05-17T16:48:54Z",
    "expires": "2020-05-17T17:48:55Z",
    "issuerSignature": {
        "algorithm": "ES256",
        "publicKey": {
            "kty": "EC",
            "crv": "P-256",
            "x": "y26bU-pe95rllSzgUUVm36jYQMm3kvIfz-P8B622JEU",
            "y": "Dq8eXwNtBGs9UeqY0CZgrGmZSeWTR85sfvy0lCHssDc"
        },
        "value": "NahE9X7ln0magyPokbC5yOA75qrjXkVY....8mFxL_bbOrJDDWlPKGcabiKepCpEfNpg"
    }
}
"PayeeAuthority" is an object that normally would be cached until it has expired.  It has the following tasks:
  • Enabling other parties discovering data about an entity before interacting with the entity.
  • Through an associated provider's signature attesting the authenticity of core parameters including identity and signature keys.
4b

After receiving the "PayeeAuthority" object, the User Bank uses the enclosed "providerAuthorityUrl" to retrieve the Merchant "ProviderAuthority" object:

{
    "@context": "https://webpki.github.io/saturn/v3",
    "@qualifier": "ProviderAuthority",
    "httpVersion": "HTTP/1.1",
    "providerAuthorityUrl": "https://secure.cardprocessor.com/authority",
    "homePage": "https://cardprocessor.com",
    "serviceUrl": "https://secure.cardprocessor.com/service",
    "supportedPaymentMethods": {
        "https://supercard.com": ["https://sepa.payments.org/saturn/v3#account"]
    },
    "extensions": {
        "https://webpki.github.io/saturn/v3/extensions#refund": "https://secure.cardprocessor.com/refund"
    },
    "signatureProfiles": [
        "https://webpki.github.io/saturn/v3/signatures#ES256.P-256",
        "https://webpki.github.io/saturn/v3/signatures#RS256.2048"
    ],
    "encryptionParameters": [{
        "dataEncryptionAlgorithm": "A128CBC-HS256",
        "keyEncryptionAlgorithm": "ECDH-ES",
        "publicKey": {
            "kty": "EC",
            "crv": "P-256",
            "x": "XIaSZO0Ffgreo1-5_iiRnK6gZTNnMIzdJ6FMI2Q8PJM",
            "y": "_x6x8phPUw1CNuCjGqvboO9sFGXSEY5z5xLxhJ7vEvU"
        }
    }],
    "timeStamp": "2020-05-17T16:48:54Z",
    "expires": "2020-05-17T17:48:55Z",
    "issuerSignature": {
        "algorithm": "ES256",
        "certificatePath": ["MIIBwDCCAWOgAwIB....v8GlGmcoKqaJRsoU", "MIIDdDCCAVygAwIB....tyrJ9uRL3I-pJFoz"],
        "value": "Kiu4V3Nt4akExsb--sZZht7GGVWrNdlN....Ieu9rE8MdOWY2AGCLhz7yjCVJxwGEfbA"
    }
}
"ProviderAuthority" is an object that normally would be cached until it has expired.  It has the following tasks:
  • Enabling other parties discovering data about an entity before interacting with the entity.
  • Through a signature attesting the authenticity of core parameters including service end points, encryption keys, supported payment methods, extensions, and algorithms.
4c

Now the User Bank (equipped with the "ProviderAuthority" and "PayeeAuthority" objects), must check the validity of the "AuthorizationRequest" using the following steps:

  • Verify that the "recipientUrl" in the "AuthorizationRequest" object matches the "serviceUrl" of the User Bank.
  • Verify that the "publicKey" in the "issuerSignature" object of the "PayeeAuthority" object and the public key of the first (=signature) certificate in the "certificatePath" of the "ProviderAuthority" object are identical.
  • Verify that the Merchant is vouched for by a provider belonging to one for the User Bank known trust network through the "certificatePath" in the "ProviderAuthority" object.
  • Verify that the "publicKey" and "algorithm" in the "AuthorizationRequest" object matches one of the "signatureParameters" objects in the "PayeeAuthority" object.
  • Verify that the "payeeReceiveAccount" object is decodable and applicable to the operation in progress.
  • Verify that one of the elements in the optional "accountVerifier" list of the "PayeeAuthority" object matches the hash of the account provided in the "payeeReceiveAccount" object.
 
After verifying the Merchant's request data, turn to the User's authorization:
  • Verify that decrypting "encryptedAuthorization" returns a valid user authorization object including an "authorizationSignature" object.
  • Verify that the "credentialId" points to valid credential.
  • Verify that the "publicKey" and "accountId" match a User Bank customer account.
  • Verify that the "requestHash" in the user authorization object matches the hash of the "paymentRequest" object.
  • Verify that the "payeeAuthorityUrl" matches the copy in the "AuthorizationRequest" object. Although this this duplication of data indeed is technically redundant, it was added to enable filtering out "bad" merchants before taking on user authorization.
  • Verify that the "paymentMethod" in the "AuthorizationRequest" object and in the user authorization object are identical.
  • Verify that the "timeStamp" in the user authorization object is within limits like -AllowedClientClockSkew to (AllowedClientClockSkew + AuthorizationMaxAge) with respect to current time.
4d

If the user authorization object also holds RBA (Risk Based Authentication) data, this is where such data should be validated.

Note that the inclusion of RBA data means that a related previous "AuthorizationRequest" did not result in an "AuthorizationResponse" (indicating success), but in a "ProviderUserResponse" holding specific RBA request data. See Provider User Response for more information.

4e

After validating the "AuthorizationRequest" and checking that the User actually has funds matching the request, the User Bank reserves the specified amount including a reference to the "payee" and "referenceId" of the "paymentRequest".

4f

After a successful preceding step, the User Bank creates an empty "AuthorizationResponse" object.

4g

Then a number of properties are added including "encryptedAccountData" which holds the encrypted PAN etc. Encryption is performed using the "encryptionParameters" of the payment "ProviderAuthority" associated with the Merchant. The following shows typical account data before encryption:

{
    "@context": "https://supercard.com/saturn/v3#account",
    "cardNumber": "4532562005001506",
    "cardHolder": "Luke Skywalker",
    "expires": "2024-03-14T00:00:00Z"
}

The optional "accountReference" property holds a short version of the used payment account which can be featured in receipts etc.

4h

The last element to be added is the original "AuthorizationRequest" object.

5

Finally User Bank counter-signs the completed object with its private key and certificate. The result is then returned to the Merchant as a response to the "AuthorizationRequest":

{
    "@context": "https://webpki.github.io/saturn/v3",
    "@qualifier": "AuthorizationResponse",
    "accountReference": "************1233",
    "encryptedAccountData": {
        "algorithm": "A128CBC-HS256",
        "keyEncryption": {
            "algorithm": "ECDH-ES",
            "publicKey": {
                "kty": "EC",
                "crv": "P-256",
                "x": "XIaSZO0Ffgreo1-5_iiRnK6gZTNnMIzdJ6FMI2Q8PJM",
                "y": "_x6x8phPUw1CNuCjGqvboO9sFGXSEY5z5xLxhJ7vEvU"
            },
            "ephemeralKey": {
                "kty": "EC",
                "crv": "P-256",
                "x": "QXupJlusZyhk_MTLFbFa5-VjTLXv3OitHVtyphebit4",
                "y": "UQb7NYixB8QUBbJqaT0CbvxTERv169v49f2yl1R4x-8"
            }
        },
        "iv": "aMsXtFc3xz3R3ojCWGPdXQ",
        "tag": "QvfGS6Rbp5QMozJeygoX8g",
        "cipherText": "LQeYzuTp-b30yVUT--EumJrCMd6vL2hb....Syr9IdrvWdnqwGqhbL1BQmtM_LBFH6OA"
    },
    "referenceId": "#0100345173",
    "timeStamp": "2020-05-17T16:51:54Z",
    "software": {
        "name": "WebPKI.org - Bank",
        "version": "1.00"
    },
    "authorizationRequest": {
        "@context": "https://webpki.github.io/saturn/v3",
        "@qualifier": "AuthorizationRequest",
        "recipientUrl": "https://payments.mybank.com/service",
        "payeeAuthorityUrl": "https://secure.cardprocessor.com/payees/1077342",
        "paymentMethod": "https://supercard.com",
        "paymentRequest": {
            "payee": {
                "commonName": "Demo Merchant",
                "homePage": "demomerchant.com"
            },
            "amount": "550.00",
            "currency": "EUR",
            "referenceId": "#1000005",
            "timeStamp": "2020-05-17T16:51:46Z",
            "expires": "2020-05-17T17:22:00Z",
            "software": {
                "name": "WebPKI.org - Payee",
                "version": "1.00"
            }
        },
        "encryptedAuthorization": {
            "algorithm": "A128CBC-HS256",
            "keyEncryption": {
                "algorithm": "ECDH-ES+A128KW",
                "publicKey": {
                    "kty": "EC",
                    "crv": "P-256",
                    "x": "TfCrhFwZRU_ea7lUWwRi3HkuyT2yF9IxN5xKh2khjlk",
                    "y": "nZFwxLP0TvFXD2xPKzRTIGevgLjpiMw2BP86hszj5x4"
                },
                "ephemeralKey": {
                    "kty": "EC",
                    "crv": "P-256",
                    "x": "BUAQGG3foC0zzMmsfiexdwrtu3InMRjLXsC_5CdimVg",
                    "y": "n_IJRZC8q3jz_5O_haXJtzmg8d0wJ9fUN6s1-P-V_g4"
                },
                "encryptedKey": "Pqu24TyPMRgoGYw-oi_cPN77lOJEppxVlV6fGT7OdBE4mooTn-pj2A"
            },
            "iv": "Gd7yjeRuT3cVOqoqzThlZA",
            "tag": "7wCxovYiMXWMi3p-x3g6zQ",
            "cipherText": "6E34VOtXN1YWS70WxS9RB8_bG1fUYWPb....inWyMYrcsbs75DhmI5VMfJ0EoDUWJaJw"
        },
        "payeeReceiveAccount": {
            "@context": "https://sepa.payments.org/saturn/v3#account",
            "iban": "FR7630004003200001019471656",
            "nonce": "nZFwxLP0TvFXD2xPKzRTIGevgLjpiMw2BP86hszj5x4"
        },
        "referenceId": "#1000006",
        "clientIpAddress": "220.13.198.144",
        "timeStamp": "2020-05-17T16:51:54Z",
        "software": {
            "name": "WebPKI.org - Payee",
            "version": "1.00"
        },
        "requestSignature": {
            "algorithm": "ES256",
            "publicKey": {
                "kty": "EC",
                "crv": "P-256",
                "x": "t4DjDTgLk6PIAX9bn46JybFgWOv0npE2iEQs0P2kzjs",
                "y": "YcrZeO3SQZgxAyRI8myWlapaNHOBqGL5Pqi5xDXiNt8"
            },
            "value": "cFpUT0mo_-1NTa59mlOYcVve28sPTz8M....s5Eu1ACTgA72_Hs_XxDdWey-CX-bvYuw"
        }
    },
    "authorizationSignature": {
        "algorithm": "ES256",
        "certificatePath": ["MIIBtTCCAVmgAwIB....3FwxFeOawwmz1bM6", "MIIDcjCCAVqgAwIB....e_-5TddhlTUMNPvw"],
        "value": "k2ZmZ-7-naKCO1CB5qrwJvP-kNeHLJln....uC1kqy4KZjoqJj_E_9tGdJbfGxluPDDw"
    }
}
6

To finalize the transaction the Merchant embeds the "AuthorizationResponse" in a newly created "TransactionRequest" including a possibly updated "amount" and sends the completed object to the Acquirer:

{
    "@context": "https://webpki.github.io/saturn/v3",
    "@qualifier": "TransactionRequest",
    "recipientUrl": "https://secure.cardprocessor.com/service",
    "amount": "550.00",
    "referenceId": "#1000007",
    "timeStamp": "2020-05-17T16:51:54Z",
    "software": {
        "name": "WebPKI.org - Payee",
        "version": "1.00"
    },
    "authorizationResponse": {
        "@context": "https://webpki.github.io/saturn/v3",
        "@qualifier": "AuthorizationResponse",
        "accountReference": "************1233",
        "encryptedAccountData": {
            "algorithm": "A128CBC-HS256",
            "keyEncryption": {
                "algorithm": "ECDH-ES",
                "publicKey": {
                    "kty": "EC",
                    "crv": "P-256",
                    "x": "XIaSZO0Ffgreo1-5_iiRnK6gZTNnMIzdJ6FMI2Q8PJM",
                    "y": "_x6x8phPUw1CNuCjGqvboO9sFGXSEY5z5xLxhJ7vEvU"
                },
                "ephemeralKey": {
                    "kty": "EC",
                    "crv": "P-256",
                    "x": "QXupJlusZyhk_MTLFbFa5-VjTLXv3OitHVtyphebit4",
                    "y": "UQb7NYixB8QUBbJqaT0CbvxTERv169v49f2yl1R4x-8"
                }
            },
            "iv": "aMsXtFc3xz3R3ojCWGPdXQ",
            "tag": "QvfGS6Rbp5QMozJeygoX8g",
            "cipherText": "LQeYzuTp-b30yVUT--EumJrCMd6vL2hb....Syr9IdrvWdnqwGqhbL1BQmtM_LBFH6OA"
        },
        "referenceId": "#0100345173",
        "timeStamp": "2020-05-17T16:51:54Z",
        "software": {
            "name": "WebPKI.org - Bank",
            "version": "1.00"
        },
        "authorizationRequest": {
            "@context": "https://webpki.github.io/saturn/v3",
            "@qualifier": "AuthorizationRequest",
            "recipientUrl": "https://payments.mybank.com/service",
            "payeeAuthorityUrl": "https://secure.cardprocessor.com/payees/1077342",
            "paymentMethod": "https://supercard.com",
            "paymentRequest": {
                "payee": {
                    "commonName": "Demo Merchant",
                    "homePage": "demomerchant.com"
                },
                "amount": "550.00",
                "currency": "EUR",
                "referenceId": "#1000005",
                "timeStamp": "2020-05-17T16:51:46Z",
                "expires": "2020-05-17T17:22:00Z",
                "software": {
                    "name": "WebPKI.org - Payee",
                    "version": "1.00"
                }
            },
            "encryptedAuthorization": {
                "algorithm": "A128CBC-HS256",
                "keyEncryption": {
                    "algorithm": "ECDH-ES+A128KW",
                    "publicKey": {
                        "kty": "EC",
                        "crv": "P-256",
                        "x": "TfCrhFwZRU_ea7lUWwRi3HkuyT2yF9IxN5xKh2khjlk",
                        "y": "nZFwxLP0TvFXD2xPKzRTIGevgLjpiMw2BP86hszj5x4"
                    },
                    "ephemeralKey": {
                        "kty": "EC",
                        "crv": "P-256",
                        "x": "BUAQGG3foC0zzMmsfiexdwrtu3InMRjLXsC_5CdimVg",
                        "y": "n_IJRZC8q3jz_5O_haXJtzmg8d0wJ9fUN6s1-P-V_g4"
                    },
                    "encryptedKey": "Pqu24TyPMRgoGYw-oi_cPN77lOJEppxVlV6fGT7OdBE4mooTn-pj2A"
                },
                "iv": "Gd7yjeRuT3cVOqoqzThlZA",
                "tag": "7wCxovYiMXWMi3p-x3g6zQ",
                "cipherText": "6E34VOtXN1YWS70WxS9RB8_bG1fUYWPb....inWyMYrcsbs75DhmI5VMfJ0EoDUWJaJw"
            },
            "payeeReceiveAccount": {
                "@context": "https://sepa.payments.org/saturn/v3#account",
                "iban": "FR7630004003200001019471656",
                "nonce": "nZFwxLP0TvFXD2xPKzRTIGevgLjpiMw2BP86hszj5x4"
            },
            "referenceId": "#1000006",
            "clientIpAddress": "220.13.198.144",
            "timeStamp": "2020-05-17T16:51:54Z",
            "software": {
                "name": "WebPKI.org - Payee",
                "version": "1.00"
            },
            "requestSignature": {
                "algorithm": "ES256",
                "publicKey": {
                    "kty": "EC",
                    "crv": "P-256",
                    "x": "t4DjDTgLk6PIAX9bn46JybFgWOv0npE2iEQs0P2kzjs",
                    "y": "YcrZeO3SQZgxAyRI8myWlapaNHOBqGL5Pqi5xDXiNt8"
                },
                "value": "cFpUT0mo_-1NTa59mlOYcVve28sPTz8M....s5Eu1ACTgA72_Hs_XxDdWey-CX-bvYuw"
            }
        },
        "authorizationSignature": {
            "algorithm": "ES256",
            "certificatePath": ["MIIBtTCCAVmgAwIB....3FwxFeOawwmz1bM6", "MIIDcjCCAVqgAwIB....e_-5TddhlTUMNPvw"],
            "value": "k2ZmZ-7-naKCO1CB5qrwJvP-kNeHLJln....uC1kqy4KZjoqJj_E_9tGdJbfGxluPDDw"
        }
    },
    "requestSignature": {
        "algorithm": "ES256",
        "publicKey": {
            "kty": "EC",
            "crv": "P-256",
            "x": "t4DjDTgLk6PIAX9bn46JybFgWOv0npE2iEQs0P2kzjs",
            "y": "YcrZeO3SQZgxAyRI8myWlapaNHOBqGL5Pqi5xDXiNt8"
        },
        "value": "wTpXhV0RdPbFvlmLq2KrfAm7dHRr8P-c....x7Wd_zQECx88FtXashC1dGsGfirJ3UNw"
    }
}
7

After successful validation of the "TransactionRequest" the Acquirer performs a request to the associated card network.

8

After successful processing of the transaction request the Acquirer returns a matching response to the Merchant:

{
    "@context": "https://webpki.github.io/saturn/v3",
    "@qualifier": "TransactionResponse",
    "logData": "Payer interbanking ref: #0100345174",
    "referenceId": "#194010",
    "timeStamp": "2020-05-17T16:51:54Z",
    "software": {
        "name": "WebPKI.org - Payment Provider",
        "version": "1.00"
    },
    "transactionRequest": {
        "@context": "https://webpki.github.io/saturn/v3",
        "@qualifier": "TransactionRequest",
        "recipientUrl": "https://secure.cardprocessor.com/service",
        "amount": "550.00",
        "referenceId": "#1000007",
        "timeStamp": "2020-05-17T16:51:54Z",
        "software": {
            "name": "WebPKI.org - Payee",
            "version": "1.00"
        },
        "authorizationResponse": {
            "@context": "https://webpki.github.io/saturn/v3",
            "@qualifier": "AuthorizationResponse",
            "accountReference": "************1233",
            "encryptedAccountData": {
                "algorithm": "A128CBC-HS256",
                "keyEncryption": {
                    "algorithm": "ECDH-ES",
                    "publicKey": {
                        "kty": "EC",
                        "crv": "P-256",
                        "x": "XIaSZO0Ffgreo1-5_iiRnK6gZTNnMIzdJ6FMI2Q8PJM",
                        "y": "_x6x8phPUw1CNuCjGqvboO9sFGXSEY5z5xLxhJ7vEvU"
                    },
                    "ephemeralKey": {
                        "kty": "EC",
                        "crv": "P-256",
                        "x": "QXupJlusZyhk_MTLFbFa5-VjTLXv3OitHVtyphebit4",
                        "y": "UQb7NYixB8QUBbJqaT0CbvxTERv169v49f2yl1R4x-8"
                    }
                },
                "iv": "aMsXtFc3xz3R3ojCWGPdXQ",
                "tag": "QvfGS6Rbp5QMozJeygoX8g",
                "cipherText": "LQeYzuTp-b30yVUT--EumJrCMd6vL2hb....Syr9IdrvWdnqwGqhbL1BQmtM_LBFH6OA"
            },
            "referenceId": "#0100345173",
            "timeStamp": "2020-05-17T16:51:54Z",
            "software": {
                "name": "WebPKI.org - Bank",
                "version": "1.00"
            },
            "authorizationRequest": {
                "@context": "https://webpki.github.io/saturn/v3",
                "@qualifier": "AuthorizationRequest",
                "recipientUrl": "https://payments.mybank.com/service",
                "payeeAuthorityUrl": "https://secure.cardprocessor.com/payees/1077342",
                "paymentMethod": "https://supercard.com",
                "paymentRequest": {
                    "payee": {
                        "commonName": "Demo Merchant",
                        "homePage": "demomerchant.com"
                    },
                    "amount": "550.00",
                    "currency": "EUR",
                    "referenceId": "#1000005",
                    "timeStamp": "2020-05-17T16:51:46Z",
                    "expires": "2020-05-17T17:22:00Z",
                    "software": {
                        "name": "WebPKI.org - Payee",
                        "version": "1.00"
                    }
                },
                "encryptedAuthorization": {
                    "algorithm": "A128CBC-HS256",
                    "keyEncryption": {
                        "algorithm": "ECDH-ES+A128KW",
                        "publicKey": {
                            "kty": "EC",
                            "crv": "P-256",
                            "x": "TfCrhFwZRU_ea7lUWwRi3HkuyT2yF9IxN5xKh2khjlk",
                            "y": "nZFwxLP0TvFXD2xPKzRTIGevgLjpiMw2BP86hszj5x4"
                        },
                        "ephemeralKey": {
                            "kty": "EC",
                            "crv": "P-256",
                            "x": "BUAQGG3foC0zzMmsfiexdwrtu3InMRjLXsC_5CdimVg",
                            "y": "n_IJRZC8q3jz_5O_haXJtzmg8d0wJ9fUN6s1-P-V_g4"
                        },
                        "encryptedKey": "Pqu24TyPMRgoGYw-oi_cPN77lOJEppxVlV6fGT7OdBE4mooTn-pj2A"
                    },
                    "iv": "Gd7yjeRuT3cVOqoqzThlZA",
                    "tag": "7wCxovYiMXWMi3p-x3g6zQ",
                    "cipherText": "6E34VOtXN1YWS70WxS9RB8_bG1fUYWPb....inWyMYrcsbs75DhmI5VMfJ0EoDUWJaJw"
                },
                "payeeReceiveAccount": {
                    "@context": "https://sepa.payments.org/saturn/v3#account",
                    "iban": "FR7630004003200001019471656",
                    "nonce": "nZFwxLP0TvFXD2xPKzRTIGevgLjpiMw2BP86hszj5x4"
                },
                "referenceId": "#1000006",
                "clientIpAddress": "220.13.198.144",
                "timeStamp": "2020-05-17T16:51:54Z",
                "software": {
                    "name": "WebPKI.org - Payee",
                    "version": "1.00"
                },
                "requestSignature": {
                    "algorithm": "ES256",
                    "publicKey": {
                        "kty": "EC",
                        "crv": "P-256",
                        "x": "t4DjDTgLk6PIAX9bn46JybFgWOv0npE2iEQs0P2kzjs",
                        "y": "YcrZeO3SQZgxAyRI8myWlapaNHOBqGL5Pqi5xDXiNt8"
                    },
                    "value": "cFpUT0mo_-1NTa59mlOYcVve28sPTz8M....s5Eu1ACTgA72_Hs_XxDdWey-CX-bvYuw"
                }
            },
            "authorizationSignature": {
                "algorithm": "ES256",
                "certificatePath": ["MIIBtTCCAVmgAwIB....3FwxFeOawwmz1bM6", "MIIDcjCCAVqgAwIB....e_-5TddhlTUMNPvw"],
                "value": "k2ZmZ-7-naKCO1CB5qrwJvP-kNeHLJln....uC1kqy4KZjoqJj_E_9tGdJbfGxluPDDw"
            }
        },
        "requestSignature": {
            "algorithm": "ES256",
            "publicKey": {
                "kty": "EC",
                "crv": "P-256",
                "x": "t4DjDTgLk6PIAX9bn46JybFgWOv0npE2iEQs0P2kzjs",
                "y": "YcrZeO3SQZgxAyRI8myWlapaNHOBqGL5Pqi5xDXiNt8"
            },
            "value": "wTpXhV0RdPbFvlmLq2KrfAm7dHRr8P-c....x7Wd_zQECx88FtXashC1dGsGfirJ3UNw"
        }
    },
    "authorizationSignature": {
        "algorithm": "ES256",
        "certificatePath": ["MIIBwDCCAWOgAwIB....v8GlGmcoKqaJRsoU", "MIIDdDCCAVygAwIB....tyrJ9uRL3I-pJFoz"],
        "value": "yN5M9nbCNA6NITqA6_X2kWxIZAPoqCDb....m6PDoq2FkyrzR2TICzQv9tUaK4Q0pWwA"
    }
}
The payment authorization process was successful.

Unencrypted User Authorization

The following printout shows a sample of internal Wallet user authorization data before it is encrypted:
{
    "requestHash": {
        "algorithm": "S256",
        "value": "xf5M9irHbvLTyDWIV6N3VmChy3_tvzHE4mUyf4DYsw8"
    },
    "payeeAuthorityUrl": "https://payments.bigbank.com/payees/86344",
    "payeeHost": "demomerchant.com",
    "paymentMethod": "https://bankdirect.net",
    "credentialId": "54674448",
    "accountId": "FR7630002111110020050012733",
    "encryptionParameters": {
        "algorithm": "A256GCM",
        "encryptionKey": "9MdPM5jEnPRtk-yYGIMmYaQLrk0gTXVQNhQQIHQ0aQk"
    },
    "timeStamp": "2020-05-17T18:47:39+02:00",
    "software": {
        "name": "WebPKI Suite/Saturn",
        "version": "1.34"
    },
    "platform": {
        "name": "Android",
        "version": "10",
        "vendor": "Huawei"
    },
    "authorizationSignature": {
        "algorithm": "ES256",
        "publicKey": {
            "kty": "EC",
            "crv": "P-256",
            "x": "censDzcMEkgiePz6DXB7cDuwFemshAFR90UNVQFCg8Q",
            "y": "xq8rze6ewG0-eVcSF72J77gKiD0IHnzpwHaU7t6nVeY"
        },
        "value": "VFbCr2e5UsRtK-_KoukNLBeTrUfBHLz6....oXh4FH3NM4vS4GxCXG0DjL-WQD3U8TeA"
    }
}
Explanations:

"requestHash" holds a by the Wallet calculated hash of the "paymentRequest" object.

"payeeAuthorityUrl" binds a declared Merchant authority object (holding keys) to an anticipated "AuthorizationRequest" message. See also "PaymentClientRequest".

"payeeHost" holds the host name of the Merchant as recorded by the Wallet.

"paymentMethod" holds the payment method associated with the selected virtual card.

"credentialId" holds a serial number or similar unique identifier associated with the selected virtual card.

"accountId" holds an account identifier associated with the selected virtual card. See also Encrypted Account Data.

"encryptionParameters" holds session specific encryption parameters generated by the Wallet. See Provider User Response for more information.

"timeStamp" holds the date and time for the authorization event in RFC 3339 (ISO) notation inclding local time offset.

"software" holds the name and version of the Wallet software.

"platform" holds the name and version of the platform software as well as the hardware vendor suppying it.

"authorizationSignature" holds the user's authorization signature. Note that "publicKey" may be omitted if "credentialId" is sufficient for locating the proper signature key.

Note that the algorithms to use are stored in the selected virtual card. That is, algorithms are exclusively defined by the issuer, although they must (of course) be within the limits of the Wallet software.

Provider User Response

In the case the User Bank requires additional authentication data from the user it will not return an "AuthorizationResponse" message, but the following:
{
    "@context": "https://webpki.github.io/saturn/v3",
    "@qualifier": "ProviderUserResponse",
    "encryptedMessage": {
        "algorithm": "A256GCM",
        "iv": "egL4AxRFZ26R2S3v",
        "tag": "67Jw6HG1g10Azu1iG61q9g",
        "cipherText": "SZ575a6kJLpLswjDnUUrRT5jlOqg-JST...._XLOFsdkdWbJPSWwAecEAKrRJsZS_1Es"
    }
}
Note that the Merchant is supposed to transfer the "ProviderUserResponse" to the already open Wallet and be prepared for receiving a renewed "PayerAuthorization" in order to maintain an unmodified "paymentRequest" needed for RBA synchronization.
The message featured in the "encryptedMessage" object is then decrypted using the "encryptionParameters" the Wallet included in the preceding user authentication object:
{
    "requester": "My Bank",
    "text": "Transaction requests exceeding <span style='font-weight:bold;white-space:nowrap'>&#x20ac;&#x2009;1,000</span> require additional user authentication to be performed. Please enter your <span style='color:blue'>mother's maiden name</span>.",
    "userChallengeItems": [{
        "name": "mother",
        "type": "ALPHANUMERIC"
    }],
    "timeStamp": "2020-05-17T16:48:05Z"
}

Note that if there are no "userChallengeItems" elements, there is only a text message to the user like "Out of funds" and the payment process terminates.

However, in the case above there is a "userChallengeItems" list which must be handled by a specific RBA dialog:

Requester: My Bank
Transaction requests exceeding € 1,000 require additional user authentication to be performed. Please enter your mother's maiden name.
● ● ● ● ●
Cancel
Submit!
When the user have issued the requested data the Wallet creates a new user authentication object which now also contains a matching "userResponseItems" list:
{
    "requestHash": {
        "algorithm": "S256",
        "value": "xf5M9irHbvLTyDWIV6N3VmChy3_tvzHE4mUyf4DYsw8"
    },
    "payeeAuthorityUrl": "https://payments.bigbank.com/payees/86344",
    "payeeHost": "demomerchant.com",
    "paymentMethod": "https://bankdirect.net",
    "credentialId": "54674448",
    "accountId": "FR7630002111110020050012733",
    "encryptionParameters": {
        "algorithm": "A256GCM",
        "encryptionKey": "9MdPM5jEnPRtk-yYGIMmYaQLrk0gTXVQNhQQIHQ0aQk"
    },
    "userResponseItems": [{
        "name": "mother",
        "value": "smith"
    }],
    "timeStamp": "2020-05-17T18:48:29+02:00",
    "software": {
        "name": "WebPKI Suite/Saturn",
        "version": "1.34"
    },
    "platform": {
        "name": "Android",
        "version": "10",
        "vendor": "Huawei"
    },
    "authorizationSignature": {
        "algorithm": "ES256",
        "publicKey": {
            "kty": "EC",
            "crv": "P-256",
            "x": "censDzcMEkgiePz6DXB7cDuwFemshAFR90UNVQFCg8Q",
            "y": "xq8rze6ewG0-eVcSF72J77gKiD0IHnzpwHaU7t6nVeY"
        },
        "value": "SgMDfsHmUiAA4JRKtBaKVX9vYlCb084_....nb0cZ0Dap5fJSVNPQy3XG-O3zvg_4UnA"
    }
}

This object is returned to the Merchant in a "PayerAuthorization" message, effectively resuming operation at step 3.

This process may be repeated until User Bank is satisfied or blocks further attempts.

Protocol version: 0.65
Date: 2020-05-16