Re: [w3c/webpayments-methods-tokenization] Generalisation of Encrypted Card (#22) from Anders Rundgren on 2017-11-30 (public-webpayments-specs@w3.org from November 2017)

From: Anders Rundgren <notifications@github.com>
Date: Thu, 30 Nov 2017 06:30:29 +0000 (UTC)
To: w3c/webpayments-methods-tokenization <webpayments-methods-tokenization@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/webpayments-methods-tokenization/issues/22/348095164@github.com>

Maybe an existing implementation could serve as "inspiration"?
Sent back to the Merchant from the "Wallet":
```json
{
    "@context": "http://webpki.org/saturn/v3",
    "@qualifier": "PayerAuthorization",
    "providerAuthorityUrl": "https://mobilepki.org/webpay-payerbank/authority",
    "paymentMethod": "https://bankdirect.net",
    "encryptedAuthorization": {
        "algorithm": "A128CBC-HS256",
        "keyEncryption": {
            "algorithm": "ECDH-ES",
            "publicKey": {
                "kty": "EC",
                "crv": "P-256",
                "x": "TfCrhFwZRU_ea7lUWwRi3HkuyT2yF9IxN5xKh2khjlk",
                "y": "nZFwxLP0TvFXD2xPKzRTIGevgLjpiMw2BP86hszj5x4"
            },
            "ephemeralKey": {
                "kty": "EC",
                "crv": "P-256",
                "x": "aULMwrQGXfabPsySp8scwSba5bLS_JTA-OFi-DEiP6A",
                "y": "8dvGM_q9ZbEuW0FbfQrMCwdBDzLPXCJtmr_lam8qMPM"
            }
        },
        "iv": "XhGBuprfq9w0SUvf-JnQVA",
        "tag": "A1-d1R-9y3IghfJus3Klcw",
        "cipherText": "qBzSqs3fLFI5uzsi  ....  R7Gpn9kXqTKu"
    }
}
```
_Explanation:_
- The `@context` and `@qualifier` properties _uniquely_ identify object type (there are many different object types in [Saturn)](https://cyberphone.github.io/doc/saturn)  
- The `providerAuthorityUrl` replaces BIN numbers by pointing directly to the issuing bank (actually to an [Authority Object](https://cyberphone.github.io/doc/defensive-publications/authority-objects.pdf) holding vital information for the rest of the communication)
- The `publicKey `used for Diffie-Hellman comes from the payment credential stored on the client-side and is for privacy reasons _shared_ by all the issuer's clients
- An `ephemeralKey` is created by the payment app for each transaction
- `cipherText `contains the user authorization which only can be deciphered by the _issuer_

This _end-2-end secured_ scheme uses JOSE algorithms but a "nicer" container coined [JEF (Json Encryption Format)](https://cyberphone.github.io/doc/security/jef.html).  The user authorization (hidden inside of `cipherText`) is _signed_ by a client-side payment key which also is only known by the issuer.  That is, the issuer must first decrypt and then verify.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/webpayments-methods-tokenization/issues/22#issuecomment-348095164

Received on Thursday, 30 November 2017 06:30:57 UTC