Vantiv Decryption of Apple Pay PKPaymentToken

Document created by gjsissons on Jul 25, 2016Last modified by gjsissons on Jul 26, 2016
Version 5Show Document
  • View in full screen mode

Vantiv recommends using one of the Vantiv Decryption methods. This transaction process relieves you from the burden of creating and maintaining public and private keys, as well as decrypting the PKPaymentToken. If you have already implemented PayPage in a mobile application, you should use PayPage for Apple Pay. A second, similar method, which still allows you to submit the PKPaymentToken without decryption, involves you sending the Authorization/Sale transaction with the PKPaymentToken key values in a new LitleXML element structure (see LitleXML <applepay> Structure), typically from your server. This method can be used even if you are not tokenized with Vantiv.

 

In both of these implementations, your Vantiv Implementation Consultant will provide a CSR (Certificate Signing Request) you use in your registration process with Apple Pay. The CSR provides Apple Pay with the public key used for encryption, while Vantiv retains the private key used for decryption.

 

Using the Vantiv Mobile API for Apple Pay

 

In this scenario, your native iOS application performs an HTTPS POST of the Apple Pay PKPaymentToken using the Vantiv Mobile API for Apple Pay. From this point forward, your handling of the transaction is identical to any other PayPage transaction. The PayPage server returns a PayPage Registration ID and your Mobile App (or server) constructs the LitleXML transaction using that ID. In this case, the first three steps are identical as detailed in the Overview of Apple Pay Operation section The process after step 3 is detailed below and shown in Figure 1.

 

4. Your native iOS application sends the PKPaymentToken to our secure server via an HTTPS POST (see Vantiv Mobile API for Apple Pay HTTPS POST Components) and PayPage returns a PayPage Registration ID.

5. Your native iOS application forwards the transaction data along with the PayPage Registration ID to your order processing server, as it would with any PayPage transaction.

6. Your server constructs/submits a standard LitleXML Authorization/Sale transaction using the PayPage Registration ID, setting the <orderSource> element to applepay.

7. Using the private key, Vantiv decrypts the PKPaymentToken associated with the PayPage Registration ID and submits the transaction with the appropriate information to the card networks for approval.

8. Vantiv sends the Approval/Decline message back to your system. This message is the standard format for an Authorization or Sale response and includes the Vantiv token.

9. You return the Approval/Decline message to your mobile application.

 

vantiv_decryption_applepay.PNG

 

Submitting the Apple Pay PKPaymentToken in LitleXML

 

In this scenario, you submit the Apple Pay PKPaymentToken to the Vantiv eCommerce platform using LitleXML (see LitleXML <applepay> Structure), typically from your server. As with the previous scenario, Vantiv decrypts the PKPaymentToken from Apple Pay using the private key. After completing the first three steps of the process as detailed in the Overview of Apple Pay Operation section and depicted by the green and blue arrows in Figure 2, the process continues as follows:

 

4. Your mobile application forwards the PKPaymentToken from Apple Pay to your order processing server, along with other normal information from the transaction (such as Bill To and Ship To Address).

5. You do not decrypt the PKPaymentToken, but rather forward the data to Vantiv in the Authorization/Sale transaction using the <applepay> element structure instead of <card> (Server-side API submit) and setting the <orderSource> element to applepay.

6. Using the private key retained by Vantiv, we decrypt the PKPaymentToken and submit the transaction with the appropriate information to the card networks for approval.

7. Vantiv sends the Approval/Decline message back to your system, using the standard format for an Authorization or Sale response.

8. You return the Approval/Decline message to you mobile application.

 

submitting_pk_payment_token.PNG

 

Testing the Submission of PKPaymentToken in LitleXML

 

When you receive a PKPaymentToken, you muse parse (not decrypt) the component parts and use the data to populate the LitleXML <applepay> child elements. This test is designed to allow you to verify your ability to parse the PKPaymentToken data and construct well formed LitleXML. The test uses the data from the example PKPaymentToken shown below (data element names in bold red type) to construct an Authorization or Sale transaction (see LitleXML <applepay> Structure). The system returns a Response Code of 000 - Approved.

 

{"version":"EC_v1","data":"Ww9EI+10VVpyZrAb3nxu9c8PG4JEnIh4oTkDhZi4axj5QqC5WIir6TJcFmk/3wkrNL/

KaRXz3aan4WRO6cPL+cUTRpQUO9ECqTBItmQbJxGbN42713TyI+y97k3msl7bd5rJOMIOpkCtfp2ua+3lnBhjGFnUzdCxq

+/K6eoIEwYlAEfX9Sdpjm+plVfvSK7vj0BQCcXo1dXGkNUKwKWA4GYPUE3qwbuiQWcZwLxAEF43274pACV4LBmdv0HYgYp

cgCY0+U6/YSVKdpPrhHLDeLOlO7T4WwuimHojsKA/BknpPY1uJfP+YJxj1fYghaAOAR0tA5cYJftlWLXaV9lZu113Ns1rx

Colh4PR8wsuw81CdOruvoURGNaNyX+hG1suQoHeE8ECzKIE6DlHEeVMcdxXySwFPY7hxEY1QKSSXw==","signature":"

MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCAMIICvzCCAmWgAwIBAgIIQp

CV6UIIb4owCgYIKoZIzj0EAwIwejEuMCwGA1UEAwwlQXBwbGUgQXBwbGljYXRpb24gSW50ZWdyYXRpb24gQ0EgLSBHMzEm

MCQGA1UECwwdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAl

VTMB4XDTE0MDUwODAxMjMzOVoXDTE5MDUwNzAxMjMzOVowXzElMCMGA1UEAwwcZWNjLXNtcC1icm9rZXItc2lnbl9VQzQt

UFJPRDEUMBIGA1UECwwLaU9TIFN5c3RlbXMxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMFkwEwYHKoZIzj

0CAQYIKoZIzj0DAQcDQgAEwhV37evWx7Ihj2jdcJChIY3HsL1vLCg9hGCV2Ur0pUEbg0IO2BHzQH6DMx8cVMP36zIg1rrV

1O/0komJPnwPE6OB7zCB7DBFBggrBgEFBQcBAQQ5MDcwNQYIKwYBBQUHMAGGKWh0dHA6Ly9vY3NwLmFwcGxlLmNvbS9vY3

NwMDQtYXBwbGVhaWNhMzAxMB0GA1UdDgQWBBSUV9tv1XSBhomJdi9+V4UH55tYJDAMBgNVHRMBAf8EAjAAMB8GA1UdIwQY

MBaAFCPyScRPk+TvJ+bE9ihsP6K7/S5LMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwuYXBwbGUuY29tL2FwcGxlYW

ljYTMuY3JsMA4GA1UdDwEB/wQEAwIHgDAPBgkqhkiG92NkBh0EAgUAMAoGCCqGSM49BAMCA0gAMEUCIQCFGdtAk+7wXrBV

7jTwzCBLE+OcrVL15hjif0reLJiPGgIgXGHYYeXwrn02Zwcl5TT1W8rIqK0QuIvOnO1THCbkhVowggLuMIICdaADAgECAg

hJbS+/OpjalzAKBggqhkjOPQQDAjBnMRswGQYDVQQDDBJBcHBsZSBSb290IENBIC0gRzMxJjAkBgNVBAsMHUFwcGxlIENl

cnRpZmljYXRpb24gQXV0aG9yaXR5MRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzAeFw0xNDA1MDYyMzQ2Mz

BaFw0yOTA1MDYyMzQ2MzBaMHoxLjAsBgNVBAMMJUFwcGxlIEFwcGxpY2F0aW9uIEludGVncmF0aW9uIENBIC0gRzMxJjAk

BgNVBAsMHUFwcGxlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUz

BZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABPAXEYQZ12SF1RpeJYEHduiAou/ee65N4I38S5PhM1bVZls1riLQl3YNIk57

ugj9dhfOiMt2u2ZwvsjoKYT/VEWjgfcwgfQwRgYIKwYBBQUHAQEEOjA4MDYGCCsGAQUFBzABhipodHRwOi8vb2NzcC5hcH

BsZS5jb20vb2NzcDA0LWFwcGxlcm9vdGNhZzMwHQYDVR0OBBYEFCPyScRPk+TvJ+bE9ihsP6K7/S5LMA8GA1UdEwEB/wQF

MAMBAf8wHwYDVR0jBBgwFoAUu7DeoVgziJqkipnevr3rr9rLJKswNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5hcH

BsZS5jb20vYXBwbGVyb290Y2FnMy5jcmwwDgYDVR0PAQH/BAQDAgEGMBAGCiqGSIb3Y2QGAg4EAgUAMAoGCCqGSM49BAMC

A2cAMGQCMDrPcoNRFpmxhvs1w1bKYr/0F+3ZD3VNoo6+8ZyBXkK3ifiY95tZn5jVQQ2PnenC/gIwMi3VRCGwowV3bF3zOD

uQZ/0XfCwhbZZPxnJpghJvVPh6fRuZy5sJiSFhBpkPCZIdAAAxggFfMIIBWwIBATCBhjB6MS4wLAYDVQQDDCVBcHBsZSBB

cHBsaWNhdGlvbiBJbnRlZ3JhdGlvbiBDQSAtIEczMSYwJAYDVQQLDB1BcHBsZSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eT

ETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMCCEKQlelCCG+KMA0GCWCGSAFlAwQCAQUAoGkwGAYJKoZIhvcN

AQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTQxMDAzMjE1NjQzWjAvBgkqhkiG9w0BCQQxIgQgg8i4X6yRAU

7AXS1lamCf02UIQlpUvNPToXUaamsFUT8wCgYIKoZIzj0EAwIERzBFAiBe17NGTuuk+W901k3Oac4Z90PoMhN1qRqnij9K

NEb/XAIhALELZyDWw0fQM8t0pXO86gg9xXFz424rEMlJ01TM1VxhAAAAAAAA","header":{"applicationData":"496

461ea64b50527d2d792df7c38f301300085dd463e347453ae72debf6f4d14","transactionId":"f9b0d3cfbb64cd

155249c691aca3c521de03725720616b810d90341f97f347b7","ephemeralPublicKey":"MFkwEwYHKoZIzj0CAQYI

KoZIzj0DAQcDQgAEarp8xOhLX9QliUPS9c54i3cqEfrJD37NG75ieNxncOeFLkjCk","publicKeyHash":"jAMRQqg4nf

fHrXvfwRfbaEc11bk3QD3rv5K9xLqLgu0="}}


Previous: Overview of Apple Pay Operation

Next: Merchant Decryption of Apple Pay PKPayment Token

 

Return to: In-App for eCommerce

Attachments

    Outcomes