{
"Response": "Successfully processed authorization response",
"responseCode": "FIDO-MSG-0016",
"txdetail": {
"txid": "254900MS6G5FQCUJMZ97-TELLARO-1631149799",
"txpayload": "ewogICAgIm1lcmNoYW50TmFtZSI6ICJTdHJvbmdLZXkiLAogICAgImN1cnJlbmN5IjogIlVTRCIsCiAgICAidG90YWxQcmljZSI6ICIxNDk5NSIsCiAgICAiY2FyZEJyYW5kIjogIkFtZXgiLAogICAgImNhcmRMYXN0NCI6ICJ4LTEyMzQiLAogICAgInR4aWQiOiAiMjU0OTAwTVM2RzVGUUNVSk1aOTctVEVMTEFSTy0xNjMxMTQ5Nzk5IiwKICAgICJ0eGRhdGUiOiAiVGh1IFNlcCA4IDE3OjAyOjU2IFBEVCAyMDIxIgp9",
"nonce": "Qs3hf3cI9kuy4f0ET2C9rg",
"txtime": 1717799117844,
"challenge": "rhPV7BZnaZBuSNd9bE7bOYGEVcKLSxrXZ0NZsb44Pqw"
},
"FIDOAuthenticatorReferences": [
{
"protocol": "FIDO2_0",
"id": "qHbQtHwom-FE8y4RXXGY-iS4hQ4EiIeKEQN0fceqls-CG_hlACjZc76MkUbicEJx3lmEFh2wRD164J8vv7MqBsOK7Sv-hwwRM9CNeZaiNPh_FApc0xtD_TEn8gcNfmSg4uLNUNPQWirapmygkcrvNLoYasAau5A3PNssRg1Iuuop_CyLiFXKVoLkwaRex7UALPEJXp39PKotbLJgoru3_46DSJh37nqa1cQAuhnaqdOpHAhahVKctDtmL_A-Mnmf",
"rawId": "qHbQtHwom-FE8y4RXXGY-iS4hQ4EiIeKEQN0fceqls-CG_hlACjZc76MkUbicEJx3lmEFh2wRD164J8vv7MqBsOK7Sv-hwwRM9CNeZaiNPh_FApc0xtD_TEn8gcNfmSg4uLNUNPQWirapmygkcrvNLoYasAau5A3PNssRg1Iuuop_CyLiFXKVoLkwaRex7UALPEJXp39PKotbLJgoru3_46DSJh37nqa1cQAuhnaqdOpHAhahVKctDtmL_A-Mnmf",
"userHandle": "",
"rpId": "strongkey.com",
"authenticatorData": "WnTBrV2dI2nYtpWAzOrzVHMkwfEC46dxHD4U1RP9KKMEAAAAFA",
"clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoicmhQVjdCWm5hWkJ1U05kOWJFN2JPWUdFVmNLTFN4clhaME5ac2I0NFBxdyIsIm9yaWdpbiI6Imh0dHBzOi8vZXhhbXBsZS5zdHJvbmdrZXkuY29tIiwiY3Jvc3NPcmlnaW4iOnRydWV9",
"aaguid": "3b1adb99-0dfe-46fd-90b8-7f7614a4de2a",
"authorizationTime": 1717799117947,
"uv": true,
"up": false,
"signerPublicKey": "MIIBMzCB7AYHKoZIzj0CATCB4AIBATAsBgcqhkjOPQEBAiEA_____wAAAAEAAAAAAAAAAAAAAAD_______________8wRAQg_____wAAAAEAAAAAAAAAAAAAAAD_______________wEIFrGNdiqOpPns-u9VXaYhrxlHQawzFOw9jvOPD4n0mBLBEEEaxfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpZP40Li_hp_m47n60p8D54WK84zV2sxXs7LtkBoN79R9QIhAP____8AAAAA__________-85vqtpxeehPO5ysL8YyVRAgEBA0IABLGC4EvjjnGDPOXv9xWDUjjdWiRRvZkb4u5b87MyQifUZ_-DE0Odwq309c71koYixY-lQvgrTf49Dd2IHjSqpCw",
"signature": "MEUCIDHSHctNNzqSGJcj8OrpImmK9jrAT1aTVU6ZOA--IVRhAiEAjvYW8414KQO854g9w0EBrO6eHjnct0R-NxhHaL8EMUo",
"usedForThisTransaction": true,
"signingKeyType": "ECDSA",
"signingKeyAlgorithm": "SHA256withECDSA"
}
],
"skfsVersion": "4.14.0",
"registrationVersion": "4.14.0",
"skfsFQDN": "example.strongkey.com",
"TXID": "1-1-76-1717799117885"
}
Value |
Explanation |
Response |
A human readable message indicating the response status. |
Value |
Explanation |
nonce |
This attribute displays the “number used once” that was randomly generated by the SKFS to mix-in with the base64url-encoded transaction payload (txpayload) to generate the message digest (“hash”) that represents the challenge (which is eventually signed by the user). |
txid |
A string with a maximum length of 256 characters that represents a business application-defined unique transaction identifier. It can be anything that is appropriate to the business application. Some examples are shown below:
|
txpayload |
This is the base64url-encoded object containing the transaction signed by the user, that resembles the following: ewogICAgIm1lcmNoYW50TmFtZSI6ICJTdHJvbmdLZXkiLAogICAgImN1cnJlbmN5IjogIlVTRCIsCiAgICAidG90YWxQcmljZSI6ICIxNDk5NSIsCiAgICAiY2FyZEJyYW5kIjogIkFtZXgiLAogICAgImNhcmRMYXN0NCI6ICJ4LTEyMzQiLAogICAgInR4aWQiOiAiMjU0OTAwTVM2RzVGUUNVSk1aOTctVEVMTEFSTy0xNjMxMTQ5Nzk5IiwKICAgICJ0eGRhdGUiOiAiVGh1IFNlcCA4IDE3OjAyOjU2IFBEVCAyMDIxIgp9
|
txtime |
This attribute shows the time the transaction was signed, in seconds from the UNIX “epoch”—January 01, 1970, at midnight. |
challenge |
This is the message digest (hash) generated by the the SKFS to represent the unique transaction signed by the user. The digital signature on this challenge is the unique “authentication code” required by the European Banking Authority’s Regulatory Technical Standards (RTS) for Strong Customer Authentication (SCA). |
FIDOAuthenticatorReferences Description
NOTE: This is an array that may have zero or more objects, providing data that was defined by the FIDO Alliance and EMVCo, to transmit confirmed transactions to Payment Service Providers (PSP) or Account Servicing Payment Service Providers (ASPSP) a.k.a. Issuing Banks.
The transmission of this digitally signed transaction to PSPs/ASPSPs is not within the scope of FIDO/WebAuthn protocols (at this time), and must be handled by the business application through other channels.
Value |
Explanation |
protocol |
The protocol that is being used to convey this data structure to ASPSPs. In the case of FIDO, it is currently FIDO2_0. |
id |
The identifier of the FIDO credential that digitally signed this transaction. Also known as credentialId within the JavaScript API—Web Authentication (WebAuthn). |
rawId |
An implementation of an ArrayBuffer containing the raw byte sequence of the credentialId. |
userHandle |
This attribute contains the user handle returned from the Authenticator, or null if the authenticator did not return a user handle. See §6.3.3 The authenticatorGetAssertion Operation. |
rpid |
This attribute contains the RFC-6525 origin that represents the RP’s DNS domain. Only credentials registered to this rpid will qualify for providing a transaction confirmation—the digital signature of the challenge, thus providing proof of authorization. |
authenticatorData |
A complex data structure with information an RP should use to determine if they will accept the transaction confirmation and use the digital signature to confirm the transaction by the user.
|
clientDataJSON |
A serialized representation of a JSON structure whose message digest (a.k.a. hash) is digitally signed by the FIDO authenticator in response to a request for transaction authorization.
|
aaguid |
This attribute describes a unique Authenticator Attestation Globally Unique Identifier;a unique string chosen by the FIDO Authenticator manufacturer to identify a class of authenticators. |
authorizationTime |
This attribute shows the time the transaction was signed, in seconds from the UNIX “epoch";January 01, 1970, at midnight. |
uv |
A boolean flag indicating whether the FIDO authenticator verified the user’s identity through either a biometric measurement, a PIN, or a pattern before applying the digital signature on the transaction with the FIDO credential’s private key. |
up |
A Boolean flag indicating whether the FIDO authenticator determined the presence of the user at the device that confirmed the transaction by applying the digital signature. |
signerPublicKey |
The base64-encoded public key of the user’s FIDO credential corresponding to the private key that applied the digital signature on the transaction. |
signature |
The base64-encoded digital signature that confirms the transaction. |
usedForThisTransaction |
A Boolean flag indicating whether this FIDO credential was used to confirm this transaction. |
signingKeyType |
The cryptographic algorithm used by this FIDO credential for this transaction. |
signingKeyAlgorithm |
The signing algorithm used by this FIDO credential to confirm this transaction. |