Browser-based Payment Authorization

Browser-Based Merchant Payment Authorization

It is conceptualised that in the typical online web payment scenario (consumer pays merchant) will work in the following fashion:

  1. The User clicks on the merchant checkout button, choosing to pay using a Hosted MintChip account.
  2. The Merchant generates a base64-encoded value-request packet and returns the following example HTML to the browser. This script automatically redirects the browser to the Remote MintChip Server authorization page, submitting the request-packet as form data. The URL for the authorization page is:

    https://remote.mintchipchallenge.com/web/mintchip/payments/request

    During this process, the user's browser may prompt for selection of the applicable SSL client-authentication certificate.

    <html>
    <script src="jquery.js"></script>
    <script>	
    	$(document).ready(function(){ $("form#frm1").submit(); }); 
    </script>
    <body>
        <form id="frm1" method="post" action="https://remote.mintchipchallenge.com/web/mintchip/payments/request">
            <input type="hidden" name="reqpkt" value="YIIAkzCCAI+gAwoBAaELFglXYXIgSG9yc2Wie6F5MHcECFIQAAAAAAA5BAEBBAMAAAEBAf8WWmh0dHA6Ly9tZXJjaGFudC5taW50aG9yaXpvbi5jb20vcHJvLW1lc3NhZ2UucGhwP2lkPTUmc2Vzc2lvbl9pZD1tNDViZjZvczFzZDJuNzBubGIxcmtzOGhuMYAE6l8Qdw==" />
        </form>
    </body>
    </html>
    
  3. The Remote MintChip Server returns an HTML authorization page to the browser, which provides details of the payment request along with an option to confirm or decline the transaction.
  4. If the user confirms the payment, the Remote MintChip Server creates the value-message and redirects the browser to the merchant URL encoded in the request-packet. The value-message is posted as form data to the merchant at this same URL.
  5. The merchant processes the value-message and completes the transaction.