Anders Rundgren’s Post

Many payment authorization systems build on ancient methods, not exploring the full power of the Web. By using signed messages, Web based lookup services, and payment network specific PKIs, end-to-end security can be achieved, which in turn removes the need for "Trusted Intermediaries". In the Saturn architecture, Merchants are bound by business agreements with their account holding Bank, who also provides a simple public trust service (TS), that vouches for the Merchant’s legitimacy including its claimed account number and signature key. Trust in TS data is provided through a PKI, common to all Banks supporting a specific payment network, like SEPA Inst. Security and trust with respect to payment requests [2] are maintained through mutually signed digital contracts resulting from the Merchant and User authorization step [1], combined with TS Merchant lookups [3]. User authorizations are (like in EMV®), bound to signature keys only known by the Issuer Bank. In contrast to EMV®, PII data like account numbers are encrypted by public keys, shared by multiple clients of the specific Issuer Bank. Merchants do not need User account numbers; they need a trustworthy confirmation that they have been (or will be) paid. This can only be provided by the payment network, and is in the case of Saturn, performed by the Issuer Bank. Although not shown in the picture, Issuer Banks also provide lookup services (located using the ".well-known/" IETF standard), enabling Merchants acquiring end-point information as well as other potentially evolving data, before actually submitting a request. The arrows in the diagram are transient; there is no need for externally configured security, path, or routing information.