Sequence/Flow Diagram

This section describes the flows that are two currently supported: the App2App and Web2App ones. RP Partners should select the model based on their integration preference.

Same-device App2App (via Native Wallet SDK)

Diagram with numbered flows

Explanation of each flow

2) Load Button resources
The Verify with Samsung Wallet Integration and the sample code are both supported

3) Check Service Available Devices
This is the process of checking whether the device supports the Verify with Samsung Wallet function. RP Partners can implement it by referring to the provided sample code.

4) Show button with web link
You can implement it by referring to the provided sample code.
Refer to the Data Transmit Link

6) Tokenize card data as JWT
This step generates cdata and Card Data Token.
Refer to the Implementing VWW button

7) Verify with Samsung Wallet link
The link will invoke the WalletApp using AppLink technology. In the meantime, the App2app SDK makes a direct connection between the WalletApp and PartnerApp

10) getMdocRequestData(DeviceEngagementBytes)
The WalletApp makes DeviceEngagementBytes according to the ISO-18013-5 and send it to the PartnerApp

11) sendMdocRequestData(sessionEstablishment)
The PartnerApp build sessionEstablishmentBytes (ISO-18013-5) and encrypt it with HKDF (ISO-18013-5, 9.1.1.5 Cryptographic operations)

13) sendMdocResponse(encryptedResponse)
The WalletApp sends an encrypted ISO-18013-5 response payload to the PartnerApp

Same-device Web2App (via Wallet API)

Diagram with numbered flows

Explanation of each flow

2) Load Button resources
Verify with Samsung Wallet Integration and the sample code both supported

3) Check Service Available Devices
This is the process of checking whether the device supports the Verify with Samsung Wallet function. RP Partners can implement this by referring to the provided sample code.

4) Show button with web link
RP Partners can implement this by referring to the provided sample code.
Refer to the Data Transmit Link

6) Tokenize card data as JWT
This step generates cdata, Card Data Token.
Refer to the Implementing VWW button

7) Verify with Samsung Wallet link
The link will invoke the WalletApp using the AppLink technology

10) Transfer DeviceEngagement
The WalletApp makes DeviceEngagementBytes according to the ISO-18013-5 and sends it to the PartnerServer through the Wallet Server

11~12) Request key API (Send Key)
The Wallet Backend Server converts the data received from the request and cardId information into JWT (JWS + JWE) and delivers it to the partner server.

The partner server must decrypt the JWT (JWS + JWE) data again.

The PartnerApp build sessionEstablishmentBytes (ISO-18013-5) and encrypt it with HKDF (ISO-18013-5, 9.1.1.5 Cryptographic operations)

The partner server must create and transmit the data fields required for authentication as JWT (JWS + JWE) in response to the Wallet Backed Server.

Partners should refer to the code links below for encryption, decryption, requireData.

14) Send Mdoc response
The WalletApp sends an encrypted ISO-18013-5 response payload to the PartnerServer through the Wallet Server

15) Request auth API (Send authentication data)
The authentication data card information received in step 14 is converted into JWT (JWS+JWE) and transmitted to the partner server.
The partner server must decrypt the JWT (JWS + JWE) data again.

RP Partner can refer to the code links below for decryption, verify.

Cross-device (Not Supported)

Currently, Samsung Wallet does not support Cross-device functionality. This functionality will be added soon.