Members

Members represent a user or a business entity. Members can be created directly from the Card+ Application or on behalf of a user by a Merchant. When a member is created a tokenized version of the Member is generated. This "Member Token" can be used later for payment transactions, a loyalty id, entitlements, and sub-tokenization.

A Member Token is the tokenized representation of a member. This token will include information about the limited uses of this token as well as capabilities.

Limitations Include:

Merchant ID: Only a merchant that owns a particular merchant id can use this token.
Location: Can only be used in a specified location
Amount: Limit on the total single transaction amount this token can be used for
Credit Limit: Can only be used for transactions up to a certain amount
Subscription: Token expires at a certain date
Recurrence: Can be used a limited number of times
Single Use: Can be used once

Capability Include:

Loyalty/Rewards: Token is associated with a rewards program
Entitlements: Token is associated with entitlements, such as age, veteran, etc.

Member Token Format

The member token should:

Have a way to identify the OpenToken server
Have a way to identify the member on the OpenToken server
Include limitations
Include Entitlements or indication of entitlements
Include other information that the creator chooses, such as loyalty/reward information
Have a signature of the data to assure Attestation, Attribution, Authenticity

Option 1: Member Token Format - JWT

Using a standard JWT , creates a familiar and proven way to send signed payloads. Information in the token payload is formatted at json.

Example JWT Payload

{
  "oid" : "666666",
  "tokenId" : "some-token-id",
  "limitations: {
    "merchantId": "skjfdsk",
    "amount" : 10000,
  },
  "entitlements" : [
    {
    "type": "VETERAN",
    "value": "true"
    }
  ],
  "metadata": [
    {
      "key" : "loyaltyId",
      "value" : "some-loyalty-id"
    }
  ],
}

Attributes:

oin string

OpenToken Identification Number - Identifies which OpenToken provider generated this token. Can also be used to identify programs.

tokenId string

ID will be encrypted on the server to lookup the member

Option 2: Member Token Format - Custom

The following table represents the fields in a Member Token. The token is hex encoded.

Field Name	Bytes	Description
OIN	8	OpenToken Identification Number - Identifies which OpenToken provider generated this token. Can also be used to identify programs.
Flags	2	bit flags
Token ID	16	ID will be encrypted on the server to lookup the member
Hash Key ID	16	Key ID used in the hash computation
Hash	16	Hash of the previous fields using an OpenToken server Key

Flags

The following table represents the bitwise flags as part of a Member Token

Field Name	Byte	Bit(s)	Description
Entity Type	1	8-6	00b: Consumer 01b: Merchant (Must have the Merchant bit flag set) 10b: SubMerchant (Must have the Merchant bit flag set)
Entitlements	1	5	0b: No entitlements configured 1b: Member has entitlement(s) configured
Loyalty/Rewards	1	4	0b: Not a loyalty member 0b: This token is used as a loyalty id
N/A	1	3-1	Future Use
Merchant Limited	2	8	0b: No merchant Limitation 1b: Restricted to specific Limitation
Location Limited	2	7	0b: No location Limitation 1b: Location Limitation
Amount Limited	2	6	0b: No Amount limitation 1b: Single Transaction Amount Limited
Credit Limit Limited	2	5	0b: no limitation 1b: Total sum of Transactions limited
Subscription Limited	2	4	0b: No location Limitation 1b: Subscription Limitation
Recurrence Limited	2	3	0b: No Recurrence Limitation 1b: Limited number of uses
Single Use	2	2	0b: Can be used multiple times 1b: Can only be used once
N/A	2	1	Future Use

Alternative Bit Flags representation, if we want to limit which combinations can be specified:

Field Name	Byte	Bit(s)	Description
Limitations	1	8-1	10000000b: Restricted to a certain merchant 01000000b: Location Limited 00100000b: Amount Limited 00010000b: Credit Limit 00001000b: Expires 00000100b: Recurrence 00000010b: Single Use

Field Name

Byte

Bit(s)

Description

Limitations

8-1

10000000b: Restricted to a certain merchant

01000000b: Location Limited

00100000b: Amount Limited

00010000b: Credit Limit

00001000b: Expires

00000100b: Recurrence

00000010b: Single Use

Sub Member Token

A merchant may request a new member token for another merchant to process payment. The limitations must be stricter or the same of the original member token.

OpenToken Overview