Security

The following contents describe how to generate JWT (JSON Web Token).
It follows RFC 7519 specification. For more details, refer to 'https://jwt.io'

Card Data Token

For secure data inter-communication, the token must be encrypted and signed using security factors.
See the chapter Security factors for details.

JWT Details

JWE Format

[JWE Header]

JWE Header Requirement Description
alg Required Cryptographic algorithm used to encrypt the Content Encryption Key (CEK).
e.g., RSA1_5

enc Required Content encryption algorithm used to perform authenticated encryption on the plaintext to produce the ciphertext.

[JWE Payload]

JWE Payload Requirement Description
encrypted_key Required Contains the BASE64URL (JWE Encrypted Key) value.
The Content Encryption Key is encrypted with the Public Key.

iv Required Contains the BASE64URL (JWE Initialization Vector) value.
Initialization vector used in the encryption algorithm.

ciphertext Required Ciphertext value resulting from authenticated encryption of the ‘cdata’ object, which is encrypted using ‘encrypted_key’ and ‘iv’.
authentication tag Required Contains the BASE64URL (JWE Authentication Tag) value, used for verifying the integrity of the ciphertext.

[JWE Example]

BASE64URL (UTF8 (JWE Header)) + '.' +
BASE64URL (JWE encrypted_key) + '.' +
BASE64URL (JWE iv) + '.' +
BASE64URL (JWE ciphertext) + '.' +
BASE64URL (JWE authentication tag)

JWE Header

{"enc":"A128GCM","alg":"RSA1_5"}

JWE Payload: ciphertext

Refer to sheets on ‘Add to Wallet’ interfaces, and Attributes

Result

eyJraWQiOiJXTFQuUFVCS0VZIiwiZW5jIjoiQTEyOEdDTSIsImFsZyI6IlJTQTFfNSJ9.ABO_Ci81BtJ2d1a8TCgKfWBx9WpRI4TkhHZwmS8swct_2nNZHAsI_nKLmj3wnKM5gwaoUny14ZX_6EoZhJ6TdIicUQ-raIRs6woESu8XA2dT1sC5l17wu9WdsgOK4anJ0KIUNII4PLeR3d-4foX1Hx1fok9sIwWqqFql4vnqg3hE-i4J6cyWOYBphzNYBMKyyNkIqFczl6lbTTEhc4TDAOrPKWra3VMB0BBz5NyzF1axzFk-17tZ0GfhS82A7GL9REj1K5B10_2qfGmhTtfFVcyYTMKv3InMaHQ0b48L3SK1oPPmFCuqigYMVLUDbg_QWdnBl9eIlInOjjt8Ar2NUA.ZviyGHUSi5Fb2Rl2.gm5ivizrQQdR8NPK1N2qREyAI4MD-FISfWTBBBgEbhNhjMnu-c_o1YUYRvdhCm0Ki_rvcDNZKDLcP_g7shSkMRoYin3bI92qgtkFh2V4Y-kCuG2DvGV9UIV3oxaWvlIKfcNtmZiZj3ThV_FUE7JrNrbwf2XMVIwsQo5b0lmoUsKbHuHasqIlRE0RtC1fgn03qFE_E-B87vht5En2PnBYDJv-6_8g3aesSyodvHyzYaYonLxW_KWqiF-i5AUwFiIgK5LgVmUz9DSl6-QKgYiz5pl9nyydJjjpIlibtuaLYvzB1CH-gskwEUhiMl62ZR-Chz2Ado8Vn0SRoCcJHcaX6PBSP3x6FhyXHr65BJZAn4lMDfSsKN92bcFycLX8J_pgRLM4VUI_-Kx1lWpArkwRtYxmEbKMJ-2w8NUMRNnpGt2ERLo_hVtZ8Xh1kopvqjLdjdG_QqfU_OEWO3HvuNKGQeu3QhI6EyWvarb7OZsIsz-F95O7K-KQtJhfBWz_YrA2NxD2Bcgc9uA966_9uQ4oMBwA-8FccAWPxYYU4vZBz_ycV25j8GrdqHHTw6n9TKZy4Nu07jIT4cCoFVu5N_Gsyn1qoWD11-_lMk8aMF-L5dDipvrun7DEalJD8Me4NsAAkESLQfKz_sddSu0-05icfKm33qUQP6fzn5OcY6Dmn5kZBVQXZHgHCG_A_K1xQQlX_kuPL4JSAxCNCiUYPTDqbc0HxXwUiYrM3tCDe6piCymGCbPKC205NiylD-6eN43dI4yKC029YQx8rSLDOAA6RWvp-ZEHdKxyNyIlJA-_8Fw4iOqp6vK98AjZ5T-ajQDK1h6n_opt-ZCJkJZz-7r2x07BSa_5ng7iwamBRSv1deFxhIyV-EsCe1MEif-na_411hGpJA-GwCzp_wsSWlqra0RPDq208lY70XPPu4H_3EH_6q8cy5YhHnS93VfUO0NSQfNiKeR25zwNID39zoiyj_de9gZjaWXa3k0TPrPn5MfdpXVTD0-ro4oqI34ab62-rUBCdYdsmTGgIHZY3sHLGtyAfrBzHMPMDKAUOJ9BUIRaSqpnr4NaHfq_S1m1Uy5pEEQ3j0bOzmcc4UAsNQQnrreLqm8bKFQI41GgJRJm9UvkCR-PMFOnSHeOqjmce6ZKua1qTOEFXYcdFOejBjqDBcyCNoqGuGoDlqn2-3MkGGrpVQVYAolOMyKC_Sl8kpDvjXNtKggzQB9VnlnlQ9_fY3hmyor0ZEExyTajfua-4IlsFKG3crQkx3scCSp-W6rf7vfzX5vDhqbHFZbHbuXYpFj1bDmIs_w-xQDVr1KgblzMsW9gRBwM2MK8rt9QPziNHcaQfV2dQaGQth4VyUCcq0mJCS5QgnBKwdiGGVxfk7BhwHK2jrW3K4egjQNa9LSSNhCjhQZ69M16iVBffktnz5oT0L-nPKcQEIfiA-rjmwYy6BEodZi8S7S4l4YvLmvjjiDuJxKB7ZsQUSVrVizPljMk1RsbvgwW7rfOJLcI9ed-mHpsMxvepj2UxEZXU95Z_vX7i8xGSZxmlWrmSI0EEPA5TL7GQfxfIMtV4V_O8RjIIPQtDJMkENKFlNVkn8Wio7nosfYAk1gplxkPR2SCIElTCIRPweu_4y56Yq3wxbVnwCAX7yyjyTuBIRk30zNW84oMYYlJC67wntyBEqi3TY1vz6Wxraenn_dNwIku-RY_bvC9BJWZPgDNpZdTdqnDhiJLEyK9zhZcwvjHVom7VMS4CLJs6NdqVm9yeilk55H-EJn22-1n1u6pMjeyFBvtY0zFrf57sidTcItsEEJMhbM1UqdSK3RpFxv2HC0DYY9Ok7uAsDsIFWhKCZMue4QyUrd3Y4WvZHjjAPRXqEQoJfaVZ-Vt-331jVaJGkzIifMPuYFck-kYRqbQ193UYa9SY6E-7EreId3Cy7GYlP9-TFSUgoBPULNyDiEAmtQI1zaepwJKjqS9LJoFdOOjhXbqZy0-spItgLnBMtuxpxQH6phH34vdb2fCgjtTC8h1vp3_A0LvxxzuMdU3JYpc9ltqMXxG7XZ4h4UQrvIS2qm3XQwUB1uTO9SyhfNPf16h0-U8BQdOFG-YYbA-QN_AWN4UFS2FTFY-7yD1isp0G31LIFmORpLeHz0pcgEfO-MayacxsVGIOptn67EnMwe_GrdwKzV27DeoczTmCn_Fb7QVTDsLE881RFz7LrhMiTIUITdo4E0FkWUaZ1CoHrBpBhZmG30tLjbxYdB-lFq74rXfdC1eOBJ0vPcdAxomyA9EOXCNt70ttI16FR3lxjdYSGQv_iHtfkdauMMFYOJjH_W9ZagIWb2uxMhNG0A3MpT8R80HZBPpvH3HSb2uezWw8AqTlmkAlqF0g6nZqM181z46gNKZ7w3h8a29-yCi0yPz_m0POFIhnWjrEndjKew6aZoDEHwyUPsnO7y93QDc8kHhPzb84bkAhBC2SYe8wGvgMrhFIwSigfht_G3M8Nlt3vfAsQe98two0Tzu3K72KmoD8khdw6Xq6OalXobA1M9wfi51Wmjji8yr4TY-7pqDc51OmbxSQUrAO0-6Puja5DUFUIOQ3yZM0iWR1YJciqAoFp-XWN9CrH287vJZhW2s4Ges8S-Wuda9yu61u3b1pwR0fYsEOUzQuaY_t3qkZiaGhvZ0A2nEFdY2wkTmaonidqtsku8rhPKnqaLRC_ydnvyQOOxnrDwJRXxILuTVlaaQmYgTl0zesSRvpkH4InkIU0ikBDCeQVnLCJqNuYMc5u_DTIc-pb7E9H4zWxm3TAlMLzoC-v1u0sHzaqok3tvIXA9uy9i3qvPz1reALWg7w1yqQUhPd-6PGolbddFqWXEkb43JtRy3wnxJIZCGZoqwiUvPdHpzm0CyfzLx71cBcpyC3Lkg_pDUWKB2qJV2HjodUSvStv8.bv9p-aoAIt1mfIJsWZevSg

JWS Format

[JWS Header]

JWS Header Requirement Description
alg Required Cryptographic algorithm used to generate signature
e.g., RS256

cty Required Payload content type
Set as ‘CARD’

ver Required Token version.
Set as 2.

partnerId Required Partner identifier.
utc Required Creation time. To prevent repeated use, the token expires after a certain period of time.
Unix timestamp in milliseconds.
*Time offset from UTC of +00:00

[JWS Payload]

JWS Payload Requirement Description
JWE compact serialization Required Contains BASE64URL (JWE) value.

[JWS Signature]

JWS Signature Requirement Description
JWS Signature Required BASE64URL (
  Signature of(
    BASE64URL(UTF8(JWS Header)) + '.' + BASE64URL(JWS Payload))
  )
)

[JWS Example]

BASE64URL (UTF8 (JWS Header)) +'.' +
BASE64URL (JWS Payload) + '.' +
BASE64URL (JWS Signature)

JWS Header:

{"cty":"CARD","ver":2,"partnerId":"1234567890","utc":1631776245876,"alg":"RS256"}

JWS Payload

JWE Result

Result:

eyJjdHkiOiJQQVNTIiwidmVyIjoxLCJwYXJ0bmVySWQiOiIxMjM0NTY3ODkwIiwidXRjIjoxNjM1ODQ1ODU2MjQ0LCJhbGciOiJSUzI1NiIsImtpZCI6IlBUTi5QUklLRVkifQ.ZXlKcmFXUWlPaUpYVEZRdVVGVkNTMFZaSWl3aVpXNWpJam9pUVRFeU9FZERUU0lzSW1Gc1p5STZJbEpUUVRGZk5TSjkuQUJPX0NpODFCdEoyZDFhOFRDZ0tmV0J4OVdwUkk0VGtoSFp3bVM4c3djdF8ybk5aSEFzSV9uS0xtajN3bktNNWd3YW9VbnkxNFpYXzZFb1poSjZUZElpY1VRLXJhSVJzNndvRVN1OFhBMmRUMXNDNWwxN3d1OVdkc2dPSzRhbkowS0lVTklJNFBMZVIzZC00Zm9YMUh4MWZvazlzSXdXcXFGcWw0dm5xZzNoRS1pNEo2Y3lXT1lCcGh6TllCTUt5eU5rSXFGY3psNmxiVFRFaGM0VERBT3JQS1dyYTNWTUIwQkJ6NU55ekYxYXh6RmstMTd0WjBHZmhTODJBN0dMOVJFajFLNUIxMF8ycWZHbWhUdGZGVmN5WVRNS3YzSW5NYUhRMGI0OEwzU0sxb1BQbUZDdXFpZ1lNVkxVRGJnX1FXZG5CbDllSWxJbk9qanQ4QXIyTlVBLlp2aXlHSFVTaTVGYjJSbDIuZ201aXZpenJRUWRSOE5QSzFOMnFSRXlBSTRNRC1GSVNmV1RCQkJnRWJoTmhqTW51LWNfbzFZVVlSdmRoQ20wS2lfcnZjRE5aS0RMY1BfZzdzaFNrTVJvWWluM2JJOTJxZ3RrRmgyVjRZLWtDdUcyRHZHVjlVSVYzb3hhV3ZsSUtmY050bVppWmozVGhWX0ZVRTdKck5yYndmMlhNVkl3c1FvNWIwbG1vVXNLYkh1SGFzcUlsUkUwUnRDMWZnbjAzcUZFX0UtQjg3dmh0NUVuMlBuQllESnYtNl84ZzNhZXNTeW9kdkh5ellhWW9uTHhXX0tXcWlGLWk1QVV3RmlJZ0s1TGdWbVV6OURTbDYtUUtnWWl6NXBsOW55eWRKampwSWxpYnR1YUxZdnpCMUNILWdza3dFVWhpTWw2MlpSLUNoejJBZG84Vm4wU1JvQ2NKSGNhWDZQQlNQM3g2Rmh5WEhyNjVCSlpBbjRsTURmU3NLTjkyYmNGeWNMWDhKX3BnUkxNNFZVSV8tS3gxbFdwQXJrd1J0WXhtRWJLTUotMnc4TlVNUk5ucEd0MkVSTG9faFZ0WjhYaDFrb3B2cWpMZGpkR19RcWZVX09FV08zSHZ1TktHUWV1M1FoSTZFeVd2YXJiN09ac0lzei1GOTVPN0stS1F0SmhmQld6X1lyQTJOeEQyQmNnYzl1QTk2Nl85dVE0b01Cd0EtOEZjY0FXUHhZWVU0dlpCel95Y1YyNWo4R3JkcUhIVHc2bjlUS1p5NE51MDdqSVQ0Y0NvRlZ1NU5fR3N5bjFxb1dEMTEtX2xNazhhTUYtTDVkRGlwdnJ1bjdERWFsSkQ4TWU0TnNBQWtFU0xRZkt6X3NkZFN1MC0wNWljZkttMzNxVVFQNmZ6bjVPY1k2RG1uNWtaQlZRWFpIZ0hDR19BX0sxeFFRbFhfa3VQTDRKU0F4Q05DaVVZUFREcWJjMEh4WHdVaVlyTTN0Q0RlNnBpQ3ltR0NiUEtDMjA1Tml5bEQtNmVONDNkSTR5S0MwMjlZUXg4clNMRE9BQTZSV3ZwLVpFSGRLeHlOeUlsSkEtXzhGdzRpT3FwNnZLOThBalo1VC1halFESzFoNm5fb3B0LVpDSmtKWnotN3IyeDA3QlNhXzVuZzdpd2FtQlJTdjFkZUZ4aEl5Vi1Fc0NlMU1FaWYtbmFfNDExaEdwSkEtR3dDenBfd3NTV2xxcmEwUlBEcTIwOGxZNzBYUFB1NEhfM0VIXzZxOGN5NVloSG5TOTNWZlVPME5TUWZOaUtlUjI1endOSUQzOXpvaXlqX2RlOWdaamFXWGEzazBUUHJQbjVNZmRwWFZURDAtcm80b3FJMzRhYjYyLXJVQkNkWWRzbVRHZ0lIWlkzc0hMR3R5QWZyQnpITVBNREtBVU9KOUJVSVJhU3FwbnI0TmFIZnFfUzFtMVV5NXBFRVEzajBiT3ptY2M0VUFzTlFRbnJyZUxxbThiS0ZRSTQxR2dKUkptOVV2a0NSLVBNRk9uU0hlT3FqbWNlNlpLdWExcVRPRUZYWWNkRk9lakJqcURCY3lDTm9xR3VHb0RscW4yLTNNa0dHcnBWUVZZQW9sT015S0NfU2w4a3BEdmpYTnRLZ2d6UUI5Vm5sbmxROV9mWTNobXlvcjBaRUV4eVRhamZ1YS00SWxzRktHM2NyUWt4M3NjQ1NwLVc2cmY3dmZ6WDV2RGhxYkhGWmJIYnVYWXBGajFiRG1Jc193LXhRRFZyMUtnYmx6TXNXOWdSQndNMk1LOHJ0OVFQemlOSGNhUWZWMmRRYUdRdGg0VnlVQ2NxMG1KQ1M1UWduQkt3ZGlHR1Z4Zms3Qmh3SEsyanJXM0s0ZWdqUU5hOUxTU05oQ2poUVo2OU0xNmlWQmZma3RuejVvVDBMLW5QS2NRRUlmaUEtcmptd1l5NkJFb2RaaThTN1M0bDRZdkxtdmpqaUR1SnhLQjdac1FVU1ZyVml6UGxqTWsxUnNidmd3VzdyZk9KTGNJOWVkLW1IcHNNeHZlcGoyVXhFWlhVOTVaX3ZYN2k4eEdTWnhtbFdybVNJMEVFUEE1VEw3R1FmeGZJTXRWNFZfTzhSaklJUFF0REpNa0VOS0ZsTlZrbjhXaW83bm9zZllBazFncGx4a1BSMlNDSUVsVENJUlB3ZXVfNHk1NllxM3d4YlZud0NBWDd5eWp5VHVCSVJrMzB6Tlc4NG9NWVlsSkM2N3dudHlCRXFpM1RZMXZ6Nld4cmFlbm5fZE53SWt1LVJZX2J2QzlCSldaUGdETnBaZFRkcW5EaGlKTEV5Szl6aFpjd3ZqSFZvbTdWTVM0Q0xKczZOZHFWbTl5ZWlsazU1SC1FSm4yMi0xbjF1NnBNamV5RkJ2dFkwekZyZjU3c2lkVGNJdHNFRUpNaGJNMVVxZFNLM1JwRnh2MkhDMERZWTlPazd1QXNEc0lGV2hLQ1pNdWU0UXlVcmQzWTRXdlpIampBUFJYcUVRb0pmYVZaLVZ0LTMzMWpWYUpHa3pJaWZNUHVZRmNrLWtZUnFiUTE5M1VZYTlTWTZFLTdFcmVJZDNDeTdHWWxQOS1URlNVZ29CUFVMTnlEaUVBbXRRSTF6YWVwd0pLanFTOUxKb0ZkT09qaFhicVp5MC1zcEl0Z0xuQk10dXhweFFINnBoSDM0dmRiMmZDZ2p0VEM4aDF2cDNfQTBMdnh4enVNZFUzSllwYzlsdHFNWHhHN1haNGg0VVFydklTMnFtM1hRd1VCMXVUTzlTeWhmTlBmMTZoMC1VOEJRZE9GRy1ZWWJBLVFOX0FXTjRVRlMyRlRGWS03eUQxaXNwMEczMUxJRm1PUnBMZUh6MHBjZ0VmTy1NYXlhY3hzVkdJT3B0bjY3RW5Nd2VfR3Jkd0t6VjI3RGVvY3pUbUNuX0ZiN1FWVERzTEU4ODFSRno3THJoTWlUSVVJVGRvNEUwRmtXVWFaMUNvSHJCcEJoWm1HMzB0TGpieFlkQi1sRnE3NHJYZmRDMWVPQkowdlBjZEF4b215QTlFT1hDTnQ3MHR0STE2RlIzbHhqZFlTR1F2X2lIdGZrZGF1TU1GWU9KakhfVzlaYWdJV2IydXhNaE5HMEEzTXBUOFI4MEhaQlBwdkgzSFNiMnVleld3OEFxVGxta0FscUYwZzZuWnFNMTgxejQ2Z05LWjd3M2g4YTI5LXlDaTB5UHpfbTBQT0ZJaG5XanJFbmRqS2V3NmFab0RFSHd5VVBzbk83eTkzUURjOGtIaFB6Yjg0YmtBaEJDMlNZZTh3R3ZnTXJoRkl3U2lnZmh0X0czTThObHQzdmZBc1FlOTh0d28wVHp1M0s3Mkttb0Q4a2hkdzZYcTZPYWxYb2JBMU05d2ZpNTFXbWpqaTh5cjRUWS03cHFEYzUxT21ieFNRVXJBTzAtNlB1amE1RFVGVUlPUTN5Wk0waVdSMVlKY2lxQW9GcC1YV045Q3JIMjg3dkpaaFcyczRHZXM4Uy1XdWRhOXl1NjF1M2IxcHdSMGZZc0VPVXpRdWFZX3QzcWtaaWFHaHZaMEEybkVGZFkyd2tUbWFvbmlkcXRza3U4cmhQS25xYUxSQ195ZG52eVFPT3huckR3SlJYeElMdVRWbGFhUW1ZZ1RsMHplc1NSdnBrSDRJbmtJVTBpa0JEQ2VRVm5MQ0pxTnVZTWM1dV9EVEljLXBiN0U5SDR6V3htM1RBbE1Mem9DLXYxdTBzSHphcW9rM3R2SVhBOXV5OWkzcXZQejFyZUFMV2c3dzF5cVFVaFBkLTZQR29sYmRkRnFXWEVrYjQzSnRSeTN3bnhKSVpDR1pvcXdpVXZQZEhwem0wQ3lmekx4NzFjQmNweUMzTGtnX3BEVVdLQjJxSlYySGpvZFVTdlN0djguYnY5cC1hb0FJdDFtZklKc1daZXZTZw.BwqNQ5n8apKEs9fbB4htdQBtErdKlAZTmphx6r_h7k7og4lx3gMgdS3FEp6o4CS6jTTUTOSt6gDmuDWZOzZtpTWeTj64P4oF1WLzKF6tX8alrkaiQR2npTXh_ah87BkW69myzaKb4D9obNgp7qdk7IzgkpQ180olmBtPxIV-wkiN92F6n2fpOI5Bt1wS_hH8wxGlA6NKm0s-ROaYL7GtvgBS6gOHKhvGaXnhesQY7KZgQTE9OrCc_fliqyyRABHtpgyBwb7Wp0hPodZQ0dPaduMKkprs05VidFZJUfxduYc7ZbZE-g_tiXrJK3Linf4rNZXyI0gOhBW5GRPHu3wlTg

Authorization Token

Restful API needs to include an authentication token (JWT). Samsung and partners can use the token to authenticate API
calls.

JWT Details

[JWS Header]

JWS Header Requirement Description
alg Required Cryptographic algorithm used to sign the payload.
e.g., RS256

cty Required Payload content type
*such as 'AUTH'

ver Required Token version.
Set as 2.

partnerId Required Partner ID.
utc Required Creation time.
To prevent repeated use, the token expires after a certain period of time. Unix timestamp in milliseconds.
*Time offset from UTC of +00:00

[JWS Payload]

JWE Payload Requirement Description
API Required Current API information.
API.method Required API method.
API.path Required API path.
refId Optional A unique content identifier defined by the content provider
updatedAt Optional Data update timestamp.
Epoch timestamp in milliseconds.

simList Optional List of Sim Card Information
simList[].contacts Optional Personal contact information such as phone number
simList[].uiccId Optional Universal IC Card ID

[Authentication Token Example]

JWS Header:

{"cty":"AUTH","ver":1,"partnerId":"1234567890","utc":1631775948348,"alg":"RS256"}

JWS Payload:

*Samsung Server API > Update Notification
{
    "API": {
        "method": "POST",
        "path": "/wltex/cards/12584806754/notification"
    },
    "refId": " ref-20230304-0003"
}

*Partner Server API > Get Card Data 
{
    "API": {
        "method": "GET",
        "path": "/cards/12584806754/ref-20230304-0003"
    },
    "refId": "ref-20230304-0003"
}

JWS Result:

eyJjdHkiOiJBVVRIIiwidmVyIjoxLCJwYXJ0bmVySWQiOiIxMjM0NTY3ODkwIiwidXRjIjoxNjMxNzc1OTQ4MzQ4LCJhbGciOiJSUzI1NiIsImtpZCI6IldMVC5QUklLRVkifQ.ewogICAgIkFQSSI6IHsKICAgICAgICAibWV0aG9kIjogIkdFVCIsCiAgICAgICAgInBhdGgiOiAiL2NhcmQvQ1MxNjEzODM1MzIxMjU4NDgwNjc1NCIKICAgIH0sCiAgICAicmVmSWQiOiAiQ1MxNjEzODM1MzIxMjU4NDgwNjc1NCIKfQo.AscAwII-aMbJKoly_AuZagxrwUUmKfUhBZnrLk0YkvByOg2dSLJs-_xyQ9toOh4cWSfpKeJ0VqkWBYROKABkhwMRdbKjrAjeAQ-87s-bQp1RCBeLNzMFq66gCmbg9xpD6dmwWlnRAzySZjrcyZklLu9si5qYKrkyUOz34MCWzwdNeOs3z3Gl1xft42M2-cDUxKQWi0WfrYAnxIEdWboIYu12SDnPsRBWlb7liW4oMM6fg01diRTbK6AYumbf7Zqjl_oygeLv9JFDYOzE0TQykLtTSHGdws7IMyamhA5nhaGPlhqIVzAQooSA14gBCm1U0zDqw4JQa4-1Vgjr_i5XEA

[Sample code implementation]

import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWEAlgorithm;
import com.nimbusds.jose.JWEHeader;
import com.nimbusds.jose.JWEObject;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.JWSObject;
import com.nimbusds.jose.JWSSigner;
import com.nimbusds.jose.Payload;
import com.nimbusds.jose.crypto.RSAEncrypter;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jose.jwk.RSAKey;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.interfaces.RSAPublicKey;
 
public class JwtManager {
 
    public String generate(String partnerId, PublicKey samsungPubKey, PublicKey partnerPubkey, PrivateKey partnerPrivKey, String data) {
        EncryptionMethod jweEnc = EncryptionMethod.A128GCM;
        JWEAlgorithm jweAlg = JWEAlgorithm.RSA1_5;
        JWEHeader jweHeader = new JWEHeader.Builder(jweAlg, jweEnc).build();
        RSAEncrypter encrypter = new RSAEncrypter((RSAPublicKey) samsungPubKey);
        JWEObject jwe = new JWEObject(jweHeader, new Payload(data));
        try {
            jwe.encrypt(encrypter);
        } catch (JOSEException e) {
            e.printStackTrace();
        }
        String payload = jwe.serialize();
 
        JWSAlgorithm jwsAlg = JWSAlgorithm.RS256;
        String cty = "CARD";
        String ver = "1";
        Long utc = System.currentTimeMillis();
 
        JWSHeader jwsHeader = new JWSHeader.Builder(jwsAlg)
                .contentType(cty)
                .customParam("partnerId", partnerId)
                .customParam("ver", ver)
                .customParam("utc", utc)
                .build();
 
        JWSObject jwsObj = new JWSObject(jwsHeader, new Payload(payload));
 
        RSAKey rsaJWK 
= new RSAKey.Builder((RSAPublicKey)partnerPubkey)
.privateKey(partnerPrivKey)
.build();
        JWSSigner signer = null;
        try {
            signer = new RSASSASigner(rsaJWK);
            jwsObj.sign(signer);
        } catch (JOSEException e) {
            e.printStackTrace();
        }
        return jwsObj.serialize();
    }
}

*Refer to Java and Android library 'Nimbus JOSE+JWT'