Byzantine Askemos Language Layer

ManTAN :: pdf :: context view

inbound links:


A transaction authentication number, TAN or T.A.N. is as a form of single use one-time passwords used to authorize transactions.

There are at least two possible use cases, resulting in different requirements and solutions:

  1. Authenticate a person wrt. an application.
  2. Authenticate a person wrt. a member of the quorum of an application.

The first case is easily handled by the applications code. See this example.

The second case results in a multi factor authentication, since the person is to be authenticated independently to several physical devices at once. Possibly (normally) using different means (different numbers). This comes at a cost: complexity in the preparation.

The rest of this manual concerns only the second case.


There is a database of TAN pads for each entry point.

Overall the TAN handling is very simple. It's the cause for several wish list entries at this time.

Check For Validity


Negotiating New TAN Pads

Submitting new TAN pads is a local administrative task for each peer.

While this is incurs considerable effort, broadcasting TAN pads within the network would open too many security holes.

To set a new TAN pad for a user, connect to the control port and do:

for OID tanfile filename

OID is the identifier for the user and filename with a local file name readable for the peer process. The file must contain TAN values. One per line, no duplicates.

locked by: jfw.

Last modification: Mon, 20 Dec 2010 14:44:32 +0100

Author(s): jfw,

Document number A26b5619be8d5e3348cca356acfc8efea delivered to public at Wed, 21 Aug 2019 14:12:47 +0100

short comments

add comment