Kaay Display-TAN
En

OCRA Interface Server/Smartphone/Card

This page is a short - but nevertheless complete - description of the Display-TAN interface between bank server/smartphone and card.

The spec/interface of Display-TAN Version 2 including encryption, login, respresentation of capital letters, etc. is available.

General Protocol

The general protocol is the following.

0)Both smartphone and card are sending BLE signals that they are ready.
1)Then the bank server sends via smartphone to the card the query <C>~<A>~<N>
The card will show the destination account number <C> and the amount <A>, the nonce <N> is not shown. In case the bank customer confirms <C> and <A> the card will generate the 8-digit TAN
2)and will send it to the smartphone as an 8-digit string.

Here is an example:

1)smartphone to card (will be encrypted): 83507112  ~320,00~1399458665_G6HNVF
2)card to smartphone: 90065298

The syntax of <C>, <A> and <N> is decribed below. But first, here is an online test interface.

Test Interface

Data string transmitted via BLE from smartphone to display card (paste a valid query):



OCRA computation steps:

1)qdata string:83507112  ~320,00~1399458665_G6HNVF
4)QSHA1(q):0x7196501689c356046867728f4feb74458dcfd079
5)sseed:12345678901234567890
6)TANOCRA-1:HOTP-SHA1-8:QH40 (s,Q) 90065298

Substrings.

The following 3 substrings within the query are mandatory, in that order.

SubstringDescriptionSyntaxRegEx Expr.Example
<C>destination account numberExactly 10 digits or spaces[0-9 ]{10}935 203 21
<A>money transfer amountdigits, in . or , notation, 2 fractional digits, displayed right-aligned[0-9]{0,8}(\,|\.)[0-9]{2}50,00
<N>nonce (security protection)up to 20 printable ASCII symbols besides symbol ~. Not displayed.[ -}]{0,20}HdaG-353330

Links

Mehr InformationenDemo AppsAPIMehr FunktionaltätenLinksKontakt
Workflows
IBAN
Vergl. App-TAN
Weitere Informationen
Friendly Fraud
PSD2-Compliance
Business Partner
Android App
iOS App
Windows App
API Version 1
API Version 2
SDK/Library
Display-TAN/soft
Seed Perso
Display-PIN
Online Banking Demo
IoT Anwendungen
nfc-tan.com
smartdisplayer.com
borchert-it-sicherheit.com
YouTube Playlist ''Technology Cards''
Über uns
Kontakt
Impressum
Privacy Policy