Authenticating Servers

The Personal Certificate Client (PCC) uses a complex mechanism to secure its communication with a OneSpan Sign server. This mechanism is independent of the PCC-to-JavaScript TLS communication, and exists on top of it. The mechanism uses strong cryptography, hashes, digital signatures, encryption, timestamps, nonces, etc.

This security mechanism also uses Server Authentication. This means that the PCC will not accept a connection from any source other than its predefined “trusted servers”. For both Windows and macOS installers, certain OneSpan Sign SaaS servers are predefined as trusted. This arrangement is sufficient for all SaaS customers.

By contrast, on-premises customers use their own servers. Thus these customers must ask our Support Team to send them PCC installers that are customized for their environments.