PC - Server Signer

Introduction

PC is a software solution to confirm or sign digitally transactions in digital banking and/or electronic document management (e-docflow) systems.
The primary purpose of PC is to create a better customer experience and increase security level compared to SMS, one-time passwords (OTP) solutions, scratch cards, MAC tokens and etc.
PC can be used to confirm declarations of intention in digital banking transactions, authentication, creation and execution of documents, facts of receiving and/or reading a certain document.

Component parts

PC consists of following parts:

# Part Description
Server PC Server PC Server is an application for back-end installation. PC Server functions can be accessed by the application system with calls to PC Server web services via REST API. This enables integration with any application platforms.
PC Server must be installed within the security perimeter of the application system.
This component is integrated with the server part of digital banking or e-docflow system and performs the following functions:
  • PC users’ registration;
  • PC users’ key information generation and updates;
  • Transaction confirmation operation;
  • Billing and data reports generation.
    		•
    PC External PC External is an application to be installed in back-end's DMZ. PC External functions are not accessed by the application system. It interacts with PC Server on one end and with the client app on the other.
    Includes such function as:
  • User devices’ registration;
  • Provision of transactions information to be confirmed by the user;
  • Transactions confirmation (digital signature) receive and verification via PC Server
    		•
    PC Pusher PC Pusher is an application to be installed in back-end or DMZ. PC Pusher functions are not accessed by the application system. It only communicates with the PC Server.
    Sends transaction confirmation push notifications to the mobile app.
    PC Server Signer PC Server Signer is an application for back-end installation. It works on behalf of Client mobile app - performs holding keys, transaction confirmation, etc., but it's managed by application system. This component is used to build signing scenarios, completely managed by application back-end.
    PC Conflicts Resolving Tool (CRT) PC CRT is an application for back-end installation. It provides web-based User Interface to get detailed information about PC Users, Transactions, Confirmations, Devices, etc. Also it generates reports to be provided to conflicts resolving commissions as proving materials.
    Client PC Mobile SDK / PC App Performed as a mobile application for iOS 12 (and above) and Android 7 (and above) with the following functions:
  • Users and keys management in a mobile app (read, storage, use, update, delete);
  • Transaction details receiving in online or offline modes;
  • Transaction details performance on a smartphone’s screen for client’s confirmation;
  • Digital signatures generation on the basis of cryptographic transformation of transaction details, user keys, a timestamp and (optionally) a device fingerprint (based on key device parameters);
  • Digital signatures transmission to the server component in online mode or a confirmation code display to the user in offline mode.
    • The client component can be performed as a standalone application as well as a set of embedded libraries to be integrated into a mobile app.

    See Figure 1 for the component interaction diagram.

    component_interaction_diagram.svg

    PC Server Signer

    It can be that you will need to use server-side transactions signing (confirmation) without a mobile device.

    To handle this scenarios there is feature called PC Server Signer.

    It's a optional service which should be installed separately. This service works like PC Client, but on a server side. It will handle key sets for PC User, calculate digital signatures and confirm transaction on behalf of PC User, communicate with PC Server and so on.

    PC Server Signer can work in 2 different ways:

    • as owner's signer of an Application (for example, remote banking system's owner)
    • as client's signer (for example, installed on client's side instead of Mobile Device)

    Owner's Signer

    This option is used in case an Application (for example, remote banking system) needs to sign some documents automatically.

    In this case PC Server Signer is installed with direct communication with PC Server and handles personalization and signing processes automatically.

    Interaction diagrams in this case will look like following.

    owners_signer_personalization.svg

    owners_signer_sign.svg

    Detailed API description

    Detailed API description can be found in PC API Reference

    Client's Signer

    This option is used to replace a Mobile Device on a Client's side with PC Server Signer.

    In this case PC Server Signer is installed in Client's infrastructure and works like a "big Mobile Device".

    Interaction diagrams in this case will look like following.

    clients_signer_personalization.svg

    clients_signer_sign.svg

    Signing without a Transaction

    If you need to sign a data without creating a PC Transaction on PC Server, then you can create a signed data with PC Server Signer, send it to PC Server's owner system and verify the signature with PC Server.

    In this case interaction diagram will look like following

    clients_signer_sign_wo_transaction.svg

    Signature verification

    If you need to perform signature verification on the Client Server Signer side, then it has the functionality of adding a public key and a method for verifying signature verification using the added public key.

    In this case interaction diagram will look like following

    clients_signer_verification.svg

    Detailed API description

    Detailed API description can be found in PC API Reference