With Server-based PKI the key material of the certificate holder is centrally placed on a server. The link between the certificate holder and the key material is made by means of strong authentication (e.g. via Challenge response or SMS authentication). The signature on a transaction is being made at the server level.

The major advantage of server-based PKI is that a transaction can be signed with an electro­nic signature, without the user having to install a smartcard reader and software on a work station.

Roaming PKI is an alternative for Server-based PKI. Essentially, the user's key material is stored on a server aswell (or distributed in parts over several servers), but the signing of the transaction does not take place in the server, but on the user's work station.  With Roaming PKI the key material is primarily retrieved in a 'virtual smartcard'. Because the key material is available locally, Roaming PKI is also suitable for receiving encrypted messages.

Access to the Roaming PKI servers and the user’s certificates takes place via authentication. The level of the authentication is dependent on the application and varies from a simple user name/password combination to one-time passwords and challenge responses.