OC Scanners need connectivity over HTTP/S with a custom-defined port towards the central OC Configurator server API. OC Scanner is sending over that connection the inventoried data to the central server. The connection is encrypted by the application with a public/private key.
Each request from OC Scanner to OC Configurator API is signed with a private RSA key and verified with a public key on OC Configurator API. Each response from OC Configurator API is encrypted with a random AES key (a different key is used for each request). The response contains an AES key, which is encrypted with a public RSA key on OC Configurator API, and sent together with the encrypted and related scan file configuration. OC Scanner receives an encrypted scan file configuration and an encrypted AES key, decrypts the AES key using its private RSA key, and then decrypts the scan file configuration using the decrypted AES key. Finally, there is another level of decryption, using an internal symmetrical key.
No connection needed from OC Configurator server API towards OC Scanners.