Most Wanted: Answers From Our Last Webinars

Date: 2022-05-26
Author: Gabriela Peralta, Marketing & Public Relations Coordinator

Most Wanted: Answers From Our Last Webinars

We want to take the opportunity to share with you a summary of the most Frequently Asked Questions from our last webinars with Yubico, Thales, and Sectigo.

As always, they were great questions and provide a quick overview of Public Key Infrastructure (PKI), Multi Factor Authentication (MFA), and vSEC:CMS functionalities.

PKI

What is PKI? 

A classic and quick definition of PKI: Public key infrastructure establishes and manages public-key encryption and digital signature services. For public-key encryption to work, digital keys and certificates need to be created, stored, distributed, managed, revoked, used, and so on. PKI is the underlying framework for the technology as a whole; it is not a single, physical entity. PKI encapsulates various “pieces” that make up the technology for encryption with software, hardware, protocols, policies, processes, and services. 

 

This public key infrastructure is the technology behind digital certificates. A digital certificate fulfills a similar purpose to a driver’s license or a passport – it is a piece of identification that proves your identity and provides authorization. A digital certificate allows its owner to encrypt, sign, and authenticate. Accordingly, PKI is the technology that allows you to encrypt data, digitally sign documents, and authenticate yourself using certificates. An important entity of PKI technology is the certification authority (CA) which issues digital certificates.

 

Do all tokens support PKI?
Not all tokens support PKI. There are different technologies in the market that provide authentication, such as OTP, FIDO, and PKI. We have previously discussed the importance of having the highest level of security for your credential needs. Check out this webinar on hardware-based PKI.

 

What are the challenges of implementing PKI?

vSEC:CMS and multi-factor authentication can be a part of every business, no matter how large or small. Watch this informative webinar to learn the myths and truths for implementing MFA with PKI.

 

Credentials

Which token do you recommend?
The recommendation of type/model and specification of a Credential (Smartcard, Virtual or Token) vary greatly and are based on specific business requirements and use-cases. There are also significant differences in levels of security and compliance based on the latest industry standards. These require consultation to understand a customer’s business requirements in order to make the best recommendation. At Versasec, we strive to support as many credential types as possible in all of Versasec’s products, and we are continuously adding support for the latest and greatest credentials provided by our Technology partners. You can find a comprehensive list here.

 

Which FIDO tokens do you support?

Our current tested and supported Fido2 compliant credentials:

  • YubiKey 5 NFC 
  • YubiKey 5C NFC 
  • Thales 3940 Dual FIDO2 
  • K9-Feitian ePass FIDO NFC Plus 

We are currently adding new FIDO2 credentials to our list. Contact us if you have any further questions.

 

vSEC:CMS Functionalities

What server versions does vSEC:CMS run on? Do you support MacOS? 

vSEC:CMS Admin runs on MS Windows 2008/R2, 2012/R2, 2016, 2019, 2022. We support MacOS for vSEC:CMS Client/User functions. 

 

Where are master admin keys stored in vSEC:CMS?

To understand this answer, it’s important to cover the flow in vSEC:CMS. vSEC:CMS diversifies each admin key on every credential (Smartcard or Token) that is registered with a unique value by design. The process is as follows: when a smart card is registered with our credential management system (CMS) we change the “known” Admin key during this process. To do this we need to know the current Admin key value. 

 

Normally this is a well-known value, for example, when you purchase a smart card type IDPrime MD 830 the Admin key value is a well-known value of 48x0s (zeros). Then we use this value and change the Admin key to a diversified (random) value and set this on the card. 

We do not store this new Admin key value. During the diversification of the new Admin key, a seed value is used and the card CSN and a master key generates the new value. 

We store the seed and the CSN of the card in the CMS database and the master key would normally be stored in an HSM.

 

Can vSEC:CMS perform folder encryption and pre-boot authentication?

vSEC:CMS only manages the credentials and certificates issued from the PKI/CA which then can be used by the organization for different end-use cases. It is up to the consuming application and PKI environment to perform methods of encryption, digital signing, client authentication, or preboot authentication using the credentials and certificates within.

 

With that said, vSEC:CMS provides different workflows for issuance of encryption certificates such that it will be possible to issue and manage credentials where the certificate’s private key(s) can be archived and later recovered to the credential if required.

 

Does vSEC:CMS provide APIs for external application integration?

vSEC:CMS offers both SOAP and COM APIs to access our software for other applications to utilize and manage the Credentials Lifecycle management through their own interface.

 

For further questions, don’t hesitate to contact us or visit our support articles.

vSEC:CMS

Our product suite provides all the software tools to administrate and manage credentials in a secure and convenient way.

Start here

Free Product Trial

Versasec provides enabling IT security products centered on the usage of security devices such as smart cards. Our solutions enable customers to securely authenticate, issue and manage user credentials more cost effectively. Get a free product trial

Job Openings

We are always looking for new exceptional persons to join our team! Find out more about our job openings.

Versasec Support

Versasec customers with an existing support and maintenance contract can access the Versasec Support Portal, offering extensive professional support and maintenance services. The Versasec Support Portal offers a variety of services, allowing for customers and any site visitor to communicate directly with support engineers.

Contact Support

Company Blog

Our blog addresses the latest security trends and stories. The posts discuss how identity and access management are playing a larger role in keeping corporate data safe as well as brand reputations intact.

Visit our Blog
Share this article