vSEC:CMS C-Series

vSEC:CMS will change your views on how to manage the lifecycle of authentication tokens. The vSEC:CMS C-Series is an innovative, easily integrated and cost effective Smart Card Management System or Credential Management System (SCMS or CMS) that will help you deploy and manage credentials within your organization.

The vSEC:CMS C-Series is fully functional with minidriver enabled credentials and it streamlines all aspects of a credential card management system by connecting to enterprise directories, certificate authorities, physical access control systems, email servers, log servers, biometric fingerprint readers, PIN mailers etc. Organizations can run vSEC:CMS C-Series in public clouds, private clouds and hybrid clouds. With vSEC:CMS organizations can issue badges to employees, personalize the badges with authentication credentials and manage the lifecycle of the badges - directly from the cloud.

Versasec is an IAM provider that helps businesses manage their access-enabling devices.

vSEC:CMS Connectors (see figure above)

  1. 1. Smart card printer for batch operations
  2. 2. User directory for looking up users
  3. 3. File and database servers
  4. 4. Secure transport of PIN codes
  5. 5. Event & log management
  6. 6. User photo capture
  7. 7. Certificate/PKI services
  8. 8. Physical access control systems
  9. 9. Hardware security module
  10. 10. Secondary/out-of-band communication
  11. 11. Key archival & key recovery
  12. 12. Credential provider -login screen interface
  13. 13. Remote security device management
  14. 14. User self-service application
  15. 15. Physical & virtual smart cards/tokens
  16. 16. Administrative operator console

The product can be purchased from authorized vSEC:CMS integrators and resellers, via our partners reseller network or contact Versasec directly to let us help you find the best way forward.

Available on

Amazon AWS Marketplace
Read more about vSEC:CMS C-Series on AWS

Microsoft Azure Marketplace
Read more about vSEC:CMS C-Series on Azure


The cornerstone of the vSEC:CMS security is that all sensitive data and keys are secured using hardware. Operators of the system are securely authenticated using two-factor authentication and all usage is securely audited for full traceability. The main task of a secure device management system is to connect security devices (such as smart cards) to user identities in enterprise systems (such as user directories) and maintain this connection throughout the lifecycle of the security device. That implies need of communication with several external systems. In vSEC:CMS C-Series, only proven and secure standards for these connectors are used.

System Owner Card

The System Owner Card – one required per system. The CMS operator applet (or application) will be installed on this token. It will be necessary to use this token to initialize the C-Series on first use. Once the system has been initialized and setup it is recommended that the System Owner Card is stored away in a safe. To purchase a server license and receive a System Owner Card contact Versasec or check with your local Versasec reseller.

This Is How Easy It Is!

We support many different use cases and the configuration options and feature set is vast. But it’s easy to get started. The most common use case is being able to issue a Smart Card with a Windows logon certificate to a user in a secure way. Follow our guides and this can be accomplished in minutes rather than days. Once you have the initial use case configured you can build from there adding User Self Service, Remote Operators and support for other secure devices including Virtual Smart Cards.

Use Case Guide: Windows Smart Card Logon

We will guide you through the initial setup all the way to you issuing and managing the lifecycle of your secure devices. Follow this guide on our Support Portal: Windows Smart Card Logon Note: The PKI used in this example use case will be an MS CA. Other PKIs are also supported.


The vSEC:CMS video content can be found here.

Product News

vSEC:CMS C-Series Version 5.6 is now available. A press release about this version is available here. This newest version incorporates a variety of important new features.

vSEC:CMS 5.6 adds support for the following:

  • The vSEC:CMS migration wizard has been extended to support credential migration from Gemalto/Thales SafeNet Authentication Manager - SAM.
  • Support for the Thales eToken 5110 FIPS.
  • A dedicated HSM connector is now available for the Thales DPoD HSM.
  • Versasec Virtual Smart Cards (VSC) can now be “inserted” and “removed” from the vSEC:CMS client applications, which improves flexibility and increases the number of VSCs that can be available on a single terminal.
  • All vSEC:CMS client-side components are now available as MSI installation packages.
  • The formatting of dates across vSEC:CMS is now configurable.
  • Performance improvements from using compiler code optimization in the vSEC:CMS service.
  • Communication timeout is now configurable for EjbCA plugin.
  • Performance improvements in the vSEC:CMS Operator Console around application startup and life cycle task.
  • Support for IDEMIA/Oberthur PIV Minidriver has been added to support more features of the card.
  • The size of the SQL database is now displayed under Help - Diagnostics and Options - Connections.
  • The content of subject alternative name in certificate requests sent to neXus CA is now configurable.
  • Details of selected records in "Archived Keys Repository" is now displayed.
  • Configurable amount of archived keys restored during credential issuance.
  • Option if a new key should be generated at reissue (re-keying).
  • New support tasks: Database defragmentation and Garbage collection.

Supported Credentials

Click here for a table of supported credentials.

vSEC:CMS Product Features

Click here for a table product features.