vSEC:CMS will change your views on how to manage the lifecycle of authentication tokens. The vSEC:CMS C-Series is an innovative, easily integrated and cost effective Smart Card Management System or Credential Management System (SCMS or CMS) that will help you deploy and manage credentials within your organization.
The vSEC:CMS C-Series is fully functional with minidriver enabled credentials and it streamlines all aspects of a credential card management system by connecting to enterprise directories, certificate authorities, physical access control systems, email servers, log servers, biometric fingerprint readers, PIN mailers etc. Organizations can run vSEC:CMS C-Series in public clouds, private clouds and hybrid clouds. With vSEC:CMS organizations can issue badges to employees, personalize the badges with authentication credentials and manage the lifecycle of the badges - directly from the cloud.
vSEC:CMS Connectors (see figure above)
- 1. Smart card printer for batch operations
- 2. User directory for looking up users
- 3. File and database servers
- 4. Secure transport of PIN codes
- 5. Event & log management
- 6. User photo capture
- 7. Certificate/PKI services
- 8. Physical access control systems
- 9. Hardware security module
- 10. Secondary authentication (IdP/OIDC/SMS/email)
- 11. Key archival & key recovery
- 12. Credential provider -login screen interface
- 13. Remote security device management
- 14. User self-service application
- 15. Credentials such as physical & virtual smart cards/tokens
- 16. Administrative operator console
The cornerstone of the vSEC:CMS security is that all sensitive data and keys are secured using hardware. Operators of the system are securely authenticated using two-factor authentication and all usage is securely audited for full traceability. The main task of a secure device management system is to connect security devices (such as smart cards) to user identities in enterprise systems (such as user directories) and maintain this connection throughout the lifecycle of the security device. That implies need of communication with several external systems. In vSEC:CMS C-Series, only proven and secure standards for these connectors are used.
System Owner Card
The System Owner Card – one required per system. The CMS operator applet (or application) will be installed on this token. It will be necessary to use this token to initialize the C-Series on first use. Once the system has been initialized and setup it is recommended that the System Owner Card is stored away in a safe. To purchase a server license and receive a System Owner Card contact Versasec or check with your local Versasec reseller.
This Is How Easy It Is!
We support many different use cases and the configuration options and feature set is vast. But it’s easy to get started. The most common use case is being able to issue a Smart Card with a Windows logon certificate to a user in a secure way. Follow our guides and this can be accomplished in minutes rather than days. Once you have the initial use case configured you can build from there adding User Self Service, Remote Operators and support for other secure devices including Virtual Smart Cards.
Use Case Guide: Windows Smart Card Logon
We will guide you through the initial setup all the way to you issuing and managing the lifecycle of your secure devices. Follow this guide on our Support Portal: Windows Smart Card Logon Note: The PKI used in this example use case will be an MS CA. Other PKIs are also supported.
The vSEC:CMS video content can be found here.
vSEC:CMS C-Series Version 5.7 is now available. A press release about this version is available here. This newest version incorporates a variety of important new features.
Version 5.7 adds support for the following:
- WHfB (Windows Hello for Business) containers managed like any other Physical or Virtual Smart Card
- OpenID Connect (OIDC) for secondary/recovery IdP authentication
- Thales/Gemalto Data Protection on Demand (DPoD) 64-bit integration
- Extended support of CryptoVision PKI applet
- Important Thales/Gemalto credential additions: MultiApp V4x, eToken 5110 CC (940), and IDPrime PIV 2.1.
- Optional automatic revocation
- Graphical card layout print testing
- Updated operator user experience (UX)