vSEC:CMS will change your views on how to manage the lifecycle of authentication tokens. The vSEC:CMS C-Series is an innovative, easily integrated and cost effective Smart Card Management System or Credential Management System (SCMS or CMS) that will help you deploy and manage credentials within your organization.
The vSEC:CMS C-Series is fully functional with minidriver enabled credentials and it streamlines all aspects of a credential card management system by connecting to enterprise directories, certificate authorities, physical access control systems, email servers, log servers, biometric fingerprint readers, PIN mailers etc. Organizations can run vSEC:CMS C-Series in public clouds, private clouds and hybrid clouds. With vSEC:CMS organizations can issue badges to employees, personalize the badges with authentication credentials and manage the lifecycle of the badges - directly from the cloud.
vSEC:CMS Connectors (see figure above)
- 1. Smart card printer for batch operations
- 2. User directory for looking up users
- 3. File and database servers
- 4. Secure transport of PIN codes
- 5. Event & log management
- 6. User photo capture
- 7. Certificate/PKI services
- 8. Physical access control systems
- 9. Hardware security module
- 10. Secondary/out-of-band communication
- 11. Key archival & key recovery
- 12. Credential provider -login screen interface
- 13. Remote security device management
- 14. User self-service application
- 15. Physical & virtual smart cards/tokens
- 16. Administrative operator console
The cornerstone of the vSEC:CMS security is that all sensitive data and keys are secured using hardware. Operators of the system are securely authenticated using two-factor authentication and all usage is securely audited for full traceability. The main task of a secure device management system is to connect security devices (such as smart cards) to user identities in enterprise systems (such as user directories) and maintain this connection throughout the lifecycle of the security device. That implies need of communication with several external systems. In vSEC:CMS C-Series, only proven and secure standards for these connectors are used.
System Owner Card
The System Owner Card – one required per system. The CMS operator applet (or application) will be installed on this token. It will be necessary to use this token to initialize the C-Series on first use. Once the system has been initialized and setup it is recommended that the System Owner Card is stored away in a safe. To purchase a server license and receive a System Owner Card contact Versasec or check with your local Versasec reseller.
This Is How Easy It Is!
We support many different use cases and the configuration options and feature set is vast. But it’s easy to get started. The most common use case is being able to issue a Smart Card with a Windows logon certificate to a user in a secure way. Follow our guides and this can be accomplished in minutes rather than days. Once you have the initial use case configured you can build from there adding User Self Service, Remote Operators and support for other secure devices including Virtual Smart Cards.
Use Case Guide: Windows Smart Card Logon
We will guide you through the initial setup all the way to you issuing and managing the lifecycle of your secure devices. Follow this guide on our Support Portal: Windows Smart Card Logon Note: The PKI used in this example use case will be an MS CA. Other PKIs are also supported.
The vSEC:CMS video content can be found here.
vSEC:CMS C-Series Version 5.6 is now available. A press release about this version is available here. This newest version incorporates a variety of important new features.
vSEC:CMS 5.6 adds support for the following:
- The vSEC:CMS migration wizard has been extended to support credential migration from Gemalto/Thales SafeNet Authentication Manager - SAM.
- Support for the Thales eToken 5110 FIPS.
- A dedicated HSM connector is now available for the Thales DPoD HSM.
- Versasec Virtual Smart Cards (VSC) can now be “inserted” and “removed” from the vSEC:CMS client applications, which improves flexibility and increases the number of VSCs that can be available on a single terminal.
- All vSEC:CMS client-side components are now available as MSI installation packages.
- The formatting of dates across vSEC:CMS is now configurable.
- Performance improvements from using compiler code optimization in the vSEC:CMS service.
- Communication timeout is now configurable for EjbCA plugin.
- Performance improvements in the vSEC:CMS Operator Console around application startup and life cycle task.
- Support for IDEMIA/Oberthur PIV Minidriver has been added to support more features of the card.
- The size of the SQL database is now displayed under Help - Diagnostics and Options - Connections.
- The content of subject alternative name in certificate requests sent to neXus CA is now configurable.
- Details of selected records in "Archived Keys Repository" is now displayed.
- Configurable amount of archived keys restored during credential issuance.
- Option if a new key should be generated at reissue (re-keying).
- New support tasks: Database defragmentation and Garbage collection.