vSEC:CMS will change your views on how to manage the lifecycle of smart cards/secure tokens. The vSEC:CMS C-Series is an innovative, easily integrated and cost effective Smart Card Management System or Credential Management System (SCMS or CMS) that will help you deploy and manage smart cards within your organization.
The vSEC:CMS C-Series is fully functional with minidriver enabled smart cards and it streamlines all aspects of a smart card management system by connecting to enterprise directories, certificate authorities, physical access control systems, email servers, log servers, biometric fingerprint readers, PIN mailers etc. Organizations can run vSEC:CMS C-Series in public clouds, private clouds and hybrid clouds. With vSEC:CMS organizations can issue smart cards to employees, personalize the smart card with authentication credentials and manage the lifecycle of the smart card - directly from the cloud.
vSEC:CMS Connectors (see figure above)
- 1. Smart card printer for batch operations
- 2. User directory for looking up users
- 3. File and database servers
- 4. Secure transport of PIN codes
- 5. Event & log management
- 6. User photo capture
- 7. Certificate/PKI services
- 8. Physical access control systems
- 9. Hardware security module
- 10. Secondary/out-of-band communication
- 11. Key archival & key recovery
- 12. Credential provider -login screen interface
- 13. Remote security device management
- 14. User self-service application
- 15. Physical & virtual smart cards/tokens
- 16. Administrative operator console
The cornerstone of the vSEC:CMS security is that all sensitive data and keys are secured using hardware. Operators of the system are securely authenticated using two-factor authentication and all usage is securely audited for full traceability. The main task of a secure device management system is to connect security devices (such as smart cards) to user identities in enterprise systems (such as user directories) and maintain this connection throughout the lifecycle of the security device. That implies need of communication with several external systems. In vSEC:CMS C-Series, only proven and secure standards for these connectors are used.
System Owner Card
The System Owner Card – one required per system. The CMS operator applet (or application) will be installed on this token. It will be necessary to use this token to initialize the C-Series on first use. Once the system has been initialized and setup it is recommended that the System Owner Card is stored away in a safe. To purchase a server license and receive a System Owner Card contact Versasec or check with your local Versasec reseller.
This Is How Easy It Is!
We support many different use cases and the configuration options and feature set is vast. But it’s easy to get started. The most common use case is being able to issue a Smart Card with a Windows logon certificate to a user in a secure way. Follow our guides and this can be accomplished in minutes rather than days. Once you have the initial use case configured you can build from there adding User Self Service, Remote Operators and support for other secure devices including Virtual Smart Cards.
Use Case Guide: Windows Smart Card Logon
We will guide you through the initial setup all the way to you issuing and managing the lifecycle of your secure devices. Follow this guide on our Support Portal: Windows Smart Card Logon Note: The PKI used in this example use case will be an MS CA. Other PKIs are also supported.
The vSEC:CMS video content can be found here.
vSEC:CMS C-Series Version 5.2 is now available. Version 5.2 of vSEC:CMS C-Series is a major new version of the product with focus on improved interfaces to smart cards, user directories, certificate authorities and management of client components. The version does not only include the impressive list of new features below, but also has a long list of general improvements and corrections.
- Inventory for software version management (RSDM, USS and VSC) to improve management of vSEC:CMS software components installed on managed devices
- The FixDN feature, finding and correcting broken links between user ID stored in vSEC:CMS and user directory (AD), has been updated and improved
- Functionality to retrieve directory (AD) attributes, from the users’ managers
- Support for Symantec MPKI 7.5 - enabling certificate issuance from Kuwait Government PKI, PACI
- The virtual contact interface (VCI) bits in Discovery Object on PIV cards can be configured to set VCI PIN behavior
- Updated interface to ypsID S3 smart card to support version 3
- Support for fingerprint enrollment for ypsID S3 smart cards
- Support for Longmai mToken CryptoID
- Support for SPE (Secure PIN Entry) on Oberthur 8.1 PIV cards
- Management for PIV FASC-N Credential Numbers
- Complete support for Gemalto IDPrime MD 830 vSEC:CMS Java card as system owner and operator card
- Updated interface to Thales nShield HSM