vSEC:CMS C-Series

vSEC:CMS will change your views on how to manage the lifecycle of smart cards/secure tokens. The vSEC:CMS C-Series is an innovative, easily integrated and cost effective Smart Card Management System or Credential Management System (SCMS or CMS) that will help you deploy and manage smart cards within your organization. Organizations can run vSEC:CMS C-Series in public clouds, private clouds and hybrid clouds.

versasec media
vSEC:CMS Connectors (see figure above)
  1. 1. Smart card printer for batch operations
  2. 2. User directory for looking up users
  3. 3. File and database servers
  4. 4. Secure transport of PIN codes
  5. 5. Event & log management
  6. 6. User photo capture
  7. 7. Certificate/PKI services
  8. 8. Physical access control systems
  1. 9. Hardware security module
  2. 10. Secondary/out-of-band communication
  3. 11. Key archival & key recovery
  4. 12. Credential provider -login screen interface
  5. 13. Remote security device management
  6. 14. User self-service application
  7. 15. Physical & virtual smart cards/tokens
  8. 16. Administrative operator console

The vSEC:CMS C-Series is fully functional with minidriver enabled smart cards and it streamlines all aspects of a smart card management system by connecting to enterprise directories, certificate authorities, physical access control systems, email servers, log servers, biometric fingerprint readers, PIN mailers etc. With vSEC:CMS organizations can issue smart cards to employees, personalize the smart card with authentication credentials and manage the lifecycle of the smart card - directly from the cloud.


The cornerstone of the vSEC:CMS security is that all sensitive data and keys are secured using hardware. Operators of the system are securely authenticated using two-factor authentication and all usage is securely audited for full traceability. The main task of a secure device management system is to connect security devices (such as smart cards) to user identities in enterprise systems (such as user directories) and maintain this connection throughout the lifecycle of the security device. That implies need of communication with several external systems. In vSEC:CMS C-Series, only proven and secure standards for these connectors are used.

Get started today

Contact Versasec to setup a Webinar or check with your local Versasec reseller.
vSEC:CMS C-Series is available on the Azure Marketplace.
Support for more cloud vendors will follow.

System Owner Card

The System Owner Card – one required per system. The CMS operator applet (or application) will be installed on this token. It will be necessary to use this token to initialize the C-Series on first use. Once the system has been initialized and setup it is recommended that the System Owner Card is stored away in a safe.
To purchase a server license and receive a System Owner Card contact Versasec or check with your local Versasec reseller.

This Is How Easy It Is!

We support many different use cases and the configuration options and feature set is vast. But it’s easy to get started. The most common use case is being able to issue a Smart Card with a Windows logon certificate to a user in a secure way. Follow our guides and this can be accomplished in minutes rather than days. Once you have the initial use case configured you can build from there adding User Self Service, Remote Operators and support for other secure devices including Virtual Smart Cards.

Use Case Guide: Windows Smart Card Logon

We will guide you through the initial setup all the way to you issuing and managing the lifecycle of your secure devices. Follow this guide on our Support Portal: Windows Smart Card Logon
Note: The PKI used in this example use case will be an MS CA. Other PKIs are also supported.


Complete Documentation is found on our Support Portal

vSEC:CMS Suite

More information about the complete vSEC:CMS product suite can be found here. vSEC:CMS Suite

Update from 3rd Party SCMS

vSEC:CMS S-Series includes updgrade wizards that enables quick and simple upgrade paths from third party smart card management systems. Check out the details here on how to upgrade from Gemalto DAS / IDAdmin 100 and here on how to upgrade from Microsoft MIM/FIM CM.


The product can be purchased from authorized vSEC:CMS integrators and resellers, via our partners reseller network or contact Versasec directly to let us help you find the best way forward.


The vSEC:CMS video content can be found here.

Product News

vSEC:CMS C-Series Version 5.2 is now available. Version 5.2 of vSEC:CMS C-Series is a major new version of the product with focus on improved interfaces to smart cards, user directories, certificate authorities and management of client components. The version does not only include the impressive list of new features below, but also has a long list of general improvements and corrections.

  • Inventory for software version management (RSDM, USS and VSC) to improve management of vSEC:CMS software components installed on managed devices
  • The FixDN feature, finding and correcting broken links between user ID stored in vSEC:CMS and user directory (AD), has been updated and improved
  • Functionality to retrieve directory (AD) attributes, from the users’ managers
  • Support for Symantec MPKI 7.5 - enabling certificate issuance from Kuwait Government PKI, PACI
  • The virtual contact interface (VCI) bits in Discovery Object on PIV cards can be configured to set VCI PIN behavior
  • Updated interface to ypsID S3 smart card to support version 3
  • Support for fingerprint enrollment for ypsID S3 smart cards
  • Support for Longmai mToken CryptoID
  • Support for SPE (Secure PIN Entry) on Oberthur 8.1 PIV cards
  • Management for PIV FASC-N Credential Numbers
  • Complete support for Gemalto IDPrime MD 830 vSEC:CMS Java card as system owner and operator card
  • Updated interface to Thales nShield HSM
  • See the updated list of supported smart cards here

Supported Smart Cards

Versasec strives to support as many credential types as possible in all of Versasec's products. Credentials are generally user authentication devices such as physical smart cards, virtual smart cards or tokens. The number of supported credential types is continuously increasing with every new product version. The table below is showing the supported credentials. If you are using a credential that is not on the list, please contact Versasec to check if and when your credential will be supported.



Supported Credentials





ACS CryptoMate64

Athena CNS

Athena IDProtect Key Nano USB

Athena IDProtect Key USB Token

Athena IDProtect Smart Card

Avtor CryptoCard337

CardOS 4.4/5.3


Cryptovision ePKI Applet


Feitian ePass2003/eJava

Gemalto IDPrime .NET 510/5500

Gemalto IDPrime MD 830/840/940/3810/3840/3940

Gemalto IDPrime PIV Card v2.1/v3.0


Gemalto Safenet eToken 5110/5300


HID C200

HID C1150

Identiv uTrust MD


Longmai mToken CryptoID


Microsoft minidriver enabled smart cards



Morpho ypsID S2

Morpho ypsID S3


Oberthur Authentic

Oberthur IAS ECC

Oberthur PIV 8.1


Open FIPS 201 Applet


Raak Technologies C2

SafeTrust-PIV on Placard


Taglio C2


Taglio PIVKey


TCOS TeleSec IDKey


Virtual Smart Cards (more info...)


Yubico YubiKey 5 NFC/5C/5 Nano/5C Nano


Yubico YubiKey 4/4 Nano/4C/4C Nano


Yubico YubiKey NEO/NEO-n


The smart card is supported by the product.

vSEC:CMS C-Series streamlines all aspects of a smart card management system

vSEC:CMS Product Features

The table below highlights the key features included in the vSEC:CMS product suite. Further detailed information about each product is provided from this table.

Product Features

K-Series S-Series C-Series

User Side Smart Card Operations

  • Change User PIN
  • Offline Unblock User PIN (User Side)
  • Certificate Listing
  • Card Information
  • Support for a large set of smart cards

Operator Side Smart Card Operations

  • Admin Key Change
  • Online Unblock User PIN
  • Offline Unblock User PIN (Operator Side)
  • User PIN Policy Update
  • User Fingerprint Policy Update
  • Certificate Management (pfx or p12 Import, Delete)

Advanced Operator Side Smart Card Operations

  • Admin Key Diversification
    from Hardware Protected Masterkey
  • Batch mode support



  • Card Repository
  • SQL Support
  • Backup / Restore
  • Multi-forest & Multi-domain

Smart Card Management System Features


Advanced Management Features

  • User Self-service and MS Credential Provider
  • Key archive and key restore
  • Smart Card Stock Management
  • Granular Operator Permissions and Access Control
  • Card Printing
  • Photo Capturing
  • Connection with other systems:
    • Certification Authorities (MS CA, Entrust, DigiCert, EJBCA, GlobalSign...)
    • User Directories (LDAP, MS AD)
    • Physical Access System (RFID)
    • Windows Event Log
    • Mail Server (for PIN mailing)
    • Hardware Security Module (HSM)


  • Server-Side
    • SQL Database Interface
    • SOAP Helpdesk API
    • SOAP Lifecycle API
  • Client-Side (Operator Console and User Self-Service)
    • COM API
    • Web Start API
    • Plugin API
    • Physical Access System (PACS) API

The feature is included in the product.
L1 Only available in Secure System Mode of vSEC:CMS K-Series.

2019-05-21: Need to unblock a PIN code using #vSECCMS and not sure of the best method? Check out our latest blog,… https://t.co/vkRkQW4BSz

2019-05-15: Will Houry, @Versasec VP of Sales, is presenting at @cryptovision #cvmindshare19 - great event and really interesti… https://t.co/3C2iWIeB9M

To download Versasec software, please register below and approve the End-User License Agreement

Start effectively managing your organization’s security today.
Click here to download a trial version of vSEC:CMS S5.5