vSEC:CMS C-Series

vSEC:CMS will change your views on how to manage the lifecycle of smart cards/secure tokens. The vSEC:CMS C-Series is an innovative, easily integrated and cost effective Smart Card Management System or Credential Management System (SCMS or CMS) that will help you deploy and manage smart cards within your organization. Organizations can run vSEC:CMS C-Series in public clouds, private clouds and hybrid clouds.

versasec media
vSEC:CMS Connectors (see figure above)
  1. 1. Smart card printer for batch operations
  2. 2. User directory for looking up users
  3. 3. File and database servers
  4. 4. Secure transport of PIN codes
  5. 5. Event & log management
  6. 6. User photo capture
  7. 7. Certificate/PKI services
  8. 8. Physical access control systems
  1. 9. Hardware security module
  2. 10. Secondary/out-of-band communication
  3. 11. Key archival & key recovery
  4. 12. Credential provider -login screen interface
  5. 13. Remote security device management
  6. 14. User self-service application
  7. 15. Physical & virtual smart cards/tokens
  8. 16. Administrative operator console

The vSEC:CMS C-Series is fully functional with minidriver enabled smart cards and it streamlines all aspects of a smart card management system by connecting to enterprise directories, certificate authorities, physical access control systems, email servers, log servers, biometric fingerprint readers, PIN mailers etc. With vSEC:CMS organizations can issue smart cards to employees, personalize the smart card with authentication credentials and manage the lifecycle of the smart card - directly from the cloud.

Secure

The cornerstone of the vSEC:CMS security is that all sensitive data and keys are secured using hardware. Operators of the system are securely authenticated using two-factor authentication and all usage is securely audited for full traceability. The main task of a secure device management system is to connect security devices (such as smart cards) to user identities in enterprise systems (such as user directories) and maintain this connection throughout the lifecycle of the security device. That implies need of communication with several external systems. In vSEC:CMS C-Series, only proven and secure standards for these connectors are used.

Get started today

Contact Versasec to setup a Webinar or check with your local Versasec reseller.
vSEC:CMS C-Series is available on the Azure Marketplace.
Support for more cloud vendors will follow.

System Owner Card

The System Owner Card – one required per system. The CMS operator applet (or application) will be installed on this token. It will be necessary to use this token to initialize the C-Series on first use. Once the system has been initialized and setup it is recommended that the System Owner Card is stored away in a safe.
To purchase a server license and receive a System Owner Card contact Versasec or check with your local Versasec reseller.

This Is How Easy It Is!

We support many different use cases and the configuration options and feature set is vast. But it’s easy to get started. The most common use case is being able to issue a Smart Card with a Windows logon certificate to a user in a secure way. Follow our guides and this can be accomplished in minutes rather than days. Once you have the initial use case configured you can build from there adding User Self Service, Remote Operators and support for other secure devices including Virtual Smart Cards.

Use Case Guide: Windows Smart Card Logon

We will guide you through the initial setup all the way to you issuing and managing the lifecycle of your secure devices. Follow this guide on our Support Portal: Windows Smart Card Logon
Note: The PKI used in this example use case will be an MS CA. Other PKIs are also supported.

Documentation

Complete Documentation is found on our Support Portal

vSEC:CMS Suite

More information about the complete vSEC:CMS product suite can be found here. vSEC:CMS Suite

Update from 3rd Party SCMS

vSEC:CMS S-Series includes updgrade wizards that enables quick and simple upgrade paths from third party smart card management systems. Check out the details here on how to upgrade from Gemalto DAS / IDAdmin 100 and here on how to upgrade from Microsoft MIM/FIM CM.

Resellers

The product can be purchased from authorized vSEC:CMS integrators and resellers, via our partners reseller network or contact Versasec directly to let us help you find the best way forward.

Videos

The vSEC:CMS video content can be found here.

Product News

vSEC:CMS C-Series Version 5.2 is now available. Version 5.2 of vSEC:CMS C-Series is a major new version of the product with focus on improved interfaces to smart cards, user directories, certificate authorities and management of client components. The version does not only include the impressive list of new features below, but also has a long list of general improvements and corrections.

  • Inventory for software version management (RSDM, USS and VSC) to improve management of vSEC:CMS software components installed on managed devices
  • The FixDN feature, finding and correcting broken links between user ID stored in vSEC:CMS and user directory (AD), has been updated and improved
  • Functionality to retrieve directory (AD) attributes, from the users’ managers
  • Support for Symantec MPKI 7.5 - enabling certificate issuance from Kuwait Government PKI, PACI
  • The virtual contact interface (VCI) bits in Discovery Object on PIV cards can be configured to set VCI PIN behavior
  • Updated interface to ypsID S3 smart card to support version 3
  • Support for fingerprint enrollment for ypsID S3 smart cards
  • Support for Longmai mToken CryptoID
  • Support for SPE (Secure PIN Entry) on Oberthur 8.1 PIV cards
  • Management for PIV FASC-N Credential Numbers
  • Complete support for Gemalto IDPrime MD 830 vSEC:CMS Java card as system owner and operator card
  • Updated interface to Thales nShield HSM
  • See the updated list of supported smart cards here

Supported Smart Cards

Versasec strives to support as many smart card types as possible in all of Versasec's products. The number of supported smart card types is continuously increasing with every new product version. The table below is showing the supported smart cards. If you are using a smart card that is not on the list, please contact Versasec to check if and when your smart card will be supported.

 

vSEC:CMS

Supported Smart Cards

K

S

C

ACS ACOS5-64

ACS CryptoMate64

Athena CNS

Athena IDProtect Key Nano USB

Athena IDProtect Key USB Token

Athena IDProtect Smart Card

Avtor CryptoCard337

CardOS 4.4/5.3

 

Cryptovision ePKI Applet

 

Feitian ePass2003 Token

Gemalto IDPrime .NET 510/5500

Gemalto IDPrime MD 830/840/3810/3840

Gemalto IDPrime PIV Card 2.1

 

Gemalto Safenet eToken

HID C200

HID C1150

Identiv uTrust MD

 

Longmai mToken CryptoID

 

Microsoft minidriver enabled smart cards

Mifare DESFIRE EV1

 

Morpho ypsID S2

Morpho ypsID S3

 

Oberthur Authentic

Oberthur IAS ECC

Oberthur PIV 8.1

 

Open FIPS 201 Applet

 

Raak Technologies C2

SafeTrust-PIV on Placard

 

Taglio C2

 

Taglio PIVKey

 

TCOS TeleSec IDKey

 

Virtual Smart Cards (more info...)

 

Yubico YubiKey 5 NFC/5C/5 Nano/5C Nano

 

Yubico YubiKey 4/4 Nano/4C/4C Nano

 

Yubico YubiKey NEO/NEO-n

 

The smart card is supported by the product.

vSEC:CMS C-Series streamlines all aspects of a smart card management system

vSEC:CMS Product Features

The table below highlights the key features included in the vSEC:CMS product suite. Further detailed information about each product is provided from this table.

Product Features

K-Series S-Series C-Series

User Side Smart Card Operations

  • Change User PIN
  • Offline Unblock User PIN (User Side)
  • Certificate Listing
  • Card Information
  • Support for a large set of smart cards

Operator Side Smart Card Operations

  • Admin Key Change
  • Online Unblock User PIN
  • Offline Unblock User PIN (Operator Side)
  • User PIN Policy Update
  • User Fingerprint Policy Update
  • Certificate Management (pfx or p12 Import, Delete)

Advanced Operator Side Smart Card Operations

  • Admin Key Diversification
    from Hardware Protected Masterkey
  • Batch mode support

L1

Database

  • Card Repository
  • SQL Support
  • Backup / Restore
  • Multi-forest & Multi-domain
 

Smart Card Management System Features

 

Advanced Management Features

  • User Self-service and MS Credential Provider
  • Key archive and key restore
  • Smart Card Stock Management
  • Granular Operator Permissions and Access Control
  • Card Printing
  • Photo Capturing
  • Connection with other systems:
    • Certification Authorities (MS CA, Entrust, DigiCert, EJBCA, GlobalSign...)
    • User Directories (LDAP, MS AD)
    • Physical Access System (RFID)
    • Windows Event Log
    • Mail Server (for PIN mailing)
    • Hardware Security Module (HSM)
 

Integrations/APIs

  • Server-Side
    • SQL Database Interface
    • SOAP Helpdesk API
    • SOAP Lifecycle API
  • Client-Side (Operator Console and User Self-Service)
    • COM API
    • Web Start API
    • Plugin API
    • Physical Access System (PACS) API
   

The feature is included in the product.
L1 Only available in Secure System Mode of vSEC:CMS K-Series.

2018-10-16: The team @Versasec has launched #vSECCMS S5.3 with support for @Gemalto #smartcards and #etokens and @Yubicohttps://t.co/ql7hvVsj7e

2018-10-16: Version 5.3 of our flagship #IAM solution, #vSECCMS, is now available. Check out our blog about the news here:… https://t.co/AMvIHLHLCG

To download Versasec software, please register below and approve the End-User License Agreement

Start effectively managing your organization’s security today.
Click here to download a trial version vSEC:CMS 5.3