Yubico YubiKey 5 NFC/5C/5 Nano/5C Nano
Versasec will change your views on how to manage the lifecycle of Yubico YubiKeys forever. vSEC:CMS and vSEC:CLOUD for YubiKey is an innovative, easily integrated credential management system. It streamlines all aspects of securely managing these credentials by connecting to enterprise directories, certificate authorities, email servers, log servers and PIN mailers. The full list of features in bottom of this page.
From Yubico:
Yubico (Nasdaq First North Growth Market Stockholm: YUBICO) is the inventor of the YubiKey, the gold standard in phishing-resistant multi-factor authentication (MFA), and a creator and contributor to FIDO open authentication standards. The company is a pioneer in delivering hardware-based passwordless authentication using the highest assurance passkeys to customers in 160+ countries. For more information, visit: www.yubico.com
vSEC:CMS Overview
- Fast implementation that takes minutes, rather than weeks or months
- Intuitive user interface that improves operational efficiency
- No hidden costs and low total cost of ownership
- Consistently high security level without exception
- Large scale capabilities, available from day one
This section shows what user directories, certificate authorities (CAs), Hardware Security Modules (HSMs) and other internal and external software and hardware that vSEC:CMS can work with to provide the ideal identity and access management system for our customers.
Technical Specifications |
|
Operating Systems | macOS |
Windows 10, 11 | |
Windows Server 2016, 2019, 2022 | |
Security Features | Approval work flows |
Connects logical and physical access control | |
Disaster recovery for stolen/lost tokens | |
Encrypted audit log | |
Granular access control | |
Key archival and key restore processes | |
Roles | |
Secure backup and synchronization of databases | |
Secure key storage | |
Smart card stock/inventory management | |
Support for fingerprint template management | |
Performance | The system is tested and is functional with 300,000 registered user smart cards and 100 parallel operators interacting with the system |
User Directory | Flexible Directory-PKI connector using alternative IDs |
IBM LDAP | |
LDAP V2/V3 | |
Microsoft Active Directory | |
Microsoft Entra ID (formerly Azure AD) | |
OpenLDAP | |
Certification Authority | certSIGN certSAFE CA |
DigiCert Cert Central | |
DigiCert ONE | |
DigiCert PKI Platform | |
Entrust Gateway | |
Entrust Security Manager | |
EverTrust CA | |
FISid Certificate Management Suite | |
GlobalSign Certificate Center (GCC) | |
IDNomic PKI | |
Keyfactor EjbCA Community and Enterprise | |
Microsoft Certificate Authority | |
MTG CA | |
Nexus Smart ID Certificate Manager | |
Sectigo Certificate Manager | |
Verizon UniCERT | |
Database | Backup / Restore |
Card Repository | |
Multi-forest & Multi-domain | |
SQL Support (Native Client: 9.0, 10.0 and 11.0) | |
HSM | AEP KeyperPLUS |
Entrust nShield | |
Futurex VirtuCrypt | |
Securosys Primus | |
Thales Luna Cloud HSM | |
Thales Luna HSM | |
Thales Luna T-Series HSM | |
Thales ProtectServer HSM | |
Utimaco SafeGuard CryptoServer | |
Card Printer | DataCard CR805 |
DataCard SR300 | |
Evolis Primacy | |
HID Fargo HDP 5000 | |
HID Fargo HDP 5600/6600 | |
Magicard Prima 4 | |
Matica 8300 | |
Logging | Option to log events to the Windows Event Log |
Other CMS | Upgrade path from vSEC:CMS K-Series |
Migration path from competing CMS products (inquire for more details) |
The vSEC:CMS for YubiKey is fully functional with the YubiKey PIV and it streamlines all aspects of a management system by connecting to enterprise directories, certificate authorities, physical access control systems, email servers, log servers, biometric fingerprint readers, PIN mailers etc. With vSEC:CMS for YubiKey organizations can issue YubiKeys to employees, personalize the YubiKey with authentication credentials and manage the lifecycle of the YubiKey – directly from the off-the-shelf product.
We Manage Our YubiKeys Manually – Why Change?
Managing YubiKeys manually results in additional work and increases the possibilities of security breaches. For example, the administration key of the YubiKey will need to be stored in a file that references the user to whom it is issued. This file could be used maliciously by someone to ascertain the key value; consequently, the YubiKey could easily be reset with a new PIN by acquiring knowledge of the administration key. A CMS removes threats like these and provides many other benefits, such as full lifecycle management, a connection to the Certificate Authority, secure PIN unblock procedures, User Self Service and more.
Why Do You Need A CMS?
A CMS is required, for the following reasons::
- To centralize YubiKey personalization, management and revocation tasks into one system
- To reduce costs
- To simplify installation and usage workflows
- To enhance Security
Manage the complete Lifecycle
Manage the complete Lifecycle of the YubiKey from one simple view. Management can be delegated and granular access levels can be set. The Lifecycle
This Is How Easy It Is!
We support many different use cases and the configuration options and feature set is vast. But it’s easy to get started. The most common use case is being able to issue a YubiKey with a Windows logon certificate to a user in a secure way. Follow our guides and this can be accomplished in minutes rather than days. Once you have the initial use case configured you can build from there adding User Self Service, Remote Operators and support for other secure devices including Virtual Smart Cards.
Use Case – Windows Logon
We will guide you through the initial setup all the way to you issuing and managing the lifecycle of your YubiKeys. Follow this guide on our Support Portal: Manage PIV Smart Card Tokens
Note: The PKI used in this example use case will be an MS CA. Other PKIs are also supported.
Unblock YubiKey User PIN
We offer a unique way to increase the security of unblocking the YubiKey User PIN. This is done by encapsulating the PUC (PIN Unblock Code) in a Challenge Response Workflow.
Key Archival and Key Recovery
It is possible for a YubiKey to generate a user key on the YubiKey, which is highly secure, but it is not possible for the key to be recovered if the user misplaces the YubiKey. As a result, for encryption of certificates and keys, YubiKeys are used to store only certificates and keys generated by vSEC:CMS, so the keys can be stored securely in the vSEC:CMS database secured by the Master Key and are recoverable if needed.
Webinar and Instruction Videos
Webinar: Versasec vSEC:CMS + YubiKeys = A new PIV Smart Card Integration (7.13.16)
Reissue Certificate on YubiKey PIV Token
Central Issuance of YubiKey PIV Token
Offline PIN unblock of YubiKey PIV token
Online PIN unblock of Yubi PIV token
Issuance of Yubi PIV Token using vSEC:CMS Credential Provider
Batch Issue YubiKey Tokens Using vSEC:CMS
Evaluation – Download Today!
Register and download vSEC:CMS directly from versasec.com here.
Once downloaded and installed vSEC:CMS is ready for use in Evaluation Mode. During the evaluation, you can configure your environment with up to 5 licenses and your own use cases. Each license manages one credential. Additional licenses can be acquired as a subscription or by perpetual license.
Scalability
The vSEC:CMS scales with your project. With the new load balancing capability, there is no upper limit!
Product Sheet
Download the vSEC:CMS product sheet here.
vSEC:CMS
More information about the complete vSEC:CMS product suite can be found here.
Migrate to vSEC:CMS
vSEC:CMS includes upgrade wizards that enables quick and simple upgrade paths from third party credential management systems.
Check out the details on how to upgrade from:
Resellers
The product can be purchased from authorized vSEC:CMS integrators and resellers, or contact Versasec directly to let us help you find the best way forward.
vSEC:CMS
Our product suite provides all the software tools to administrate and manage credentials in a secure and convenient way.
Free Product Trial
Versasec provides enabling IT security products centered on the usage of security devices such as smart cards. Our solutions enable customers to securely authenticate, issue and manage user credentials more cost effectively. Get a free product trial.
Job Openings
We are always looking for new exceptional persons to join our team! Find out more about our job openings.
New to credential management?
SCMS = Smart Card Management Systems
CMS = Credential Management System
Have a look at the Wikipedia definition of a ‘Smart Card Management System’.
Versasec Support
Versasec customers with an existing support and maintenance contract can access the Versasec Support Portal, offering extensive professional support and maintenance services. The Versasec Support Portal offers a variety of services, allowing for customers and any site visitor to communicate directly with support engineers.
Company Blog
Our blog addresses the latest security trends and stories. The posts discuss how identity and access management are playing a larger role in keeping corporate data safe as well as brand reputations intact.