Language Switcher

Quotation cart

Your quote cart is empty!
Versasec vSEC:CMS S-series User Licence (Server version) SMARTJAC best practise for a Large & Medium size enterprise. vSEC:CMS will change your views on how .. Product #: SMAV100MSC-S based on 0 reviews

vSEC:CMS S-series User Licence (Server version)

Brand: Versasec
Product Code: SMAV100MSC-S

The vSEC:CMS S-Series is fully functional with minidriver enabled smart cards and it streamlines all aspects of a smart card management system by connecting to enterprise directories, certificate authorities, physicalaccess control systems, email servers, log servers, biometric fingerprint readers, PIN mailers... the list goes on. With vSEC:CMS organizations can issue smart cards to employees, personalize the smart card with authentication credentials and manage the lifecycle of the smart card - directly from the off-the-shelf product.


versasec media


vSEC:CMS Connectors (see figure above)
1. Smart card printer for batch operations
2. User directory for looking up users
3. File and database servers
4. Secure transport of PIN codes
5. Event & log management
6. User photo capture
7. Certificate/PKI services
8. Physical access control systems
9. Hardware security module
10. Secondary/out-of-band communication
11. Key archival & key recovery
12. Credential provider -login screen interface
13. Remote security device management
14. User self-service application
15. Physical & virtual smart cards/tokens
16. Administrative operator console


The vSEC:CMS S-Series is fully functional with minidriver enabled smart cards and it streamlines all aspects of a smart card management system by connecting to enterprise directories, certificate authorities, physical access control systems, email servers, log servers, biometric fingerprint readers, PIN mailers... the list goes on. With vSEC:CMS organizations can issue smart cards to employees, personalize the smart card with authentication credentials and manage the lifecycle of the smart card - directly from the off-the-shelf product.

vSEC:CMS S-Series Version 5.1 is now available

New in this version:

  • This a major new version of the product with focus on the Remote Security Device Management (RSDM) functionality, Virtual Smart Cards and TPM management. The version has 14 new features and more than 20 fixes. The release notes can be found here.
    Here are some of the benefits of version 5.1:
  • RSDM TPM management and data collection
  • Machine UUID check in the RSDM onboarding process
  • Support for Microsoft Group Policies (GPO) to manage deployment and configuration changes of vSEC:CMS USS and vSEC:CMS RSDM
  • Functionality to centrally collect events from managed devices, which better supports helpdesk personal in troubleshooting client devices regarding vSEC:CMS client components
  • Improved client (user self-service, RSDM and Operator Console) handling of communication under heavy load
  • Monitoring and notification of HSM outages are now included in the vSEC:CMS System Status
  • The FIM migration wizard is now updated to include more user, card and certificate information in the migration process from Microsoft FIM CM to vSEC:CMS
  • More granular access control configurations for vSEC:CMS access to SQL database
  • Provides additional details about currently logged-on operators through the Operator Console
  • New Operator Dashboard view, providing an overview of the current status of clients managed within vSEC:CMS


vSEC:CMS S-Series Version 5.0 is now available.

New in this version:

Version 5.0 is a major new version of the product with significant changes in the product architecture. It is mainly focused on enabling deployment in large scale projects especially regarding Remote Security Device Management (RSDM) and User Self-Service (USS).The version has over 25 new features and more than 60 minor fixes, below is a summary of the major new features:

  • Load balancing capabilities to increase server-side bandwidth
  • Improved self-service enrollment workflow, triggered based on user directory group membership
  • Improved management capabilities for handling pending RSDM issuance requests
  • Support for Java cards as operator and system owner cards
  • API updates on the plugin interface
  • User interface updates
  • Smart card applet management (loading/removal) has been integrated into vSEC:CMS life cycle operations.
  • Support for Open FIPS 201 smart card applet has been added.
  • Support for Oberthur PIV 8.1 smart cards
  • Gemalto SafeNet Luna Network HSM v7 is now supported


versasec media


vSEC:CMS S-Series Version 4.9 is now available.

New in this version:

  • RSDM device synchronization makes it easier to synchronize repository information in vSEC:CMS when there are changes detected on the device, including manually destroying a virtual smart card, or changing the computer name.
  • A FORCE UP broadcast mode on RSDM clients optimizes bandwidth usage.
  • Improved Help and showing the number of pending tasks in the main menu bar.
  • Support for challenge/response when performing offline PUC based unblock on PIV-enabled devices.
  • Support for SCP03 and Global Platform key change, strengthening the security of Java Card management and offering support for smart card printer HID-Fargo SDK version 2.1 to enable improved batch processes.
  • Support for the SafeTrust-PIV on Placard.
  • UniCERT RA credentials can now be HSM-based, for increased security.
  • The Data Export functionality is now also available at smart card issuance, enabling functions such as printing PIN mailers.
  • An optional external permission check, dependent upon Microsoft AD group membership, enables more granular access control.
  • New SQL schema for all vSEC:CMS related database tables, enables better scalability and larger data sets, and new server-side SOAP API to better integrate vSEC:CMS into helpdesk application workflows, including PIN Unblock.


vSEC:CMS S-Series Version 4.8 is now available.

New in this version:

  • We've released vSEC:CMS S-Series version 4.8. Here are some of the other benefits of Version 4.8:
    By using the vSEC:CMS User Self-Service Credential Provider, it's now possible to issue credentials from the MS-Windows logon screen
  • The vSEC:CMS User Self Service application supports customized dialog and error messages
  • With the vSEC:CMS user notification system, users can receive enhanced system notifications for smart card expirations
  • added enforcement for server-managed PIN policies
  • Improvements have been to the retire procedure for managed security devices (RSDM) including remote destruction of possible Virtual Smart Cards on such devices
  • The vSEC:CMS server repository allows for synchronization of security device information (RSDM)


vSEC:CMS S-Series Version 4.7 is now available.

New in this version:

  • We've released vSEC:CMS S-Series version 4.7. This latest version includes some of the key features you've asked for, including a new server-based search algorithm that improves smart card repository search speed when using SQL databases, and new role-generation templates. Here are some of the other benefits of Version 4.7:
  • Extends smart card lifecycle management with pre-issuance data so it supports graphical personalization (printing) before the card is registered with vSEC:CMS. Can also assign smart cards to specific users and/or card templates before the issuance process takes place.
  • Provides push notifications for Remote Security Device Management (RSDM).
  • Offers configurable personal identity verification (PIV) object signing.
  • Includes connections to both IBM-LDAP and OpenLDAP.
  • Allows for changes to the vSEC:CMS service logging without restarting the service.
  • Provides smart card serial numbers collection for card stock management.
  • Enables granular, role-based access control through variable-based issuance verification.
  • Includes finer optional access control, making use of Microsoft Active Directory Extended Rights.


vSEC:CMS S-Series Version 4.6 is now available.

New in this version:

The main focus of this version is to enable simplified work flows. The new features include:

  • vSEC:CMS Windows Credential Provider - enables vSEC:CMS user self-service features directly from the Windows logon screen
  • DigiCert CA - built-in connector the DigiCert Certificate Authority
  • Alt-Security-Identities - update of altSecurityIdentities user attribute in Active Directory as part of smart card life cycle operations
  • Stock Management - smart card inventory management functionality
  • New HSM connector - Gemalto SafeNet ProtectServer HSM
  • Charismatics - vSEC:CMS now enables management of Charismatics Virtual Smart Cards


vSEC:CMS S-Series Version 4.5 is now available.

New in this version:

Version 4.5 of the vSEC:CMS S-Series. This previous version allows for centralized management of virtual smart cards, supports new smart card types from 15 vendors, and supports additional client and server platforms.

Among its key features are its remote security device management (RDSM) capabilities, which enable centralized management for virtual smart cards.
This version also supports Yubikey tokens from Yubico for personal identity verification (PIV) use cases.

This new version of vSEC:CMS also has these attributes:

  • Remote Security Device Management (RSDM) enables central management of virtual smart cards.
  • Yubikey tokens from Yubico are now supported for PIV use cases.
  • Thales nShield HSM can now be used for CMS master keys
  • Additional SMS provider (Certificall, Clickatell, Tyntec, Dolphin) are now supported to be used for mobile notifications
  • Customizable interface for setting up connections to external components such as PKIs, Printers, Databases....
  • Features a new and improved system log repository
  • Offers reports listing operators in the system by AD account name
  • Includes the new Plugin API Version (2)
  • Offers connectivity with GlobalSign’s Managed PKI certificate issuance and lifecycle management platform
  • Supports Datacard SR300 card printers….


versasec media


Smart cards are secure devices that are used for many purposes, with perhaps the most important being as combined identification badges for enterprises.

With all professional smart card use, the cards must be managed across the entirety of the smart card lifecycle.

At the base level, personalization tasks include setting PIN codes, setting policies, loading certificates, provisioning and setting management keys.

At the management level, tasks include unblocking PIN codes, setting new PIN codes, and renewing and issuing new certificates.

Revocation typically ends the smart card lifecycle, but it is also the point when the card can be personalized again.

All of these tasks and many more are handled by the vSEC:CMS smart card management system. 

Lifecycle management

All smart card operations within vSEC:CMS focus on the smart card lifecycle.

We use a state diagram to graphically visualize the lifecycle;

the diagram clearly shows the operator each card, its location in the lifecycle and available actions/processes from this state.

The same diagram is also used by the administrator when configuring the processes.

vSEC:CMS S-Series Battle Card 

Customer Value Proposition

reside on a dedicated device reduces their exposure to
attacks and the proliferation of copies.
The vSEC:CMS S-Series is an innovative, easily integrated
and cost effective Smart Card Management System (SCMS
or CMS) that will help you deploy and manage smart cards
for organizations of all sizes.

Customer Business Challenges

 Centralize smart card personalization, management
    and revocation tasks into one system
 Reducing costs
 Simplify installation & usage workflows
 Enhance Security

Target Customer Profiles

Size: Any number of employees
 Government Entities
 Industry Sectors include: Healthcare, Banking,
Education, Finance, Insurance and Manufacturing

Key Selling Points

Fast implementation that takes minutes, rather than weeks
Intuitive user interface that improves operational efficiency
No hidden costs and low total cost of ownership
Consistently high security level without exception
Large scale capabilities, available from day one
Integration with customer ecosystem:
o Physical access control
o Wide range of cards (physical and virtual)
o Most card printers (with advanced batchmode)
o Many PKIs/CAs
o IDM systems
o All major HSMs
o Migration wizards from competing products
Customization options
o Flexible focused on project requirements
o Workflow customization

Sales objection handling

We don’t use a smart card management system (SCMS),
but instead manage our smart cards manually. Why is this bad practice?
Managing smart cards manually will result in a lot of
additional work and also reduce the security levels. For
example, the administration key of the smart card will need
to be stored in a file with a reference to the user it is issued
to. This file could be used maliciously by someone to
ascertain this key value and consequently the card could
easily be reset with a new PIN by acquiring knowledge of
the administration key. By using a SCMS this threat is
removed along with many other benefits, such as full
lifecycle management, connection to Certificate Authority,
secure PIN unblock procedures and many more.

We already use digital certificates: why do we need strong
Digital certificates can be used to impersonate their owner if their usage is not managed by a secure device that will
protect them from brute force attack. Besides, having them
reside on a dedicated device reduces their exposure to
attacks and the proliferation of copies.

Why should I choose the vSEC:CMS S-Series instead of
another SCMS solutions in the market?
The vSEC:CMS S-Series is designed to be easy to install,
configure and use. An operator will be able to setup and
manage their smart cards in minutes rather than weeks or
months. There are no hidden costs and security level is
high. The cost of the solution is more than competitive when
compared to the other SCMS products on the market.

Use Case Scenarios

S1. Windows Smart Card Logon

large bank decided to implement stronger security
measures using smart cards to improve the authentication
process along with reducing the cost of maintaining complex
password and integrate the smart card into the Single Sign
On solution. The approach taken was to use smart cards as
an employee badge. The employees can physically access
the office premises using the RFID chip on the smart card
and logically access the bank corporate network by
performing strong two-factor authentication for Windows
smart card logon.

The vSEC:CMS T-Series was chosen to manage the smart
cards throughout their lifecycle. By choosing the vSEC:CMS
T-Series the bank was able to quickly, securely and easily
manage and issue their employees with strong two-factor
authentication tokens. The customer also wanted to ensure
that the operator who is issuing the smart cards for the user
cannot misuse the identity of a user by using the issued
user’s smart card; enable full traceability so that it is
possible to view which operator’s issued or revoked a
specific smart card; and issue several ID's on the same card
to, for example, allow the smart card owner to logon to
different domains using the same card. All of these flows are
provided by the vSEC:CMS T-Series.

S2. BYOD with Virtual Smart Cards

Corporations increasingly rely on Bring Your Own Device
(BYOD) policies, which challenges IT departments in
ensuring these disparate devices are provisioned with
strong credentials. Devices embedded with a TPM can be
managed with vSEC:CMS.
1. An employee wishes to use his Windows tablet with an
embedded TPM for corporate network access.
2. A vSEC:CMS operator creates a Windows tablet template
in vSEC:CMS, which creates a Virtual Smart Card and
issues a network logon certificate credential.
3. Using the wizard-driven processes in the vSEC:CMS
User Self-Service application which is installed on his
Windows tablet, the employee can create and issue the
network logon certificate credential to his device.
4. The employee can now use his Windows tablet to
perform two-factor authentication to log onto the corporate

versasec media

The vSEC:CMS S-Series is an innovative, easily integrated and cost-effective smart card management system that helps organizations deploy and manage smart cards quickly and efficiently. The vSEC:CMS S-Series is clientserver based.

It streamlines all aspects of smartcard management by easily connecting to enterprise directories, certificate authorities, smart card printers,external databases, physical access control systems,and more.

The S-Series is designed for several operators and users working in parallel without a need for synchronization;

each operator requires access to the operator application and the operator’s operator smart card only.

 Operating Systems:

  • Client/Operator/User Self-service:
  • MS Windows 7, 8, 10, 2008, 2012, 2016


  • MS Windows 2008, 2012, 2016

 Smart Cards:

  • Gemalto .NET, .NET BIO, IDPrime PIV & MD
  • Raak Technologies C2
  • Morpho ypsID S2/S3
  • Athena CNS & IDProtect
  • Safenet eToken PRO
  • ACS ACOS5-64 & Cryptomate64
  • Oberthur Authentic, IAS ECC & PIV, PIV 8.1
  • Feitian ePass2003 Token
  • Avtor CryptoCard337
  • HID C200, C1150
  • Taglio C2, PIVKey 
  • T-Systems TCOS
  • Yubico YubiKey PIV
  • SafeTrust-PIV on Placard
  • Virtual smart cards (MS, vSEC & Charismatics)
  • Mifare DESFIRE EV1
  • Java Card with Cryptovision eID Applet v2.8
  • Java Card with Open FIPS 201 Applet v2.8
  • MS Minidriver enabled cards 

 Card Features:

  • Printer support for graphical personalization
  • PIN mailers (both email and regular mail)
  • Contactless RFID interface
  • Batch processing
  • Card stock management


  • User directory: MS Active Directory, IBM-LDAP,
    OpenLDAP and LDAP v2/v3
  • Card DB: SQL comp or local file
  • Certificate Authority: MS CA, Entrust, Symantec
    MPKI, EJBCA, neXus PKI, Opentrust PKI and
    Verizon UniCERT CA, DigiCert CA
  • HSM: Gemalto SafeNet Luna, Utimaco HSM and Engage BlackVault
  • Card Printers: Fargo HDP5000, Datacard SR300,
    Magicard Prima 4 and Evolis Primacy
  • Migration path to and from MS FIM/CLM
  • Upgrade path from vSEC:CMS K and T-Series
  • Upgrade path from Gemalto IDAdmin 100/DAS vSEC:CMS Plugin API, Scripting, WebStart

 Security Features:

  • Secure key storage
  • Secure backup and synchronization of databases
  • Disaster recovery for stolen/lost tokens
  • Encrypted audit log
  • Granular access control
  • Approval work flows
  • Connects logical and physical access control
  • Key archival and key restore processes
  • Fingerprint template management
  • Failover clustering for high availability


  • The system is tested and is functional with
    300 000 registered user smart cards and 100
    parallel operators interacting with the system
  • Load balancing for high scalability
There are no reviews for this product.
Write a review
Facebook comment


Search product name

Newsletter signup

Subscribe to our mailing list
* indicates required
By subscribing you accept our