vSEC:CMS S-series User Licence (Server version)

The vSEC:CMS S-Series is fully functional with minidriver enabled smart cards and it streamlines all aspects of a smart card management system by connecting to enterprise directories, certificate authorities, physicalaccess control systems, email servers, log servers, biometric fingerprint readers, PIN mailers... the list goes on. With vSEC:CMS organizations can issue smart cards to employees, personalize the smart card with authentication credentials and manage the lifecycle of the smart card - directly from the off-the-shelf product.

 Versasec is an IAM provider that helps businesses manage their access-enabling devices.

vSEC:CMS Connectors (see figure above)

1. Smart card printer for batch operations
2. User directory for looking up users
3. File and database servers
4. Secure transport of PIN codes
5. Event & log management
6. User photo capture
7. Certificate/PKI services
8. Physical access control systems
9. Hardware security module
10. Secondary/out-of-band communication
11. Key archival & key recovery
12. Credential provider -login screen interface
13. Remote security device management
14. User self-service application
15. Physical & virtual smart cards/tokens
16. Administrative operator console

The vSEC:CMS S-Series is fully functional with minidriver enabled smart cards and it streamlines all aspects of a smart card management system by connecting to enterprise directories, certificate authorities, physical access control systems, email servers, log servers, biometric fingerprint readers, PIN mailers... the list goes on. With vSEC:CMS organizations can issue smart cards to employees, personalize the smart card with authentication credentials and manage the lifecycle of the smart card - directly from the off-the-shelf product.

vSEC:CMS S-Series Version 5.9 is now available.

Enhancements found in vSEC:CMS S5.9 include the following:

  • Update CA/PKI connections to: digicert ONE, Entrust: CA and neXus
  • New smart card printers supported from both Fargo and Datacard
  • Extended PIV credential management functionality
  • Closer integrations with prioritized Thales Digital Identity & Security products
  • Extended Yubico YubiKey functions
  • Major updates to the vSEC:CMS Operator Console in regards to UX (new graphics). performance (faster communication), convenience (SSO logon) and
  • supportability (unique dialog identifiers)
  • Brand new upgrade procedure: Updating to the latest version of vSEC:CMS now requires a Maintenance Code 
  • New Microsoft AD-GlobalCatalog (GC) search functionality
  • First Beta version of vSEC:CMS User Self-Service for Apple macOS

------------------------------------------------------------ 

vSEC:CMS S5.7 adds support for the following:

  • WHfB (Windows Hello for Business) containers managed like any other Physical or Virtual Smart Card
  • OpenID Connect (OIDC) for secondary/recovery IdP authentication
  • Thales/Gemalto Data Protection on Demand (DPoD) 64-bit integration
  • Extended support of CryptoVision PKI applet
  • Important Thales/Gemalto credential additions: MultiApp V4x, eToken 5110 CC (940), and IDPrime PIV 2.1.
  • Optional automatic revocation
  • Graphical card layout print testing
  • Updated operator user experience (UX)
  • Advanced PIN generation options
  • Updated list of supported credentials

-----------------------------------------------------------------

vSEC:CMS 5.5 adds support for the following:

  • Fingerprint enrollment using Oberthur PIV 8.1 smart cards
  • Gemalto IDPrime MD 3940 smart cards
  • Gemalto PIV 3.0 smart cards
  • Identiv uTrust MD smart cards
  • R-END/R-MAC in the GlobalPlatform secure messaging for Oberthur PIV 8.1 (2.4.1-SPE)
  • PUC-based challenge/response PIN unblock for all vSEC:CMS supported PIV smart cards

New features within vSEC:CMS include the following:

  • Subscription-based licensing
  • Ability to export certificate data when performing life cycle / certificate operations.
  • Option to server-side import PKCS#12/PFX files for smart card issuance
  • HSM protected GlobalPlatform keys for Oberthur PIV 8.1 cards
  • Smart card delete function is added to the SOAP API
  • New configuration option to set if Operator Console shall do certificate requests to Microsoft CA directly or via vSEC:CMS server (proxy)
  • Added functionality to allow for the reconfiguration of MS SQL connection when the local internal database is empty
  • Ability to rebuild local cached database from MS SQL
  • Versasec-Activator SO Session: Once a System Owner card has been used to authenticate, the System Owner PIN is not asked for again for 10 minutes, enabling
  • issuance of multiple operator cards
  • A feature has been added to allow manual creation of System Owner cards
  • Manual deletion of operator accounts
  • The error returned on life cycle card issuance is now configurable
  • Ability to store only overview data for RSDM device info

 

 

Versasec is an IAM provider that helps businesses manage their access-enabling devices.

vSEC:CMS Connectors (see figure above)

1. Smart card printer for batch operations
2. User directory for looking up users
3. File and database servers
4. Secure transport of PIN codes
5. Event & log management
6. User photo capture
7. Certificate/PKI services
8. Physical access control systems
9. Hardware security module
10. Secondary/out-of-band communication
11. Key archival & key recovery
12. Credential provider -login screen interface
13. Remote security device management
14. User self-service application
15. Physical & virtual smart cards/tokens
16. Administrative operator console

Smart cards are secure devices that are used for many purposes, with perhaps the most important being as combined identification badges for enterprises.

With all professional smart card use, the cards must be managed across the entirety of the smart card lifecycle.

At the base level, personalization tasks include setting PIN codes, setting policies, loading certificates, provisioning and setting management keys.

At the management level, tasks include unblocking PIN codes, setting new PIN codes, and renewing and issuing new certificates.

Revocation typically ends the smart card lifecycle, but it is also the point when the card can be personalized again.

All of these tasks and many more are handled by the vSEC:CMS smart card management system. 

Lifecycle management

All smart card operations within vSEC:CMS focus on the smart card lifecycle.

We use a state diagram to graphically visualize the lifecycle;

the diagram clearly shows the operator each card, its location in the lifecycle and available actions/processes from this state.

The same diagram is also used by the administrator when configuring the processes.

Credentials are generally user authentication devices such as physical smart cards, vertical smart cards or tokens. The number of supported credential types is continuously increasing with every new product version.

The table below is showing the supported credentials.

Supported Credentials

vSEC:CMS

K

S

C

ACS ACOS5-64

yes

yes

yes

ACS CryptoMate64

yes

yes

yes

Athena CNS

yes

yes

yes

Athena IDProtect Key Nano USB

yes

yes

yes

Athena IDProtect Key USB Token

yes

yes

yes

Athena IDProtect Smart Card

yes

yes

yes

Avtor CryptoCard337

yes

yes

yes

CardOS 4.4/5.3

 

yes

yes

Cryptovision ePKI Applet

 

yes

yes

Feitian ePass2003/eJave

yes

yes

yes

Gemalto IDPrime .NET 510/5500

yes

yes

yes

Gemalto IDPrime MD 830/840/940/3810/3840/3940

yes

yes

yes

Gemalto IDPrime PIV Card v2.1/v3.0

 

yes

yes

Gemalto Safenet eToken 5110/5300

 

yes

yes

HID C200

yes

yes

yes

HID C1150

yes

yes

yes

Identiv uTrust MD

 

yes

yes

Longmai mToken CryptoID

 

yes

yes

Microsoft minidriver enabled smart cards

yes

yes

yes

Mifare DESFIRE EV1

 

yes

yes

Morpho ypsID S2

yes

yes

yes

Morpho ypsID S3

 

yes

yes

Oberthur Authentic

yes

yes

yes

Oberthur IAS ECC

yes

yes

yes

Oberthur PIV 8.1

 

yes

yes

Open FIPS 201 Applet

 

yes

yes

Raak Technologies C2

yes

yes

yes

SafeTrust-PIV on Placard

 

yes

yes

Taglio C2

 

yes

yes

Taglio PIVKey

 

yes

yes

TCOS TeleSec IDKey

 

yes

yes

Virtual Smart Cards

 

yes

yes

Yubico YubiKey 5 NFC/5C/5 Nano/5C Nano

 

yes

yes

Yubico YubiKey 4/4 Nano/4C/4C Nano

 

yes

yes

Yubico YubiKey NEO/NEO-n

 

yes

yes

 

NOTE

✔ The credential is supported by the product.

Versasec is an IAM provider that helps businesses manage their access-enabling devices.

vSEC:CMS Connectors (see figure above)

1. Smart card printer for batch operations
2. User directory for looking up users
3. File and database servers
4. Secure transport of PIN codes
5. Event & log management
6. User photo capture
7. Certificate/PKI services
8. Physical access control systems
9. Hardware security module
10. Secondary/out-of-band communication
11. Key archival & key recovery
12. Credential provider -login screen interface
13. Remote security device management
14. User self-service application
15. Physical & virtual smart cards/tokens
16. Administrative operator console

The vSEC:CMS S-Series is an innovative, easily integrated and cost-effective smart card management system that helps organizations deploy and manage smart cards quickly and efficiently. The vSEC:CMS S-Series is clientserver based.

It streamlines all aspects of smartcard management by easily connecting to enterprise directories, certificate authorities, smart card printers,external databases, physical access control systems,and more.

The S-Series is designed for several operators and users working in parallel without a need for synchronization;

each operator requires access to the operator application and the operator’s operator smart card only.

 Operating Systems:

  • Client/Operator/User Self-service:
  • MS Windows 7, 8, 10, 2008, 2012, 2016

 Server: 

  • MS Windows 2008, 2012, 2016

 Smart Cards:

  • Gemalto .NET, .NET BIO, IDPrime PIV & MD
  • Raak Technologies C2
  • Morpho ypsID S2/S3
  • Athena CNS & IDProtect
  • Safenet eToken PRO
  • ACS ACOS5-64 & Cryptomate64
  • Oberthur Authentic, IAS ECC & PIV, PIV 8.1
  • Feitian ePass2003 Token
  • Avtor CryptoCard337
  • HID C200, C1150
  • Taglio C2, PIVKey 
  • T-Systems TCOS
  • Yubico YubiKey PIV
  • SafeTrust-PIV on Placard
  • Virtual smart cards (MS, vSEC & Charismatics)
  • Mifare DESFIRE EV1
  • Java Card with Cryptovision eID Applet v2.8
  • Java Card with Open FIPS 201 Applet v2.8
  • MS Minidriver enabled cards 

 Card Features:

  • Printer support for graphical personalization
  • PIN mailers (both email and regular mail)
  • Contactless RFID interface
  • Batch processing
  • Card stock management

 Compatibility:

  • User directory: MS Active Directory, IBM-LDAP,
    OpenLDAP and LDAP v2/v3
  • Card DB: SQL comp or local file
  • Certificate Authority: MS CA, Entrust, Symantec
    MPKI, EJBCA, neXus PKI, Opentrust PKI and
    Verizon UniCERT CA, DigiCert CA
  • HSM: Gemalto SafeNet Luna, Utimaco HSM and Engage BlackVault
  • Card Printers: Fargo HDP5000, Datacard SR300,
    Magicard Prima 4 and Evolis Primacy
  • Migration path to and from MS FIM/CLM
  • Upgrade path from vSEC:CMS K and T-Series
  • Upgrade path from Gemalto IDAdmin 100/DAS vSEC:CMS Plugin API, Scripting, WebStart

 Security Features:

  • Secure key storage
  • Secure backup and synchronization of databases
  • Disaster recovery for stolen/lost tokens
  • Encrypted audit log
  • Granular access control
  • Approval work flows
  • Connects logical and physical access control
  • Key archival and key restore processes
  • Fingerprint template management
  • Failover clustering for high availability

Performance:

  • The system is tested and is functional with
    300 000 registered user smart cards and 100
    parallel operators interacting with the system
  • Load balancing for high scalability
There are no reviews for this product.
Write a review
BadExcellent
Verification code *
Facebook comment

Keyword Search

Newsletter signup

Subscribe to our mailing list
* indicates required
By subscribing you accept our
 
 
 

This Site

Webstore menu