The world leader

Registration

Registering a user's smart card with the vSEC:CMS means that the user's smart card Admin Key is changed to a new key. The new key is diversified from a master key stored securely on the Protiva .NET smart card in the Gemalto SEG. This means that the administration of the user's smart card requires both physical and logical access to the vSEC:CMS Token.

During registration, the user smart card can be connected to a user identity in a user directory. At this point it is possible to issue and load digital certificates from a certificate authority onto the user's smart card. Another optional feature is to register the smart card with a physical access control system. Registration of user smart cards can be done before the cards have been assigned to a user, it can be done one card at a time or in larger batches.

Backup and Synchronization

It is possible to backup vSEC:CMS repositories to a file. The backup can be configured to be done automatically, so there always is a secure backup copy of the token. The token backup file is encrypted and can only be restored on a new token (a restore token).

In a distributed organization with several IT organizations, more than one Token can be used. This enables users to easily roam between the different locations and get assistance from the local IT organization. To enable a distributed system, a synchronization server option is available.

Token Security

Using vSEC:CMS requires two factor authentication, i.e. something you know (a secret password called the PIN) and something you have (possession of the vSEC:CMS Token). This is the recommended level of authentication security for enterprises.

All the crypto functions and keys used by the system are done strictly on the SEG. The databases used in the system are encrypted with hardware protected keys. When the system is not actively in use, it is recommended to store the SEG in a secure location such as a vault for additional security.

Connectors

vSEC:CMS has several optional connectors for different purposes. These include, connecting smart cards to users registered in a directory (e.g. Microsoft Active Directory); use a Certificate Authority to issue certificates to a user and store those certificates directly on a smart card; log events to the Windows Event Log; use a Synchronization Server to synchronize information; and connect to physical access control systems.

Smart Card Unblock

To unblock the user PIN on a user smart card the user smart card must be registered with vSEC:CMS. Once this is done it is possible to unblock the user smart card online as well as offline.

May 2012   ̶  T-Series roadmap released

Versatile Security has released their 2012 vSEC:CMS T-Series Roadmap.

December 2011   ̶  Version 2.4 has been released

New features in teh vSEC:CMS T2.4 include:

• Fingerprint access control management for Protiva .NET Bio smart cards

• Automatic checks for product updates/upgrades

• Revocation of renewed certificates (including renewals executed through other products)

• Diagnostics

• Workaround for issues with Protiva SEG driver on Microsoft Windows 7 64-bit

• More than 20 minor updates and corrections

June 2011  ̶  Version 2.3

vSEC:CMS has been extended with several new and powerful features in this release such as:

• Smart card lifecycle focused processes

• All processes configurable by templates

• All processes and smart card states graphically displayed in lifecycle diagrams

• Support for new Protiva .NET card features such as PIN policies and multiple PINs per card

• Support for several operators and roles per token

• Synchronization server as an IIS app

• Extended support for RFID/physical access systems

• Upgrade path from earlier versions and from vSEC:CMS K-Series

• Migration path from and to the Microsoft Forefont Identity Manager Certificate Management (FIM CM)

For additional information and the latest updates, visit Versatile Security at http://www.versatilesecurity.com/cms.html