Skip to main content
This document describes using Futurex PKCS #11 libraries to configure the Futurex Vectera Plus HSM with Versasec vSEC:CMS. For additional questions related to your HSM, see the relevant user guide.

Application description

From the Versasec documentation website (support.versasec.com/): vSEC:CMS is an innovative, easily integrated, and cost-effective Credential Management System (CMS) designed to help you deploy and manage credentials within your organization. vSEC:CMS is fully functional with Minidriver-enabled credentials, such as smart cards, USB tokens, and virtual smart cards, including Windows Hello for Business (WHfB). It streamlines all aspects of credential management by seamlessly connecting to enterprise directories, certificate authorities, physical access control systems, email servers, log servers, biometric fingerprint readers, PIN mailers, and more. With vSEC:CMS, your organization can issue credentials to employees, personalize them with authentication details, and manage the entire credential life cycle – all directly from this off-the-shelf product.

Architecture

The vSEC:CMS client-server architecture uses both an RPC framework and SOAP with the following protocols:
  • gRPC with HTTP/2 or HTTP/2 over TLS
  • SOAP with HTTP or HTTPS
However, for simplicity, this guide refers to it as HTTP(S).

Main Components of vSEC:CMS:

-vSEC:CMS Service: This Windows service manages the vSEC:CMS database and operator account management for authorized users. It operates as a Windows service, defaulting to run under the SYSTEM account.
  • vSEC:CMS SOAP/gRPC Service: This component is another Windows service that facilitates communication with the vSEC:CMS Service. It serves as the SOAP/gRPC service for the vSEC:CMS Agent, vSEC:CMS Admin, and the vSEC:CMS User Application.
  • vSEC:CMS Agent or vSEC:CMS Admin: Each operator uses either of these components, operating within the user’s context.
  • vSEC:CMS User Application: This component is executed on an end user’s workstation, enabling self-service credential operations with both conventional smart cards and virtual smart cards.

HSM support in vSEC:CMS

You can use an HSM to store the master keys used for administration key operations with the vSEC:CMS, such as registering a smart card token or PIN unblock operations. The vSEC:CMS interfaces with the HSM through the PKCS #11 protocol. Use the HSM key management tools we provide to manage all management functions around the master key stored on the HSM.

Guardian integration

The Guardian Series 3 introduces mission-critical viability to core cryptographic infrastructure, including:
  • Centralization of device management
  • Elimination of points of failure
  • Distribution of transaction loads
  • Group-specific function blocking
  • User-defined grouping systems
See the applicable guide in the Futurex Portal for configuring HSMs with the Guardian Series 3, including PKCS #11 and CNG configuration.