Credential management

Verasec vSEC:CMS

4min

This document describes using

 PKCS #11 libraries to configure the


HSM with vSEC:CMS. For additional questions related to your HSM, see the relevant user guide.

Application description

From the Versasec documentation website: vSEC:CMS S-Series (vSEC:CMS) is an innovative, easily integrated, and cost-effective Credential Management System (CMS) that helps you deploy and manage credentials within your organization.

The vSEC:CMS is fully functional with minidriver-enabled credentials such as smart cards, and it streamlines all aspects of managing credentials by connecting to enterprise directories, certificate authorities, physical access control systems, email servers, log servers, biometric fingerprint readers, PIN mailers... the list goes on. With vSEC:CMS, organizations can issue badges to employees, personalize the badges with authentication credentials, and manage the lifecycle of the badges - directly from the off-the-shelf product.

Architecture components

vSEC:CMS comprises the following main components:

  • vSEC:CMS Service: A Windows service installed by default to run under the Windows System account that manages the vSEC:CMS database in addition to operator account management for those operators who have access to vSEC:CMS.
  • The vSEC:CMS Agent or vSEC:CMS Admin: Each operator can use either of these operating within your context.
  • vSEC:CMS SOAP/gRPC Service: A Windows service that communicates with the vSEC:CMS Service and is the SOAP/gRPC service for the vSEC:CMS Agent or vSEC:CMS Admin and the vSEC:CMS User Self-Service Console.
  • The vSEC:CMS User Application: A component that runs on the workstation where credential users can perform self-service credential operations with conventional or virtual smart cards.

HSM support in vSEC:CMS

You can use an HSM to store the master keys used for administration key operations with the vSEC:CMS, such as registering a smart card token or PIN unblock operations. The vSEC:CMS interfaces with the HSM through the PKCS #11 protocol. Use the HSM key management tools we provide to manage all management functions around the master key stored on the HSM.

Guardian integration