Windows Hello for Business

Virtual Smart Card

A Virtual Smart Card (VSC) enables two-factor authentication (2FA) on a user's device without making use of extra hardware, such as smart card readers and USB tokens. VSCs are excellent for protecting companies' IT systems from external threats such as hacking and other unauthorized access from external devices. vSEC:CMS has long supported VSCs and now it also supports Windows Hello for Business!

 

Virtual Smart Cards

Enabling security is one of the fastest methods for unleashing the full potential of
Microsoft Windows and the Bring Your Own Device (BYOD) promise. With smart
cards or virtual smart cards for security access, the enterprise environment becomes
more productive and more secure.
Because Virtual Smart Cards are based on the TPM (Trusted Platform Module)
available on all modern Windows devices, hardware protected security is now available
on laptops, tablets and smartphones. It’s truly Secure Mobility.

vSEC:CMS streamlines and simplifies Virtual Smart Card Lifecycle Management:

* Installs in minutes, rather than weeks or months for similar solutions
* Requires no dedicated hardware or servers
* Employs a self-service capability that simplifies deployment
* Offers a low total cost of ownership with no hidden costs
* Provides consistently high levels of security, without exception

 

Below four(4)different types of two-factor authentication (2FA) solutions are compared.

The table is describing the full IAM solution - including the important credential management functionality.

The four different types compared:

  • SC-vSEC:CMS - Physical PKI smart card or token managed by vSEC:CMS
  • VSC-vSEC:CMS - Versasec Virtual Smart Card managed by vSEC:CMS
  • WHfB-Basic - Windows Hello for Business standalone (unmanaged)
  • WHfB-vSEC:CMS - Windows Hello for Business managed by vSEC:CMS

 

Two-factor authentication (2FA) solutions comparison - features

SC-vSEC:CMS

VSC-vSEC:CMS

WHfB-Basic

WHfB-vSEC:CMS

Client platforms supported

All

Win7+

Win10+

Win10+

Single management for all PKI credentials (smart cards, tokens, VSC, WHfB...)

OK

OK

 

OK

Supported on Windows PCs without additional HW

 

OK

OK

OK

Roaming users (kiosks)

OK

     

Physical access (door locks etc)

OK

     

Visual identification (badge)

OK

     

Security regulations (FIPS…)

OK

     

Windows logon

OK

OK

OK

OK

Website auth using PKI

OK

OK

OK

OK

Data encryption

OK

OK

 

OK

Email encryption

OK

OK

 

OK

Digital signatures

OK

OK

 

OK

Certificate renewal

OK

OK

 

OK

Certificate revocation

OK

OK

 

OK

Key archival/recovery

OK

OK

 

OK

BIO support

   

OK

OK

Derived credentials

OK

OK

   

HW secured keys 

OK

OK

OK

OK

TPM use

 

OK

OK

OK

PKCS#11

OK

     

CAPI/CNG

OK

OK

OK

OK

Cert/key specific PINs

OK

OK

   

Virtualization compatibility

OK

OK

   

Traceability / Audit

OK

OK

 

OK

Multi PKI vendor support

OK

OK

 

OK

Several certificates per user

OK

OK

 

OK

Offline PIN unblock

OK

OK

   

 

 

 

Corporations increasingly rely on Bring Your Own Device
(BYOD) policies, which challenges IT departments in
ensuring these disparate devices are provisioned with
strong credentials. Devices embedded with a TPM can be
managed with vSEC:CMS.

1. An employee wishes to use his Windows tablet with an
embedded TPM for corporate network access.

2. A vSEC:CMS operator creates a Windows tablet template
in vSEC:CMS, which creates a Virtual Smart Card and
issues a network logon certificate credential.

3. Using the wizard-driven processes in the vSEC:CMS
User Self-Service application which is installed on his
Windows tablet, the employee can create and issue the
network logon certificate credential to his device.

4. The employee can now use his Windows tablet to
perform two-factor authentication to log onto the corporate
network.

vSECCMS VirtualSmartCards 1

There are no reviews for this product.
Write a review
BadExcellent
Verification code *
Captcha Image
Reload image challenge
Facebook comment

Keyword Search

Newsletter signup

Subscribe to our mailing list
* indicates required
By subscribing you accept our
 
 
 

This Site

Webstore menu