Virtual Smart Card
A Virtual Smart Card (VSC) enables two-factor authentication (2FA) on a user's device without making use of extra hardware, such as smart card readers and USB tokens. VSCs are excellent for protecting companies' IT systems from external threats such as hacking and other unauthorized access from external devices. vSEC:CMS has long supported VSCs and now it also supports Windows Hello for Business!
Virtual Smart Cards
Enabling security is one of the fastest methods for unleashing the full potential of
Microsoft Windows and the Bring Your Own Device (BYOD) promise. With smart
cards or virtual smart cards for security access, the enterprise environment becomes
more productive and more secure.
Because Virtual Smart Cards are based on the TPM (Trusted Platform Module)
available on all modern Windows devices, hardware protected security is now available
on laptops, tablets and smartphones. It’s truly Secure Mobility.
vSEC:CMS streamlines and simplifies Virtual Smart Card Lifecycle Management:
* Installs in minutes, rather than weeks or months for similar solutions
* Requires no dedicated hardware or servers
* Employs a self-service capability that simplifies deployment
* Offers a low total cost of ownership with no hidden costs
* Provides consistently high levels of security, without exception
Below four(4)different types of two-factor authentication (2FA) solutions are compared.
The table is describing the full IAM solution - including the important credential management functionality.
The four different types compared:
Two-factor authentication (2FA) solutions comparison - features |
SC-vSEC:CMS |
VSC-vSEC:CMS |
WHfB-Basic |
WHfB-vSEC:CMS |
Client platforms supported |
All |
Win7+ |
Win10+ |
Win10+ |
Single management for all PKI credentials (smart cards, tokens, VSC, WHfB...) |
OK |
OK |
OK |
|
Supported on Windows PCs without additional HW |
OK |
OK |
OK |
|
Roaming users (kiosks) |
OK |
|||
Physical access (door locks etc) |
OK |
|||
Visual identification (badge) |
OK |
|||
Security regulations (FIPS…) |
OK |
|||
Windows logon |
OK |
OK |
OK |
OK |
Website auth using PKI |
OK |
OK |
OK |
OK |
Data encryption |
OK |
OK |
OK |
|
Email encryption |
OK |
OK |
OK |
|
Digital signatures |
OK |
OK |
OK |
|
Certificate renewal |
OK |
OK |
OK |
|
Certificate revocation |
OK |
OK |
OK |
|
Key archival/recovery |
OK |
OK |
OK |
|
BIO support |
OK |
OK |
||
Derived credentials |
OK |
OK |
||
HW secured keys |
OK |
OK |
OK |
OK |
TPM use |
OK |
OK |
OK |
|
PKCS#11 |
OK |
|||
CAPI/CNG |
OK |
OK |
OK |
OK |
Cert/key specific PINs |
OK |
OK |
||
Virtualization compatibility |
OK |
OK |
||
Traceability / Audit |
OK |
OK |
OK |
|
Multi PKI vendor support |
OK |
OK |
OK |
|
Several certificates per user |
OK |
OK |
OK |
|
Offline PIN unblock |
OK |
OK |
Corporations increasingly rely on Bring Your Own Device
(BYOD) policies, which challenges IT departments in
ensuring these disparate devices are provisioned with
strong credentials. Devices embedded with a TPM can be
managed with vSEC:CMS.
1. An employee wishes to use his Windows tablet with an
embedded TPM for corporate network access.
2. A vSEC:CMS operator creates a Windows tablet template
in vSEC:CMS, which creates a Virtual Smart Card and
issues a network logon certificate credential.
3. Using the wizard-driven processes in the vSEC:CMS
User Self-Service application which is installed on his
Windows tablet, the employee can create and issue the
network logon certificate credential to his device.
4. The employee can now use his Windows tablet to
perform two-factor authentication to log onto the corporate
network.