vSEC:CMS Features Comparison

vSEC:CMS Features Comparison 

This information shows the comparisons between vSEC:CMS K-Series and S-Series in a detailed, yet
easy-to-read manner. To do this, the comparisons have been split into the categories with short
descriptions and uses tables as a visual aid. The categories are:

  • User PIN or Fingerprint Management
  • Administrator Key Management
  • Certificate Management
  • User Self-Service Capabilities
  • Database
  • External Connections
  • Other Features

User PIN or Fingerprint Management

All the different versions of vSEC:CMS are very flexible when it comes to management of user PINS and fingerprints. All three systems can change user PINs, unblocking user PINs on both user and operator sides (online and offline), and update PIN and fingerprint policies. However, S-Series is more advanced compared to K-Series and T-Series in that it is capable of user PIN diversification and PIN mailing/exporting.

User PIN or Fingerprint Management




Change User PIN

Online Unblock User PIN

Offline Unblock User PIN (User Side)

Offline Unblock User PIN (Operator Side)

PIN Policy Update (1 by 1)

PIN Policy Update (Batch mode)

Fingerprint Policy Update

(1 by 1)

Fingerprint Policy Update

(Batch mode)

User PIN Diversification & PIN Mailing (or Export)

Administrator Key Management

K-Series, T-Series and S-Series are all capable of admin key diversification from hardware-protected masterkeys. However, K-Series is flexible in that it also allows for static admin key change, and admin key change from passphrase derivation.

Administrator Key Management




Static Admin Key Change

Admin Key Change from

Passphrase Derivation

Admin Key Diversification from Hardware Protected Masterkey


Certificate Management

The vSEC:CMS suite is very flexible when it comes to certificate management. All of the different versions have the capability to conduct certificate listing, certificate importing (.p12 or .pfx) and certificate deletion. However, K-Series is unable to perform certificate lifecycle management, which involves enrollment, renewal and revocation.

Certificate Management




Certificate Listing

Certificate Import (.p12 or


Certificate Deletion

Certificate Lifecycle Management (Enrollment, Renewal, Revocation)

User Self-Service Capabilities

S-Series is the only part of the vSEC:CMS suite that can conduct any user self-service capabilities. These self-service features include two-factor authentication, card issuance, unblocking of user PINs and connections from outside the domain.

User Self-Service Capabilities




Two Factor Authentication

Card Issuance (Admin Key

Diversification + Certificate


Unblock User PIN

Connected from Outside

the domain (BYOD)





Card Repository

Transaction Log

Backup / Restore

Connection to External Database (MS SQL or MySQL)

✔ (optional)


In terms of databases, K-Series, T-Series and S-Series are all able to conduct card repositories, and backup and restore. In addition to the above, T-Series and S-Series are also able to have a transaction log.

External Connections

There are many varieties of external connections which vSEC:CMS can take. S-Series is the most flexible, being able to undertake the largest variety of external connections, such as connections to certificate authorities and devices such as cameras, scanners and webcams, whereas T-Series allows for most connections minus some key connections such as external databases and HSMs (see the table below for more).

Connection to...




Certification Authority

(Microsoft CA or EJBCA or Symantec MPKI or Nexus PKI or Verizon Unicert PKI or GlobalSign PKI or Digicert





Microsoft AD

Physical Access Module

Windows Event Log

Mail Server

Smart Card Printer (Evolis

Primacy or Fargo HDP 5000 or Datacard SR300)

A Photo Camera, webcam or


HSM (Safenet Luna or Thales

nShield or Utimaco or Engage or Gemalto Safenet ProtectServer HSM)

Data Export (SQL & CSV)


Other Features

In addition to the wide variety of features above, vSEC:CMS has many additional features which users can take advantage of. S-Series, being our most actively-developed software, has the most features with lots of flexibility. T-Series also has some of the features which S-Series has, but misses some key features which customers may want, and K-Series even less so. The table below goes into detail about what other features vSEC:CMS does (and doesn’t) provide.




Multi Languages Support

Linux & Mac Support

Support of all Minidriver

Enabled Smart Cards

Roaming Capabilities (Zero



Key Archival / Recovery

Centralized Management

Multi Operators Working in


Card Lifecycle


Credential Provider providing user self-service features from logon screen (Win7+)

Plugin API to extend and customize workflows

Card Templates & Custom

Workflow Management

Granular Operator Permissions and Access Control

✔ (unlimited roles)

RFID Keys Encoding (Mifare Classic & Mifare Desfire EV1)

Windows 8 & 10 Virtual

Smart Card Management

vSEC Virtual Smart Card

Management (Windows 7,

8 & 10, and Windows 2012


Graphical personalisation (printing) before the card is registered with vSEC:CMS

Other Virtual Smart Card Connectors (Charismathics and Microsoft Virtual Smart Cards)

Temporary Badge

Workflow Management

Management of Machines Soft Certificates (like web server)

Recommended Volume

(Devices Managed)

0 -> 50

30 -> ∞





There are no reviews for this product.
Write a review
Verification code *
Facebook comment

Keyword Search

Newsletter signup

Subscribe to our mailing list
* indicates required
By subscribing you accept our

This Site

Webstore menu