vSEC:CMS Features Comparison
This information shows the comparisons between vSEC:CMS K-Series and S-Series in a detailed, yet
easy-to-read manner. To do this, the comparisons have been split into the categories with short
descriptions and uses tables as a visual aid. The categories are:
User PIN or Fingerprint Management
All the different versions of vSEC:CMS are very flexible when it comes to management of user PINS and fingerprints. All three systems can change user PINs, unblocking user PINs on both user and operator sides (online and offline), and update PIN and fingerprint policies. However, S-Series is more advanced compared to K-Series and T-Series in that it is capable of user PIN diversification and PIN mailing/exporting.
User PIN or Fingerprint Management |
||
K-Series |
S-Series |
|
Change User PIN |
✔ |
✔ |
Online Unblock User PIN |
✔ |
✔ |
Offline Unblock User PIN (User Side) |
✔ |
✔ |
Offline Unblock User PIN (Operator Side) |
✔ |
✔ |
PIN Policy Update (1 by 1) |
✔ |
✔ |
PIN Policy Update (Batch mode) |
✔ |
✔ |
Fingerprint Policy Update (1 by 1) |
✔ |
✔ |
Fingerprint Policy Update (Batch mode) |
✔ |
✔ |
User PIN Diversification & PIN Mailing (or Export) |
✘ |
✔ |
Administrator Key Management
K-Series, T-Series and S-Series are all capable of admin key diversification from hardware-protected masterkeys. However, K-Series is flexible in that it also allows for static admin key change, and admin key change from passphrase derivation.
Administrator Key Management |
||
K-Series |
S-Series |
|
Static Admin Key Change |
✔ |
✘ |
Admin Key Change from Passphrase Derivation |
✔ |
✘ |
Admin Key Diversification from Hardware Protected Masterkey |
✔ |
✔ |
Certificate Management
The vSEC:CMS suite is very flexible when it comes to certificate management. All of the different versions have the capability to conduct certificate listing, certificate importing (.p12 or .pfx) and certificate deletion. However, K-Series is unable to perform certificate lifecycle management, which involves enrollment, renewal and revocation.
Certificate Management |
||
K-Series |
S-Series |
|
Certificate Listing |
✔ |
✔ |
Certificate Import (.p12 or .pfx) |
✔ |
✔ |
Certificate Deletion |
✔ |
✔ |
Certificate Lifecycle Management (Enrollment, Renewal, Revocation) |
✘ |
✔ |
User Self-Service Capabilities
S-Series is the only part of the vSEC:CMS suite that can conduct any user self-service capabilities. These self-service features include two-factor authentication, card issuance, unblocking of user PINs and connections from outside the domain.
User Self-Service Capabilities |
||
K-Series |
S-Series |
|
Two Factor Authentication |
✘ |
✔ |
Card Issuance (Admin Key Diversification + Certificate Enrollment) |
✘ |
✔ |
Unblock User PIN |
✘ |
✔ |
Connected from Outside the domain (BYOD) |
✘ |
✔ |
|
In terms of databases, K-Series, T-Series and S-Series are all able to conduct card repositories, and backup and restore. In addition to the above, T-Series and S-Series are also able to have a transaction log.
External Connections
There are many varieties of external connections which vSEC:CMS can take. S-Series is the most flexible, being able to undertake the largest variety of external connections, such as connections to certificate authorities and devices such as cameras, scanners and webcams, whereas T-Series allows for most connections minus some key connections such as external databases and HSMs (see the table below for more).
Connection to... |
||
K-Series |
S-Series |
|
Certification Authority (Microsoft CA or EJBCA or Symantec MPKI or Nexus PKI or Verizon Unicert PKI or GlobalSign PKI or Digicert CA) |
✘ |
✔ |
LDAP |
✘ |
✔ |
IBM-LDAP |
✘ |
✔ |
OpenLDAP |
✘ |
✔ |
Microsoft AD |
✘ |
✔ |
Physical Access Module |
✘ |
✔ |
Windows Event Log |
✘ |
✔ |
Mail Server |
✘ |
✔ |
Smart Card Printer (Evolis Primacy or Fargo HDP 5000 or Datacard SR300) |
✘ |
✔ |
A Photo Camera, webcam or Scanner |
✘ |
✔ |
HSM (Safenet Luna or Thales nShield or Utimaco or Engage or Gemalto Safenet ProtectServer HSM) |
✘ |
✔ |
Data Export (SQL & CSV) |
✘ |
✔ |
Other Features
In addition to the wide variety of features above, vSEC:CMS has many additional features which users can take advantage of. S-Series, being our most actively-developed software, has the most features with lots of flexibility. T-Series also has some of the features which S-Series has, but misses some key features which customers may want, and K-Series even less so. The table below goes into detail about what other features vSEC:CMS does (and doesn’t) provide.
|
||
K-Series |
S-Series |
|
Multi Languages Support |
✘ |
✘ |
Linux & Mac Support |
✘ |
✘ |
Support of all Minidriver Enabled Smart Cards |
✔ |
✔ |
Roaming Capabilities (Zero Footprint) |
✘ |
|
Key Archival / Recovery |
✘ |
✔ |
Centralized Management |
✘ |
✔ |
Multi Operators Working in Parallel |
✘ |
✔ |
Card Lifecycle Management |
✘ |
✔ |
Credential Provider providing user self-service features from logon screen (Win7+) |
✘ |
✔ |
Plugin API to extend and customize workflows |
✘ |
✔ |
Card Templates & Custom Workflow Management |
✘ |
✔ |
Granular Operator Permissions and Access Control |
✘ |
✔ (unlimited roles) |
RFID Keys Encoding (Mifare Classic & Mifare Desfire EV1) |
✘ |
✔ |
Windows 8 & 10 Virtual Smart Card Management |
✘ |
✔ |
vSEC Virtual Smart Card Management (Windows 7, 8 & 10, and Windows 2012 R2) |
✘ |
✔ |
Graphical personalisation (printing) before the card is registered with vSEC:CMS |
✘ |
✔ |
Other Virtual Smart Card Connectors (Charismathics and Microsoft Virtual Smart Cards) |
✘ |
✔ |
Temporary Badge Workflow Management |
✘ |
✔ |
Management of Machines Soft Certificates (like web server) |
✘ |
✔ |
Recommended Volume (Devices Managed) |
0 -> 50 |
30 -> ∞ |
Cost |
$ |
$$ |