Security

Introduction

From Options - Security different configuration options are available. Follow the instructions in this article for details on these settings.

Remember Operator Token Passcode

From this section, it is possible to configure the vSEC:CMS application to securely cache the operator's passcode for a configurable period of time (maximum of 15 minutes) thereby removing the need for the operator to manually enter the passcode for operations requiring passcode entry.

Backup Passcode

From this section, it will be possible to change the vSEC:CMS passcode created during the initialization stage.

This is the passcode required to unlock the backup database file for the vSEC:CMS. The operator will be prompted to enter the operator passcode and then the operator needs to enter the current passcode followed by the new passcode. A success dialog will be presented after successfully changing the passcode. It is important to adhere to the message in the success dialog, i.e. delete any old backup files as these files can still be opened by the old passcode.

Plugin Security

From this section enable the Allow loading of unsigned library extensions (DLLs) checkbox if it is required to allow the loading of plugins created that have not been signed. For full details on using the vSEC:CMS plugin features please contact Versasec for more details.

Administrator Key Security

From this section enable the Allow external credential administration key loading checkbox if it is required to use the self-service functionality of the vSEC:CMS. This is required in order to be able to perform administration key operations when using the self-service application. Enable the Enable operator service key store if the service key store is to be used for the self-service functionality.

Application Security

From this section enable the Allow application usage without operator credential if it is required to allow operator(s) to log onto the vSEC:CMS with their operator credential and then they can remove the operator credential and continue to use the vSEC:CMS for a configurable period of time without requiring them to have their operator credential connected. Set the period of inactivity which will force thevSEC:CMS application to lock in the Logout without any action for field. This feature can be used in environments where only one credential reader is available.

Enable the Allow currently logged on Operator to self-issue token if it is required that the currently logged on operator is allowed to issue additional credential tokens to themselves.

Enable the Enable Windows domain account for vSEC:CMS Operators if you want an operator, who is having an operator credential issued to them with a Windows domain account as the primary user ID, and it is required that the operator can logon to the operator console without a need to have his credential token inserted.

Enable the Enable challenge/response for offline PUC based unblock if it is required to be able to perform credential unblock using challenge/response for PUC only supported credential tokens. For example, PIV tokens only support unblock through PUC. But using this configuration in the ­vSEC:CMS it will be possible to use challenge/response. Additionally, it will be necessary to enable support for this feature on the client side. The Enable challenge/response for offline PUC based unblock setting would need to be enabled on the USS through the -configure option when configuring the setting on the USS.

Enable Enable COM API for Operator Console if the Versasec COM API component is used. You can use the COM API component to trigger operator console life cycle flows from an external application. For more details on this contact Versasec.