Products

HID® Credential Management System

Securely issue and manage high assurance credentials
Crescendo smart cards and USB security keys
Overview
ActivId CMS Specifications
ActivID BMS Specifications
HID PIV IDMS Specifications

HID Credential Management System

HID Credential Management System (CMS) (previously known as ActivID Credential Management System) enables organizations to issue an authentication credential that goes beyond perimeter security. Clients can choose from smart cards, security keys, Windows® TPMs and mobile phones for secure access to individual workstations and servers within the firewall, VPNs and applications. This high assurance credential can also enable digital signing and encrypt data, hard drives, documents and emails.

The HID Credential Management System is ideal for:

  • Medium to large enterprises issuing converged access cards or smart authenticators for employee authentication, data encryption and data signing
  • Organizations deploying Personal Identity Verification (PIV) cards and commercial organizations deploying PIV Interoperable (PIV-I) or Commercial Identity Verification (CIV) cards as well as Derived PIV Credentials
  • Governments issuing citizen identification cards with PKI-based credentials

HID CMS is the only offering in the industry that makes it possible for organizations to create, manage and use a single PKI smart card for both IT and physical access — all while utilizing a unified solution from a single vendor.

Organizations deploying HID CMS are able to securely provision PKI certificates and other credentials to a range of different devices, including smart cards, virtual smart cards, tokens and mobile devices. It is also scalable to millions of credentials in complex environments with multiple user groups. HID CMS interfaces with physical access control systems (PACS) to automate the PIV or PIV-I card enrollment process, enabling users to authenticate at the door without the need to re-enroll their card.

HID CMS enables efficient management and issuance of FIDO credentials, supporting secure, passwordless authentication. It seamlessly registers Passkey credentials to Microsoft Entra ID.

Optional and Supplemental Systems

ActivID Batch Management System (BMS)

The Advanced Edition of HID CMS includes HID CMS and HID BMS. HID BMS extends the functionality of HID CMS by creating and managing batches of smart card data and securely transmitting them to a service bureau for card production. Once smart cards are issued, HID BMS communicates data back to the HID CMS to enable secure activation and lifecycle management of the smart cards. The HID BMS is ideally suited to:

  • Large enterprises using a card service bureau to personalize smart cards for employees
  • Organizations using a card service bureau to personalize PIV or PIV-I cards

HID Personal Identity Verification (PIV) Identity Management System (IDMS)

HID PIV IDMS delivers a comprehensive, highly configurable solution to perform identity proofing, enrollment, and credential issuance – even to remote users.

HID PIV IDMS is part of the HID PIV solution, which is a multi-factor authentication solution that covers the complete lifecycle of the identity, from issuance to retirement of the secure credential.

Talk with an expert >> 

HID CMS Specifications

The HID Credential Management System (CMS) gives organizations a method for simply and securely managing deployment of high assurance credentials.

The solution supports:

Extensibility. In conjunction with ActivClient™ as well as public key cryptography standards (PKCS) #11-compliant middleware, the HID CMS can be used to support the issuance and management of smart cards for a wide variety of desktop, network security, and productivity applications. When fully leveraged, the credentials can be used for both logical and physical access. HID CMS also supports the issuance of digital certificates on virtual smart cards and mobile devices to enable flexibility in terms of form factors and assurance level options.

Lifecycle management. Allows for the effective management of an organization’s authentication devices (e.g., smart cards, security keys, Windows TPMs and mobile phones), data (e.g., static passwords, biometrics and demographic data), applets (e.g., one-time password applications and Personal Identity Verification [PIV] applets), and digital credentials (including PKI certificates). HID CMS’s unique, patented, post-issuance update capabilities ensure that organizations are in control of their credentials at all times.

Integration. Interoperable with a wide variety of environments, including operating systems, directories, front- or back-end identity management and provisioning systems, certificate authorities, physical access control systems, and card printers — including FARGO® printers. HID CMS supports multiple browsers: Microsoft Edge and Google Chrome.

Robust reporting. Provides full, tamper-evident audit features that log all event activities for reporting.

Strong security. Delivers a secure, transparent method for transmitting sensitive data held on smart cards or smart authenticators connected to user workstations. Keys and personally identifiable information are protected on the server using a Hardware Security Module and are transmitted safely from point of origination to the secure element chip. HID CMS also supports stringent U.S. Federal Government standards for PIV and PIV-I.

Talk with an expert >> 

HID BMS Specifications

The HID BMS gives organizations a simple and secure method of communicating with card service bureaus that create their smart cards. The solution supports:

  • Flexible issuance. Smart cards can either be ready to use, or securely locked for activation by the user.
  • Multiple facilities. Enables communication with multiple smart card production facilities, and multiple delivery sites from one system.
  • Complete tracking. Tracks each card batch throughout its life cycle.
  • Secure communications. Card data is encrypted and digitally signed between HID BMS and the service bureau with Secure Sockets Layer (SSL) technology.

Talk with an expert >> 

PIV IDMS Specifications 

  • REST based API to request credentials, approve credential applications and monitor system activities
  • Data repository integrations to eliminate manual data entry
  • Lightweight enrollment stations for mobile locations
  • Streamlined biometric validation
  • Customizable branding and messaging
  • On-demand or batch printing options
  • Instant applicant status to streamline the enrollment and issuance process
  • Self-service capabilities for issuance, activation, update, renewal, and unlock
  • Advanced auditing

Talk with an expert >> 

Documents
Related Links

Related Products

HID® ActivID™ Authentication Server HID® ActivID™ Authentication Server Versatile multi-factor authentication HID® ActivID™ Authentication Server HID® ActivID™ Authentication Server Versatile multi-factor authentication HID® ActivID™ AAA Server for Remote Access HID® ActivID™ AAA Server for Remote Access Multi-factor authentication for secure remote access HID® ActivID™ Validation HID® ActivID™ Validation Scalable and secure PKI certificate validation