Evropský patentový úřad (Mnichov ) brzy vyhlásí tendr na dodávku, instalaci a údržbu bezpečnostních HW modulů (Purchase of HSMs, installation and maintenance services). S vybraným dodavatelem bude uzavřen kontrakt na 60 měsíců. Deadline pro doručení nabídky by měl být 18/2.
MANDATORY HW AND ASSOCIATED SW: The Contractor shall have personnel with extensive skills and knowledge about the HSM and Key Management as well as having proven experience in the installation, testing, acceptance procedure and maintenance. The Contractor shall provide the delivery, installation, configuration, basic testing and maintenance for 5 HSMs including associated software mentioned below This concerns hard and software requirements for HSMs in TH and MN.
HSM must provide the following functional requirements:
- Symmetric document encryption: The solution allows multiple projects to have a secure mechanism to encrypt and decrypt (large) documents.
- Document Signing: The solution supports signing / searching of documents and certificates using certificates
- PKI support: The solution can support a PKI infrastructure (suitable for: smartcards, endpoint devices, test/development certificate issuing amongst others).
- Integration: The solution can integrate with existing and planned IAM software (e.g. Oauth2/0penID Connect, SAML, Active Directory, CyberArk, etc.) within the API layer.
- Dynamic Certificate Issuing: The solution allows multitenancy to separate keys and certificates from multiple countries, applications, DTAP environments, etc.
- eIDAS compliance: The solution facilitates signing of legally binding documents such as contracts and patent submissions amongst others.
- Secret generation & Storage: The solution facilitates the storage and management of (web) (server) secret private keys and certificates.
The Contractor shall ensure the HSM supports the following protocols and services: • integration with a PKI environment • RSA • DES-EDE3-CBC, AES-128 and AES-256. • SHA-1, SHA-256, SHA-384 and ECDS-P-256. • ECDH-P-256, ECDH-P-384. • NIST RNG Validation List • FIPS 140-2 Level 3 certified or higher • compliant with eIDAS. • strong access control over the interfaces: use of encryption over the interfaces and proven authentication mechanisms towards it. • PKCS11 authentication mechanisms