Ref. No. GAD DIT054/1/2015 Expression of Interest (EOI) · PDF fileRef. No. GAD – DIT054/1/2015 Expression of Interest (EOI) For SUPPLY, INSTALLATION, COMMISSIONING AND MAINTENANCE

EOI for Procurement of HSM February 26, 2015

SETU | For Government of Maharashtra For OEM/Agency Page 1 of 20

Ref. No. GAD – DIT054/1/2015

Expression of Interest (EOI) For

SUPPLY, INSTALLATION,

COMMISSIONING AND

MAINTENANCE OF HARDWARE

SECURITY MODULE (HSM)

SETU, Maharashtra

Directorate of Information Technology,

Government of Maharashtra

7th Floor, Mantralaya,

Madam Cama Road, Nariman Point,

Mumbai 400032

Date of Issuance of EoI 26 February 2015

Pre-Bid Meeting 03rd March 2015 at 11 a.m.

Last Date & Time for Bid Submission 09th March 2015 at 5 p.m.



Government of Maharashtra has been a pioneer in promotion of ICT and e-Governance in

India. Maharashtra has been identified as a “Leader” in the area of e-Governance in the

recent study conducted by Government of India. In pursuance to the same speed, DIT

Maharashtra has established the State Resident Data Hub (SRDH). Among other services

offered through SRDH, the Authentication and e-KYC services are utilized by the various

Departments.

State Government Departments would use biometric devices for Authentication and e-

KYC services during service delivery. The State Government departments shall need to

validate the biometric details along with the demographic details of a resident. The

Departments shall produce xml packets which shall be sent to SRDH. SRDH shall encrypt

and digitally sign these xml packets using HSM and send them to CIDR. CIDR would

send back the response which shall have to be decrypted. For this reason, the HSM shall

be procured and used for the encryption & decryption purposes.

In this regard, Directorate of Information Technology, Government of Maharashtra

invites Expression of Interest from OEM / authorized entities of HSM OEMs for SUPPLY,

INSTALLATION, COMMISSIONING AND MAINTENANCE OF HARDWARE

SECURITY MODULE (HSM).

1. Expression of Interest (EOI)

1.1. SETU Maharashtra, a society formed by Government of Maharashtra

(Hereinafter referred to as GoM) vide G. R. dated 23rd August 2002

invites interested OEMs or their authorized entities for SUPPLY,

INSTALLATION, COMMISSIONING AND MAINTENANCE OF HARDWARE

SECURITY MODULE (HSM) AT MAHARASHTRA STATE DATA CENTRE.

1.2. Interested Agencies may submit the application in prescribed forms on or

before the last date of submission i.e. 09th March 2015 at 5 pm at 7th

Floor, DIT, Mantralaya, Mumbai

1.3. Pre-bid meeting will be held on 03rd March 2015 at 11 am in 7th Floor,

DIT, Mantralaya, Mumbai

1.4. The shortlisted agencies shall be eligible to participate in the tender for

SUPPLY, INSTALLATION, COMMISSIONING AND MAINTENANCE OF

HARDWARE SECURITY MODULE (HSM). The agency selected through the

tender shall be awarded the specified work.

2. Overall Process

2.1. The EoI and amendments thereof (if any) shall be published on DIT

website (https://it.maharashtra.gov.in) and can be downloaded by the

interested agencies.

https://it.maharashtra.gov.in/



2.2. Interested agencies can submit their proposals in prescribed format in a

sealed envelope with Subject Line “Expression of Interest (EOI) for

SUPPLY, INSTALLATION, COMMISSIONING AND MAINTENANCE OF

HARDWARE SECURITY MODULE (HSM) AT MAHARASHTRA STATE

DATA CENTRE”. This envelope should contain the two envelopes namely

Pre-Qualification Proposal and Technical Proposal.

2.3. All the bidders will go through the evaluation process as described in the

EoI document (Refer Section 4). Based on the evaluation, the eligible

bidders will be shortlisted based on the selection criteria (Refer section 4).

2.4. Shortlisted agencies will be informed through email and list of selected

agencies will be published on DIT, Government of Maharashtra website.

2.5. DIT Maharashtra reserves the right to reject any incomplete application,

without attributing any reason.

2.6. The successful bidder (referred to as ‘Vendor’) shall be selected from the

shortlisted bidder through a tendering procedure.

3. Indicative Scope of work of the Vendor

3.1. The vendor shall be required to supply, install, commission, maintain and

support the HSM devices to Government of Maharashtra.

3.2. The detailed scope will be subject to change and shall be specified in the

tender document.

3.3. The vendor shall be responsible for supply, installation, commissioning

and maintenance of HSM devices as per the minimum specifications given

in the RFP. The detailed scope of work is provided in subsequent sections.

3.4. The 2 (Two) HSM shall have to be supplied by the vendor at 4th Floor,

New Administrative Building, Opposite Mantralaya, Madam Kama Road,

Mumbai - 400032. All costs related to transportation, taxes and other

regulatory requirements shall have to be borne by the shortlisted bidder

and no separate payment shall be made. The vendor shall also provide

the associated drivers, user manuals, technical documentation, etc. to the

Purchaser.

3.5. The vendor shall be responsible for installation and commissioning of

supplied HSM at the State Data Center. This shall include but not be

limited to physical mounting, installation of associated software,

configuration on device, associated servers & network / security elements

(such as firewall), installation of private & public keys, creation of users &

roles, etc.



3.6. The vendor shall be responsible to demonstrate a duly working HSM. It

shall also provide necessary support in acceptance testing of the supplied

devices.

3.7. The vendor shall be responsible to provide one-time necessary training to

technical officials to setup, install, configure and operate the supplied

devices. The shortlisted bidder shall be responsible to provide one-time

necessary training to software developers for integration of HSM in their

software application.

3.8. The supplied HSM Devices should carry a 60 months comprehensive

onsite replaceable warranty from the date of acceptance sign off provided

by Purchaser. The vendor shall be responsible for the maintenance and

support as per the specified warranty.

4. Evaluation Process of Proposals

4.1. There shall be a three-stage evaluation procedure for shortlisting of

bidders for EOI. The three stages are pre-qualification evaluation,

technical evaluation and device evaluation. The agencies selected in first

stage shall be considered for second stage. The agencies selected in

second stage shall be considered for third stage. The agencies selected in

third stage shall be considered as shortlisted agencies and shall be eligible

to participate in the tender.

4.2. In any of the stage, if the bidder fails to meet the specified criteria or

does not furnish the necessary documents / software / devices will be

considered disqualified.

4.3. Pre-Qualification Stage (Stage-1)

# Pre-qualification Criteria Supporting

Requirement

1. Bidder must be a company Registered in

India under the Company's Act 1956

Certificate of

Incorporation

2. Bidder should be in the business of Supply,

Installation and Maintenance of Hardware

Security Module (HSM) in India for last one

year as on date of submission of bid

Purchase Order and

Completion Certificate

issued by the client

3. Bidder should be Authorized Entity of the

OEM of HSM

Authorization Letter from

OEM

4. The bidder should be registered for Sales

Tax / VAT and should have valid PAN

Copy of Sales Tax / VAT

Registration, Copy of PAN



number Card

5. The firm should not have been blacklisted

by Central Government or any State

Government organization / department in

India at the time of submission of the Bid

Self-Declaration

Note: Consortium / Joint Venture is not allowed.

4.4. Technical Evaluation (Stage-2)

# Description Supporting

Documents

Max.

Score

Cut

Off

Mark

A. Technical Evaluation Framework

1. Bidders Turnover: Total Annual

average turnover of Bidder in last

3 financial years (FY 2013-14,

2012-13, 2011-12)

> 5 Cr = 20 Points

2.5-5 Cr = 15 Points

1 - 5 Cr = 10 Points

CA Certificate 20 55

2. Turnover from HSM device:

Bidder’s turnover from supply,

installation, maintenance and

commission of HSM devices in last

3 financial years (FY 2013-14,

2012-13, 2011-12)

> 1 Cr = 10 Points

0.75 – 1.00 Cr = 07 Points

0.50 – 0.75 Cr = 05 points

Agreement /

Purchase Order(s),

Completion

Certificate, and

Project Details

(Annexure-C)

10

3. HSM devices supplied: Number

of HSM devices supplied in the

last 3 financial years (FY 2013-

14, 2012-13, 2011-12):

>10 devices = 20 points

6 – 10 devices = 15 points

1 – 5 devices = 10 points

Agreement /

Purchase Order(s),

Completion

Certificate, and

Project Details

(Annexure-C)

20

4. Experience in Government:

Experience of supplying HSM

Agreement /

Purchase Order(s),

20



devices (at least one pair)

supplied to Government (Central,

State, ULB, PSB, PSU) in India

>3 Projects = 20 points

2-3 Projects = 15 Points

1 Project = 10 Points

Completion

Certificate, and

Project Details

(Annexure-C)

5. Aadhaar Utilization: OEM’s HSM

device utilized for Aadhaar

Authentication and e-KYC (UIDAI,

ASA/KSA, AUA/KUA)

1 or more project = 5 Points

No projects = 0 points

Agreement /

Purchase Order(s),

Completion

Certificate, and

Project Details

(Annexure-C)

5

B. Demonstration / Presentation

1 Demonstration / Presentation of

the Product by the Bidder

Device Datasheets,

Specifications, etc.

25 15

Total 100 70

Bidders who succeed in getting 55 or higher marks in S. No (A1-A5) would

be invited for presentation and demonstration (approx. duration of 45

minutes) with respect to proposed devices. Technical proposal of bidders

scoring less than 55 in S. No (A1 - A5) shall be considered as non-

responsive and their bids shall not be evaluated any further.

Tendering Authority reserves right to visit (or conduct telephonic

verification) with bidder’s customers where such a similar project

execution has taken place.

Bidders who score overall 70 marks or higher in the technical evaluation,

as per the criteria mentioned above, shall be considered for further

evaluation.

4.5. Device Evaluation (Stage – 3)

The bidders shall be required to supply and install a sample device (of the

proposed make and model of the same capacity or higher) to Purchaser

for evaluation on below mentioned parameters.

Checking of the minimum device specifications

Compatibility with the existing DIT Setup

Compatibility with various relevant applications as desired by DIT



The bidder should ensure the device is supplied to the State Data Centre

within 15 days of the issuance of instructions by the DIT.

5. Minimum Device Specifications

Sr. No.

Parameter Specifications

1. Power Indian power specifications in terms of Phase, Voltage, Frequency, etc.

2. Physical Rack Mountable Redundant/hot-swappable power supply

3. Public Key Algorithm

RSA (Encrypt / Decrypt), RSA (Sign / Verify), ECC (Electric Curve Cryptography)

4. Algorithms Support Asymmetric Algorithm: RSA (1024 - 4096), Diffie-Hellman, KCDSA, ECDSA, ECDH

Symmetric Algorithm: AES, DES, TripleDES, MD5, SHA1, SHA2, SHA256

Hash/HMAC algorithm: MD-5, SHA-1, SHA-2, SHA 256

Key Exchange Mechanism: DES / TripleDES, AES Algorithm

Cryptographic algorithms: Asymmetric Key with Diffie-Hellman (1024-4096 bit), RSA (512-4096 bit) and (PKCS#1 v1.5, OAEP PKCS#1 v2.0), Digital Signing via RSA (1024-4096-bit), DSA (512-1024-bit), EC Brainpool Curves Suite B Algorithm Support and ARIA support

Full Suite B implementation

5. Signing Speed More than 300 transactions per second with RSA-2048 bits

6. Certifications FIPS 140-2 Level 3

7. Standards ROHS, FCC Part 13 Class B, CC EAL+

8. Key Length Support

1024 to 4096

9. APIs Published API for various functionalities to integrate with the Application software

10. Compatibility PKCS#11, CAPI, OpenSSL, JCE/JCA

11. Connectivity Ethernet Network based appliance, Should have Network Connectivity over TCP/IP for cryptographic communication between applications and HSM

12. OS Support Windows 2008 (32 & 64 bits) and above, Red Hat Linux (32 & 64 bits) Version 6 and above



Virtual: VMware, Hyper-V

13. Key Generation, Digital Signing and Verification, and Storage

Onboard key generation, Digital Signing & Verification process to be done inside the HSM only for better performance and security

Private Keys should always be securely generated in the Hardware and securely stored in the Hardware.

14. Administration, Backup and Disaster Recovery

Should support hardware based secure Backup & Restoration, Disaster Recovery and should support Remote Management & Administration with multiple factor Authentication.

15. Others It should support secure transportation of HSM device from one facility to another.

It should also ensure that it is tamper proof and in case of any tampering, necessary information/logs are captured

16. Number of Keys Should be able to support at least 100 keys

17. Number of Applications

Should be able to support at least 25 applications

18. Scalability Should be scalable up through additional devices and/or device upgrade.

19. Additional Software Additional / specific software’s if any, required to support multiple HSM appliances to be provided

20. Support OEM should provide 24x7 telephonic and email based support. For telephonic support, an Indian Telephone Number (preferably toll-free) should be available

21. End-of-Life The proposed product / solution should not be End-of-life and shall not reach End-of-life within 24 months from the date of submission of bid or 12 months from the date of acceptance, whichever is later

22. Upgrades, Patches, etc.

Provide new version upgrades, updates, patches, etc. for all the components / sub-components through the period of contract

23. End-of-support The proposed product / solution should not reach end-of-support during the currency of contract

6. Terms and Conditions

6.1. This EOI is for OEMs or their authorized entities

6.2. The bidder will provide an unit for evaluation purpose and for the duration

as desired by the department



6.3. EOI empaneled agencies must sign Non-Disclosure Agreement (NDA)

(Annexure B) with Government of Maharashtra

6.4. Force Majeure: For the purpose of this clause, ‘Force Majeure’ shall mean

an event that is unforeseeable, beyond the control of the parties and not

involving the parties’ fault or negligence. Such events may include acts of

the Government either in its sovereign or in its contractual capacity, war,

civil war, insurrection, riots, revolutions, fire, floods, epidemics,

quarantine, restrictions, freight, embargoes, radioactivity and

earthquakes. The empaneled Agency / Individual shall not be liable if the

delay in the discharge of its obligations under this agreement is the result

of an event of Force Majeure as defined above.

If a Force Majeure situation arises the OEM/ Authorized entities shall

promptly notify to the DIT in writing of such conditions and the cause

thereof. Unless otherwise directed by DIT in writing, the shall continue to

perform its obligations, as far as it is reasonably practical and shall seek

all reasonable means of performance not prevented by the Force Majeure

event.

7. Contact Details

Email ID [email protected]

[email protected]

Contact Person Shri. Ravindra Dhamnikar

State Nodal Officer UID

Government of Maharashtra

Phone No. 022-22026534

mailto:[email protected]



Annexure A

Expression of Interest form for SUPPLY, INSTALLATION, COMMISSIONING AND

MAINTENANCE OF HARDWARE SECURITY MODULE (HSM), DIT Maharashtra

OEM / Auth. Entity’s Name

Contac Person

Contact Mail Id

Contact Number

Contact Details (You must complete at least line 1 and 2 and the post code)

Office / Workplace

address

Post code

Contact Number

Mobile phone

Annual Turnover

2011-12 2012-13 2013-2014

Turnover from HSM Device

2011-12 2012-13 2013-2014

Documents Required

Profile of the OEM / Authorized Entities in maximum 5 pages (attach on different paper sheet)

PoA / Board Resolution authorizing the Proposal Signatory and OEM Signatory

Certificate of Incorporation

CA Certificate stating the annual turnover and turnover from HSM Device

Agreement / Purchase Order and Completion Certificate issued by the client

(including details as per Annexure-C)

Authorization Letter from OEM

Copy of Sales Tax / VAT Registration, Copy of PAN Card

Non - Blacklisting Self-Declaration (as per Annexure – D)

Compliance Declaration by OEM (as per Annexure-E) * Note: EOI applicant may attach separate sheets to elaborate more information in Annexure A.



ANNEXURE B

NON-DISCLOSURE AGREEMENT

This ("Agreement") is made and entered into ______day

of________month__________year (effective date) by and between Government of

Maharashtra and _____________________________________ (Agency / Individual).

Whereas, Government of Maharashtra and Agency / Individual have entered into an

Agreement ("Agreement") _________________ Effective _______________ for

____________________________; and whereas, each party desires to disclose to the

other party certain information in oral or written form which is proprietary and

confidential to the disclosing party, ("CONFIDENTIAL INFORMATION").

NOW, THEREFORE, in consideration of the foregoing and the covenants and agreements

contained herein, the parties agree as follows:

1. Definitions. As used herein:

1.1 The term “Confidential Information” shall include, without limitation, all

information and materials, furnished by either Party to the other in connection

with citizen/users/persons/customers data, products and/or services, including

information transmitted in writing, orally, visually, (e.g. video terminal display)

or on magnetic or optical media, and including all proprietary information,

customer & prospect lists, trade secrets, trade names or proposed trade names,

methods and procedures of operation, commercial or marketing plans, licensed

document knowhow, ideas, concepts, designs, drawings, flow charts, diagrams,

quality manuals, checklists, guidelines, processes, formulae, source code

materials, specifications, programs, software packages, codes and other

intellectual property relating to the disclosing party’s data, computer database,

products and/or services. Results of any tests, sample surveys, analytics, data

mining exercises or usages etc. carried out by the receiving party in connection

with the Department’s Information including citizen/users/persons/customers

personal or sensitive personal information as defined under any law for the time

being in force shall also be considered Confidential Information.

1.2 The term, “Directorate Information Technology (DIT) Maharashtra” shall include

the officers, employees, agents, consultants, contractors and representatives of

Department.

1.3 The term, “Agency/Individual” shall include the directors, officers, employees,

agents, consultants, contractors and representatives of Company, freelance

developer, students, and research associates.



2 Protection of Confidential Information. With respect to any Confidential

Information disclosed to it or to which it has access, Agency / Individual affirms that

it shall:

2.1 Use the Confidential Information as necessary only in connection with Project

and in accordance with the terms and conditions contained herein;

2.2 Not to make or retain copy of any commercial or marketing plans,

citizen/users/persons/customers database, Proposals developed by or originating

from Department or any of the prospective clients of Department except as

necessary, under prior written intimation from Department, in connection with

the Project, and ensure that any such copy is immediately returned to

Department even without express demand from Department to do so;

2.3 Not disclose or in any way assist or permit the disclosure of any Confidential

Information to any other person or entity without the express written consent of

the other party; and

2.4 Return to the other party, or destroy, at Department’s discretion, any and all

Confidential Information disclosed in a printed form or other permanent record,

or in any other tangible form (including without limitation, all copies, notes,

extracts, analyses, studies, summaries, records and reproductions thereof)

immediately upon the earlier to occur of (i) expiration or termination of either

party’s engagement in the Project, or (ii) the request of the other party

therefore.

2.5 Not to discuss with any member of public, media, press, any or any other person

about the nature of arrangement entered between Department and Agency /

Individual or the nature of services to be provided by the Agency / Individual to

the Department.

3 Onus. Agencies / Individual shall have the burden of proving that any disclosure or

use inconsistent with the terms and conditions hereof falls within any of the

foregoing exceptions.

4 Exceptions. These restrictions as enumerated in section 1 of this Agreement shall

not apply to any Confidential Information:

4.1 Which is independently developed by Agency / Individual or lawfully received

from another source free of restriction and without breach of this Agreement;

or

4.2 After it has become generally available to the public without breach of this

Agreement by Agency / Individual; or

4.3 Which at the time of disclosure to Agency / Individual was known to such

party free of restriction and evidenced by documentation in such party’s

possession; or which Department agrees in writing is free of such restrictions.

4.4 Which is received from a third party not subject to the obligation of

confidentiality with respect to such Information.



5 Remedies. Agency / Individual acknowledges that (a) any actual or threatened

disclosure or use of the Confidential Information by Agency / Individual would be a

breach of this agreement and may cause immediate and irreparable harm to

Government of Maharashtra (GoM); (b) Agency / Individual affirms that damages

from such disclosure or use by it may be impossible to measure accurately; and (c)

injury sustained by GoM may be impossible to calculate and remedy fully.

Therefore, Agency / Individual acknowledges that in the event of such a breach,

GoM shall be entitled to specific performance by Agency / Individual of Agency /

Individual’s obligations contained in this Agreement. In addition Agency / Individual

shall indemnify Department of the actual and liquidated damages which may be

demanded by Department. Moreover, Department shall be entitled to recover all

costs (including reasonable attorneys’ fees) which it or they may incur in connection

with defending its interests and enforcement of legal rights arising due to a breach

of this agreement by Agency / Individual.

6 Need to Know. Agency / Individual shall restrict disclosure of such Confidential

Information to its employees and/or consultants with a need to know (and advise

such employees of the obligations assumed herein), shall use the Confidential

Information only for the purposes set forth in the Agreement, and shall not disclose

such Confidential Information to any affiliates, subsidiaries, associates and/or third

party without prior written approval of the disclosing party.

7 Intellectual Property Rights Protection. No license to a party, under any

trademark, patent, copyright, design right, mask work protection right, or any other

intellectual property right is either granted or implied by the conveying of

Confidential Information to such party.

8 No Conflict. The parties represent and warrant that the performance of its

obligations hereunder do not and shall not conflict with any other agreement or

obligation of the respective parties to which they are a party or by which the

respective parties are bound.

9 Authority. The parties represent and warrant that they have all necessary authority

and power to enter into this Agreement and perform their obligations hereunder.

10 Dispute Resolution. If any difference or dispute arises between the Department

and the Agency / Individual in connection with the validity, interpretation,

implementation or alleged breach of any provision of this Agreement, any such

dispute shall be referred to the Principle Secretary, Information Technology, and

Maharashtra Government.

10.1 The arbitration proceedings shall be conducted in accordance with the

(Indian) Arbitration & Conciliation Act, 1996 & amendments thereof.

10.2 The place of arbitration shall be Mumbai.

10.3 The arbitrator’s award shall be substantiated in writing and binding on the

parties.

10.4 The proceedings of arbitration shall be conducted in English language.

10.5 The arbitration proceedings shall be completed within a period of 180

days from the date of reference of the dispute to arbitration.

11 Governing Law. This Agreement shall be interpreted in accordance with and

governed by the substantive and procedural laws of India and the parties hereby

consent to the exclusive jurisdiction of Courts and/or Forums situated at Mumbai,

India only.

12 Entire Agreement. This Agreement constitutes the entire understanding and

agreement of the parties, and supersedes all previous or contemporaneous



agreement or communications, both oral and written, representations and under

standings among the parties with respect to the subject matter hereof.

13 Amendments. No amendment, modification and/or discharge of this Agreement

shall be valid or binding on the parties unless made in writing and signed on behalf

of each of the parties by their respective duly authorized officers or representatives.

14 Binding Agreement. This Agreement shall be binding upon and inure to the

benefit of the parties hereto and their respective successors and permitted assigns.

15 Severability. It is the intent of the parties that in case any one or more of the

provisions contained in this Agreement shall be held to be invalid or unenforceable in

any respect, such provision shall be modified to the extent necessary to render it, as

modified, valid and enforceable under applicable laws, and such invalidity or

unenforceability shall not affect the other provisions of this Agreement.

16 Waiver. If either party should waive any breach of any provision of this Agreement,

it shall not thereby be deemed to have waived any preceding or succeeding breach

of the same or any other provision hereof.

17 Survival. Both parties agree that all of their obligations undertaken herein with

respect to Confidential Information received pursuant to this Agreement shall survive

till perpetuity even after any expiration or termination of this Agreement.

18 Non-solicitation. During the term of this Agreement and thereafter for a further

period of two (2) years Agency / Individual shall not solicit or attempt to solicit

Department’s employees and/or consultants, for the purpose of hiring/contract or to

proceed to conduct operations/business similar to Department with any employee

and/or consultant of the Department who has knowledge of the Confidential

Information, without the prior written consent of Department. This section will

survive irrespective of the fact whether there exists a commercial relationship

between Agency / Individual and Department.

19 Term. Subject to aforesaid section 17, this Agreement shall remain valid up to ………

Years from the “effective date”.

IN WITNESS HEREOF, and intending to be legally bound, the parties have executed this

Agreement to make it effective from the date and year first written above.

For Government of Maharashtra For OEM/Agency



Annexure C - Format of project experience

Summary Table for Relevant Project Experience

Sl. No. Name of Project Year of Project Page Number

1.

2.

3.

4.

5.

Detailed Project Experience (please provide separate table for each project)

Project Information

Name of the project

Client for which the project was

executed

Name and contact details of the

client

Project Details

Description of the project

Scope of services

Start date



Completion date

Duration of the project

Other Relevant Information (if any)

Supporting Documents enclosed (√):

Work Order received from Client/ Copy of Contract signed between

Implementation Partner and client

Scope of Work highlighted(Y/N)

Period of Contract Highlighted(Y/N)

Other (if any)

Date: Signature of Authorized Representative

Name of Bidder:

Full Address:

Telephone No.:



Annexure D – Self-declaration by bidder for not being

blacklisted

[ON BIDDERS LETTERHEAD]

Date: DD/MM/YYYY

To

The Director,


Government of Maharashtra,


Madam Cama Road,

Mumbai – 400032

Sub: Declaration of no valid ineligibility for corrupt or fraudulent practices or blacklisted

with any of the Government agencies in India during the last three years

Ref: <<RFP Title >> (Bidding Document No: __________ Dated: __/__/____) Sir,

In response to the above mentioned RFP I,_______________, as ________

<Designation>______ of M/s_____________, hereby declare that our Company / Firm

__________is having unblemished past record and is not declared blacklisted or

ineligible to participate for bidding by any State/Central Govt., Semi-government or PSU

/ PSB due to unsatisfactory performance, breach of general or specific instructions,

corrupt / fraudulent or any other unethical business practices during the last three years.

Date: Signature of Authorized Representative

Name of Bidder:

Full Address:

Telephone No.:



Annexure E – Compliance to Device Specification

[ON OEM LETTERHEAD]

Date: DD/MM/YYYY

To

The Director,


Government of Maharashtra,


Madam Cama Road,

Mumbai – 400032

Sub: Compliance to HSM Device Specifications, UIDAI Guidelines, CCA Guidelines and IT

Act

Ref: <<RFP Title >> (Bidding Document No: __________ Dated: __/__/____) Sir,

We, <Name of OEM>, hereby declare that the device <Make and Model Number>,

proposed in this EOI response is completely compliant with UIDAI Guidelines, CCA

Guidelines and IT Act 2000 (including Amendments). The detailed compliance regarding

the Minimum Specifications specified in the EOI document is provided below.

Sr. No.

Parameter Specifications Compliance (Compliant and Non-Compliant)

1. Power Indian power specifications in terms of Phase, Voltage, Frequency, etc.

2. Physical Rack Mountable Redundant/hot-swappable power supply

3. Public Key Algorithm

RSA (Encrypt / Decrypt), RSA (Sign / Verify), ECC (Electric Curve Cryptography)

4. Algorithms Support

Asymmetric Algorithm: RSA (1024 - 4096), Diffie-Hellman, KCDSA, ECDSA, ECDH

Symmetric Algorithm: AES, DES, TripleDES, MD5, SHA1, SHA2, SHA256

Hash/HMAC algorithm: MD-5, SHA-1, SHA-2, SHA 256

Key Exchange Mechanism: DES / TripleDES, AES Algorithm

Cryptographic algorithms: Asymmetric



Key with Diffie-Hellman (1024-4096 bit), RSA (512-4096 bit) and (PKCS#1 v1.5, OAEP PKCS#1 v2.0), Digital Signing via RSA (1024-4096-bit), DSA (512-1024-bit), EC Brainpool Curves Suite B Algorithm Support and ARIA support

Full Suite B implementation

5. Signing Speed More than 300 transactions per second with RSA-2048 bits

6. Certifications FIPS 140-2 Level 3

7. Standards ROHS, FCC Part 13 Class B, CC EAL+

8. Key Length Support

1024 to 4096

9. APIs Published API for various functionalities to integrate with the Application software

10. Compatibility PKCS#11, CAPI, OpenSSL, JCE/JCA

11. Connectivity Ethernet Network based appliance, Should have Network Connectivity over TCP/IP for cryptographic communication between applications and HSM

12. OS Support Windows 2008 (32 & 64 bits) and above, Red Hat Linux (32 & 64 bits) Version 6 and above

Virtual: VMware, Hyper-V

13. Key Generation, Digital Signing and Verification, and Storage

Onboard key generation, Digital Signing & Verification process to be done inside the HSM only for better performance and security

Private Keys should always be securely generated in the Hardware and securely stored in the Hardware.

14. Administration, Backup and Disaster Recovery

Should support hardware based secure Backup & Restoration, Disaster Recovery and should support Remote Management & Administration with multiple factor Authentication.

15. Others It should support secure transportation of HSM device from one facility to another.

It should also ensure that it is tamper proof and in case of any tampering, necessary information/logs are captured

16. Number of Keys Should be able to support at least 100 keys.



17. Number of Applications

Should be able to support at least 25 applications

18. Scalability Should be scalable up through additional devices and/or device upgrade.

19. Additional Software

Additional / specific software’s if any, required to support multiple HSM appliances to be provided

20. Support OEM should provide 24x7 telephonic and email based support. For telephonic support, an Indian Telephone Number (preferably toll-free) should be available

21. End-of-Life The proposed product / solution should not be End-of-life and shall not reach End-of-life within 24 months from the date of submission of bid or 12 months from the date of acceptance, whichever is later

22. Upgrades, Patches, etc.

Provide new version upgrades, updates, patches, etc. for all the components / sub-components through the period of contract

23. End-of-support The proposed product / solution should not reach end-of-support during the currency of contract

Date: Signature of OEM’s Authorized Representative

Name of Bidder:

Telephone No.: