Outstanding Cryptography Project (KMS/HSM) - RFP








Frankfurt am Main



Project Description and Scope


The dbKeyProtect Modernisation project was created to adapt the existing dbKeyProtect global service to the new business requirements and environments by following the below steps:



Already realized in 2018:


Customer Landscape Survey: To understand the customer’s existing and future cryptography requirements. Market Research: To prepare a Long and Short list of HSM and KMS product vendors and their offerings. Workshops and POCs (proof-of-concept) to identify the product vendors that are ideal for the customer dbKeyProtect Modernisation and KMS project



To be achieved by continuing the project until December 2019:


Implement the dbKeyProtect Modernisation project by Cryptomathic:
Implement the dbKeyProtect modernisation solution with new/existing HSMs and new KMS.
This involves initializing, configuring and deploying the HSM devices and KMS instances to the EMEA data centre for Dev, UAT and Prod/DR environments


Migration of applications using dbKeyProtect service by an Implementation vendor:
The applications using dbKeyProtect service at present are using HSMs for their crypto requirements.

With the technology modernisation, applications will be using KMS for their crypto requirements with the HSMs acting as root of trust. This requires migration of applications to use crypto functionalities of reduced HSMs and the new central KMS solution.


On-boarding of new applications using dbKeyProtect service:
One of the major reasons for the modernisation project is to extend the dbKeyProtect service for applications with diverse cryptographic requirements as well as for those hosted on different platforms.



Operational level (m\w\d)


  • One Security SME (subject matter expert) with a strong proven track of long-term KMS experiences to QA the new Cryptomathic soft- and hardware solution to be transitioned and transformed for the customer

  • One Security Analyst with Crypto long-term experienced in Pilot and mass rollout planning and execution (due diligence of application assessment, transition and transformation) to cover the entire customer application on-boarding in parallel streams

  • One Scrum experienced strong P.O. (Product Owner) Delegate to support the customer Scrum P.O. in relevant agile methods, techniques and strategies





The scope of this project support requirement is to implement the dbKeyProtect service by performing the following activities:


Execute pilot and Lessons Learned of dbKeyProtect modernisation through upgrade of existing applications types (mainly using different interfaces to access cryptographic services such as JCA/JCE, PKCS11, OpenSSL, MSCAPI) and on-boarding of one new application


Migration of existing customer applications to the new Cryptographic KMS solution





  • Planning of the Pilot solution until Lessons Learned

  • QA of testing and deploying the new KMS (key management service) solution

  • Migration of about 60 existing dbKeyProtect the customer application clients

  • On-boarding of about 20+ new the customer applications to new dbKeyProtect service

  • Handover and acceptance


In terms of data-protection law please contact us for further information until Monday the 18th of March