QSCD | Giesecke+Devrient Mobile Security GmbH | STARCOS 3.7 HBA G2.1 (R2)

Type of certificationQSCD | Certification of qualified signature and seal creation devices
SRC certificate registration numberSRC.00047.QSCD.06.2022
Valid from29 June 2022
Valid until31 December 2029
Certificate holderGiesecke+Devrient Mobile Security GmbH
Certified productSTARCOS 3.7 HBA G2.1 (R2)
Test methodAccording to article 30 (3) a) of Regulation (EU) No. 910/2014, the certification was done on basis of a Common Criteria Evaluation against the Protection Profiles EN 419211-2:2013 and EN 419211-5:2014, which are listed in the Commission Implementing Decision (EU) 2016/650 of 25 April 2016.
The audit includes
  • The Common Criteria Evaluation of the product “STARCOS 3.7 HBA G2.1 (R2)” according to the following Protection Profiles with Evaluation Assurance Level (EAL) 4+ (EAL 4 with the augmentation package AVA_VAN.5):
    • “Protection profiles for secure signature creation device, Part 2: Device with key generation” (EN 419211-2:2013) and
    • “Protection profiles for secure signature creation device, Part 5: Extension for device with key generation and trusted communication with signature generation application” (EN 419211-5:2014) as well as
  • the certification of the product according to article 30 (3) a) of Regulation (EU) No. 910 / 2014 by the certification body of SRC notified by the Federal Network Agency to the EU Commission.
DescriptionThe product “STARCOS 3.7 HBA G2.1 (R2)” is a qualified signature creation device (QSCD). The card is a dual interface card and has a contact-based and a contactless interface.

The product consists (among other things) of the security controller IFX_CCI_000005h from Infineon, the card operating system STARCOS 3.7 COS HBA-SMC and an application for the generation of qualified signatures.

The product is an electronic health professional card of the German e-health system. That means, besides the application for the generation of qualified electronic signatures, the card contains additional applications pursuant to requirements from Gematik on the filesystem of electronic health professional cards.

SRC confirms that the product “STARCOS 3.7 HBA G2.1 (R2)” of Giesecke+Devrient Mobile Security GmbH fulfills the requirements of annex II of Regulation (EU) No. 910/2014 (eIDAS-Regulation) for qualified signature creation devices.