|Type of certification||QSCD | Certification of qualified signature and seal creation devices|
|SRC certificate registration number||SRC.00047.QSCD.06.2022|
|Valid from||29 June 2022|
|Valid until||31 December 2029|
|Certificate holder||Giesecke+Devrient Mobile Security GmbH|
|Certified product||STARCOS 3.7 HBA G2.1 (R2)|
|Test method||According to article 30 (3) a) of Regulation (EU) No. 910/2014, the certification was done on basis of a Common Criteria Evaluation against the Protection Profiles EN 419211-2:2013 and EN 419211-5:2014, which are listed in the Commission Implementing Decision (EU) 2016/650 of 25 April 2016.|
|The audit includes||
|Description||The product “STARCOS 3.7 HBA G2.1 (R2)” is a qualified signature creation device (QSCD). The card is a dual interface card and has a contact-based and a contactless interface.
The product consists (among other things) of the security controller IFX_CCI_000005h from Infineon, the card operating system STARCOS 3.7 COS HBA-SMC and an application for the generation of qualified signatures.
The product is an electronic health professional card of the German e-health system. That means, besides the application for the generation of qualified electronic signatures, the card contains additional applications pursuant to requirements from Gematik on the filesystem of electronic health professional cards.
SRC confirms that the product “STARCOS 3.7 HBA G2.1 (R2)” of Giesecke+Devrient Mobile Security GmbH fulfills the requirements of annex II of Regulation (EU) No. 910/2014 (eIDAS-Regulation) for qualified signature creation devices.