QSCD | Giesecke+Devrient Mobile Security GmbH | STARCOS 3.6 QES C1



Type of certification

QSCD | Certification of qualified signature and seal creation devices
SRC certificate registration numberSRC.00025.TE.06.2016
Valid fromJune 8, 2016
Valid untilDecember 31, 2022
Certificate holderGiesecke+Devrient Mobile Security GmbH
Certified productSTARCOS 3.6 QES C1
Test methodAccording to the regulations of SigG and SigV, the confirmation was performed on the basis of a Common Criteria Evaluation according to the Protection Profiles “Protection Profile for secure signature creation device – Part 2: Device with key generation” and “Protection profiles for secure signature creation device, Part 4: Extension for device with key generation and trusted communication with certificate generation application”. The evaluation was performed with Evaluation Assurance Level (EAL) 4+ and assuming an high attack potential (augmentation AVA_VAN.5).
The audit includes
  • the Common Criteria Evaluation of the product “STARCOS 3.6 QES C1” according to the following Protection Profiles with Evaluation Assurance Level (EAL) 4+ (EAL 4 with the augmentation package AVA_VAN.5):
    • “Protection Profiles for secure signature creation device — Part 2: Device with key generation”
    • “Protection profiles for secure signature creation device, Part 4: Extension for device with key generation and trusted communication with certificate generation application”,
  • the confirmation of the product according to article 15 paragraph 7 sentence 1, article 17 paragraph 1 Signaturgesetz (SigG) as well as article 15 paragraphs 1 and 4, article 11 paragraph 3 Signaturverordnung (SigV) by the confirmation body of SRC that is accredited by Bundesnetzagentur and
  • an amendment for extension of the confirmation (supplement to the details about the manufacturer).

In accordance with the transitional measures of article 51, paragraph 1 of Regulation (EU) No. 910/2014, the product can be considered as qualified signature creation device (QSCD) in the sense given in this regulation.

DescriptionThe product “STARCOS 3.6 QES C1” is a secure signature creation device (SSCD) in accordance with SigG and SigV. The card is a dual interface card and has a contact-based and a contactless interface.

The product consists (among other things) of the semiconductor (IC) M7893 B11 from Infineon , the card operating system STARCOS 3.6 COS C1 and an application for generating qualified signatures.

The product is an electronic health professional card of the German e-health system. That means, besides the application for generation of qualified electronic signatures, the card contains additional applications pursuant to requirements from Gematik on the filesystem of electronic health professional cards.

SRC confirms that the product “STARCOS 3.6 QES C1” of Giesecke+Devrient Mobile Security GmbH fulfills the requirements of article 17 paragraph 1 and paragraph 3 number 1 SigG and article 15 paragraph 1 and 4, annex 1, I, 1.1 to 1.3 SigV.

In accordance with the transitional measures of article 51, paragraph 1 of Regulation (EU) No. 910/2014, the product can be considered as qualified signature creation device (QSCD) in the sense given in this Regulation.