Type of certification
|QSCD | Certification of qualified signature and seal creation devices|
|SRC certificate registration number||SRC.00025.TE.06.2016|
|Valid from||June 8, 2016|
|Valid until||December 31, 2022|
|Certificate holder||Giesecke+Devrient Mobile Security GmbH|
|Certified product||STARCOS 3.6 QES C1|
|Test method||According to the regulations of SigG and SigV, the confirmation was performed on the basis of a Common Criteria Evaluation according to the Protection Profiles “Protection Profile for secure signature creation device – Part 2: Device with key generation” and “Protection profiles for secure signature creation device, Part 4: Extension for device with key generation and trusted communication with certificate generation application”. The evaluation was performed with Evaluation Assurance Level (EAL) 4+ and assuming an high attack potential (augmentation AVA_VAN.5).|
|The audit includes||
In accordance with the transitional measures of article 51, paragraph 1 of Regulation (EU) No. 910/2014, the product can be considered as qualified signature creation device (QSCD) in the sense given in this regulation.
|Description||The product “STARCOS 3.6 QES C1” is a secure signature creation device (SSCD) in accordance with SigG and SigV. The card is a dual interface card and has a contact-based and a contactless interface.
The product consists (among other things) of the semiconductor (IC) M7893 B11 from Infineon , the card operating system STARCOS 3.6 COS C1 and an application for generating qualified signatures.
The product is an electronic health professional card of the German e-health system. That means, besides the application for generation of qualified electronic signatures, the card contains additional applications pursuant to requirements from Gematik on the filesystem of electronic health professional cards.
SRC confirms that the product “STARCOS 3.6 QES C1” of Giesecke+Devrient Mobile Security GmbH fulfills the requirements of article 17 paragraph 1 and paragraph 3 number 1 SigG and article 15 paragraph 1 and 4, annex 1, I, 1.1 to 1.3 SigV.
In accordance with the transitional measures of article 51, paragraph 1 of Regulation (EU) No. 910/2014, the product can be considered as qualified signature creation device (QSCD) in the sense given in this Regulation.