QSCD | Giesecke+Devrient Mobile Security GmbH | STARCOS 3.6 QES C1

Certificate SRC.00025.TE.06.2016 Certificate SRC.00025.TE.06.2016 // Amendment 1 Confirmation SRC.00025.TE.06.2016 Confirmation SRC.00025.TE.06.2016 // Amendment 1

Type of certification	QSCD \| Certification of qualified signature and seal creation devices
SRC certificate registration number	SRC.00025.TE.06.2016
Valid from	June 8, 2016
Valid until	December 31, 2022
Certificate holder	Giesecke+Devrient Mobile Security GmbH
Certified product	STARCOS 3.6 QES C1
Test method	According to the regulations of SigG and SigV, the confirmation was performed on the basis of a Common Criteria Evaluation according to the Protection Profiles “Protection Profile for secure signature creation device – Part 2: Device with key generation” and “Protection profiles for secure signature creation device, Part 4: Extension for device with key generation and trusted communication with certificate generation application”. The evaluation was performed with Evaluation Assurance Level (EAL) 4+ and assuming an high attack potential (augmentation AVA_VAN.5).
The audit includes	the Common Criteria Evaluation of the product “STARCOS 3.6 QES C1” according to the following Protection Profiles with Evaluation Assurance Level (EAL) 4+ (EAL 4 with the augmentation package AVA_VAN.5): “Protection Profiles for secure signature creation device — Part 2: Device with key generation” “Protection profiles for secure signature creation device, Part 4: Extension for device with key generation and trusted communication with certificate generation application”, the confirmation of the product according to article 15 paragraph 7 sentence 1, article 17 paragraph 1 Signaturgesetz (SigG) as well as article 15 paragraphs 1 and 4, article 11 paragraph 3 Signaturverordnung (SigV) by the confirmation body of SRC that is accredited by Bundesnetzagentur and an amendment for extension of the confirmation (supplement to the details about the manufacturer). In accordance with the transitional measures of article 51, paragraph 1 of Regulation (EU) No. 910/2014, the product can be considered as qualified signature creation device (QSCD) in the sense given in this regulation.
Description	The product “STARCOS 3.6 QES C1” is a secure signature creation device (SSCD) in accordance with SigG and SigV. The card is a dual interface card and has a contact-based and a contactless interface. The product consists (among other things) of the semiconductor (IC) M7893 B11 from Infineon , the card operating system STARCOS 3.6 COS C1 and an application for generating qualified signatures. The product is an electronic health professional card of the German e-health system. That means, besides the application for generation of qualified electronic signatures, the card contains additional applications pursuant to requirements from Gematik on the filesystem of electronic health professional cards. SRC confirms that the product “STARCOS 3.6 QES C1” of Giesecke+Devrient Mobile Security GmbH fulfills the requirements of article 17 paragraph 1 and paragraph 3 number 1 SigG and article 15 paragraph 1 and 4, annex 1, I, 1.1 to 1.3 SigV. In accordance with the transitional measures of article 51, paragraph 1 of Regulation (EU) No. 910/2014, the product can be considered as qualified signature creation device (QSCD) in the sense given in this Regulation.