QSCD | Giesecke+Devrient Mobile Security GmbH | STARCOS 3.6 QES C1

• the Common Criteria evaluation of the product “STARCOS 3.6 QES C1” according to the following Protection Profiles with evaluation assurance level EAL 4+ (EAL 4 with augmentation AVA_VAN.5):
  • “Protection profiles for secure signature creation device, Part 2: Device with key generation”
  • “Protection profiles for secure signature creation device, Part 4: Extension for device with key generation and trusted communication with certificate generation application”
• the attestation of the product according to §§ 15 para. 7 sentence 1, 17 para. 1 Signature Act (SigG) as well as §§ 15 para. 1 and 4, 11 para. 3 Signature Ordinance (SigV) by the SRC attestation body accredited by the Federal Network Agency and
• an addendum to extend the attestation (addition of manufacturer details).

Due to the transitional measures according to Regulation (EU) No. 910/2014, Article 51, para. 1, the product is considered a QSCD according to the said regulation.

The product consists, among other things, of the semiconductor (IC) M7893 B11 from Infineon, the STARCOS 3.6 COS C1 card operating system, and an application for generating qualified signatures.

The product is a health professional card for German healthcare telematics, meaning that in addition to the dedicated application for generating qualified electronic signatures, other applications are located on the card according to the requirements of Gematik for the health professional card’s file system.

SRC certifies that the product “STARCOS 3.6 QES C1” from Giesecke+Devrient Mobile Security GmbH meets the requirements according to § 17 para. 1 and 3 no. 1 SigG as well as § 15 para. 1 and 4, Annex 1, I, 1.1 to 1.3 SigV.

Due to the transitional measures according to Regulation (EU) No. 910/2014, Article 51, para. 1, the product is considered a QSCD according to the said regulation.