This page was not yet optimized for use on mobile devices.
STARCOS 3.7 COS GKV C3
CSV information ?
| Status | active |
|---|---|
| Valid from | 02.09.2022 |
| Valid until | 02.09.2027 |
| Scheme | 🇩🇪 DE |
| Manufacturer | G+D Mobile Security GmbH |
| Category | ICs, Smart Cards and Smart Card-Related Devices and Systems |
| Security level | ALC_DVS.2, AVA_VAN.5, ATE_DPT.2, EAL4+ |
| Protection profiles |
Heuristics summary ?
Certificate ID: BSI-DSZ-CC-1198-2022
Certificate ?
Extracted keywords
Operating System name
STARCOS 3Vendor
Giesecke+DevrientSecurity level
EAL 4, EAL 5, EAL 2, EAL 4 augmentedSecurity Assurance Requirements (SAR)
ALC_DVS.2, ATE_DPT.2, AVA_VAN.5Protection profiles
BSI-CC-PP-0082-V4-Certificates
BSI-DSZ-CC-1198-2022Standards
ISO/IEC 15408, ISO/IEC 18045File metadata
| Title | Certificate BSI-DSZ-CC-1198-2022 |
|---|---|
| Subject | Common Criteria, Certification, Zertifizierung, G2 COS, eHealth |
| Keywords | Common Criteria, Certification, Zertifizierung, G2 COS, eHealth |
| Author | Bundesamt für Sicherheit in der Informationstechnik |
| Pages | 1 |
Certification report ?
Extracted keywords
Symmetric Algorithms
AES, CMACAsymmetric Algorithms
RSA-OAEP, ECDH, ECDSA, ECC, Diffie-Hellman, DHHash functions
SHA-256Schemes
MAC, Key AgreementProtocols
PACERandomness
PRNG, RNGBlock cipher modes
CBCOperating System name
STARCOS 3Vendor
STMicroelectronics, Thales, Giesecke+Devrient, Giesecke & Devrient, G+DSecurity level
EAL 4, EAL 5, EAL 2, EAL 1, EAL 2+, EAL5+, EAL6, EAL 5+, EAL 6, EAL 4 augmentedClaims
A.USecurity Assurance Requirements (SAR)
ADV_ARC, ALC_DVS.2, ALC_FLR, ALC_CMC.4, ALC_CMS.4, ALC_DEL.1, ALC_LCD.1, ALC_TAT.1, ATE_DPT.2, AVA_VAN.5Security Functional Requirements (SFR)
FCS_COP, FCS_CKM, FCS_RNG.1, FCS_RNG, FIA_UAU, FIA_USB, FPT_ITE.1, FTP_ITCProtection profiles
BSI-CC-PP-0082-V4-, BSI-CC-PP-0082-V4-2019Certificates
BSI-DSZ-CC-1198-2022, BSI-DSZ-CC-S-0185-2021, ANSSI-CC-2020/04-M01, ANSSI-CC-2020/04Evaluation facilities
CESTI, SRC Security Research & ConsultingSide-channel analysis
side channel, DPA, SPA, physical tampering, malfunction, DFA, fault injection, JILCertification process
being maintained, is not given any longer. In particular, prior to the dissemination of confidential documentation and information related to the TOE or resulting from the evaluation and certification, Target STARCOS 3.7 COS GKV C3, Version 1.4, 05 August 2022, Giesecke+Devrient Mobile Security GmbH (confidential document) 7 specifically • AIS 1, Version 14, Durchführung der Ortsbesichtigung in der Entwicklungsumgebung, for STARCOS 3.7 COS GKV C3, Version 1.1, 05 August 2022, SRC Security Research & Consulting GmbH (confidential document) [10] Configuration List BSI-DSZ-CC-1198-2022, Configuration List STARCOS 3.7 COS GKV C3, Version 1, 05 August 2022, Giesecke+Devrient Mobile Security GmbH (confidential document) [11] Guidance Documentation STARCOS 3.7 COS GKV C3 – Main Document, Version 1.0, 04 March 2022, Target, Reference SMD_ST31P450_ST_19_005, Version A04.1, 31 August 2021, STMicroelectronics (confidential document) ST31P450 A04 Security Target for composition, Reference SMD_ST31P450_- ST_19_006, Version A04.1, Revision 2.0, 31 January 2022, THALES SIX GTS FRANCE SAS / CESTI Thales - Thales ITSEF (confidential document) [21] Einführung der Gesundheitskarte, Spezifikation des Card Operating System (COS), ElektrischeStandards
FIPS 180-4, FIPS 197, FIPS PUB 180-4, FIPS PUB 197, PKCS#1, AIS 34, AIS 36, AIS 37, AIS 26, AIS 25, AIS 20, AIS 31, AIS 46, AIS 35, AIS 1, AIS 14, AIS 19, AIS 23, AIS 32, AIS 38, RFC 5639, ISO/IEC 15408, ISO/IEC 18045, ISO/IEC 17065, ISO/IEC 18031:2005Technical reports
BSI TR-03116-1, BSI TR-03144, BSI TR-03143, BSI 7148File metadata
| Title | Certification Report BSI-DSZ-CC-1198-2022 |
|---|---|
| Subject | Common Criteria, Certification, Zertifizierung, G2 COS, eHealth |
| Keywords | "Common Criteria, Certification, Zertifizierung, G2 COS, eHealth" |
| Author | Bundesamt für Sicherheit in der Informationstechnik |
| Pages | 39 |
Frontpage
| Certificate ID | BSI-DSZ-CC-1198-2022 |
|---|---|
| Certified item | STARCOS 3.7 COS GKV C3 |
| Certification lab | BSI |
| Developer | Giesecke+Devrient Mobile Security GmbH |
References
Outgoing- ANSSI-CC-2020/04 - active - ST31P450 A02
Security target ?
Extracted keywords
Symmetric Algorithms
AES, TDES, CMACAsymmetric Algorithms
ECDH, ECDSA, ECC, Diffie-Hellman, DHHash functions
SHA-1, SHA-224, SHA-384, SHA-256, SHA-512Schemes
MAC, Key agreement, Key AgreementProtocols
SSL, PACERandomness
RND, RNGElliptic Curves
brainpoolP256r1, brainpoolP384r1, brainpoolP512r1Block cipher modes
CBCOperating System name
STARCOS 3Trusted Execution Environments
SEVendor
NXP Semiconductors, Infineon Technologies AG, STMicroelectronics, Giesecke+Devrient, G+DSecurity level
EAL4, EAL 4, EAL 5, EAL4 augmentedClaims
O.RND, O.PACE_CHIP, T.RNDSecurity Assurance Requirements (SAR)
ADV_ARC.1, ADV_FSP.4, ADV_IMP.1, ADV_TDS.3, ADV_ARC, ADV_FSP, ADV_IMP, AGD_OPE.1, AGD_PRE.1, AGD_OPE, AGD_PRE, ALC_DVS.2, ALC_CMC.4, ALC_CMS.4, ALC_DEL.1, ALC_LCD.1, ALC_TAT.1, ALC_DEL, ALC_DVS, ALC_CMS, ALC_CMC, ATE_FUN.1, ATE_IND.2, ATE_DPT.2, ATE_COV.2, ATE_COV, ATE_DPT.1, AVA_VAN.5, AVA_VAN, ASE_CCL.1, ASE_ECD.1, ASE_INT.1, ASE_OBJ.2, ASE_REQ.2, ASE_SPD.1, ASE_TSS.1, ASE_ECDSecurity Functional Requirements (SFR)
FAU_SAS, FAU_SAS.1, FAU_SAR.1, FCS_RNG, FCS_COP, FCS_RNG.1, FCS_CKM, FCS_CKM.4, FCS_RNG.1.1, FCS_RNG.1.2, FCS_CKM.1, FCS_COP.1, FCS_CKM.2, FCS_COP.1.1, FCS_CKM.4.1, FDP_ITT, FDP_IFC, FDP_SDC, FDP_SDI, FDP_RIP.1, FDP_SDI.2, FDP_ACC, FDP_ACF, FDP_SDC.1, FDP_ITT.1, FDP_IFC.1, FDP_RIP.1.1, FDP_SDI.1, FDP_SDI.2.1, FDP_SDI.2.2, FDP_ACF.1, FDP_ACC.1, FDP_ITC.1, FDP_ITC.2, FDP_RIP, FDP_UCT, FDP_UCT.1, FDP_UIT, FDP_UIT.1, FIA_API, FIA_AFL, FIA_ATD.1, FIA_SOS.1, FIA_UAU.1, FIA_UAU.4, FIA_UAU.5, FIA_UAU.6, FIA_API.1, FIA_USB.1, FIA_USB, FIA_UAU, FIA_UID.1, FIA_SOS.1.1, FIA_AFL.1, FIA_ATD.1.1, FIA_UAU.1.1, FIA_UAU.1.2, FIA_UAU.4.1, FIA_UAU.5.1, FIA_UAU.5.2, FIA_UAU.6.1, FIA_UID.1.1, FIA_UID.1.2, FIA_API.1.1, FIA_USB.1.1, FIA_USB.1.2, FIA_USB.1.3, FIA_UID, FIA_ATD, FMT_LIM, FMT_SMR.1, FMT_MSA.3, FMT_SMF.1, FMT_MSA, FMT_MTD, FMT_SMR.1.1, FMT_SMR.1.2, FMT_SMF.1.1, FMT_MSA.1, FMT_MSA.3.1, FMT_MSA.3.2, FMT_MTD.1, FMT_SMR, FMT_LIM.1, FMT_LIM.2, FMT_SRM, FPT_FLS, FPT_PHP, FPT_ITT, FPT_EMS, FPT_ITE, FPT_FLS.1, FPT_EMS.1, FPT_TDC.1, FPT_ITE.1, FPT_ITE.2, FPT_TST.1, FPT_PHP.3, FPT_ITT.1, FPT_FLS.1.1, FPT_TST, FPT_EMS.1.1, FPT_EMS.1.2, FPT_TDC.1.1, FPT_TDC.1.2, FPT_ITE.1.1, FPT_ITE.1.2, FPT_ITE.2.1, FPT_ITE.2.2, FPT_TST.1.1, FPT_TST.1.2, FPT_TST.1.3, FRU_FLT, FRU_FLT.2, FTP_ITC, FTP_ITE, FTP_ITC.1, FTP_TRP.1Protection profiles
BSI-PP-0082-V4, BSI-PP-0084-2014, BSI-CC-PP-0084-2014, BSI-CC-PP-0082-V4, BSI-CC-PP- 0082-V4, BSI-CC-PP-0084-, BSI-CC-PP- 0084-2014, BSI-PP- 0084-2014, BSI-CC-PP-0035-Certificates
ANSSI-CC-2020/04Side-channel analysis
Leak-Inherent, Physical Probing, side channel, SPA, DPA, physical tampering, Malfunction, malfunction, DFA, Bleichenbacher attack, JILStandards
FIPS 180-4, FIPS 197, FIPS PUB 197, FIPS PUB 180-4, PKCS #1, AIS31, AIS20, RFC5639, RFC 5639, CCMB-2017-04-003, CCMB-2017-05-001, CCMB-2017-04-001, CCMB-2017-04-002, CCMB-2017-04-004Technical reports
BSI TR-03143, BSI TR-03111File metadata
| Title | G+D MS Security Target to BSI-PP-0082-V4 |
|---|---|
| Subject | Security Target Lite STARCOS 3.7 COS GKV C3 |
| Keywords | Version 1.1/05.08.2022 |
| Author | Giesecke+Devrient Mobile Security |
| Creation date | D:20220805074457+02'00' |
| Modification date | D:20220805074457+02'00' |
| Pages | 156 |
| Creator | Microsoft® Word für Microsoft 365 |
| Producer | Microsoft® Word für Microsoft 365 |
References
Outgoing- ANSSI-CC-2020/04 - active - ST31P450 A02
Heuristics ?
Certificate ID: BSI-DSZ-CC-1198-2022
Extracted SARs
ATE_COV.2, ATE_IND.2, ALC_LCD.1, ASE_CCL.1, AGD_OPE.1, ALC_CMS.4, ASE_ECD.1, ATE_DPT.2, ASE_REQ.2, ALC_DVS.2, ADV_IMP.1, ASE_SPD.1, ASE_TSS.1, ALC_TAT.1, AGD_PRE.1, ALC_DEL.1, AVA_VAN.5, ADV_ARC.1, ASE_OBJ.2, ADV_FSP.4, ALC_CMC.4, ADV_TDS.3, ATE_FUN.1, ASE_INT.1Scheme data ?
| Cert Id | BSI-DSZ-CC-1198-2022 | |
|---|---|---|
| Product | STARCOS 3.7 COS GKV C3 | |
| Vendor | Giesecke+Devrient Mobile Security GmbH | |
| Certification Date | 02.09.2022 | |
| Category | eHealth | |
| Url | https://www.bsi.bund.de/SharedDocs/Zertifikate_CC/CC/Gesundheitswesen_SmartCards/1198.html | |
| Enhanced | ||
| Product | STARCOS 3.7 COS GKV C3 | |
| Applicant | Giesecke+Devrient Mobile Security GmbH Prinzregentenstr. 159 81607 München | |
| Evaluation Facility | SRC Security Research & Consulting GmbH | |
| Assurance Level | EAL4+,ALC_DVS.2,ATE_DPT.2,AVA_VAN.5 | |
| Protection Profile | Card Operating System Generation 2 (PP COS G2), Version 2.1, 10 July 2019, BSI-CC-PP-0082-V4-2019 | |
| Certification Date | 02.09.2022 | |
| Expiration Date | 01.09.2027 | |
| Report Link | https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Zertifizierung/Reporte/Reporte1100/1198a_pdf.pdf?__blob=publicationFile&v=6 | |
| Target Link | https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Zertifizierung/Reporte/Reporte1100/1198b_pdf.pdf?__blob=publicationFile&v=5 | |
| Cert Link | https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Zertifizierung/Reporte/Reporte1100/1198c_pdf.pdf?__blob=publicationFile&v=3 | |
| Description | The Target of Evaluation (TOE) is the product STARCOS 3.7 COS GKV C3 developed by Giesecke+Devrient Mobile Security GmbH. The TOE is a smart card product according to the G2 Card Operating System (G2-COS) specification V3.13.1 from gematik. The TOE is intended to be used as a card operating system platform for specific card types and applications of the card generation G2 in the framework of the German health care system and implements the mandatory part of the G2-COS specification with the base functionality of the operating system platform and additionally the functional package "Kontaktlos". Accordingly, the TOE uses from the PP-0082-V4 the base part and the optional package "Contactless". | |
| Subcategory | Smartcards | |
References ?
Updates ?
-
17.10.2024 The certificate data changed.
Certificate changed
The Protection Profiles of the certificate were updated.
- The new value is
{'_type': 'Set', 'elements': [{'_type': 'sec_certs.sample.protection_profile.ProtectionProfile', 'pp_name': 'Card Operating System Generation 2 (PP COS G2)', 'pp_eal': 'EAL4+', 'pp_link': 'https://www.commoncriteriaportal.org/files/ppfiles/pp0082V4b_pdf.pdf', 'pp_ids': {'_type': 'Set', 'elements': ['BSI-CC-PP-0082-V4-2019']}}]}.
- The new value is
-
22.08.2024 The certificate data changed.
Certificate changed
The state of the certificate object was updated.
- The st property was updated, with the
{'download_ok': True, 'convert_ok': True, 'extract_ok': True, 'pdf_hash': '0bbefab85ed024054a562ca023ddf6c383e44a315ff725f06aa2603edb4a063d', 'txt_hash': 'b05b0de9390474b601cb0827d26b8edaf446d71b68f662d53a41d6a9e8dedc6f'}data. - The cert property was updated, with the
{'download_ok': True, 'convert_ok': True, 'extract_ok': True, 'pdf_hash': '0e6e7bc4c3bbb8d4515abf88ff78a0da9a55f10394dd136b2fc3a871159473f1', 'txt_hash': 'b0ffd7c94b9ac40c8eeac57823d156a0685e429c812cecc59db649e33c315d54'}data.
The PDF extraction data was updated.
- The st_metadata property was set to
{'pdf_file_size_bytes': 2075550, 'pdf_is_encrypted': False, 'pdf_number_of_pages': 156, '/Title': 'G+D MS Security Target to BSI-PP-0082-V4', '/Author': 'Giesecke+Devrient Mobile Security', '/Subject': 'Security Target Lite STARCOS 3.7 COS GKV C3', '/Keywords': 'Version 1.1/05.08.2022', '/Creator': 'Microsoft® Word für Microsoft 365', '/CreationDate': "D:20220805074457+02'00'", '/ModDate': "D:20220805074457+02'00'", '/Producer': 'Microsoft® Word für Microsoft 365', 'pdf_hyperlinks': {'_type': 'Set', 'elements': []}}. - The cert_metadata property was set to
{'pdf_file_size_bytes': 230626, 'pdf_is_encrypted': False, 'pdf_number_of_pages': 1, '/Author': 'Bundesamt für Sicherheit in der Informationstechnik', '/Keywords': 'Common Criteria, Certification, Zertifizierung, G2 COS, eHealth', '/Subject': 'Common Criteria, Certification, Zertifizierung, G2 COS, eHealth', '/Title': 'Certificate BSI-DSZ-CC-1198-2022', 'pdf_hyperlinks': {'_type': 'Set', 'elements': []}}. - The st_keywords property was set to
{'cc_cert_id': {'FR': {'ANSSI-CC-2020/04': 1}}, 'cc_protection_profile_id': {'BSI': {'BSI-PP-0082-V4': 154, 'BSI-PP-0084-2014': 7, 'BSI-CC-PP-0084-2014': 53, 'BSI-CC-PP-0082-V4': 21, 'BSI-CC-PP- 0082-V4': 2, 'BSI-CC-PP-0084-': 6, 'BSI-CC-PP- 0084-2014': 2, 'BSI-PP- 0084-2014': 1, 'BSI-CC-PP-0035-': 1}}, 'cc_security_level': {'EAL': {'EAL4': 14, 'EAL 4': 1, 'EAL 5': 1, 'EAL4 augmented': 4}}, 'cc_sar': {'ADV': {'ADV_ARC.1': 9, 'ADV_FSP.4': 6, 'ADV_IMP.1': 6, 'ADV_TDS.3': 3, 'ADV_ARC': 2, 'ADV_FSP': 2, 'ADV_IMP': 2}, 'AGD': {'AGD_OPE.1': 6, 'AGD_PRE.1': 2, 'AGD_OPE': 2, 'AGD_PRE': 2}, 'ALC': {'ALC_DVS.2': 13, 'ALC_CMC.4': 1, 'ALC_CMS.4': 1, 'ALC_DEL.1': 1, 'ALC_LCD.1': 1, 'ALC_TAT.1': 1, 'ALC_DEL': 2, 'ALC_DVS': 2, 'ALC_CMS': 2, 'ALC_CMC': 2}, 'ATE': {'ATE_FUN.1': 6, 'ATE_IND.2': 5, 'ATE_DPT.2': 11, 'ATE_COV.2': 1, 'ATE_COV': 2, 'ATE_DPT.1': 1}, 'AVA': {'AVA_VAN.5': 11, 'AVA_VAN': 2}, 'ASE': {'ASE_CCL.1': 1, 'ASE_ECD.1': 1, 'ASE_INT.1': 1, 'ASE_OBJ.2': 1, 'ASE_REQ.2': 1, 'ASE_SPD.1': 1, 'ASE_TSS.1': 1, 'ASE_ECD': 2}}, 'cc_sfr': {'FAU': {'FAU_SAS': 8, 'FAU_SAS.1': 5, 'FAU_SAR.1': 2}, 'FCS': {'FCS_RNG': 30, 'FCS_COP': 152, 'FCS_RNG.1': 24, 'FCS_CKM': 55, 'FCS_CKM.4': 46, 'FCS_RNG.1.1': 3, 'FCS_RNG.1.2': 2, 'FCS_CKM.1': 32, 'FCS_COP.1': 21, 'FCS_CKM.2': 6, 'FCS_COP.1.1': 1, 'FCS_CKM.4.1': 1}, 'FDP': {'FDP_ITT': 7, 'FDP_IFC': 7, 'FDP_SDC': 8, 'FDP_SDI': 7, 'FDP_RIP.1': 12, 'FDP_SDI.2': 12, 'FDP_ACC': 116, 'FDP_ACF': 95, 'FDP_SDC.1': 4, 'FDP_ITT.1': 4, 'FDP_IFC.1': 17, 'FDP_RIP.1.1': 1, 'FDP_SDI.1': 1, 'FDP_SDI.2.1': 1, 'FDP_SDI.2.2': 1, 'FDP_ACF.1': 37, 'FDP_ACC.1': 43, 'FDP_ITC.1': 29, 'FDP_ITC.2': 29, 'FDP_RIP': 9, 'FDP_UCT': 7, 'FDP_UCT.1': 2, 'FDP_UIT': 8, 'FDP_UIT.1': 3}, 'FIA': {'FIA_API': 2, 'FIA_AFL': 22, 'FIA_ATD.1': 14, 'FIA_SOS.1': 8, 'FIA_UAU.1': 21, 'FIA_UAU.4': 12, 'FIA_UAU.5': 17, 'FIA_UAU.6': 11, 'FIA_API.1': 15, 'FIA_USB.1': 23, 'FIA_USB': 15, 'FIA_UAU': 42, 'FIA_UID.1': 20, 'FIA_SOS.1.1': 1, 'FIA_AFL.1': 4, 'FIA_ATD.1.1': 1, 'FIA_UAU.1.1': 1, 'FIA_UAU.1.2': 1, 'FIA_UAU.4.1': 1, 'FIA_UAU.5.1': 1, 'FIA_UAU.5.2': 1, 'FIA_UAU.6.1': 1, 'FIA_UID.1.1': 1, 'FIA_UID.1.2': 1, 'FIA_API.1.1': 1, 'FIA_USB.1.1': 1, 'FIA_USB.1.2': 1, 'FIA_USB.1.3': 1, 'FIA_UID': 14, 'FIA_ATD': 10}, 'FMT': {'FMT_LIM': 21, 'FMT_SMR.1': 39, 'FMT_MSA.3': 36, 'FMT_SMF.1': 53, 'FMT_MSA': 60, 'FMT_MTD': 38, 'FMT_SMR.1.1': 1, 'FMT_SMR.1.2': 1, 'FMT_SMF.1.1': 1, 'FMT_MSA.1': 7, 'FMT_MSA.3.1': 1, 'FMT_MSA.3.2': 1, 'FMT_MTD.1': 4, 'FMT_SMR': 9, 'FMT_LIM.1': 3, 'FMT_LIM.2': 3, 'FMT_SRM': 1}, 'FPT': {'FPT_FLS': 7, 'FPT_PHP': 7, 'FPT_ITT': 7, 'FPT_EMS': 10, 'FPT_ITE': 11, 'FPT_FLS.1': 18, 'FPT_EMS.1': 15, 'FPT_TDC.1': 10, 'FPT_ITE.1': 11, 'FPT_ITE.2': 13, 'FPT_TST.1': 11, 'FPT_PHP.3': 5, 'FPT_ITT.1': 4, 'FPT_FLS.1.1': 1, 'FPT_TST': 2, 'FPT_EMS.1.1': 1, 'FPT_EMS.1.2': 1, 'FPT_TDC.1.1': 1, 'FPT_TDC.1.2': 1, 'FPT_ITE.1.1': 1, 'FPT_ITE.1.2': 1, 'FPT_ITE.2.1': 5, 'FPT_ITE.2.2': 1, 'FPT_TST.1.1': 1, 'FPT_TST.1.2': 1, 'FPT_TST.1.3': 1}, 'FRU': {'FRU_FLT': 7, 'FRU_FLT.2': 4}, 'FTP': {'FTP_ITC': 22, 'FTP_ITE': 1, 'FTP_ITC.1': 14, 'FTP_TRP.1': 5}}, 'cc_claims': {'O': {'O.RND': 8, 'O.PACE_CHIP': 2}, 'T': {'T.RND': 5}}, 'vendor': {'NXP': {'NXP Semiconductors': 1}, 'Infineon': {'Infineon Technologies AG': 1}, 'STMicroelectronics': {'STMicroelectronics': 1}, 'GD': {'Giesecke+Devrient': 14, 'G+D': 77}}, 'eval_facility': {}, 'symmetric_crypto': {'AES_competition': {'AES': {'AES': 52}}, 'DES': {'3DES': {'TDES': 3}}, 'constructions': {'MAC': {'CMAC': 24}}}, 'asymmetric_crypto': {'ECC': {'ECDH': {'ECDH': 6}, 'ECDSA': {'ECDSA': 38}, 'ECC': {'ECC': 14}}, 'FF': {'DH': {'Diffie-Hellman': 1, 'DH': 11}}}, 'pq_crypto': {}, 'hash_function': {'SHA': {'SHA1': {'SHA-1': 3}, 'SHA2': {'SHA-224': 2, 'SHA-384': 6, 'SHA-256': 11, 'SHA-512': 3}}}, 'crypto_scheme': {'MAC': {'MAC': 33}, 'KA': {'Key agreement': 1, 'Key Agreement': 1}}, 'crypto_protocol': {'TLS': {'SSL': {'SSL': 1}}, 'PACE': {'PACE': 115}}, 'randomness': {'RNG': {'RND': 13, 'RNG': 38}}, 'cipher_mode': {'CBC': {'CBC': 3}}, 'ecc_curve': {'Brainpool': {'brainpoolP256r1': 4, 'brainpoolP384r1': 4, 'brainpoolP512r1': 4}}, 'crypto_engine': {}, 'tls_cipher_suite': {}, 'crypto_library': {}, 'vulnerability': {}, 'side_channel_analysis': {'SCA': {'Leak-Inherent': 13, 'Physical Probing': 2, 'side channel': 1, 'SPA': 1, 'DPA': 1}, 'FI': {'physical tampering': 3, 'Malfunction': 15, 'malfunction': 1, 'DFA': 1}, 'other': {'Bleichenbacher attack': 1, 'JIL': 3}}, 'technical_report_id': {'BSI': {'BSI TR-03143': 2, 'BSI TR-03111': 3}}, 'device_model': {}, 'tee_name': {'IBM': {'SE': 1}}, 'os_name': {'STARCOS': {'STARCOS 3': 11}}, 'cplc_data': {}, 'ic_data_group': {}, 'standard_id': {'FIPS': {'FIPS 180-4': 1, 'FIPS 197': 3, 'FIPS PUB 197': 1, 'FIPS PUB 180-4': 1}, 'PKCS': {'PKCS #1': 1}, 'BSI': {'AIS31': 1, 'AIS20': 2}, 'RFC': {'RFC5639': 3, 'RFC 5639': 1}, 'CC': {'CCMB-2017-04-003': 2, 'CCMB-2017-05-001': 1, 'CCMB-2017-04-001': 1, 'CCMB-2017-04-002': 1, 'CCMB-2017-04-004': 1}}, 'javacard_version': {}, 'javacard_api_const': {}, 'javacard_packages': {}, 'certification_process': {}}. - The cert_keywords property was set to
{'cc_cert_id': {'DE': {'BSI-DSZ-CC-1198-2022': 1}}, 'cc_protection_profile_id': {'BSI': {'BSI-CC-PP-0082-V4-': 1}}, 'cc_security_level': {'EAL': {'EAL 4': 1, 'EAL 5': 1, 'EAL 2': 1, 'EAL 4 augmented': 1}}, 'cc_sar': {'ALC': {'ALC_DVS.2': 1}, 'ATE': {'ATE_DPT.2': 1}, 'AVA': {'AVA_VAN.5': 1}}, 'cc_sfr': {}, 'cc_claims': {}, 'vendor': {'GD': {'Giesecke+Devrient': 1}}, 'eval_facility': {}, 'symmetric_crypto': {}, 'asymmetric_crypto': {}, 'pq_crypto': {}, 'hash_function': {}, 'crypto_scheme': {}, 'crypto_protocol': {}, 'randomness': {}, 'cipher_mode': {}, 'ecc_curve': {}, 'crypto_engine': {}, 'tls_cipher_suite': {}, 'crypto_library': {}, 'vulnerability': {}, 'side_channel_analysis': {}, 'technical_report_id': {}, 'device_model': {}, 'tee_name': {}, 'os_name': {'STARCOS': {'STARCOS 3': 1}}, 'cplc_data': {}, 'ic_data_group': {}, 'standard_id': {'ISO': {'ISO/IEC 15408': 2, 'ISO/IEC 18045': 2}}, 'javacard_version': {}, 'javacard_api_const': {}, 'javacard_packages': {}, 'certification_process': {}}. - The st_filename property was set to
1198b_pdf.pdf. - The cert_filename property was set to
1198c_pdf.pdf.
The computed heuristics were updated.
- The st_references property was updated, with the
{'directly_referencing': {'_type': 'Set', 'elements': ['ANSSI-CC-2020/04']}, 'indirectly_referencing': {'_type': 'Set', 'elements': ['ANSSI-CC-2020/04']}}data. - The extracted_sars property was updated, with the
{'_type': 'Set', 'elements': [{'_type': 'sec_certs.sample.sar.SAR', 'family': 'ATE_COV', 'level': 2}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ADV_ARC', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ATE_IND', 'level': 2}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ASE_OBJ', 'level': 2}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ADV_FSP', 'level': 4}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ASE_SPD', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ASE_TSS', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ASE_ECD', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ASE_CCL', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ADV_TDS', 'level': 3}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ATE_FUN', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ASE_REQ', 'level': 2}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'AGD_OPE', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'AGD_PRE', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ADV_IMP', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ASE_INT', 'level': 1}]}values added.
- The st property was updated, with the
-
19.08.2024 The certificate data changed.
Certificate changed
The computed heuristics were updated.
- The report_references property was updated, with the
{'directly_referencing': {'_type': 'Set', 'elements': ['ANSSI-CC-2020/04']}, 'indirectly_referencing': {'_type': 'Set', 'elements': ['ANSSI-CC-2020/04']}}data.
- The report_references property was updated, with the
-
17.08.2024 The certificate data changed.
Certificate changed
The report_link was updated.
- The new value is
https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/1198a_pdf.pdf.
The st_link was updated.
- The new value is
https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/1198b_pdf.pdf.
The state of the certificate object was updated.
- The report property was updated, with the
{'download_ok': True, 'convert_ok': True, 'extract_ok': True, 'pdf_hash': '15bcd5d09e9e8d390b737be13dceba24be018eb68f134f71d01a276881f1f77b', 'txt_hash': '556cfc6c6ae3217c67f34ccde5e9d55e3950d2dfc2af58e3bef78ba7c5bf3aee'}data. - The st property was updated, with the
{'download_ok': False, 'convert_ok': False, 'extract_ok': False, 'pdf_hash': None, 'txt_hash': None}data. - The cert property was updated, with the
{'download_ok': False, 'convert_ok': False, 'extract_ok': False, 'pdf_hash': None, 'txt_hash': None}data.
The PDF extraction data was updated.
- The report_metadata property was set to
{'pdf_file_size_bytes': 555987, 'pdf_is_encrypted': False, 'pdf_number_of_pages': 39, '/Author': 'Bundesamt für Sicherheit in der Informationstechnik', '/Keywords': '"Common Criteria, Certification, Zertifizierung, G2 COS, eHealth"', '/Subject': 'Common Criteria, Certification, Zertifizierung, G2 COS, eHealth', '/Title': 'Certification Report BSI-DSZ-CC-1198-2022', 'pdf_hyperlinks': {'_type': 'Set', 'elements': ['https://www.bsi.bund.de/zertifizierung', 'http://www.commoncriteriaportal.org/', 'http://www.commoncriteriaportal.org/cc/', 'https://www.bsi.bund.de/AIS', 'https://www.bsi.bund.de/zertifizierungsreporte', 'https://www.bsi.bund.de/', 'https://www.sogis.eu/']}}. - The st_metadata property was set to
None. - The cert_metadata property was set to
None. - The report_frontpage property was set to
{'DE': {'match_rules': ['(BSI-DSZ-CC-.+?) (?:for|For) (.+?) from (.*)'], 'cert_id': 'BSI-DSZ-CC-1198-2022', 'cert_item': 'STARCOS 3.7 COS GKV C3', 'developer': 'Giesecke+Devrient Mobile Security GmbH', 'cert_lab': 'BSI', 'ref_protection_profiles': 'Card Operating System Generation 2 (PP COS G2), Version 2.1, 10 July 2019, BSI-CC-PP-0082-V4- 2019', 'cc_version': 'PP conformant Common Criteria Part 2 extended', 'cc_security_level': 'Common Criteria Part 3 conformant EAL 4 augmented by ALC_DVS.2, ATE_DPT.2 and AVA_VAN.5'}}. - The report_keywords property was set to
{'cc_cert_id': {'DE': {'BSI-DSZ-CC-1198-2022': 25, 'BSI-DSZ-CC-S-0185-2021': 1}, 'FR': {'ANSSI-CC-2020/04-M01': 4, 'ANSSI-CC-2020/04': 1}}, 'cc_protection_profile_id': {'BSI': {'BSI-CC-PP-0082-V4-': 1, 'BSI-CC-PP-0082-V4-2019': 3}}, 'cc_security_level': {'EAL': {'EAL 4': 5, 'EAL 5': 4, 'EAL 2': 2, 'EAL 1': 1, 'EAL 2+': 1, 'EAL5+': 1, 'EAL6': 1, 'EAL 5+': 1, 'EAL 6': 1, 'EAL 4 augmented': 3}}, 'cc_sar': {'ADV': {'ADV_ARC': 1}, 'ALC': {'ALC_DVS.2': 5, 'ALC_FLR': 2, 'ALC_CMC.4': 1, 'ALC_CMS.4': 1, 'ALC_DEL.1': 1, 'ALC_LCD.1': 1, 'ALC_TAT.1': 1}, 'ATE': {'ATE_DPT.2': 4}, 'AVA': {'AVA_VAN.5': 4}}, 'cc_sfr': {'FCS': {'FCS_COP': 23, 'FCS_CKM': 3, 'FCS_RNG.1': 1, 'FCS_RNG': 3}, 'FIA': {'FIA_UAU': 2, 'FIA_USB': 1}, 'FPT': {'FPT_ITE.1': 1}, 'FTP': {'FTP_ITC': 2}}, 'cc_claims': {'A': {'A.U': 1}}, 'vendor': {'STMicroelectronics': {'STMicroelectronics': 10}, 'Thales': {'Thales': 2}, 'GD': {'Giesecke+Devrient': 29, 'Giesecke & Devrient': 1, 'G+D': 1}}, 'eval_facility': {'CESTI': {'CESTI': 1}, 'SRC': {'SRC Security Research & Consulting': 3}}, 'symmetric_crypto': {'AES_competition': {'AES': {'AES': 20}}, 'constructions': {'MAC': {'CMAC': 9}}}, 'asymmetric_crypto': {'RSA': {'RSA-OAEP': 1}, 'ECC': {'ECDH': {'ECDH': 4}, 'ECDSA': {'ECDSA': 14}, 'ECC': {'ECC': 10}}, 'FF': {'DH': {'Diffie-Hellman': 1, 'DH': 1}}}, 'pq_crypto': {}, 'hash_function': {'SHA': {'SHA2': {'SHA-256': 3}}}, 'crypto_scheme': {'MAC': {'MAC': 3}, 'KA': {'Key Agreement': 1}}, 'crypto_protocol': {'PACE': {'PACE': 15}}, 'randomness': {'PRNG': {'PRNG': 1}, 'RNG': {'RNG': 5}}, 'cipher_mode': {'CBC': {'CBC': 6}}, 'ecc_curve': {}, 'crypto_engine': {}, 'tls_cipher_suite': {}, 'crypto_library': {}, 'vulnerability': {}, 'side_channel_analysis': {'SCA': {'side channel': 1, 'DPA': 1, 'SPA': 1}, 'FI': {'physical tampering': 1, 'malfunction': 1, 'DFA': 1, 'fault injection': 1}, 'other': {'JIL': 6}}, 'technical_report_id': {'BSI': {'BSI TR-03116-1': 1, 'BSI TR-03144': 10, 'BSI TR-03143': 5, 'BSI 7148': 1}}, 'device_model': {}, 'tee_name': {}, 'os_name': {'STARCOS': {'STARCOS 3': 38}}, 'cplc_data': {}, 'ic_data_group': {}, 'standard_id': {'FIPS': {'FIPS 180-4': 9, 'FIPS 197': 8, 'FIPS PUB 180-4': 1, 'FIPS PUB 197': 1}, 'PKCS': {'PKCS#1': 4}, 'BSI': {'AIS 34': 4, 'AIS 36': 5, 'AIS 37': 2, 'AIS 26': 4, 'AIS 25': 4, 'AIS 20': 6, 'AIS 31': 5, 'AIS 46': 2, 'AIS 35': 2, 'AIS 1': 1, 'AIS 14': 1, 'AIS 19': 1, 'AIS 23': 1, 'AIS 32': 1, 'AIS 38': 1}, 'RFC': {'RFC 5639': 11}, 'ISO': {'ISO/IEC 15408': 4, 'ISO/IEC 18045': 4, 'ISO/IEC 17065': 2, 'ISO/IEC 18031:2005': 2}}, 'javacard_version': {}, 'javacard_api_const': {}, 'javacard_packages': {}, 'certification_process': {'ConfidentialDocument': {'being maintained, is not given any longer. In particular, prior to the dissemination of confidential documentation and information related to the TOE or resulting from the evaluation and certification': 1, 'Target STARCOS 3.7 COS GKV C3, Version 1.4, 05 August 2022, Giesecke+Devrient Mobile Security GmbH (confidential document) 7 specifically • AIS 1, Version 14, Durchführung der Ortsbesichtigung in der Entwicklungsumgebung': 1, 'for STARCOS 3.7 COS GKV C3, Version 1.1, 05 August 2022, SRC Security Research & Consulting GmbH (confidential document) [10] Configuration List BSI-DSZ-CC-1198-2022, Configuration List STARCOS 3.7 COS GKV C3, Version 1': 1, '05 August 2022, Giesecke+Devrient Mobile Security GmbH (confidential document) [11] Guidance Documentation STARCOS 3.7 COS GKV C3 – Main Document, Version 1.0, 04 March 2022': 1, 'Target, Reference SMD_ST31P450_ST_19_005, Version A04.1, 31 August 2021, STMicroelectronics (confidential document) ST31P450 A04 Security Target for composition, Reference SMD_ST31P450_- ST_19_006, Version A04.1': 1, 'Revision 2.0, 31 January 2022, THALES SIX GTS FRANCE SAS / CESTI Thales - Thales ITSEF (confidential document) [21] Einführung der Gesundheitskarte, Spezifikation des Card Operating System (COS), Elektrische': 1}}}. - The st_keywords property was set to
None. - The cert_keywords property was set to
None. - The report_filename property was set to
1198a_pdf.pdf. - The st_filename property was set to
None. - The cert_filename property was set to
None.
The computed heuristics were updated.
- The cert_lab property was set to
['BSI']. - The st_references property was updated, with the
{'directly_referencing': None, 'indirectly_referencing': None}data. - The extracted_sars property was updated, with the
{'_type': 'Set', 'elements': [{'_type': 'sec_certs.sample.sar.SAR', 'family': 'ATE_COV', 'level': 2}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ASE_OBJ', 'level': 2}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ATE_IND', 'level': 2}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ADV_ARC', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ADV_FSP', 'level': 4}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ASE_SPD', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ASE_TSS', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ASE_ECD', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ASE_CCL', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ATE_FUN', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ADV_TDS', 'level': 3}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ASE_REQ', 'level': 2}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'AGD_OPE', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'AGD_PRE', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ADV_IMP', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ASE_INT', 'level': 1}]}values discarded.
- The new value is
-
12.08.2024 The certificate data changed.
Certificate changed
The state of the certificate object was updated.
- The report property was updated, with the
{'download_ok': False, 'convert_ok': False, 'extract_ok': False, 'pdf_hash': None, 'txt_hash': None}data.
The PDF extraction data was updated.
- The report_metadata property was set to
None. - The report_frontpage property was set to
None. - The report_keywords property was set to
None. - The report_filename property was set to
None.
The computed heuristics were updated.
- The cert_lab property was set to
None. - The report_references property was updated, with the
{'directly_referencing': None, 'indirectly_referencing': None}data.
- The report property was updated, with the
-
23.07.2024 The certificate was first processed.
New certificate
A new Common Criteria certificate with the product name STARCOS 3.7 COS GKV C3 was processed.
Raw data
{
"_type": "sec_certs.sample.cc.CCCertificate",
"category": "ICs, Smart Cards and Smart Card-Related Devices and Systems",
"cert_link": "https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/1198c_pdf.pdf",
"dgst": "140172851f85deaf",
"heuristics": {
"_type": "sec_certs.sample.cc.CCCertificate.Heuristics",
"annotated_references": null,
"cert_id": "BSI-DSZ-CC-1198-2022",
"cert_lab": [
"BSI"
],
"cpe_matches": null,
"direct_transitive_cves": null,
"extracted_sars": {
"_type": "Set",
"elements": [
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ASE_TSS",
"level": 1
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ASE_SPD",
"level": 1
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ATE_COV",
"level": 2
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ADV_ARC",
"level": 1
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ALC_TAT",
"level": 1
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "AVA_VAN",
"level": 5
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ASE_CCL",
"level": 1
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ADV_TDS",
"level": 3
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ATE_DPT",
"level": 2
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "AGD_PRE",
"level": 1
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ASE_OBJ",
"level": 2
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ADV_FSP",
"level": 4
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ALC_DEL",
"level": 1
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ALC_CMC",
"level": 4
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ASE_REQ",
"level": 2
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ALC_LCD",
"level": 1
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ALC_CMS",
"level": 4
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ATE_FUN",
"level": 1
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ADV_IMP",
"level": 1
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "AGD_OPE",
"level": 1
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ATE_IND",
"level": 2
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ASE_ECD",
"level": 1
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ALC_DVS",
"level": 2
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ASE_INT",
"level": 1
}
]
},
"extracted_versions": {
"_type": "Set",
"elements": [
"3.7"
]
},
"indirect_transitive_cves": null,
"related_cves": null,
"report_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": {
"_type": "Set",
"elements": [
"ANSSI-CC-2020/04"
]
},
"indirectly_referenced_by": null,
"indirectly_referencing": {
"_type": "Set",
"elements": [
"ANSSI-CC-2020/04"
]
}
},
"scheme_data": {
"category": "eHealth",
"cert_id": "BSI-DSZ-CC-1198-2022",
"certification_date": "02.09.2022",
"enhanced": {
"applicant": "Giesecke+Devrient Mobile Security GmbH\nPrinzregentenstr. 159\n81607 M\u00fcnchen",
"assurance_level": "EAL4+,ALC_DVS.2,ATE_DPT.2,AVA_VAN.5",
"cert_link": "https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Zertifizierung/Reporte/Reporte1100/1198c_pdf.pdf?__blob=publicationFile\u0026v=3",
"certification_date": "02.09.2022",
"description": "The Target of Evaluation (TOE) is the product STARCOS 3.7 COS GKV C3 developed by Giesecke+Devrient Mobile Security GmbH. The TOE is a smart card product according to the G2 Card Operating System (G2-COS) specification V3.13.1 from gematik. The TOE is intended to be used as a card operating system platform for specific card types and applications of the card generation G2 in the framework of the German health care system and implements the mandatory part of the G2-COS specification with the base functionality of the operating system platform and additionally the functional package \"Kontaktlos\". Accordingly, the TOE uses from the PP-0082-V4 the base part and the optional package \"Contactless\".",
"evaluation_facility": "SRC Security Research \u0026 Consulting GmbH",
"expiration_date": "01.09.2027",
"product": "STARCOS 3.7 COS GKV C3",
"protection_profile": "Card Operating System Generation 2 (PP COS G2), Version 2.1, 10 July 2019, BSI-CC-PP-0082-V4-2019",
"report_link": "https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Zertifizierung/Reporte/Reporte1100/1198a_pdf.pdf?__blob=publicationFile\u0026v=6",
"target_link": "https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Zertifizierung/Reporte/Reporte1100/1198b_pdf.pdf?__blob=publicationFile\u0026v=5"
},
"product": "STARCOS 3.7 COS GKV C3",
"subcategory": "Smartcards",
"url": "https://www.bsi.bund.de/SharedDocs/Zertifikate_CC/CC/Gesundheitswesen_SmartCards/1198.html",
"vendor": "Giesecke+Devrient Mobile Security GmbH"
},
"st_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": {
"_type": "Set",
"elements": [
"ANSSI-CC-2020/04"
]
},
"indirectly_referenced_by": null,
"indirectly_referencing": {
"_type": "Set",
"elements": [
"ANSSI-CC-2020/04"
]
}
},
"verified_cpe_matches": null
},
"maintenance_updates": {
"_type": "Set",
"elements": []
},
"manufacturer": "G+D Mobile Security GmbH",
"manufacturer_web": "https://www.gi-de.com/de/de/mobile-security/",
"name": "STARCOS 3.7 COS GKV C3",
"not_valid_after": "2027-09-02",
"not_valid_before": "2022-09-02",
"pdf_data": {
"_type": "sec_certs.sample.cc.CCCertificate.PdfData",
"cert_filename": "1198c_pdf.pdf",
"cert_frontpage": null,
"cert_keywords": {
"asymmetric_crypto": {},
"cc_cert_id": {
"DE": {
"BSI-DSZ-CC-1198-2022": 1
}
},
"cc_claims": {},
"cc_protection_profile_id": {
"BSI": {
"BSI-CC-PP-0082-V4-": 1
}
},
"cc_sar": {
"ALC": {
"ALC_DVS.2": 1
},
"ATE": {
"ATE_DPT.2": 1
},
"AVA": {
"AVA_VAN.5": 1
}
},
"cc_security_level": {
"EAL": {
"EAL 2": 1,
"EAL 4": 1,
"EAL 4 augmented": 1,
"EAL 5": 1
}
},
"cc_sfr": {},
"certification_process": {},
"cipher_mode": {},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {},
"crypto_protocol": {},
"crypto_scheme": {},
"device_model": {},
"ecc_curve": {},
"eval_facility": {},
"hash_function": {},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {
"STARCOS": {
"STARCOS 3": 1
}
},
"pq_crypto": {},
"randomness": {},
"side_channel_analysis": {},
"standard_id": {
"ISO": {
"ISO/IEC 15408": 2,
"ISO/IEC 18045": 2
}
},
"symmetric_crypto": {},
"technical_report_id": {},
"tee_name": {},
"tls_cipher_suite": {},
"vendor": {
"GD": {
"Giesecke+Devrient": 1
}
},
"vulnerability": {}
},
"cert_metadata": {
"/Author": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"/Keywords": "Common Criteria, Certification, Zertifizierung, G2 COS, eHealth",
"/Subject": "Common Criteria, Certification, Zertifizierung, G2 COS, eHealth",
"/Title": "Certificate BSI-DSZ-CC-1198-2022",
"pdf_file_size_bytes": 230626,
"pdf_hyperlinks": {
"_type": "Set",
"elements": []
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 1
},
"report_filename": "1198a_pdf.pdf",
"report_frontpage": {
"DE": {
"cc_security_level": "Common Criteria Part 3 conformant EAL 4 augmented by ALC_DVS.2, ATE_DPT.2 and AVA_VAN.5",
"cc_version": "PP conformant Common Criteria Part 2 extended",
"cert_id": "BSI-DSZ-CC-1198-2022",
"cert_item": "STARCOS 3.7 COS GKV C3",
"cert_lab": "BSI",
"developer": "Giesecke+Devrient Mobile Security GmbH",
"match_rules": [
"(BSI-DSZ-CC-.+?) (?:for|For) (.+?) from (.*)"
],
"ref_protection_profiles": "Card Operating System Generation 2 (PP COS G2), Version 2.1, 10 July 2019, BSI-CC-PP-0082-V4- 2019"
}
},
"report_keywords": {
"asymmetric_crypto": {
"ECC": {
"ECC": {
"ECC": 10
},
"ECDH": {
"ECDH": 4
},
"ECDSA": {
"ECDSA": 14
}
},
"FF": {
"DH": {
"DH": 1,
"Diffie-Hellman": 1
}
},
"RSA": {
"RSA-OAEP": 1
}
},
"cc_cert_id": {
"DE": {
"BSI-DSZ-CC-1198-2022": 25,
"BSI-DSZ-CC-S-0185-2021": 1
},
"FR": {
"ANSSI-CC-2020/04": 1,
"ANSSI-CC-2020/04-M01": 4
}
},
"cc_claims": {
"A": {
"A.U": 1
}
},
"cc_protection_profile_id": {
"BSI": {
"BSI-CC-PP-0082-V4-": 1,
"BSI-CC-PP-0082-V4-2019": 3
}
},
"cc_sar": {
"ADV": {
"ADV_ARC": 1
},
"ALC": {
"ALC_CMC.4": 1,
"ALC_CMS.4": 1,
"ALC_DEL.1": 1,
"ALC_DVS.2": 5,
"ALC_FLR": 2,
"ALC_LCD.1": 1,
"ALC_TAT.1": 1
},
"ATE": {
"ATE_DPT.2": 4
},
"AVA": {
"AVA_VAN.5": 4
}
},
"cc_security_level": {
"EAL": {
"EAL 1": 1,
"EAL 2": 2,
"EAL 2+": 1,
"EAL 4": 5,
"EAL 4 augmented": 3,
"EAL 5": 4,
"EAL 5+": 1,
"EAL 6": 1,
"EAL5+": 1,
"EAL6": 1
}
},
"cc_sfr": {
"FCS": {
"FCS_CKM": 3,
"FCS_COP": 23,
"FCS_RNG": 3,
"FCS_RNG.1": 1
},
"FIA": {
"FIA_UAU": 2,
"FIA_USB": 1
},
"FPT": {
"FPT_ITE.1": 1
},
"FTP": {
"FTP_ITC": 2
}
},
"certification_process": {
"ConfidentialDocument": {
"05 August 2022, Giesecke+Devrient Mobile Security GmbH (confidential document) [11] Guidance Documentation STARCOS 3.7 COS GKV C3 \u2013 Main Document, Version 1.0, 04 March 2022": 1,
"Revision 2.0, 31 January 2022, THALES SIX GTS FRANCE SAS / CESTI Thales - Thales ITSEF (confidential document) [21] Einf\u00fchrung der Gesundheitskarte, Spezifikation des Card Operating System (COS), Elektrische": 1,
"Target STARCOS 3.7 COS GKV C3, Version 1.4, 05 August 2022, Giesecke+Devrient Mobile Security GmbH (confidential document) 7 specifically \u2022 AIS 1, Version 14, Durchf\u00fchrung der Ortsbesichtigung in der Entwicklungsumgebung": 1,
"Target, Reference SMD_ST31P450_ST_19_005, Version A04.1, 31 August 2021, STMicroelectronics (confidential document) ST31P450 A04 Security Target for composition, Reference SMD_ST31P450_- ST_19_006, Version A04.1": 1,
"being maintained, is not given any longer. In particular, prior to the dissemination of confidential documentation and information related to the TOE or resulting from the evaluation and certification": 1,
"for STARCOS 3.7 COS GKV C3, Version 1.1, 05 August 2022, SRC Security Research \u0026 Consulting GmbH (confidential document) [10] Configuration List BSI-DSZ-CC-1198-2022, Configuration List STARCOS 3.7 COS GKV C3, Version 1": 1
}
},
"cipher_mode": {
"CBC": {
"CBC": 6
}
},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {},
"crypto_protocol": {
"PACE": {
"PACE": 15
}
},
"crypto_scheme": {
"KA": {
"Key Agreement": 1
},
"MAC": {
"MAC": 3
}
},
"device_model": {},
"ecc_curve": {},
"eval_facility": {
"CESTI": {
"CESTI": 1
},
"SRC": {
"SRC Security Research \u0026 Consulting": 3
}
},
"hash_function": {
"SHA": {
"SHA2": {
"SHA-256": 3
}
}
},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {
"STARCOS": {
"STARCOS 3": 38
}
},
"pq_crypto": {},
"randomness": {
"PRNG": {
"PRNG": 1
},
"RNG": {
"RNG": 5
}
},
"side_channel_analysis": {
"FI": {
"DFA": 1,
"fault injection": 1,
"malfunction": 1,
"physical tampering": 1
},
"SCA": {
"DPA": 1,
"SPA": 1,
"side channel": 1
},
"other": {
"JIL": 6
}
},
"standard_id": {
"BSI": {
"AIS 1": 1,
"AIS 14": 1,
"AIS 19": 1,
"AIS 20": 6,
"AIS 23": 1,
"AIS 25": 4,
"AIS 26": 4,
"AIS 31": 5,
"AIS 32": 1,
"AIS 34": 4,
"AIS 35": 2,
"AIS 36": 5,
"AIS 37": 2,
"AIS 38": 1,
"AIS 46": 2
},
"FIPS": {
"FIPS 180-4": 9,
"FIPS 197": 8,
"FIPS PUB 180-4": 1,
"FIPS PUB 197": 1
},
"ISO": {
"ISO/IEC 15408": 4,
"ISO/IEC 17065": 2,
"ISO/IEC 18031:2005": 2,
"ISO/IEC 18045": 4
},
"PKCS": {
"PKCS#1": 4
},
"RFC": {
"RFC 5639": 11
}
},
"symmetric_crypto": {
"AES_competition": {
"AES": {
"AES": 20
}
},
"constructions": {
"MAC": {
"CMAC": 9
}
}
},
"technical_report_id": {
"BSI": {
"BSI 7148": 1,
"BSI TR-03116-1": 1,
"BSI TR-03143": 5,
"BSI TR-03144": 10
}
},
"tee_name": {},
"tls_cipher_suite": {},
"vendor": {
"GD": {
"G+D": 1,
"Giesecke \u0026 Devrient": 1,
"Giesecke+Devrient": 29
},
"STMicroelectronics": {
"STMicroelectronics": 10
},
"Thales": {
"Thales": 2
}
},
"vulnerability": {}
},
"report_metadata": {
"/Author": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"/Keywords": "\"Common Criteria, Certification, Zertifizierung, G2 COS, eHealth\"",
"/Subject": "Common Criteria, Certification, Zertifizierung, G2 COS, eHealth",
"/Title": "Certification Report BSI-DSZ-CC-1198-2022",
"pdf_file_size_bytes": 555987,
"pdf_hyperlinks": {
"_type": "Set",
"elements": [
"http://www.commoncriteriaportal.org/",
"https://www.bsi.bund.de/zertifizierung",
"https://www.sogis.eu/",
"http://www.commoncriteriaportal.org/cc/",
"https://www.bsi.bund.de/AIS",
"https://www.bsi.bund.de/",
"https://www.bsi.bund.de/zertifizierungsreporte"
]
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 39
},
"st_filename": "1198b_pdf.pdf",
"st_frontpage": null,
"st_keywords": {
"asymmetric_crypto": {
"ECC": {
"ECC": {
"ECC": 14
},
"ECDH": {
"ECDH": 6
},
"ECDSA": {
"ECDSA": 38
}
},
"FF": {
"DH": {
"DH": 11,
"Diffie-Hellman": 1
}
}
},
"cc_cert_id": {
"FR": {
"ANSSI-CC-2020/04": 1
}
},
"cc_claims": {
"O": {
"O.PACE_CHIP": 2,
"O.RND": 8
},
"T": {
"T.RND": 5
}
},
"cc_protection_profile_id": {
"BSI": {
"BSI-CC-PP- 0082-V4": 2,
"BSI-CC-PP- 0084-2014": 2,
"BSI-CC-PP-0035-": 1,
"BSI-CC-PP-0082-V4": 21,
"BSI-CC-PP-0084-": 6,
"BSI-CC-PP-0084-2014": 53,
"BSI-PP- 0084-2014": 1,
"BSI-PP-0082-V4": 154,
"BSI-PP-0084-2014": 7
}
},
"cc_sar": {
"ADV": {
"ADV_ARC": 2,
"ADV_ARC.1": 9,
"ADV_FSP": 2,
"ADV_FSP.4": 6,
"ADV_IMP": 2,
"ADV_IMP.1": 6,
"ADV_TDS.3": 3
},
"AGD": {
"AGD_OPE": 2,
"AGD_OPE.1": 6,
"AGD_PRE": 2,
"AGD_PRE.1": 2
},
"ALC": {
"ALC_CMC": 2,
"ALC_CMC.4": 1,
"ALC_CMS": 2,
"ALC_CMS.4": 1,
"ALC_DEL": 2,
"ALC_DEL.1": 1,
"ALC_DVS": 2,
"ALC_DVS.2": 13,
"ALC_LCD.1": 1,
"ALC_TAT.1": 1
},
"ASE": {
"ASE_CCL.1": 1,
"ASE_ECD": 2,
"ASE_ECD.1": 1,
"ASE_INT.1": 1,
"ASE_OBJ.2": 1,
"ASE_REQ.2": 1,
"ASE_SPD.1": 1,
"ASE_TSS.1": 1
},
"ATE": {
"ATE_COV": 2,
"ATE_COV.2": 1,
"ATE_DPT.1": 1,
"ATE_DPT.2": 11,
"ATE_FUN.1": 6,
"ATE_IND.2": 5
},
"AVA": {
"AVA_VAN": 2,
"AVA_VAN.5": 11
}
},
"cc_security_level": {
"EAL": {
"EAL 4": 1,
"EAL 5": 1,
"EAL4": 14,
"EAL4 augmented": 4
}
},
"cc_sfr": {
"FAU": {
"FAU_SAR.1": 2,
"FAU_SAS": 8,
"FAU_SAS.1": 5
},
"FCS": {
"FCS_CKM": 55,
"FCS_CKM.1": 32,
"FCS_CKM.2": 6,
"FCS_CKM.4": 46,
"FCS_CKM.4.1": 1,
"FCS_COP": 152,
"FCS_COP.1": 21,
"FCS_COP.1.1": 1,
"FCS_RNG": 30,
"FCS_RNG.1": 24,
"FCS_RNG.1.1": 3,
"FCS_RNG.1.2": 2
},
"FDP": {
"FDP_ACC": 116,
"FDP_ACC.1": 43,
"FDP_ACF": 95,
"FDP_ACF.1": 37,
"FDP_IFC": 7,
"FDP_IFC.1": 17,
"FDP_ITC.1": 29,
"FDP_ITC.2": 29,
"FDP_ITT": 7,
"FDP_ITT.1": 4,
"FDP_RIP": 9,
"FDP_RIP.1": 12,
"FDP_RIP.1.1": 1,
"FDP_SDC": 8,
"FDP_SDC.1": 4,
"FDP_SDI": 7,
"FDP_SDI.1": 1,
"FDP_SDI.2": 12,
"FDP_SDI.2.1": 1,
"FDP_SDI.2.2": 1,
"FDP_UCT": 7,
"FDP_UCT.1": 2,
"FDP_UIT": 8,
"FDP_UIT.1": 3
},
"FIA": {
"FIA_AFL": 22,
"FIA_AFL.1": 4,
"FIA_API": 2,
"FIA_API.1": 15,
"FIA_API.1.1": 1,
"FIA_ATD": 10,
"FIA_ATD.1": 14,
"FIA_ATD.1.1": 1,
"FIA_SOS.1": 8,
"FIA_SOS.1.1": 1,
"FIA_UAU": 42,
"FIA_UAU.1": 21,
"FIA_UAU.1.1": 1,
"FIA_UAU.1.2": 1,
"FIA_UAU.4": 12,
"FIA_UAU.4.1": 1,
"FIA_UAU.5": 17,
"FIA_UAU.5.1": 1,
"FIA_UAU.5.2": 1,
"FIA_UAU.6": 11,
"FIA_UAU.6.1": 1,
"FIA_UID": 14,
"FIA_UID.1": 20,
"FIA_UID.1.1": 1,
"FIA_UID.1.2": 1,
"FIA_USB": 15,
"FIA_USB.1": 23,
"FIA_USB.1.1": 1,
"FIA_USB.1.2": 1,
"FIA_USB.1.3": 1
},
"FMT": {
"FMT_LIM": 21,
"FMT_LIM.1": 3,
"FMT_LIM.2": 3,
"FMT_MSA": 60,
"FMT_MSA.1": 7,
"FMT_MSA.3": 36,
"FMT_MSA.3.1": 1,
"FMT_MSA.3.2": 1,
"FMT_MTD": 38,
"FMT_MTD.1": 4,
"FMT_SMF.1": 53,
"FMT_SMF.1.1": 1,
"FMT_SMR": 9,
"FMT_SMR.1": 39,
"FMT_SMR.1.1": 1,
"FMT_SMR.1.2": 1,
"FMT_SRM": 1
},
"FPT": {
"FPT_EMS": 10,
"FPT_EMS.1": 15,
"FPT_EMS.1.1": 1,
"FPT_EMS.1.2": 1,
"FPT_FLS": 7,
"FPT_FLS.1": 18,
"FPT_FLS.1.1": 1,
"FPT_ITE": 11,
"FPT_ITE.1": 11,
"FPT_ITE.1.1": 1,
"FPT_ITE.1.2": 1,
"FPT_ITE.2": 13,
"FPT_ITE.2.1": 5,
"FPT_ITE.2.2": 1,
"FPT_ITT": 7,
"FPT_ITT.1": 4,
"FPT_PHP": 7,
"FPT_PHP.3": 5,
"FPT_TDC.1": 10,
"FPT_TDC.1.1": 1,
"FPT_TDC.1.2": 1,
"FPT_TST": 2,
"FPT_TST.1": 11,
"FPT_TST.1.1": 1,
"FPT_TST.1.2": 1,
"FPT_TST.1.3": 1
},
"FRU": {
"FRU_FLT": 7,
"FRU_FLT.2": 4
},
"FTP": {
"FTP_ITC": 22,
"FTP_ITC.1": 14,
"FTP_ITE": 1,
"FTP_TRP.1": 5
}
},
"certification_process": {},
"cipher_mode": {
"CBC": {
"CBC": 3
}
},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {},
"crypto_protocol": {
"PACE": {
"PACE": 115
},
"TLS": {
"SSL": {
"SSL": 1
}
}
},
"crypto_scheme": {
"KA": {
"Key Agreement": 1,
"Key agreement": 1
},
"MAC": {
"MAC": 33
}
},
"device_model": {},
"ecc_curve": {
"Brainpool": {
"brainpoolP256r1": 4,
"brainpoolP384r1": 4,
"brainpoolP512r1": 4
}
},
"eval_facility": {},
"hash_function": {
"SHA": {
"SHA1": {
"SHA-1": 3
},
"SHA2": {
"SHA-224": 2,
"SHA-256": 11,
"SHA-384": 6,
"SHA-512": 3
}
}
},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {
"STARCOS": {
"STARCOS 3": 11
}
},
"pq_crypto": {},
"randomness": {
"RNG": {
"RND": 13,
"RNG": 38
}
},
"side_channel_analysis": {
"FI": {
"DFA": 1,
"Malfunction": 15,
"malfunction": 1,
"physical tampering": 3
},
"SCA": {
"DPA": 1,
"Leak-Inherent": 13,
"Physical Probing": 2,
"SPA": 1,
"side channel": 1
},
"other": {
"Bleichenbacher attack": 1,
"JIL": 3
}
},
"standard_id": {
"BSI": {
"AIS20": 2,
"AIS31": 1
},
"CC": {
"CCMB-2017-04-001": 1,
"CCMB-2017-04-002": 1,
"CCMB-2017-04-003": 2,
"CCMB-2017-04-004": 1,
"CCMB-2017-05-001": 1
},
"FIPS": {
"FIPS 180-4": 1,
"FIPS 197": 3,
"FIPS PUB 180-4": 1,
"FIPS PUB 197": 1
},
"PKCS": {
"PKCS #1": 1
},
"RFC": {
"RFC 5639": 1,
"RFC5639": 3
}
},
"symmetric_crypto": {
"AES_competition": {
"AES": {
"AES": 52
}
},
"DES": {
"3DES": {
"TDES": 3
}
},
"constructions": {
"MAC": {
"CMAC": 24
}
}
},
"technical_report_id": {
"BSI": {
"BSI TR-03111": 3,
"BSI TR-03143": 2
}
},
"tee_name": {
"IBM": {
"SE": 1
}
},
"tls_cipher_suite": {},
"vendor": {
"GD": {
"G+D": 77,
"Giesecke+Devrient": 14
},
"Infineon": {
"Infineon Technologies AG": 1
},
"NXP": {
"NXP Semiconductors": 1
},
"STMicroelectronics": {
"STMicroelectronics": 1
}
},
"vulnerability": {}
},
"st_metadata": {
"/Author": "Giesecke+Devrient Mobile Security",
"/CreationDate": "D:20220805074457+02\u002700\u0027",
"/Creator": "Microsoft\u00ae Word f\u00fcr Microsoft 365",
"/Keywords": "Version 1.1/05.08.2022",
"/ModDate": "D:20220805074457+02\u002700\u0027",
"/Producer": "Microsoft\u00ae Word f\u00fcr Microsoft 365",
"/Subject": "Security Target Lite STARCOS 3.7 COS GKV C3",
"/Title": "G+D MS Security Target to BSI-PP-0082-V4",
"pdf_file_size_bytes": 2075550,
"pdf_hyperlinks": {
"_type": "Set",
"elements": []
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 156
}
},
"protection_profiles": {
"_type": "Set",
"elements": [
{
"_type": "sec_certs.sample.protection_profile.ProtectionProfile",
"pp_eal": "EAL4+",
"pp_ids": {
"_type": "Set",
"elements": [
"BSI-CC-PP-0082-V4-2019"
]
},
"pp_link": "https://www.commoncriteriaportal.org/files/ppfiles/pp0082V4b_pdf.pdf",
"pp_name": "Card Operating System Generation 2 (PP COS G2)"
}
]
},
"report_link": "https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/1198a_pdf.pdf",
"scheme": "DE",
"security_level": {
"_type": "Set",
"elements": [
"ATE_DPT.2",
"AVA_VAN.5",
"EAL4+",
"ALC_DVS.2"
]
},
"st_link": "https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/1198b_pdf.pdf",
"state": {
"_type": "sec_certs.sample.cc.CCCertificate.InternalState",
"cert": {
"_type": "sec_certs.sample.cc.CCCertificate.DocumentState",
"convert_garbage": false,
"convert_ok": true,
"download_ok": true,
"extract_ok": true,
"pdf_hash": "0e6e7bc4c3bbb8d4515abf88ff78a0da9a55f10394dd136b2fc3a871159473f1",
"txt_hash": "b0ffd7c94b9ac40c8eeac57823d156a0685e429c812cecc59db649e33c315d54"
},
"report": {
"_type": "sec_certs.sample.cc.CCCertificate.DocumentState",
"convert_garbage": false,
"convert_ok": true,
"download_ok": true,
"extract_ok": true,
"pdf_hash": "15bcd5d09e9e8d390b737be13dceba24be018eb68f134f71d01a276881f1f77b",
"txt_hash": "556cfc6c6ae3217c67f34ccde5e9d55e3950d2dfc2af58e3bef78ba7c5bf3aee"
},
"st": {
"_type": "sec_certs.sample.cc.CCCertificate.DocumentState",
"convert_garbage": false,
"convert_ok": true,
"download_ok": true,
"extract_ok": true,
"pdf_hash": "0bbefab85ed024054a562ca023ddf6c383e44a315ff725f06aa2603edb4a063d",
"txt_hash": "b05b0de9390474b601cb0827d26b8edaf446d71b68f662d53a41d6a9e8dedc6f"
}
},
"status": "active"
}