This page was not yet optimized for use on mobile devices.

STARCOS 3.7 COS HBA-SMC

CSV information

Status	active
Valid from	18.06.2021
Valid until	18.06.2026
Scheme	🇩🇪 DE
Manufacturer	G+D Mobile Security GmbH
Category	ICs, Smart Cards and Smart Card-Related Devices and Systems
Security level	ALC_DVS.2, ATE_DPT.2, EAL4+, AVA_VAN.5
Protection profiles	Card Operating System Generation 2
Maintenance updates	STARCOS 3.7 COS HBA-SMC (16.06.2025) Certification report Security target
Maintenance updates	STARCOS 3.7 COS HBA-SMC (09.05.2022) Certification report

Heuristics summary

Certificate ID: BSI-DSZ-CC-0976-V4-2021

Certificate

Certificate PDF TXT

Extracted keywords

Operating System name

STARCOS 3

Vendor

Giesecke+Devrient

Security level

EAL 4, EAL 5, EAL 2, EAL 4 augmented

Security Assurance Requirements (SAR)

ALC_DVS.2, ATE_DPT.2, AVA_VAN.5

Protection profiles

BSI-CC-PP-0082-V4-

Certificates

BSI-DSZ-CC-0976-V4-2021

Standards

ISO/IEC 15408, ISO/IEC 18045

File metadata

Title	Certificate BSI-DSZ-CC-0976-V4-2021
Subject	STARCOS 3.7 COS HBA-SMC from G+D Mobile Security GmbH, Giesecke+Devrient Mobile Security GmbH
Keywords	"Common Criteria, Certification, Zertifizierung, G2 COS, eHealth, STARCOS 3.7 COS HBA-SMC, Giesecke+Devrient Mobile Security GmbH"
Author	Bundesamt für Sicherheit in der Informationstechnik
Creation date	D:20210629121438+02'00'
Modification date	D:20210629121708+02'00'
Pages	1
Creator	Writer
Producer	LibreOffice 6.3

Certification report

Certification report PDF TXT

Extracted keywords

Symmetric Algorithms

AES, HPC, CMAC

Asymmetric Algorithms

RSA-OAEP, ECDH, ECDSA, ECC, Diffie-Hellman, DH

Hash functions

SHA-256

Schemes

MAC, Key Agreement

Protocols

PACE

Randomness

PRNG, RNG

Block cipher modes

CBC

Operating System name

STARCOS 3

Vendor

Infineon, Infineon Technologies AG, Giesecke+Devrient, Giesecke & Devrient, G+D

Security level

EAL 4, EAL 5, EAL 2, EAL 1, EAL 2+, EAL5+, EAL6, EAL 5+, EAL 6, EAL 4 augmented

Claims

A.U

Security Assurance Requirements (SAR)

ADV_ARC, ALC_DVS.2, ALC_FLR, ALC_CMC.4, ALC_CMS.4, ALC_DEL.1, ALC_LCD.1, ALC_TAT.1, ATE_DPT.2, AVA_VAN.5

Security Functional Requirements (SFR)

FCS_COP, FCS_CKM, FCS_RNG.1, FCS_RNG, FIA_UAU, FIA_USB, FPT_ITE.1, FTP_ITC

Protection profiles

BSI-CC-PP-0082-V4-, BSI-CC-PP-0082-V4-2019

Certificates

BSI-DSZ-CC-0976-V4-2021, BSI-DSZ-CC-0976-V3-2019, BSI-DSZ-CC-1110-, BSI-DSZ-CC-1110-V3-2020, BSI-DSZ-CC-S-0132-2019, BSI-DSZ-CC-S-0144-2020, BSI-DSZ-CC-S-0128-, BSI-DSZ-CC-S-0128-2019

Evaluation facilities

TÜV Informationstechnik, SRC Security Research & Consulting

Side-channel analysis

side channel, DPA, SPA, physical tampering, malfunction, DFA, fault injection, JIL

Certification process

being maintained, is not given any longer. In particular, prior to the dissemination of confidential documentation and information related to the TOE or resulting from the evaluation and certification, Target STARCOS 3.7 COS HBA-SMC, Version 2.0, 22 April 2021, Giesecke+Devrient Mobile Security GmbH (confidential document) 7 specifically • AIS 1, Version 14, Durchführung der Ortsbesichtigung in der Entwicklungsumgebung, for STARCOS 3.7 COS HBA-SMC, Version 2.9, 2 June 2021, SRC Security Research & Consulting GmbH (confidential document) [10] Configuration List BSI-DSZ-CC-0976-V4-2021, Configuration List STARCOS 3.7 COS HBA-SMC, 1.1, 19 May 2021, Giesecke+Devrient Mobile Security GmbH (confidential document) [11] Guidance Documentation STARCOS 3.7 COS HBA-SMC – Main Document, Version 1.6, 23 March 2021, design step H13, Version 3.3, 22 April 2020, Infineon Technologies AG, BSI-DSZ-CC-1110-V3-2020 (confidential document) Security Target Lite of the underlying hardware platform, Security Target IFX_CCI_000003h, procedure BSI-DSZ-CC-1110-V3-2020, Version 1, 23 April 2020, TÜV Informationstechnik GmbH (confidential document) [21] Einführung der Gesundheitskarte, Spezifikation des Card Operating System (COS), Elektrische

Standards

FIPS 180-4, FIPS 197, FIPS PUB 180-4, FIPS PUB 197, PKCS#1, AIS 34, AIS 36, AIS 37, AIS 26, AIS 25, AIS 20, AIS 31, AIS 46, AIS 35, AIS 1, AIS 14, AIS 19, AIS 23, AIS 32, AIS 38, RFC 5639, ISO/IEC 15408, ISO/IEC 18045, ISO/IEC 17065, ISO/IEC 18031:2005

Technical reports

BSI TR-03116-1, BSI TR-03144, BSI TR-03143, BSI 7148

File metadata

Title	Certification Report BSI-DSZ-CC-0976-V4-2021
Subject	STARCOS 3.7 COS HBA-SMC from G+D Mobile Security GmbH, Giesecke+Devrient Mobile Security GmbH
Keywords	"Common Criteria, Certification, Zertifizierung, G2 COS, eHealth, STARCOS 3.7 COS HBA-SMC, Giesecke+Devrient Mobile Security GmbH"
Author	Bundesamt für Sicherheit in der Informationstechnik
Creation date	D:20210629114835+02'00'
Modification date	D:20210629121138+02'00'
Pages	40
Creator	Writer
Producer	LibreOffice 6.3

Frontpage

Certificate ID	BSI-DSZ-CC-0976-V4-2021
Certified item	STARCOS 3.7 COS HBA-SMC
Certification lab	BSI
Developer	Giesecke+Devrient Mobile Security GmbH

References

Outgoing

BSI-DSZ-CC-0976-V3-2019 - archived - STARCOS 3.7 COS GKV C2
BSI-DSZ-CC-1110-V3-2020 - archived - Infineon Security Controller IFX_CCI_000003h, 000005h, 000008h, 00000Ch, 000013h, 000014h, 000015h, 00001Ch, 00001Dh, 000021h, 000022h in the design step H13 and including optional software libraries and dedicated firmware in several versions

Security target

Security target PDF TXT

Extracted keywords

Symmetric Algorithms

AES, HPC, CMAC

Asymmetric Algorithms

ECDH, ECDSA, ECC, Diffie-Hellman, DH, DSA

Hash functions

SHA-1, SHA-224, SHA-384, SHA-256, SHA-512

Schemes

MAC, Key agreement, Key Agreement

Protocols

SSL, PACE

Randomness

RND, RNG

Elliptic Curves

brainpoolP256r1, brainpoolP384r1, brainpoolP512r1

Block cipher modes

CBC

Operating System name

STARCOS 3

Trusted Execution Environments

Vendor

NXP Semiconductors, Infineon, Infineon Technologies AG, STMicroelectronics, Giesecke+Devrient

Security level

EAL4, EAL 4, EAL 6, EAL6, EAL6+, EAL4 augmented

Claims

O.RND, O.AES, O.PACE_CHIP, T.RND

Security Assurance Requirements (SAR)

ADV_ARC.1, ADV_FSP.4, ADV_IMP.1, ADV_TDS.3, ADV_ARC, ADV_FSP, ADV_IMP, AGD_OPE.1, AGD_PRE.1, AGD_OPE, AGD_PRE, ALC_DVS.2, ALC_CMC.4, ALC_CMS.4, ALC_DEL.1, ALC_LCD.1, ALC_TAT.1, ALC_DEL, ALC_DVS, ALC_CMS, ALC_CMC, ALC_FLR.1, ATE_FUN.1, ATE_IND.2, ATE_DPT.2, ATE_COV.2, ATE_COV, ATE_DPT.1, AVA_VAN.5, AVA_VAN, ASE_CCL.1, ASE_ECD.1, ASE_INT.1, ASE_OBJ.2, ASE_REQ.2, ASE_SPD.1, ASE_TSS.1, ASE_ECD

Security Functional Requirements (SFR)

FAU_SAS, FAU_SAS.1, FCS_RNG, FCS_COP, FCS_CKM, FCS_RNG.1, FCS_CKM.4, FCS_RNG.1.1, FCS_RNG.1.2, FCS_CKM.1, FCS_COP.1, FCS_CKM.2, FCS_COP.1.1, FCS_CKM.4.1, FDP_ITT, FDP_IFC, FDP_SDC, FDP_SDI, FDP_RIP.1, FDP_SDI.2, FDP_ACC, FDP_ACF, FDP_SDC.1, FDP_ITT.1, FDP_IFC.1, FDP_RIP.1.1, FDP_SDI.1, FDP_SDI.2.1, FDP_SDI.2.2, FDP_ACF.1, FDP_ACC.1, FDP_ITC.1, FDP_ITC.2, FDP_RIP, FDP_UCT, FDP_UCT.1, FDP_UIT, FDP_UIT.1, FIA_API, FIA_AFL, FIA_ATD.1, FIA_SOS.1, FIA_UAU.1, FIA_UAU.4, FIA_UAU.5, FIA_UAU.6, FIA_API.1, FIA_USB.1, FIA_USB, FIA_UAU, FIA_UID.1, FIA_SOS.1.1, FIA_AFL.1, FIA_ATD.1.1, FIA_UAU.1.1, FIA_UAU.1.2, FIA_UAU.4.1, FIA_UAU.5.1, FIA_UAU.5.2, FIA_UAU.6.1, FIA_UID.1.1, FIA_UID.1.2, FIA_API.1.1, FIA_USB.1.1, FIA_USB.1.2, FIA_USB.1.3, FIA_UID, FIA_ATD, FIA_ACF, FIA_ACC, FMT_LIM, FMT_SMR.1, FMT_MSA.3, FMT_SMF.1, FMT_MSA, FMT_MTD, FMT_LIM.1, FMT_LIM.2, FMT_SMR.1.1, FMT_SMR.1.2, FMT_SMF.1.1, FMT_MSA.1, FMT_MSA.3.1, FMT_MSA.3.2, FMT_MTD.1, FMT_SMR, FMT_SRM, FPT_FLS, FPT_PHP, FPT_ITT, FPT_EMS, FPT_ITE, FPT_FLS.1, FPT_EMS.1, FPT_TDC.1, FPT_ITE.1, FPT_ITE.2, FPT_TST.1, FPT_PHP.3, FPT_ITT.1, FPT_FLS.1.1, FPT_TST, FPT_EMS.1.1, FPT_EMS.1.2, FPT_TDC.1.1, FPT_TDC.1.2, FPT_ITE.1.1, FPT_ITE.1.2, FPT_ITE.2.1, FPT_ITE.2.2, FPT_TST.1.1, FPT_TST.1.2, FPT_TST.1.3, FRU_FLT, FRU_FLT.2, FTP_ITC, FTP_ITE, FTP_ITC.1, FTP_TRP.1

Protection profiles

BSI-PP-0084-2014, BSI-CC-PP-0084-2014, BSI-CC-PP- 0084-2014, BSI-CC-PP-0082-V4, BSI-CC-PP- 0082-V4, BSI-CC-PP-0084-2007, BSI-CC-PP-0084-, BSI-CC-PP-0082-V3, BSI-PP-0084-, BSI-CC-PP-0035-2007

Certificates

BSI-DSZ-CC-1110-V3-2020

Side-channel analysis

Leak-Inherent, Physical Probing, side channel, SPA, DPA, physical tampering, Malfunction, malfunction, DFA, Bleichenbacher attack, JIL

Certification process

out of scope, and cryptographic key sizes 2048 bits and 3072 bits modulus length for RSA private key operation is out of scope for the TOE. 371 The TOE shall meet the requirement “Cryptographic operation – CB ECC (FCS_COP.1/CB

Standards

FIPS 180-4, FIPS 197, FIPS PUB 197, FIPS PUB 180-4, NIST SP 800-38B, PKCS #1, AIS31, AIS20, RFC5639, RFC 5639, ISO/IEC 7816, CCMB-2017-05-001, CCMB-2017-04-001, CCMB-2017-04-002, CCMB-2017-04-003, CCMB-2017-04-004

Technical reports

BSI TR-03143, BSI TR-03111

File metadata

Title	G+D MS Security Target to BSI-PP-0082-V4
Subject	Security Target STARCOS 3.7 COS HBA-SMC
Keywords	Version 1.0/18.05.2021
Author	Giesecke+Devrient Mobile Security GmbH
Creation date	D:20210617104602+02'00'
Modification date	D:20210617104602+02'00'
Pages	166
Creator	Microsoft® Word für Microsoft 365
Producer	Microsoft® Word für Microsoft 365

References

Outgoing

BSI-DSZ-CC-1110-V3-2020 - archived - Infineon Security Controller IFX_CCI_000003h, 000005h, 000008h, 00000Ch, 000013h, 000014h, 000015h, 00001Ch, 00001Dh, 000021h, 000022h in the design step H13 and including optional software libraries and dedicated firmware in several versions

Incoming

BSI-DSZ-CC-1068-V5-2024 - active - KoCoBox MED+ Konnektor, Version 5.5.12
BSI-DSZ-CC-1068-V3-2022 - active - KoCoBox MED+ Konnektor, Version 4.2.22
BSI-DSZ-CC-1067-V5-2024 - active - KoCoBox MED+ Netzkonnektor, Version 5.5.12
BSI-DSZ-CC-1068-V4-2023 - active - KoCoBox MED+ Konnektor, Version 5.1.6
BSI-DSZ-CC-1067-V3-2022 - active - KoCoBox MED+ Netzkonnektor, Version 4.2.22
BSI-DSZ-CC-1067-V4-2023 - active - KoCoBox MED+ Netzkonnektor, 5.1.6

Heuristics

Automated inference - use with caution

All attributes shown in this section (e.g., links between certificates, products, vendors, and known CVEs) are generated by automated heuristics and have not been reviewed by humans. These methods can produce false positives or false negatives and should not be treated as definitive without independent verification. For details on our data sources and inference methods, see our methodology. If you believe any information here is inaccurate or harmful, please submit feedback.

Certificate ID

BSI-DSZ-CC-0976-V4-2021

Extracted SARs

ADV_ARC.1, ADV_FSP.4, ADV_IMP.1, ADV_TDS.3, AGD_OPE.1, AGD_PRE.1, ALC_CMC.4, ALC_CMS.4, ALC_DEL.1, ALC_DVS.2, ALC_FLR.1, ALC_LCD.1, ALC_TAT.1, ASE_CCL.1, ASE_ECD.1, ASE_INT.1, ASE_OBJ.2, ASE_REQ.2, ASE_SPD.1, ASE_TSS.1, ATE_COV.2, ATE_DPT.2, ATE_FUN.1, ATE_IND.2, AVA_VAN.5

References

Updates Feed

11.08.2025

The certificate data changed.
Certificate changed

The Maintenance Updates of the certificate were updated.

The following values were added: {'_type': 'Set', 'elements': [{'_type': 'sec_certs.sample.cc.CCCertificate.MaintenanceReport', 'maintenance_date': '2025-06-16', 'maintenance_title': 'STARCOS 3.7 COS HBA-SMC', 'maintenance_report_link': 'https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/0976V4ma2a_pdf.pdf', 'maintenance_st_link': 'https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/0976V4ma2b_pdf.pdf'}]}.
19.05.2025

The certificate data changed.
Certificate changed

The computed heuristics were updated.

The scheme_data property was set to None.
10.03.2025

The certificate data changed.
Certificate changed

The computed heuristics were updated.

The scheme_data property was set to {'cert_id': 'BSI-DSZ-CC-0976-V4-2021', 'product': 'STARCOS 3.7 COS HBA-SMC', 'vendor': 'Giesecke & Devrient GmbH seit 1. Juli 2017 Giesecke+Devrient Mobile Security GmbH', 'certification_date': '2021-06-18', 'category': 'eHealth', 'url': 'https://www.bsi.bund.de/SharedDocs/Zertifikate_CC/CC/Gesundheitswesen_SmartCards/0976_0976V2_0976V3_0976V4.html', 'enhanced': {'product': 'STARCOS 3.7 COS HBA-SMC', 'applicant': 'Giesecke & Devrient GmbH seit 1. Juli 2017 Giesecke+Devrient Mobile Security GmbH Prinzregentenstr. 159 81677 München', 'evaluation_facility': 'SRC Security Research & Consulting GmbH', 'assurance_level': 'EAL4+,ALC_DVS.2,ATE_DPT.2,AVA_VAN.5', 'protection_profile': 'Card Operating System Generation 2 (PP COS G2), Version 2.1, 10 July 2019, BSI-CC-PP-0082-V4-2019', 'certification_date': '2021-06-18', 'expiration_date': '2026-06-17', 'entries': [{'id': 'BSI-DSZ-CC-0976-V4-2021-MA-01 (Ausstellungsdatum / Certification Date 09.05.2022)', 'description': 'The partial ALC re-evaluation for procedure 0976-V4 covers the update of the product life-cycle concerning the involved development and production sites. The certified product itself did not change.'}, {'id': 'BSI-DSZ-CC-0976-V4-2021 (Ausstellungsdatum / Certification Date 18.06.2021, gültig bis / valid until 17.06.2026) Zertifizierungsreport / Certification Report', 'description': 'Software'}, {'id': 'BSI', 'description': 'The partial ALC re-evaluation for procedure 0976-V3 covers the update of the product life-cycle concerning the involved development and production sites. The certified product itself did not change.'}, {'id': 'BSI-DSZ-CC-0976-V3-2019-MA-01 (Ausstellungsdatum / Certification Date 15.06.2021)', 'description': 'Maintenance Report'}, {'id': 'BSI-DSZ-CC-0976-V3-2019 (Ausstellungsdatum / Certification Date 21.11.2019, gültig bis / valid until 20.11.2024)', 'description': '), to adaptations in the life-cycle model as well as to the integration of the functional package Contactless and further specific changes in the Embedded Software including a corresponding update of the related user guidance documentation. In particular, the TOE’s (crypto) implementation was re-evaluated and reassessed.'}, {'id': 'BSI-DSZ-CC-0976-V2-2018 (Ausstellungsdatum / Certification Date 20.09.2018, gültig bis / valid until 19.09.2023)', 'description': 'Software'}, {'id': 'BSI-DSZ-CC-0976-2015-MA-01 (Ausstellungsdatum / Certification Date 02.08.2018)', 'description': 'The changes are related to an update and reevaluation of the product life-cycle caused by changes in the development and porduction sites. The certified product itself did not change.'}, {'id': 'BSI-DSZ-CC-0976-2015-RA-01 (Ausstellungsdatum / Certification Date 19.09.2017)', 'description': 'Security Target'}, {'id': 'BSI-DSZ-CC-0976-2015 (Ausstellungsdatum / Certification Date 29.12.2015, gültig bis / valid until 28.12.2020)', 'description': 'Security Target'}], 'report_link': 'https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Zertifizierung/Reporte/Reporte09/0976V4a_pdf.pdf?__blob=publicationFile&v=3', 'target_link': 'https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Zertifizierung/Reporte/Reporte09/0976V4b_pdf.pdf?__blob=publicationFile&v=3', 'cert_link': 'https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Zertifizierung/Reporte/Reporte09/0976V4c_pdf.pdf?__blob=publicationFile&v=3', 'description': 'The Target of Evaluation (TOE) is the product STARCOS 3.6 COSGKV C1 developed by Giesecke & Devrient GmbH. The TOE is a smart card product according to the G2 Card Operating System (G2-COS) specification from gematik. The TOE is intended to be used as a card operating system platform for specific card types and applications of the card generation G2 in the framework of the German health care system, and therefore implements the mandatory part of the G2-COS specification with the base functionality of the operating system platform only. The TOE implements from the PP-0082-V2 the base part without any of the optional packages.'}, 'subcategory': 'Smartcards'}.
03.03.2025

The certificate data changed.
Certificate changed

The computed heuristics were updated.

The scheme_data property was set to None.
24.02.2025

The certificate data changed.
Certificate changed

The computed heuristics were updated.

The scheme_data property was set to {'cert_id': 'BSI-DSZ-CC-0976-V4-2021', 'product': 'STARCOS 3.7 COS HBA-SMC', 'vendor': 'Giesecke & Devrient GmbH seit 1. Juli 2017 Giesecke+Devrient Mobile Security GmbH', 'certification_date': '2021-06-18', 'category': 'eHealth', 'url': 'https://www.bsi.bund.de/SharedDocs/Zertifikate_CC/CC/Gesundheitswesen_SmartCards/0976_0976V2_0976V3_0976V4.html', 'enhanced': {'product': 'STARCOS 3.7 COS HBA-SMC', 'applicant': 'Giesecke & Devrient GmbH seit 1. Juli 2017 Giesecke+Devrient Mobile Security GmbH Prinzregentenstr. 159 81677 München', 'evaluation_facility': 'SRC Security Research & Consulting GmbH', 'assurance_level': 'EAL4+,ALC_DVS.2,ATE_DPT.2,AVA_VAN.5', 'protection_profile': 'Card Operating System Generation 2 (PP COS G2), Version 2.1, 10 July 2019, BSI-CC-PP-0082-V4-2019', 'certification_date': '2021-06-18', 'expiration_date': '2026-06-17', 'entries': [{'id': 'BSI-DSZ-CC-0976-V4-2021-MA-01 (Ausstellungsdatum / Certification Date 09.05.2022)', 'description': 'The partial ALC re-evaluation for procedure 0976-V4 covers the update of the product life-cycle concerning the involved development and production sites. The certified product itself did not change.'}, {'id': 'BSI-DSZ-CC-0976-V4-2021 (Ausstellungsdatum / Certification Date 18.06.2021, gültig bis / valid until 17.06.2026) Zertifizierungsreport / Certification Report', 'description': 'Software'}, {'id': 'BSI', 'description': 'The partial ALC re-evaluation for procedure 0976-V3 covers the update of the product life-cycle concerning the involved development and production sites. The certified product itself did not change.'}, {'id': 'BSI-DSZ-CC-0976-V3-2019-MA-01 (Ausstellungsdatum / Certification Date 15.06.2021)', 'description': 'Maintenance Report'}, {'id': 'BSI-DSZ-CC-0976-V3-2019 (Ausstellungsdatum / Certification Date 21.11.2019, gültig bis / valid until 20.11.2024)', 'description': '), to adaptations in the life-cycle model as well as to the integration of the functional package Contactless and further specific changes in the Embedded Software including a corresponding update of the related user guidance documentation. In particular, the TOE’s (crypto) implementation was re-evaluated and reassessed.'}, {'id': 'BSI-DSZ-CC-0976-V2-2018 (Ausstellungsdatum / Certification Date 20.09.2018, gültig bis / valid until 19.09.2023)', 'description': 'Software'}, {'id': 'BSI-DSZ-CC-0976-2015-MA-01 (Ausstellungsdatum / Certification Date 02.08.2018)', 'description': 'The changes are related to an update and reevaluation of the product life-cycle caused by changes in the development and porduction sites. The certified product itself did not change.'}, {'id': 'BSI-DSZ-CC-0976-2015-RA-01 (Ausstellungsdatum / Certification Date 19.09.2017)', 'description': 'Security Target'}, {'id': 'BSI-DSZ-CC-0976-2015 (Ausstellungsdatum / Certification Date 29.12.2015, gültig bis / valid until 28.12.2020)', 'description': 'Security Target'}], 'report_link': 'https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Zertifizierung/Reporte/Reporte09/0976V4a_pdf.pdf?__blob=publicationFile&v=3', 'target_link': 'https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Zertifizierung/Reporte/Reporte09/0976V4b_pdf.pdf?__blob=publicationFile&v=3', 'cert_link': 'https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Zertifizierung/Reporte/Reporte09/0976V4c_pdf.pdf?__blob=publicationFile&v=3', 'description': 'The Target of Evaluation (TOE) is the product STARCOS 3.6 COSGKV C1 developed by Giesecke & Devrient GmbH. The TOE is a smart card product according to the G2 Card Operating System (G2-COS) specification from gematik. The TOE is intended to be used as a card operating system platform for specific card types and applications of the card generation G2 in the framework of the German health care system, and therefore implements the mandatory part of the G2-COS specification with the base functionality of the operating system platform only. The TOE implements from the PP-0082-V2 the base part without any of the optional packages.'}, 'subcategory': 'Smartcards'}.
17.02.2025

The certificate data changed.
Certificate changed

The computed heuristics were updated.

The scheme_data property was set to None.
05.02.2025

The certificate data changed.
Certificate changed

The state of the certificate object was updated.

The report property was updated, with the {'_type': 'sec_certs.sample.document_state.DocumentState'} data.

The st property was updated, with the {'_type': 'sec_certs.sample.document_state.DocumentState'} data.

The cert property was updated, with the {'_type': 'sec_certs.sample.document_state.DocumentState'} data.

The computed heuristics were updated.

The following values were inserted: {'protection_profiles': {'_type': 'Set', 'elements': ['55ed365edb2c317f']}, 'eal': 'EAL4+'}.

The prev_certificates property was set to None.

The next_certificates property was set to None.
03.02.2025

The certificate data changed.
Certificate changed

The computed heuristics were updated.

The st_references property was updated, with the {'directly_referenced_by': {'__add__': {'_type': 'Set', 'elements': ['BSI-DSZ-CC-1068-V5-2024', 'BSI-DSZ-CC-1067-V5-2024']}}, 'indirectly_referenced_by': {'__add__': {'_type': 'Set', 'elements': ['BSI-DSZ-CC-1068-V5-2024', 'BSI-DSZ-CC-1067-V5-2024']}}} data.
21.11.2024

The certificate data changed.
Certificate changed

The computed heuristics were updated.

The following values were inserted: {'prev_certificates': ['BSI-DSZ-CC-0976-2015', 'BSI-DSZ-CC-0976-V2-2018', 'BSI-DSZ-CC-0976-V3-2019'], 'next_certificates': []}.
09.11.2024

The certificate data changed.
Certificate changed

The computed heuristics were updated.

The scheme_data property was updated, with the {'certification_date': '2021-06-18', 'enhanced': {'__update__': {'applicant': 'Giesecke & Devrient GmbH seit 1. Juli 2017 Giesecke+Devrient Mobile Security GmbH Prinzregentenstr. 159 81677 München', 'certification_date': '2021-06-18', 'expiration_date': '2026-06-17', 'entries': {'1': {'__update__': {'id': 'BSI-DSZ-CC-0976-V4-2021 (Ausstellungsdatum / Certification Date 18.06.2021, gültig bis / valid until 17.06.2026) Zertifizierungsreport / Certification Report'}}, '6': {'__update__': {'description': 'The changes are related to an update and reevaluation of the product life-cycle caused by changes in the development and porduction sites. The certified product itself did not change.'}}}}}} data.
17.10.2024

The certificate data changed.
Certificate changed

The Protection Profiles of the certificate were updated.

The new value is {'_type': 'Set', 'elements': [{'_type': 'sec_certs.sample.protection_profile.ProtectionProfile', 'pp_name': 'Card Operating System Generation 2', 'pp_eal': 'EAL4+', 'pp_link': 'https://www.commoncriteriaportal.org/files/ppfiles/pp0082b_pdf.pdf', 'pp_ids': None}]}.
22.08.2024

The certificate data changed.
Certificate changed

The state of the certificate object was updated.

The st property was updated, with the {'download_ok': True, 'convert_ok': True, 'extract_ok': True, 'pdf_hash': 'e097b29728ebc08d227c0c049e9b75a778e61e9a3b3358f940f5cac11be3b8ee', 'txt_hash': 'a3f0d2ba96a19dac465792312eb6316e80ac3b025f9bd2b530cea51d93931f34'} data.

The cert property was updated, with the {'download_ok': True, 'convert_ok': True, 'extract_ok': True, 'pdf_hash': '289293a7788d72427bb71793d37043efddef11edf4b8a38a755eb22e55f1e807', 'txt_hash': '52b5b59e2cdf43f576101284d41c901b2cec7eb3ed923287f57fab530189e6c2'} data.

The PDF extraction data was updated.

The st_metadata property was set to {'pdf_file_size_bytes': 2539468, 'pdf_is_encrypted': False, 'pdf_number_of_pages': 166, '/Title': 'G+D MS Security Target to BSI-PP-0082-V4', '/Author': 'Giesecke+Devrient Mobile Security GmbH', '/Subject': 'Security Target STARCOS 3.7 COS HBA-SMC', '/Keywords': 'Version 1.0/18.05.2021', '/Creator': 'Microsoft® Word für Microsoft 365', '/CreationDate': "D:20210617104602+02'00'", '/ModDate': "D:20210617104602+02'00'", '/Producer': 'Microsoft® Word für Microsoft 365', 'pdf_hyperlinks': {'_type': 'Set', 'elements': []}}.

The cert_metadata property was set to {'pdf_file_size_bytes': 241574, 'pdf_is_encrypted': False, 'pdf_number_of_pages': 1, '/Author': 'Bundesamt für Sicherheit in der Informationstechnik', '/CreationDate': "D:20210629121438+02'00'", '/Creator': 'Writer', '/Keywords': '"Common Criteria, Certification, Zertifizierung, G2 COS, eHealth, STARCOS 3.7 COS HBA-SMC, Giesecke+Devrient Mobile Security GmbH"', '/ModDate': "D:20210629121708+02'00'", '/Producer': 'LibreOffice 6.3', '/Subject': 'STARCOS 3.7 COS HBA-SMC from G+D Mobile Security GmbH, Giesecke+Devrient Mobile Security GmbH', '/Title': 'Certificate BSI-DSZ-CC-0976-V4-2021', 'pdf_hyperlinks': {'_type': 'Set', 'elements': []}}.

The st_keywords property was set to {'cc_cert_id': {'DE': {'BSI-DSZ-CC-1110-V3-2020': 2}}, 'cc_protection_profile_id': {'BSI': {'BSI-PP-0084-2014': 8, 'BSI-CC-PP-0084-2014': 57, 'BSI-CC-PP- 0084-2014': 6, 'BSI-CC-PP-0082-V4': 27, 'BSI-CC-PP- 0082-V4': 2, 'BSI-CC-PP-0084-2007': 1, 'BSI-CC-PP-0084-': 4, 'BSI-CC-PP-0082-V3': 1, 'BSI-PP-0084-': 2, 'BSI-CC-PP-0035-2007': 1}}, 'cc_security_level': {'EAL': {'EAL4': 14, 'EAL 4': 2, 'EAL 6': 2, 'EAL6': 1, 'EAL6+': 1, 'EAL4 augmented': 4}}, 'cc_sar': {'ADV': {'ADV_ARC.1': 9, 'ADV_FSP.4': 6, 'ADV_IMP.1': 6, 'ADV_TDS.3': 3, 'ADV_ARC': 2, 'ADV_FSP': 2, 'ADV_IMP': 2}, 'AGD': {'AGD_OPE.1': 6, 'AGD_PRE.1': 2, 'AGD_OPE': 2, 'AGD_PRE': 2}, 'ALC': {'ALC_DVS.2': 12, 'ALC_CMC.4': 1, 'ALC_CMS.4': 1, 'ALC_DEL.1': 1, 'ALC_LCD.1': 1, 'ALC_TAT.1': 1, 'ALC_DEL': 2, 'ALC_DVS': 2, 'ALC_CMS': 2, 'ALC_CMC': 2, 'ALC_FLR.1': 1}, 'ATE': {'ATE_FUN.1': 6, 'ATE_IND.2': 5, 'ATE_DPT.2': 11, 'ATE_COV.2': 1, 'ATE_COV': 2, 'ATE_DPT.1': 1}, 'AVA': {'AVA_VAN.5': 10, 'AVA_VAN': 2}, 'ASE': {'ASE_CCL.1': 1, 'ASE_ECD.1': 1, 'ASE_INT.1': 1, 'ASE_OBJ.2': 1, 'ASE_REQ.2': 1, 'ASE_SPD.1': 1, 'ASE_TSS.1': 1, 'ASE_ECD': 2}}, 'cc_sfr': {'FAU': {'FAU_SAS': 8, 'FAU_SAS.1': 3}, 'FCS': {'FCS_RNG': 34, 'FCS_COP': 189, 'FCS_CKM': 83, 'FCS_RNG.1': 20, 'FCS_CKM.4': 64, 'FCS_RNG.1.1': 3, 'FCS_RNG.1.2': 2, 'FCS_CKM.1': 39, 'FCS_COP.1': 27, 'FCS_CKM.2': 9, 'FCS_COP.1.1': 1, 'FCS_CKM.4.1': 1}, 'FDP': {'FDP_ITT': 7, 'FDP_IFC': 7, 'FDP_SDC': 8, 'FDP_SDI': 7, 'FDP_RIP.1': 12, 'FDP_SDI.2': 11, 'FDP_ACC': 123, 'FDP_ACF': 110, 'FDP_SDC.1': 3, 'FDP_ITT.1': 3, 'FDP_IFC.1': 16, 'FDP_RIP.1.1': 1, 'FDP_SDI.1': 1, 'FDP_SDI.2.1': 1, 'FDP_SDI.2.2': 1, 'FDP_ACF.1': 41, 'FDP_ACC.1': 44, 'FDP_ITC.1': 35, 'FDP_ITC.2': 35, 'FDP_RIP': 9, 'FDP_UCT': 7, 'FDP_UCT.1': 1, 'FDP_UIT': 8, 'FDP_UIT.1': 2}, 'FIA': {'FIA_API': 10, 'FIA_AFL': 22, 'FIA_ATD.1': 20, 'FIA_SOS.1': 8, 'FIA_UAU.1': 20, 'FIA_UAU.4': 12, 'FIA_UAU.5': 17, 'FIA_UAU.6': 12, 'FIA_API.1': 16, 'FIA_USB.1': 30, 'FIA_USB': 32, 'FIA_UAU': 50, 'FIA_UID.1': 19, 'FIA_SOS.1.1': 1, 'FIA_AFL.1': 4, 'FIA_ATD.1.1': 1, 'FIA_UAU.1.1': 1, 'FIA_UAU.1.2': 1, 'FIA_UAU.4.1': 1, 'FIA_UAU.5.1': 1, 'FIA_UAU.5.2': 1, 'FIA_UAU.6.1': 1, 'FIA_UID.1.1': 1, 'FIA_UID.1.2': 1, 'FIA_API.1.1': 1, 'FIA_USB.1.1': 1, 'FIA_USB.1.2': 1, 'FIA_USB.1.3': 2, 'FIA_UID': 14, 'FIA_ATD': 10, 'FIA_ACF': 1, 'FIA_ACC': 1}, 'FMT': {'FMT_LIM': 15, 'FMT_SMR.1': 41, 'FMT_MSA.3': 39, 'FMT_SMF.1': 51, 'FMT_MSA': 68, 'FMT_MTD': 38, 'FMT_LIM.1': 3, 'FMT_LIM.2': 2, 'FMT_SMR.1.1': 1, 'FMT_SMR.1.2': 1, 'FMT_SMF.1.1': 1, 'FMT_MSA.1': 8, 'FMT_MSA.3.1': 1, 'FMT_MSA.3.2': 1, 'FMT_MTD.1': 4, 'FMT_SMR': 9, 'FMT_SRM': 1}, 'FPT': {'FPT_FLS': 7, 'FPT_PHP': 7, 'FPT_ITT': 7, 'FPT_EMS': 10, 'FPT_ITE': 11, 'FPT_FLS.1': 16, 'FPT_EMS.1': 15, 'FPT_TDC.1': 10, 'FPT_ITE.1': 11, 'FPT_ITE.2': 13, 'FPT_TST.1': 11, 'FPT_PHP.3': 4, 'FPT_ITT.1': 3, 'FPT_FLS.1.1': 1, 'FPT_TST': 2, 'FPT_EMS.1.1': 1, 'FPT_EMS.1.2': 1, 'FPT_TDC.1.1': 1, 'FPT_TDC.1.2': 1, 'FPT_ITE.1.1': 1, 'FPT_ITE.1.2': 1, 'FPT_ITE.2.1': 5, 'FPT_ITE.2.2': 1, 'FPT_TST.1.1': 1, 'FPT_TST.1.2': 1, 'FPT_TST.1.3': 1}, 'FRU': {'FRU_FLT': 7, 'FRU_FLT.2': 3}, 'FTP': {'FTP_ITC': 22, 'FTP_ITE': 1, 'FTP_ITC.1': 12, 'FTP_TRP.1': 5}}, 'cc_claims': {'O': {'O.RND': 8, 'O.AES': 7, 'O.PACE_CHIP': 2}, 'T': {'T.RND': 5}}, 'vendor': {'NXP': {'NXP Semiconductors': 1}, 'Infineon': {'Infineon': 2, 'Infineon Technologies AG': 2}, 'STMicroelectronics': {'STMicroelectronics': 1}, 'GD': {'Giesecke+Devrient': 14}}, 'eval_facility': {}, 'symmetric_crypto': {'AES_competition': {'AES': {'AES': 82}, 'HPC': {'HPC': 1}}, 'constructions': {'MAC': {'CMAC': 43}}}, 'asymmetric_crypto': {'ECC': {'ECDH': {'ECDH': 6}, 'ECDSA': {'ECDSA': 38}, 'ECC': {'ECC': 16}}, 'FF': {'DH': {'Diffie-Hellman': 1, 'DH': 12}, 'DSA': {'DSA': 1}}}, 'pq_crypto': {}, 'hash_function': {'SHA': {'SHA1': {'SHA-1': 3}, 'SHA2': {'SHA-224': 2, 'SHA-384': 6, 'SHA-256': 11, 'SHA-512': 4}}}, 'crypto_scheme': {'MAC': {'MAC': 33}, 'KA': {'Key agreement': 1, 'Key Agreement': 1}}, 'crypto_protocol': {'TLS': {'SSL': {'SSL': 1}}, 'PACE': {'PACE': 123}}, 'randomness': {'RNG': {'RND': 15, 'RNG': 38}}, 'cipher_mode': {'CBC': {'CBC': 4}}, 'ecc_curve': {'Brainpool': {'brainpoolP256r1': 4, 'brainpoolP384r1': 4, 'brainpoolP512r1': 4}}, 'crypto_engine': {}, 'tls_cipher_suite': {}, 'crypto_library': {}, 'vulnerability': {}, 'side_channel_analysis': {'SCA': {'Leak-Inherent': 15, 'Physical Probing': 2, 'side channel': 1, 'SPA': 1, 'DPA': 1}, 'FI': {'physical tampering': 3, 'Malfunction': 17, 'malfunction': 1, 'DFA': 1}, 'other': {'Bleichenbacher attack': 1, 'JIL': 3}}, 'technical_report_id': {'BSI': {'BSI TR-03143': 2, 'BSI TR-03111': 3}}, 'device_model': {}, 'tee_name': {'IBM': {'SE': 1}}, 'os_name': {'STARCOS': {'STARCOS 3': 179}}, 'cplc_data': {}, 'ic_data_group': {}, 'standard_id': {'FIPS': {'FIPS 180-4': 1, 'FIPS 197': 4, 'FIPS PUB 197': 1, 'FIPS PUB 180-4': 1}, 'NIST': {'NIST SP 800-38B': 1}, 'PKCS': {'PKCS #1': 2}, 'BSI': {'AIS31': 1, 'AIS20': 2}, 'RFC': {'RFC5639': 3, 'RFC 5639': 1}, 'ISO': {'ISO/IEC 7816': 2}, 'CC': {'CCMB-2017-05-001': 1, 'CCMB-2017-04-001': 1, 'CCMB-2017-04-002': 1, 'CCMB-2017-04-003': 1, 'CCMB-2017-04-004': 1}}, 'javacard_version': {}, 'javacard_api_const': {}, 'javacard_packages': {}, 'certification_process': {'OutOfScope': {'out of scope': 1, 'and cryptographic key sizes 2048 bits and 3072 bits modulus length for RSA private key operation is out of scope for the TOE. 371 The TOE shall meet the requirement “Cryptographic operation – CB ECC (FCS_COP.1/CB': 1}}}.

The cert_keywords property was set to {'cc_cert_id': {'DE': {'BSI-DSZ-CC-0976-V4-2021': 1}}, 'cc_protection_profile_id': {'BSI': {'BSI-CC-PP-0082-V4-': 1}}, 'cc_security_level': {'EAL': {'EAL 4': 1, 'EAL 5': 1, 'EAL 2': 1, 'EAL 4 augmented': 1}}, 'cc_sar': {'ALC': {'ALC_DVS.2': 1}, 'ATE': {'ATE_DPT.2': 1}, 'AVA': {'AVA_VAN.5': 1}}, 'cc_sfr': {}, 'cc_claims': {}, 'vendor': {'GD': {'Giesecke+Devrient': 1}}, 'eval_facility': {}, 'symmetric_crypto': {}, 'asymmetric_crypto': {}, 'pq_crypto': {}, 'hash_function': {}, 'crypto_scheme': {}, 'crypto_protocol': {}, 'randomness': {}, 'cipher_mode': {}, 'ecc_curve': {}, 'crypto_engine': {}, 'tls_cipher_suite': {}, 'crypto_library': {}, 'vulnerability': {}, 'side_channel_analysis': {}, 'technical_report_id': {}, 'device_model': {}, 'tee_name': {}, 'os_name': {'STARCOS': {'STARCOS 3': 1}}, 'cplc_data': {}, 'ic_data_group': {}, 'standard_id': {'ISO': {'ISO/IEC 15408': 2, 'ISO/IEC 18045': 2}}, 'javacard_version': {}, 'javacard_api_const': {}, 'javacard_packages': {}, 'certification_process': {}}.

The st_filename property was set to 0976V4b_pdf.pdf.

The cert_filename property was set to 0976V4c_pdf.pdf.

The computed heuristics were updated.

The st_references property was updated, with the {'directly_referenced_by': {'_type': 'Set', 'elements': ['BSI-DSZ-CC-1068-V3-2022', 'BSI-DSZ-CC-1067-V3-2022', 'BSI-DSZ-CC-1067-V4-2023', 'BSI-DSZ-CC-1068-V4-2023']}, 'indirectly_referenced_by': {'_type': 'Set', 'elements': ['BSI-DSZ-CC-1068-V3-2022', 'BSI-DSZ-CC-1067-V3-2022', 'BSI-DSZ-CC-1067-V4-2023', 'BSI-DSZ-CC-1068-V4-2023']}, 'directly_referencing': {'_type': 'Set', 'elements': ['BSI-DSZ-CC-1110-V3-2020']}, 'indirectly_referencing': {'_type': 'Set', 'elements': ['BSI-DSZ-CC-1110-V3-2020']}} data.

The report_references property was updated, with the {'indirectly_referencing': {'__add__': {'_type': 'Set', 'elements': ['BSI-DSZ-CC-0782-2012', 'BSI-DSZ-CC-0945-V2-2018', 'BSI-DSZ-CC-0976-V2-2018', 'BSI-DSZ-CC-1110-2019', 'BSI-DSZ-CC-0976-2015', 'BSI-DSZ-CC-0945-V3-2018', 'BSI-DSZ-CC-0916-2015', 'BSI-DSZ-CC-0891-V2-2016', 'BSI-DSZ-CC-0782-V2-2015', 'BSI-DSZ-CC-0879-2014', 'BSI-DSZ-CC-1110-V2-2019', 'BSI-DSZ-CC-0891-2015', 'BSI-DSZ-CC-0945-2017']}}} data.

The extracted_sars property was updated, with the {'_type': 'Set', 'elements': [{'_type': 'sec_certs.sample.sar.SAR', 'family': 'ADV_ARC', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ADV_IMP', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ADV_FSP', 'level': 4}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ASE_TSS', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ATE_COV', 'level': 2}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ASE_ECD', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ASE_REQ', 'level': 2}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ASE_INT', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'AGD_OPE', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ASE_CCL', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'AGD_PRE', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ATE_IND', 'level': 2}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ALC_FLR', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ASE_OBJ', 'level': 2}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ATE_FUN', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ADV_TDS', 'level': 3}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ASE_SPD', 'level': 1}]} values added.
19.08.2024

The certificate data changed.
Certificate changed

The computed heuristics were updated.

The report_references property was updated, with the {'directly_referencing': {'_type': 'Set', 'elements': ['BSI-DSZ-CC-0976-V3-2019', 'BSI-DSZ-CC-1110-V3-2020']}, 'indirectly_referencing': {'_type': 'Set', 'elements': ['BSI-DSZ-CC-0976-V3-2019', 'BSI-DSZ-CC-1110-V3-2020']}} data.
17.08.2024

The certificate data changed.
Certificate changed

The report_link was updated.

The new value is https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/0976V4a_pdf.pdf.

The st_link was updated.

The new value is https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/0976V4b_pdf.pdf.

The state of the certificate object was updated.

The report property was updated, with the {'download_ok': True, 'convert_ok': True, 'extract_ok': True, 'pdf_hash': 'cab554e05b93e59ae6196b56276ae428ca12b1212c7d5312483f1e3940599b8a', 'txt_hash': '9a6dd405cc7ed5f578361b6673f19f41ac76abeae96a1b3d81922ee4c64e0e8f'} data.

The st property was updated, with the {'download_ok': False, 'convert_ok': False, 'extract_ok': False, 'pdf_hash': None, 'txt_hash': None} data.

The cert property was updated, with the {'download_ok': False, 'convert_ok': False, 'extract_ok': False, 'pdf_hash': None, 'txt_hash': None} data.

The PDF extraction data was updated.

The report_metadata property was set to {'pdf_file_size_bytes': 936127, 'pdf_is_encrypted': False, 'pdf_number_of_pages': 40, '/Author': 'Bundesamt für Sicherheit in der Informationstechnik', '/CreationDate': "D:20210629114835+02'00'", '/Creator': 'Writer', '/Keywords': '"Common Criteria, Certification, Zertifizierung, G2 COS, eHealth, STARCOS 3.7 COS HBA-SMC, Giesecke+Devrient Mobile Security GmbH"', '/ModDate': "D:20210629121138+02'00'", '/Producer': 'LibreOffice 6.3', '/Subject': 'STARCOS 3.7 COS HBA-SMC from G+D Mobile Security GmbH, Giesecke+Devrient Mobile Security GmbH', '/Title': 'Certification Report BSI-DSZ-CC-0976-V4-2021', 'pdf_hyperlinks': {'_type': 'Set', 'elements': ['https://www.bsi.bund.de/zertifizierungsreporte', 'https://www.bsi.bund.de/', 'https://www.bsi.bund.de/AIS', 'https://www.sogis.eu/', 'https://www.bsi.bund.de/zertifizierung', 'http://www.commoncriteriaportal.org/', 'http://www.commoncriteriaportal.org/cc/']}}.

The st_metadata property was set to None.

The cert_metadata property was set to None.

The report_frontpage property was set to {'DE': {'match_rules': ['(BSI-DSZ-CC-.+?) (?:for|For) (.+?) from (.*)'], 'cert_id': 'BSI-DSZ-CC-0976-V4-2021', 'cert_item': 'STARCOS 3.7 COS HBA-SMC', 'developer': 'Giesecke+Devrient Mobile Security GmbH', 'cert_lab': 'BSI', 'ref_protection_profiles': 'Card Operating System Generation 2 (PP COS G2), Version 2.1, 10 July 2019, BSI-CC-PP-0082-V4- 2019', 'cc_version': 'PP conformant Common Criteria Part 2 extended', 'cc_security_level': 'Common Criteria Part 3 conformant EAL 4 augmented by ALC_DVS.2, ATE_DPT.2 and AVA_VAN.5'}}.

The report_keywords property was set to {'cc_cert_id': {'DE': {'BSI-DSZ-CC-0976-V4-2021': 26, 'BSI-DSZ-CC-0976-V3-2019': 3, 'BSI-DSZ-CC-1110-': 2, 'BSI-DSZ-CC-1110-V3-2020': 7, 'BSI-DSZ-CC-S-0132-2019': 1, 'BSI-DSZ-CC-S-0144-2020': 2, 'BSI-DSZ-CC-S-0128-': 1, 'BSI-DSZ-CC-S-0128-2019': 1}}, 'cc_protection_profile_id': {'BSI': {'BSI-CC-PP-0082-V4-': 1, 'BSI-CC-PP-0082-V4-2019': 3}}, 'cc_security_level': {'EAL': {'EAL 4': 5, 'EAL 5': 4, 'EAL 2': 2, 'EAL 1': 1, 'EAL 2+': 1, 'EAL5+': 1, 'EAL6': 1, 'EAL 5+': 1, 'EAL 6': 1, 'EAL 4 augmented': 3}}, 'cc_sar': {'ADV': {'ADV_ARC': 1}, 'ALC': {'ALC_DVS.2': 5, 'ALC_FLR': 2, 'ALC_CMC.4': 1, 'ALC_CMS.4': 1, 'ALC_DEL.1': 1, 'ALC_LCD.1': 1, 'ALC_TAT.1': 1}, 'ATE': {'ATE_DPT.2': 4}, 'AVA': {'AVA_VAN.5': 4}}, 'cc_sfr': {'FCS': {'FCS_COP': 29, 'FCS_CKM': 4, 'FCS_RNG.1': 1, 'FCS_RNG': 3}, 'FIA': {'FIA_UAU': 2, 'FIA_USB': 1}, 'FPT': {'FPT_ITE.1': 1}, 'FTP': {'FTP_ITC': 2}}, 'cc_claims': {'A': {'A.U': 1}}, 'vendor': {'Infineon': {'Infineon': 11, 'Infineon Technologies AG': 7}, 'GD': {'Giesecke+Devrient': 29, 'Giesecke & Devrient': 3, 'G+D': 2}}, 'eval_facility': {'TUV': {'TÜV Informationstechnik': 1}, 'SRC': {'SRC Security Research & Consulting': 3}}, 'symmetric_crypto': {'AES_competition': {'AES': {'AES': 30}, 'HPC': {'HPC': 4}}, 'constructions': {'MAC': {'CMAC': 15}}}, 'asymmetric_crypto': {'RSA': {'RSA-OAEP': 2}, 'ECC': {'ECDH': {'ECDH': 4}, 'ECDSA': {'ECDSA': 14}, 'ECC': {'ECC': 10}}, 'FF': {'DH': {'Diffie-Hellman': 1, 'DH': 1}}}, 'pq_crypto': {}, 'hash_function': {'SHA': {'SHA2': {'SHA-256': 3}}}, 'crypto_scheme': {'MAC': {'MAC': 3}, 'KA': {'Key Agreement': 1}}, 'crypto_protocol': {'PACE': {'PACE': 15}}, 'randomness': {'PRNG': {'PRNG': 1}, 'RNG': {'RNG': 5}}, 'cipher_mode': {'CBC': {'CBC': 10}}, 'ecc_curve': {}, 'crypto_engine': {}, 'tls_cipher_suite': {}, 'crypto_library': {}, 'vulnerability': {}, 'side_channel_analysis': {'SCA': {'side channel': 1, 'DPA': 1, 'SPA': 1}, 'FI': {'physical tampering': 1, 'malfunction': 1, 'DFA': 1, 'fault injection': 1}, 'other': {'JIL': 6}}, 'technical_report_id': {'BSI': {'BSI TR-03116-1': 1, 'BSI TR-03144': 10, 'BSI TR-03143': 5, 'BSI 7148': 1}}, 'device_model': {}, 'tee_name': {}, 'os_name': {'STARCOS': {'STARCOS 3': 38}}, 'cplc_data': {}, 'ic_data_group': {}, 'standard_id': {'FIPS': {'FIPS 180-4': 9, 'FIPS 197': 12, 'FIPS PUB 180-4': 1, 'FIPS PUB 197': 1}, 'PKCS': {'PKCS#1': 5}, 'BSI': {'AIS 34': 4, 'AIS 36': 5, 'AIS 37': 2, 'AIS 26': 4, 'AIS 25': 4, 'AIS 20': 6, 'AIS 31': 5, 'AIS 46': 2, 'AIS 35': 2, 'AIS 1': 1, 'AIS 14': 1, 'AIS 19': 1, 'AIS 23': 1, 'AIS 32': 1, 'AIS 38': 1}, 'RFC': {'RFC 5639': 12}, 'ISO': {'ISO/IEC 15408': 4, 'ISO/IEC 18045': 4, 'ISO/IEC 17065': 2, 'ISO/IEC 18031:2005': 1}}, 'javacard_version': {}, 'javacard_api_const': {}, 'javacard_packages': {}, 'certification_process': {'ConfidentialDocument': {'being maintained, is not given any longer. In particular, prior to the dissemination of confidential documentation and information related to the TOE or resulting from the evaluation and certification': 1, 'Target STARCOS 3.7 COS HBA-SMC, Version 2.0, 22 April 2021, Giesecke+Devrient Mobile Security GmbH (confidential document) 7 specifically • AIS 1, Version 14, Durchführung der Ortsbesichtigung in der Entwicklungsumgebung': 1, 'for STARCOS 3.7 COS HBA-SMC, Version 2.9, 2 June 2021, SRC Security Research & Consulting GmbH (confidential document) [10] Configuration List BSI-DSZ-CC-0976-V4-2021, Configuration List STARCOS 3.7 COS HBA-SMC': 1, '1.1, 19 May 2021, Giesecke+Devrient Mobile Security GmbH (confidential document) [11] Guidance Documentation STARCOS 3.7 COS HBA-SMC – Main Document, Version 1.6, 23 March 2021': 1, 'design step H13, Version 3.3, 22 April 2020, Infineon Technologies AG, BSI-DSZ-CC-1110-V3-2020 (confidential document) Security Target Lite of the underlying hardware platform, Security Target IFX_CCI_000003h': 1, 'procedure BSI-DSZ-CC-1110-V3-2020, Version 1, 23 April 2020, TÜV Informationstechnik GmbH (confidential document) [21] Einführung der Gesundheitskarte, Spezifikation des Card Operating System (COS), Elektrische': 1}}}.

The st_keywords property was set to None.

The cert_keywords property was set to None.

The report_filename property was set to 0976V4a_pdf.pdf.

The st_filename property was set to None.

The cert_filename property was set to None.

The computed heuristics were updated.

The cert_lab property was set to ['BSI'].

The st_references property was updated, with the {'directly_referenced_by': None, 'indirectly_referenced_by': None, 'directly_referencing': None, 'indirectly_referencing': None} data.

The extracted_sars property was updated, with the {'_type': 'Set', 'elements': [{'_type': 'sec_certs.sample.sar.SAR', 'family': 'ADV_ARC', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ADV_IMP', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ADV_FSP', 'level': 4}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ASE_TSS', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ASE_ECD', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ATE_COV', 'level': 2}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ASE_REQ', 'level': 2}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ASE_INT', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'AGD_OPE', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ASE_CCL', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'AGD_PRE', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ATE_IND', 'level': 2}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ALC_FLR', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ASE_OBJ', 'level': 2}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ATE_FUN', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ADV_TDS', 'level': 3}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ASE_SPD', 'level': 1}]} values discarded.
12.08.2024

The certificate data changed.
Certificate changed

The state of the certificate object was updated.

The report property was updated, with the {'download_ok': False, 'convert_ok': False, 'extract_ok': False, 'pdf_hash': None, 'txt_hash': None} data.

The PDF extraction data was updated.

The report_metadata property was set to None.

The report_frontpage property was set to None.

The report_keywords property was set to None.

The report_filename property was set to None.

The computed heuristics were updated.

The cert_lab property was set to None.

The st_references property was updated, with the {'directly_referenced_by': {'__discard__': {'_type': 'Set', 'elements': ['BSI-DSZ-CC-1067-V4-2023']}}, 'indirectly_referenced_by': {'__discard__': {'_type': 'Set', 'elements': ['BSI-DSZ-CC-1067-V4-2023']}}} data.

The report_references property was updated, with the {'directly_referencing': None, 'indirectly_referencing': None} data.
23.07.2024

The certificate was first processed.

Raw data

{
  "_type": "sec_certs.sample.cc.CCCertificate",
  "category": "ICs, Smart Cards and Smart Card-Related Devices and Systems",
  "cert_link": "https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/0976V4c_pdf.pdf",
  "dgst": "e86ac89b4f665c58",
  "heuristics": {
    "_type": "sec_certs.sample.cc.CCCertificate.Heuristics",
    "annotated_references": null,
    "cert_id": "BSI-DSZ-CC-0976-V4-2021",
    "cert_lab": [
      "BSI"
    ],
    "cpe_matches": null,
    "direct_transitive_cves": null,
    "eal": "EAL4+",
    "extracted_sars": {
      "_type": "Set",
      "elements": [
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ASE_INT",
          "level": 1
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ADV_TDS",
          "level": 3
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ALC_CMS",
          "level": 4
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "AVA_VAN",
          "level": 5
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ASE_TSS",
          "level": 1
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ASE_OBJ",
          "level": 2
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ADV_ARC",
          "level": 1
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ATE_COV",
          "level": 2
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ASE_CCL",
          "level": 1
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ALC_CMC",
          "level": 4
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ASE_REQ",
          "level": 2
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "AGD_PRE",
          "level": 1
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ADV_FSP",
          "level": 4
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "AGD_OPE",
          "level": 1
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ALC_TAT",
          "level": 1
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ATE_IND",
          "level": 2
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ATE_FUN",
          "level": 1
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ATE_DPT",
          "level": 2
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ALC_DVS",
          "level": 2
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ALC_LCD",
          "level": 1
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ASE_SPD",
          "level": 1
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ALC_DEL",
          "level": 1
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ADV_IMP",
          "level": 1
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ASE_ECD",
          "level": 1
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ALC_FLR",
          "level": 1
        }
      ]
    },
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "3.7"
      ]
    },
    "indirect_transitive_cves": null,
    "next_certificates": null,
    "prev_certificates": null,
    "protection_profiles": {
      "_type": "Set",
      "elements": [
        "55ed365edb2c317f"
      ]
    },
    "related_cves": null,
    "report_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": {
        "_type": "Set",
        "elements": [
          "BSI-DSZ-CC-0976-V3-2019",
          "BSI-DSZ-CC-1110-V3-2020"
        ]
      },
      "indirectly_referenced_by": null,
      "indirectly_referencing": {
        "_type": "Set",
        "elements": [
          "BSI-DSZ-CC-0782-V2-2015",
          "BSI-DSZ-CC-0976-V2-2018",
          "BSI-DSZ-CC-0916-2015",
          "BSI-DSZ-CC-0891-V2-2016",
          "BSI-DSZ-CC-0945-V2-2018",
          "BSI-DSZ-CC-0879-2014",
          "BSI-DSZ-CC-0976-2015",
          "BSI-DSZ-CC-0782-2012",
          "BSI-DSZ-CC-1110-V3-2020",
          "BSI-DSZ-CC-1110-2019",
          "BSI-DSZ-CC-0891-2015",
          "BSI-DSZ-CC-1110-V2-2019",
          "BSI-DSZ-CC-0945-V3-2018",
          "BSI-DSZ-CC-0976-V3-2019",
          "BSI-DSZ-CC-0945-2017"
        ]
      }
    },
    "scheme_data": null,
    "st_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": {
        "_type": "Set",
        "elements": [
          "BSI-DSZ-CC-1067-V4-2023",
          "BSI-DSZ-CC-1067-V5-2024",
          "BSI-DSZ-CC-1068-V5-2024",
          "BSI-DSZ-CC-1068-V4-2023",
          "BSI-DSZ-CC-1068-V3-2022",
          "BSI-DSZ-CC-1067-V3-2022"
        ]
      },
      "directly_referencing": {
        "_type": "Set",
        "elements": [
          "BSI-DSZ-CC-1110-V3-2020"
        ]
      },
      "indirectly_referenced_by": {
        "_type": "Set",
        "elements": [
          "BSI-DSZ-CC-1067-V4-2023",
          "BSI-DSZ-CC-1067-V5-2024",
          "BSI-DSZ-CC-1067-V3-2022",
          "BSI-DSZ-CC-1068-V4-2023",
          "BSI-DSZ-CC-1068-V3-2022",
          "BSI-DSZ-CC-1068-V5-2024"
        ]
      },
      "indirectly_referencing": {
        "_type": "Set",
        "elements": [
          "BSI-DSZ-CC-1110-V3-2020"
        ]
      }
    },
    "verified_cpe_matches": null
  },
  "maintenance_updates": {
    "_type": "Set",
    "elements": [
      {
        "_type": "sec_certs.sample.cc.CCCertificate.MaintenanceReport",
        "maintenance_date": "2022-05-09",
        "maintenance_report_link": "https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/0976v4ma1a_pdf.pdf",
        "maintenance_st_link": null,
        "maintenance_title": "STARCOS 3.7 COS HBA-SMC"
      },
      {
        "_type": "sec_certs.sample.cc.CCCertificate.MaintenanceReport",
        "maintenance_date": "2025-06-16",
        "maintenance_report_link": "https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/0976V4ma2a_pdf.pdf",
        "maintenance_st_link": "https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/0976V4ma2b_pdf.pdf",
        "maintenance_title": "STARCOS 3.7 COS HBA-SMC"
      }
    ]
  },
  "manufacturer": "G+D Mobile Security GmbH",
  "manufacturer_web": "https://www.gi-de.com/de/de/mobile-security/",
  "name": "STARCOS 3.7 COS HBA-SMC",
  "not_valid_after": "2026-06-18",
  "not_valid_before": "2021-06-18",
  "pdf_data": {
    "_type": "sec_certs.sample.cc.CCCertificate.PdfData",
    "cert_filename": "0976V4c_pdf.pdf",
    "cert_frontpage": null,
    "cert_keywords": {
      "asymmetric_crypto": {},
      "cc_cert_id": {
        "DE": {
          "BSI-DSZ-CC-0976-V4-2021": 1
        }
      },
      "cc_claims": {},
      "cc_protection_profile_id": {
        "BSI": {
          "BSI-CC-PP-0082-V4-": 1
        }
      },
      "cc_sar": {
        "ALC": {
          "ALC_DVS.2": 1
        },
        "ATE": {
          "ATE_DPT.2": 1
        },
        "AVA": {
          "AVA_VAN.5": 1
        }
      },
      "cc_security_level": {
        "EAL": {
          "EAL 2": 1,
          "EAL 4": 1,
          "EAL 4 augmented": 1,
          "EAL 5": 1
        }
      },
      "cc_sfr": {},
      "certification_process": {},
      "cipher_mode": {},
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {},
      "crypto_protocol": {},
      "crypto_scheme": {},
      "device_model": {},
      "ecc_curve": {},
      "eval_facility": {},
      "hash_function": {},
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {
        "STARCOS": {
          "STARCOS 3": 1
        }
      },
      "pq_crypto": {},
      "randomness": {},
      "side_channel_analysis": {},
      "standard_id": {
        "ISO": {
          "ISO/IEC 15408": 2,
          "ISO/IEC 18045": 2
        }
      },
      "symmetric_crypto": {},
      "technical_report_id": {},
      "tee_name": {},
      "tls_cipher_suite": {},
      "vendor": {
        "GD": {
          "Giesecke+Devrient": 1
        }
      },
      "vulnerability": {}
    },
    "cert_metadata": {
      "/Author": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "/CreationDate": "D:20210629121438+02\u002700\u0027",
      "/Creator": "Writer",
      "/Keywords": "\"Common Criteria, Certification, Zertifizierung, G2 COS, eHealth, STARCOS 3.7 COS HBA-SMC, Giesecke+Devrient Mobile Security GmbH\"",
      "/ModDate": "D:20210629121708+02\u002700\u0027",
      "/Producer": "LibreOffice 6.3",
      "/Subject": "STARCOS 3.7 COS HBA-SMC from G+D Mobile Security GmbH, Giesecke+Devrient Mobile Security GmbH",
      "/Title": "Certificate BSI-DSZ-CC-0976-V4-2021",
      "pdf_file_size_bytes": 241574,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": []
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 1
    },
    "report_filename": "0976V4a_pdf.pdf",
    "report_frontpage": {
      "DE": {
        "cc_security_level": "Common Criteria Part 3 conformant EAL 4 augmented by ALC_DVS.2, ATE_DPT.2 and AVA_VAN.5",
        "cc_version": "PP conformant Common Criteria Part 2 extended",
        "cert_id": "BSI-DSZ-CC-0976-V4-2021",
        "cert_item": "STARCOS 3.7 COS HBA-SMC",
        "cert_lab": "BSI",
        "developer": "Giesecke+Devrient Mobile Security GmbH",
        "match_rules": [
          "(BSI-DSZ-CC-.+?) (?:for|For) (.+?) from (.*)"
        ],
        "ref_protection_profiles": "Card Operating System Generation 2 (PP COS G2), Version 2.1, 10 July 2019, BSI-CC-PP-0082-V4- 2019"
      }
    },
    "report_keywords": {
      "asymmetric_crypto": {
        "ECC": {
          "ECC": {
            "ECC": 10
          },
          "ECDH": {
            "ECDH": 4
          },
          "ECDSA": {
            "ECDSA": 14
          }
        },
        "FF": {
          "DH": {
            "DH": 1,
            "Diffie-Hellman": 1
          }
        },
        "RSA": {
          "RSA-OAEP": 2
        }
      },
      "cc_cert_id": {
        "DE": {
          "BSI-DSZ-CC-0976-V3-2019": 3,
          "BSI-DSZ-CC-0976-V4-2021": 26,
          "BSI-DSZ-CC-1110-": 2,
          "BSI-DSZ-CC-1110-V3-2020": 7,
          "BSI-DSZ-CC-S-0128-": 1,
          "BSI-DSZ-CC-S-0128-2019": 1,
          "BSI-DSZ-CC-S-0132-2019": 1,
          "BSI-DSZ-CC-S-0144-2020": 2
        }
      },
      "cc_claims": {
        "A": {
          "A.U": 1
        }
      },
      "cc_protection_profile_id": {
        "BSI": {
          "BSI-CC-PP-0082-V4-": 1,
          "BSI-CC-PP-0082-V4-2019": 3
        }
      },
      "cc_sar": {
        "ADV": {
          "ADV_ARC": 1
        },
        "ALC": {
          "ALC_CMC.4": 1,
          "ALC_CMS.4": 1,
          "ALC_DEL.1": 1,
          "ALC_DVS.2": 5,
          "ALC_FLR": 2,
          "ALC_LCD.1": 1,
          "ALC_TAT.1": 1
        },
        "ATE": {
          "ATE_DPT.2": 4
        },
        "AVA": {
          "AVA_VAN.5": 4
        }
      },
      "cc_security_level": {
        "EAL": {
          "EAL 1": 1,
          "EAL 2": 2,
          "EAL 2+": 1,
          "EAL 4": 5,
          "EAL 4 augmented": 3,
          "EAL 5": 4,
          "EAL 5+": 1,
          "EAL 6": 1,
          "EAL5+": 1,
          "EAL6": 1
        }
      },
      "cc_sfr": {
        "FCS": {
          "FCS_CKM": 4,
          "FCS_COP": 29,
          "FCS_RNG": 3,
          "FCS_RNG.1": 1
        },
        "FIA": {
          "FIA_UAU": 2,
          "FIA_USB": 1
        },
        "FPT": {
          "FPT_ITE.1": 1
        },
        "FTP": {
          "FTP_ITC": 2
        }
      },
      "certification_process": {
        "ConfidentialDocument": {
          "1.1, 19 May 2021, Giesecke+Devrient Mobile Security GmbH (confidential document) [11] Guidance Documentation STARCOS 3.7 COS HBA-SMC \u2013 Main Document, Version 1.6, 23 March 2021": 1,
          "Target STARCOS 3.7 COS HBA-SMC, Version 2.0, 22 April 2021, Giesecke+Devrient Mobile Security GmbH (confidential document) 7 specifically \u2022 AIS 1, Version 14, Durchf\u00fchrung der Ortsbesichtigung in der Entwicklungsumgebung": 1,
          "being maintained, is not given any longer. In particular, prior to the dissemination of confidential documentation and information related to the TOE or resulting from the evaluation and certification": 1,
          "design step H13, Version 3.3, 22 April 2020, Infineon Technologies AG, BSI-DSZ-CC-1110-V3-2020 (confidential document) Security Target Lite of the underlying hardware platform, Security Target IFX_CCI_000003h": 1,
          "for STARCOS 3.7 COS HBA-SMC, Version 2.9, 2 June 2021, SRC Security Research \u0026 Consulting GmbH (confidential document) [10] Configuration List BSI-DSZ-CC-0976-V4-2021, Configuration List STARCOS 3.7 COS HBA-SMC": 1,
          "procedure BSI-DSZ-CC-1110-V3-2020, Version 1, 23 April 2020, T\u00dcV Informationstechnik GmbH (confidential document) [21] Einf\u00fchrung der Gesundheitskarte, Spezifikation des Card Operating System (COS), Elektrische": 1
        }
      },
      "cipher_mode": {
        "CBC": {
          "CBC": 10
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {},
      "crypto_protocol": {
        "PACE": {
          "PACE": 15
        }
      },
      "crypto_scheme": {
        "KA": {
          "Key Agreement": 1
        },
        "MAC": {
          "MAC": 3
        }
      },
      "device_model": {},
      "ecc_curve": {},
      "eval_facility": {
        "SRC": {
          "SRC Security Research \u0026 Consulting": 3
        },
        "TUV": {
          "T\u00dcV Informationstechnik": 1
        }
      },
      "hash_function": {
        "SHA": {
          "SHA2": {
            "SHA-256": 3
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {
        "STARCOS": {
          "STARCOS 3": 38
        }
      },
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "PRNG": 1
        },
        "RNG": {
          "RNG": 5
        }
      },
      "side_channel_analysis": {
        "FI": {
          "DFA": 1,
          "fault injection": 1,
          "malfunction": 1,
          "physical tampering": 1
        },
        "SCA": {
          "DPA": 1,
          "SPA": 1,
          "side channel": 1
        },
        "other": {
          "JIL": 6
        }
      },
      "standard_id": {
        "BSI": {
          "AIS 1": 1,
          "AIS 14": 1,
          "AIS 19": 1,
          "AIS 20": 6,
          "AIS 23": 1,
          "AIS 25": 4,
          "AIS 26": 4,
          "AIS 31": 5,
          "AIS 32": 1,
          "AIS 34": 4,
          "AIS 35": 2,
          "AIS 36": 5,
          "AIS 37": 2,
          "AIS 38": 1,
          "AIS 46": 2
        },
        "FIPS": {
          "FIPS 180-4": 9,
          "FIPS 197": 12,
          "FIPS PUB 180-4": 1,
          "FIPS PUB 197": 1
        },
        "ISO": {
          "ISO/IEC 15408": 4,
          "ISO/IEC 17065": 2,
          "ISO/IEC 18031:2005": 1,
          "ISO/IEC 18045": 4
        },
        "PKCS": {
          "PKCS#1": 5
        },
        "RFC": {
          "RFC 5639": 12
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 30
          },
          "HPC": {
            "HPC": 4
          }
        },
        "constructions": {
          "MAC": {
            "CMAC": 15
          }
        }
      },
      "technical_report_id": {
        "BSI": {
          "BSI 7148": 1,
          "BSI TR-03116-1": 1,
          "BSI TR-03143": 5,
          "BSI TR-03144": 10
        }
      },
      "tee_name": {},
      "tls_cipher_suite": {},
      "vendor": {
        "GD": {
          "G+D": 2,
          "Giesecke \u0026 Devrient": 3,
          "Giesecke+Devrient": 29
        },
        "Infineon": {
          "Infineon": 11,
          "Infineon Technologies AG": 7
        }
      },
      "vulnerability": {}
    },
    "report_metadata": {
      "/Author": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "/CreationDate": "D:20210629114835+02\u002700\u0027",
      "/Creator": "Writer",
      "/Keywords": "\"Common Criteria, Certification, Zertifizierung, G2 COS, eHealth, STARCOS 3.7 COS HBA-SMC, Giesecke+Devrient Mobile Security GmbH\"",
      "/ModDate": "D:20210629121138+02\u002700\u0027",
      "/Producer": "LibreOffice 6.3",
      "/Subject": "STARCOS 3.7 COS HBA-SMC from G+D Mobile Security GmbH, Giesecke+Devrient Mobile Security GmbH",
      "/Title": "Certification Report BSI-DSZ-CC-0976-V4-2021",
      "pdf_file_size_bytes": 936127,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": [
          "http://www.commoncriteriaportal.org/cc/",
          "https://www.bsi.bund.de/",
          "https://www.bsi.bund.de/AIS",
          "http://www.commoncriteriaportal.org/",
          "https://www.bsi.bund.de/zertifizierung",
          "https://www.bsi.bund.de/zertifizierungsreporte",
          "https://www.sogis.eu/"
        ]
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 40
    },
    "st_filename": "0976V4b_pdf.pdf",
    "st_frontpage": null,
    "st_keywords": {
      "asymmetric_crypto": {
        "ECC": {
          "ECC": {
            "ECC": 16
          },
          "ECDH": {
            "ECDH": 6
          },
          "ECDSA": {
            "ECDSA": 38
          }
        },
        "FF": {
          "DH": {
            "DH": 12,
            "Diffie-Hellman": 1
          },
          "DSA": {
            "DSA": 1
          }
        }
      },
      "cc_cert_id": {
        "DE": {
          "BSI-DSZ-CC-1110-V3-2020": 2
        }
      },
      "cc_claims": {
        "O": {
          "O.AES": 7,
          "O.PACE_CHIP": 2,
          "O.RND": 8
        },
        "T": {
          "T.RND": 5
        }
      },
      "cc_protection_profile_id": {
        "BSI": {
          "BSI-CC-PP- 0082-V4": 2,
          "BSI-CC-PP- 0084-2014": 6,
          "BSI-CC-PP-0035-2007": 1,
          "BSI-CC-PP-0082-V3": 1,
          "BSI-CC-PP-0082-V4": 27,
          "BSI-CC-PP-0084-": 4,
          "BSI-CC-PP-0084-2007": 1,
          "BSI-CC-PP-0084-2014": 57,
          "BSI-PP-0084-": 2,
          "BSI-PP-0084-2014": 8
        }
      },
      "cc_sar": {
        "ADV": {
          "ADV_ARC": 2,
          "ADV_ARC.1": 9,
          "ADV_FSP": 2,
          "ADV_FSP.4": 6,
          "ADV_IMP": 2,
          "ADV_IMP.1": 6,
          "ADV_TDS.3": 3
        },
        "AGD": {
          "AGD_OPE": 2,
          "AGD_OPE.1": 6,
          "AGD_PRE": 2,
          "AGD_PRE.1": 2
        },
        "ALC": {
          "ALC_CMC": 2,
          "ALC_CMC.4": 1,
          "ALC_CMS": 2,
          "ALC_CMS.4": 1,
          "ALC_DEL": 2,
          "ALC_DEL.1": 1,
          "ALC_DVS": 2,
          "ALC_DVS.2": 12,
          "ALC_FLR.1": 1,
          "ALC_LCD.1": 1,
          "ALC_TAT.1": 1
        },
        "ASE": {
          "ASE_CCL.1": 1,
          "ASE_ECD": 2,
          "ASE_ECD.1": 1,
          "ASE_INT.1": 1,
          "ASE_OBJ.2": 1,
          "ASE_REQ.2": 1,
          "ASE_SPD.1": 1,
          "ASE_TSS.1": 1
        },
        "ATE": {
          "ATE_COV": 2,
          "ATE_COV.2": 1,
          "ATE_DPT.1": 1,
          "ATE_DPT.2": 11,
          "ATE_FUN.1": 6,
          "ATE_IND.2": 5
        },
        "AVA": {
          "AVA_VAN": 2,
          "AVA_VAN.5": 10
        }
      },
      "cc_security_level": {
        "EAL": {
          "EAL 4": 2,
          "EAL 6": 2,
          "EAL4": 14,
          "EAL4 augmented": 4,
          "EAL6": 1,
          "EAL6+": 1
        }
      },
      "cc_sfr": {
        "FAU": {
          "FAU_SAS": 8,
          "FAU_SAS.1": 3
        },
        "FCS": {
          "FCS_CKM": 83,
          "FCS_CKM.1": 39,
          "FCS_CKM.2": 9,
          "FCS_CKM.4": 64,
          "FCS_CKM.4.1": 1,
          "FCS_COP": 189,
          "FCS_COP.1": 27,
          "FCS_COP.1.1": 1,
          "FCS_RNG": 34,
          "FCS_RNG.1": 20,
          "FCS_RNG.1.1": 3,
          "FCS_RNG.1.2": 2
        },
        "FDP": {
          "FDP_ACC": 123,
          "FDP_ACC.1": 44,
          "FDP_ACF": 110,
          "FDP_ACF.1": 41,
          "FDP_IFC": 7,
          "FDP_IFC.1": 16,
          "FDP_ITC.1": 35,
          "FDP_ITC.2": 35,
          "FDP_ITT": 7,
          "FDP_ITT.1": 3,
          "FDP_RIP": 9,
          "FDP_RIP.1": 12,
          "FDP_RIP.1.1": 1,
          "FDP_SDC": 8,
          "FDP_SDC.1": 3,
          "FDP_SDI": 7,
          "FDP_SDI.1": 1,
          "FDP_SDI.2": 11,
          "FDP_SDI.2.1": 1,
          "FDP_SDI.2.2": 1,
          "FDP_UCT": 7,
          "FDP_UCT.1": 1,
          "FDP_UIT": 8,
          "FDP_UIT.1": 2
        },
        "FIA": {
          "FIA_ACC": 1,
          "FIA_ACF": 1,
          "FIA_AFL": 22,
          "FIA_AFL.1": 4,
          "FIA_API": 10,
          "FIA_API.1": 16,
          "FIA_API.1.1": 1,
          "FIA_ATD": 10,
          "FIA_ATD.1": 20,
          "FIA_ATD.1.1": 1,
          "FIA_SOS.1": 8,
          "FIA_SOS.1.1": 1,
          "FIA_UAU": 50,
          "FIA_UAU.1": 20,
          "FIA_UAU.1.1": 1,
          "FIA_UAU.1.2": 1,
          "FIA_UAU.4": 12,
          "FIA_UAU.4.1": 1,
          "FIA_UAU.5": 17,
          "FIA_UAU.5.1": 1,
          "FIA_UAU.5.2": 1,
          "FIA_UAU.6": 12,
          "FIA_UAU.6.1": 1,
          "FIA_UID": 14,
          "FIA_UID.1": 19,
          "FIA_UID.1.1": 1,
          "FIA_UID.1.2": 1,
          "FIA_USB": 32,
          "FIA_USB.1": 30,
          "FIA_USB.1.1": 1,
          "FIA_USB.1.2": 1,
          "FIA_USB.1.3": 2
        },
        "FMT": {
          "FMT_LIM": 15,
          "FMT_LIM.1": 3,
          "FMT_LIM.2": 2,
          "FMT_MSA": 68,
          "FMT_MSA.1": 8,
          "FMT_MSA.3": 39,
          "FMT_MSA.3.1": 1,
          "FMT_MSA.3.2": 1,
          "FMT_MTD": 38,
          "FMT_MTD.1": 4,
          "FMT_SMF.1": 51,
          "FMT_SMF.1.1": 1,
          "FMT_SMR": 9,
          "FMT_SMR.1": 41,
          "FMT_SMR.1.1": 1,
          "FMT_SMR.1.2": 1,
          "FMT_SRM": 1
        },
        "FPT": {
          "FPT_EMS": 10,
          "FPT_EMS.1": 15,
          "FPT_EMS.1.1": 1,
          "FPT_EMS.1.2": 1,
          "FPT_FLS": 7,
          "FPT_FLS.1": 16,
          "FPT_FLS.1.1": 1,
          "FPT_ITE": 11,
          "FPT_ITE.1": 11,
          "FPT_ITE.1.1": 1,
          "FPT_ITE.1.2": 1,
          "FPT_ITE.2": 13,
          "FPT_ITE.2.1": 5,
          "FPT_ITE.2.2": 1,
          "FPT_ITT": 7,
          "FPT_ITT.1": 3,
          "FPT_PHP": 7,
          "FPT_PHP.3": 4,
          "FPT_TDC.1": 10,
          "FPT_TDC.1.1": 1,
          "FPT_TDC.1.2": 1,
          "FPT_TST": 2,
          "FPT_TST.1": 11,
          "FPT_TST.1.1": 1,
          "FPT_TST.1.2": 1,
          "FPT_TST.1.3": 1
        },
        "FRU": {
          "FRU_FLT": 7,
          "FRU_FLT.2": 3
        },
        "FTP": {
          "FTP_ITC": 22,
          "FTP_ITC.1": 12,
          "FTP_ITE": 1,
          "FTP_TRP.1": 5
        }
      },
      "certification_process": {
        "OutOfScope": {
          "and cryptographic key sizes 2048 bits and 3072 bits modulus length for RSA private key operation is out of scope for the TOE. 371 The TOE shall meet the requirement \u201cCryptographic operation \u2013 CB ECC (FCS_COP.1/CB": 1,
          "out of scope": 1
        }
      },
      "cipher_mode": {
        "CBC": {
          "CBC": 4
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {},
      "crypto_protocol": {
        "PACE": {
          "PACE": 123
        },
        "TLS": {
          "SSL": {
            "SSL": 1
          }
        }
      },
      "crypto_scheme": {
        "KA": {
          "Key Agreement": 1,
          "Key agreement": 1
        },
        "MAC": {
          "MAC": 33
        }
      },
      "device_model": {},
      "ecc_curve": {
        "Brainpool": {
          "brainpoolP256r1": 4,
          "brainpoolP384r1": 4,
          "brainpoolP512r1": 4
        }
      },
      "eval_facility": {},
      "hash_function": {
        "SHA": {
          "SHA1": {
            "SHA-1": 3
          },
          "SHA2": {
            "SHA-224": 2,
            "SHA-256": 11,
            "SHA-384": 6,
            "SHA-512": 4
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {
        "STARCOS": {
          "STARCOS 3": 179
        }
      },
      "pq_crypto": {},
      "randomness": {
        "RNG": {
          "RND": 15,
          "RNG": 38
        }
      },
      "side_channel_analysis": {
        "FI": {
          "DFA": 1,
          "Malfunction": 17,
          "malfunction": 1,
          "physical tampering": 3
        },
        "SCA": {
          "DPA": 1,
          "Leak-Inherent": 15,
          "Physical Probing": 2,
          "SPA": 1,
          "side channel": 1
        },
        "other": {
          "Bleichenbacher attack": 1,
          "JIL": 3
        }
      },
      "standard_id": {
        "BSI": {
          "AIS20": 2,
          "AIS31": 1
        },
        "CC": {
          "CCMB-2017-04-001": 1,
          "CCMB-2017-04-002": 1,
          "CCMB-2017-04-003": 1,
          "CCMB-2017-04-004": 1,
          "CCMB-2017-05-001": 1
        },
        "FIPS": {
          "FIPS 180-4": 1,
          "FIPS 197": 4,
          "FIPS PUB 180-4": 1,
          "FIPS PUB 197": 1
        },
        "ISO": {
          "ISO/IEC 7816": 2
        },
        "NIST": {
          "NIST SP 800-38B": 1
        },
        "PKCS": {
          "PKCS #1": 2
        },
        "RFC": {
          "RFC 5639": 1,
          "RFC5639": 3
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 82
          },
          "HPC": {
            "HPC": 1
          }
        },
        "constructions": {
          "MAC": {
            "CMAC": 43
          }
        }
      },
      "technical_report_id": {
        "BSI": {
          "BSI TR-03111": 3,
          "BSI TR-03143": 2
        }
      },
      "tee_name": {
        "IBM": {
          "SE": 1
        }
      },
      "tls_cipher_suite": {},
      "vendor": {
        "GD": {
          "Giesecke+Devrient": 14
        },
        "Infineon": {
          "Infineon": 2,
          "Infineon Technologies AG": 2
        },
        "NXP": {
          "NXP Semiconductors": 1
        },
        "STMicroelectronics": {
          "STMicroelectronics": 1
        }
      },
      "vulnerability": {}
    },
    "st_metadata": {
      "/Author": "Giesecke+Devrient Mobile Security GmbH",
      "/CreationDate": "D:20210617104602+02\u002700\u0027",
      "/Creator": "Microsoft\u00ae Word f\u00fcr Microsoft 365",
      "/Keywords": "Version 1.0/18.05.2021",
      "/ModDate": "D:20210617104602+02\u002700\u0027",
      "/Producer": "Microsoft\u00ae Word f\u00fcr Microsoft 365",
      "/Subject": "Security Target STARCOS 3.7 COS HBA-SMC",
      "/Title": "G+D MS Security Target to BSI-PP-0082-V4",
      "pdf_file_size_bytes": 2539468,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": []
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 166
    }
  },
  "protection_profile_links": {
    "_type": "Set",
    "elements": [
      "https://www.commoncriteriaportal.org/nfs/ccpfiles/files/ppfiles/pp0082b_pdf.pdf"
    ]
  },
  "report_link": "https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/0976V4a_pdf.pdf",
  "scheme": "DE",
  "security_level": {
    "_type": "Set",
    "elements": [
      "EAL4+",
      "ATE_DPT.2",
      "ALC_DVS.2",
      "AVA_VAN.5"
    ]
  },
  "st_link": "https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/0976V4b_pdf.pdf",
  "state": {
    "_type": "sec_certs.sample.cc.CCCertificate.InternalState",
    "cert": {
      "_type": "sec_certs.sample.document_state.DocumentState",
      "convert_garbage": false,
      "convert_ok": true,
      "download_ok": true,
      "extract_ok": true,
      "pdf_hash": "289293a7788d72427bb71793d37043efddef11edf4b8a38a755eb22e55f1e807",
      "txt_hash": "52b5b59e2cdf43f576101284d41c901b2cec7eb3ed923287f57fab530189e6c2"
    },
    "report": {
      "_type": "sec_certs.sample.document_state.DocumentState",
      "convert_garbage": false,
      "convert_ok": true,
      "download_ok": true,
      "extract_ok": true,
      "pdf_hash": "cab554e05b93e59ae6196b56276ae428ca12b1212c7d5312483f1e3940599b8a",
      "txt_hash": "9a6dd405cc7ed5f578361b6673f19f41ac76abeae96a1b3d81922ee4c64e0e8f"
    },
    "st": {
      "_type": "sec_certs.sample.document_state.DocumentState",
      "convert_garbage": false,
      "convert_ok": true,
      "download_ok": true,
      "extract_ok": true,
      "pdf_hash": "e097b29728ebc08d227c0c049e9b75a778e61e9a3b3358f940f5cac11be3b8ee",
      "txt_hash": "a3f0d2ba96a19dac465792312eb6316e80ac3b025f9bd2b530cea51d93931f34"
    }
  },
  "status": "active"
}

Sections

STARCOS 3.7 COS HBA-SMC

CSV information

Heuristics summary

Certificate

Extracted keywords

Device

Operating System name

Vendor

Common Criteria

Security level

Security Assurance Requirements (SAR)

Protection profiles

Certificates

Other

Standards

File metadata

Certification report

Extracted keywords

Cryptography

Symmetric Algorithms

Asymmetric Algorithms

Hash functions

Schemes

Protocols

Randomness

Block cipher modes

Device

Operating System name

Vendor

Common Criteria

Security level

Claims

Security Assurance Requirements (SAR)

Security Functional Requirements (SFR)

Protection profiles

Certificates

Evaluation facilities

Security

Side-channel analysis

Certification process

Other

Standards

Technical reports

File metadata

Frontpage

References

Security target

Extracted keywords

Cryptography

Symmetric Algorithms

Asymmetric Algorithms

Hash functions

Schemes

Protocols

Randomness

Elliptic Curves

Block cipher modes

Device

Operating System name

Trusted Execution Environments

Vendor

Common Criteria

Security level

Claims

Security Assurance Requirements (SAR)

Security Functional Requirements (SFR)

Protection profiles

Certificates

Security

Side-channel analysis

Certification process

Other

Standards

Technical reports

File metadata

References

Heuristics

Automated inference - use with caution

Certificate ID