{
"_type": "sec_certs.sample.cc.CCCertificate",
"category": "ICs, Smart Cards and Smart Card-Related Devices and Systems",
"cert_link": "https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/EUCC-3087-2026-0011%20Certificate.pdf",
"dgst": "decef58ee90319cc",
"heuristics": {
"_type": "sec_certs.sample.cc_eucc_common.Heuristics",
"annotated_references": null,
"cert_id": "BSI-DSZ-CC-0976-V5-2026",
"cert_lab": [
"BSI"
],
"cpe_matches": null,
"direct_transitive_cves": null,
"eal": "EAL4+",
"extracted_sars": {
"_type": "Set",
"elements": [
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ALC_FLR",
"level": 1
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ASE_REQ",
"level": 2
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ALC_TAT",
"level": 3
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "AGD_OPE",
"level": 1
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ATE_COV",
"level": 3
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "AGD_PRE",
"level": 1
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ATE_DPT",
"level": 2
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ASE_OBJ",
"level": 2
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ADV_FSP",
"level": 4
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ALC_DEL",
"level": 1
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ALC_CMC",
"level": 5
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ASE_SPD",
"level": 1
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ADV_IMP",
"level": 2
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ADV_ARC",
"level": 1
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ATE_FUN",
"level": 2
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ALC_DVS",
"level": 2
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ADV_TDS",
"level": 5
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ASE_INT",
"level": 1
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ALC_CMS",
"level": 4
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ASE_TSS",
"level": 1
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ASE_ECD",
"level": 1
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ALC_LCD",
"level": 1
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "AVA_VAN",
"level": 5
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ADV_INT",
"level": 3
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ASE_CCL",
"level": 1
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ATE_IND",
"level": 2
}
]
},
"extracted_versions": {
"_type": "Set",
"elements": [
"3.7"
]
},
"indirect_transitive_cves": null,
"next_certificates": null,
"prev_certificates": null,
"protection_profiles": {
"_type": "Set",
"elements": [
"af9c3335f79dec6f"
]
},
"related_cves": null,
"report_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": {
"_type": "Set",
"elements": [
"BSI-DSZ-CC-0976-V4-2021",
"BSI-DSZ-CC-1110-V8-2025"
]
},
"indirectly_referenced_by": null,
"indirectly_referencing": {
"_type": "Set",
"elements": [
"BSI-DSZ-CC-0879-2014",
"BSI-DSZ-CC-0891-V2-2016",
"BSI-DSZ-CC-0976-V2-2018",
"BSI-DSZ-CC-0945-V3-2018",
"BSI-DSZ-CC-1110-2019",
"BSI-DSZ-CC-1110-V3-2020",
"BSI-DSZ-CC-0916-2015",
"BSI-DSZ-CC-1110-V8-2025",
"BSI-DSZ-CC-0782-2012",
"BSI-DSZ-CC-1110-V6-2023",
"BSI-DSZ-CC-1110-V7-2024",
"BSI-DSZ-CC-0945-2017",
"BSI-DSZ-CC-0782-V2-2015",
"BSI-DSZ-CC-1110-V2-2019",
"BSI-DSZ-CC-1110-V5-2022",
"BSI-DSZ-CC-0945-V2-2018",
"BSI-DSZ-CC-0976-V3-2019",
"BSI-DSZ-CC-0891-2015",
"BSI-DSZ-CC-0976-V4-2021",
"BSI-DSZ-CC-1110-V4-2021",
"BSI-DSZ-CC-0976-2015"
]
}
},
"scheme_data": {
"category": "eHealth",
"cert_id": "EUCC-3087-2026-0011",
"certification_date": "2026-06-17",
"enhanced": {
"applicant": "Giesecke \u0026 Devrient GmbH seit 1. Juli 2017 Giesecke+Devrient Mobile Security GmbH seit 1. Juli 2023 Giesecke+Devrient ePayments GmbH Prinzregentenstr. 161 81677 M\u00fcnchen",
"assurance_level": "EAL4+,ALC_DVS.2,ATE_DPT.2,AVA_VAN.5,ALC_FLR.1",
"certification_date": "2026-06-17",
"description": "The Target of Evaluation (TOE) is the product STARCOS 3.6 COSGKV C1 developed by Giesecke \u0026 Devrient GmbH. The TOE is a smart card product according to the G2 Card Operating System (G2-COS) specification from gematik. The TOE is intended to be used as a card operating system platform for specific card types and applications of the card generation G2 in the framework of the German health care system, and therefore implements the mandatory part of the G2-COS specification with the base functionality of the operating system platform only. The TOE implements from the PP-0082-V2 the base part without any of the optional packages.",
"entries": [
{
"description": "The focus of this re-certification was on the transfer of the certification procedure to CC/CEM:2022 and to EUCC. Included is the update of the product life-cycle concerning the involved development and production sites, the underlying HW-certificate as well as the vulnerability analysis andvaluation of the TOE\u0027s (crypto) implementation. The certified product itself including its related guidance documentation did not change.",
"id": "EUCC-3087-2026-0011 / BSI-DSZ-CC-0976-V5-2026 (Ausstellungsdatum / Certification Date 17.06.2026, g\u00fcltig bis / valid until 16.06.2031)"
},
{
"description": "The maintenance procedure for BSI-DSZ-CC-0976-V4-2021 covers the update of the product life-cycle concerning the involved development and production sites and additionally addresses the update of the Security Target (ST) and user guidance documentation regards the TOE\u0027s random number generation functionality. The certified product itself did not change.",
"id": "BSI-DSZ-CC-0976-V4-2021-MA-02 (Ausstellungsdatum / Certification Date 16.06.2025)"
},
{
"description": "The partial ALC re-evaluation for procedure 0976-V4 covers the update of the product life-cycle concerning the involved development and production sites. The certified product itself did not change.",
"id": "BSI-DSZ-CC-0976-V4-2021-MA-01 (Ausstellungsdatum / Certification Date 09.05.2022)"
},
{
"description": "Software",
"id": "BSI-DSZ-CC-0976-V4-2021 (Ausstellungsdatum / Certification Date 18.06.2021, g\u00fcltig bis / valid until 17.06.2026) Zertifizierungsreport / Certification Report"
},
{
"description": "The partial ALC re-evaluation for procedure 0976-V3 covers the update of the product life-cycle concerning the involved development and production sites. The certified product itself did not change.",
"id": "BSI"
},
{
"description": "Maintenance Report",
"id": "BSI-DSZ-CC-0976-V3-2019-MA-01 (Ausstellungsdatum / Certification Date 15.06.2021)"
},
{
"description": "Software",
"id": "BSI-DSZ-CC-0976-V3-2019 (Ausstellungsdatum / Certification Date 21.11.2019, g\u00fcltig bis / valid until 20.11.2024)"
},
{
"description": "Software",
"id": "BSI-DSZ-CC-0976-V2-2018 (Ausstellungsdatum / Certification Date 20.09.2018, g\u00fcltig bis / valid until 19.09.2023)"
},
{
"description": "The changes are related to an update and reevaluation of the product life-cycle caused by changes in the development and porduction sites. The certified product itself did not change.",
"id": "BSI-DSZ-CC-0976-2015-MA-01 (Ausstellungsdatum / Certification Date 02.08.2018)"
},
{
"description": "",
"id": "BSI-DSZ-CC-0976-2015-RA-01 (Ausstellungsdatum / Certification Date 19.09.2017)"
},
{
"description": "Security Target",
"id": "BSI-DSZ-CC-0976-2015 (Ausstellungsdatum / Certification Date 29.12.2015, g\u00fcltig bis / valid until 28.12.2020)"
}
],
"evaluation_facility": "SRC Security Research \u0026 Consulting GmbH",
"expiration_date": "2031-06-16",
"product": "STARCOS 3.7 COS HBA-SMC",
"protection_profile": "Card Operating System Generation 2 (PP COS G2), Version 2.1, 10 July 2019, BSI-CC-PP-0082-V4-2019"
},
"product": "STARCOS 3.7 COS HBA-SMC",
"subcategory": "Smartcards",
"url": "https://www.bsi.bund.de/SharedDocs/Zertifikate_CC/CC/Gesundheitswesen_SmartCards/0976.html",
"vendor": "Giesecke \u0026 Devrient GmbH seit 1. Juli 2017 Giesecke+Devrient Mobile Security GmbH seit 1. Juli 2023 Giesecke+Devrient ePayments GmbH"
},
"st_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": {
"_type": "Set",
"elements": [
"BSI-DSZ-CC-1110-V8-2025"
]
},
"indirectly_referenced_by": null,
"indirectly_referencing": {
"_type": "Set",
"elements": [
"BSI-DSZ-CC-1110-V8-2025"
]
}
},
"verified_cpe_matches": null
},
"maintenance_updates": {
"_type": "Set",
"elements": []
},
"manufacturer": "Giesecke+Devrient ePayments GmbH",
"manufacturer_web": "https://www.gi-de.com/de/",
"name": "STARCOS 3.7 COS HBA-SMC",
"not_valid_after": "2031-06-17",
"not_valid_before": "2026-06-17",
"pdf_data": {
"_type": "sec_certs.sample.cc_eucc_common.PdfData",
"cert_filename": "EUCC-3087-2026-0011 Certificate.pdf",
"cert_frontpage": null,
"cert_keywords": {
"asymmetric_crypto": {},
"cc_cert_id": {
"DE": {
"BSI-DSZ-CC-0976-V5-2026": 1,
"EUCC-3087-2026-0011": 1
}
},
"cc_claims": {},
"cc_protection_profile_id": {},
"cc_sar": {
"ALC": {
"ALC_DVS.2": 1,
"ALC_FLR": 1,
"ALC_FLR.1": 1
},
"ATE": {
"ATE_DPT.2": 1
},
"AVA": {
"AVA_VAN": 1,
"AVA_VAN.5": 2
}
},
"cc_security_level": {
"EAL": {
"EAL 2": 1,
"EAL 4": 1
}
},
"cc_sfr": {},
"certification_process": {},
"cipher_mode": {},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {},
"crypto_protocol": {},
"crypto_scheme": {},
"device_model": {},
"ecc_curve": {},
"eval_facility": {
"SRC": {
"SRC Security Research \u0026 Consulting": 1
}
},
"hash_function": {},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {
"STARCOS": {
"STARCOS 3": 1
}
},
"pq_crypto": {},
"randomness": {},
"side_channel_analysis": {},
"standard_id": {
"ISO": {
"ISO/IEC 15408": 2,
"ISO/IEC 18045": 2
}
},
"symmetric_crypto": {},
"technical_report_id": {},
"tee_name": {},
"tls_cipher_suite": {},
"vendor": {
"GD": {
"Giesecke+Devrient": 1
}
},
"vulnerability": {}
},
"cert_metadata": {
"/CreationDate": "D:20260622060106+01\u002700\u0027",
"/Creator": "KM_C300i",
"/ModDate": "D:20260622060106+01\u002700\u0027",
"/Producer": "KONICA MINOLTA bizhub C300i",
"/Title": "KM_C300i26062206000",
"pdf_file_size_bytes": 125061,
"pdf_hyperlinks": {
"_type": "Set",
"elements": []
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 2
},
"report_filename": "EUCC-3087-2026-0011 Certification Report.pdf",
"report_frontpage": {
"DE": {
"cert_id": "BSI-DSZ-CC-0976-V5-2026",
"cert_item": "STARCOS 3.7 COS HBA-SMC",
"cert_lab": "BSI",
"developer": "Giesecke+Devrient ePayments GmbH",
"match_rules": [
"(BSI-DSZ-CC-.+?) (?:for|For) (.+?) from (.*)"
]
}
},
"report_keywords": {
"asymmetric_crypto": {
"ECC": {
"ECC": {
"ECC": 8
},
"ECDH": {
"ECDH": 3
},
"ECDSA": {
"ECDSA": 14
}
},
"FF": {
"DH": {
"Diffie-Hellman": 1
}
},
"RSA": {
"RSA-OAEP": 2
}
},
"cc_cert_id": {
"DE": {
"BSI-DSZ-CC-0976-V4-2021": 2,
"BSI-DSZ-CC-0976-V5-2026": 44,
"BSI-DSZ-CC-1110-": 1,
"BSI-DSZ-CC-1110-V8-2025": 7,
"BSI-DSZ-CC-S-0347-2026": 1,
"EUCC-3087-2026-0011": 39
},
"FR": {
"ANSSI-CC-SITE-2025/03": 2,
"ANSSI-CC-SITE-2025/05": 2
}
},
"cc_claims": {},
"cc_protection_profile_id": {
"BSI": {
"BSI-CC-PP-0082-V4-2019": 3
}
},
"cc_sar": {
"ADV": {
"ADV_ARC": 1
},
"ALC": {
"ALC_DVS.2": 1,
"ALC_FLR": 2,
"ALC_FLR.1": 1
},
"ATE": {
"ATE_DPT.2": 1
},
"AVA": {
"AVA_VAN.5": 2
}
},
"cc_security_level": {
"EAL": {
"EAL 2": 2,
"EAL 4": 1
}
},
"cc_sfr": {
"FCS": {
"FCS_CKM": 4,
"FCS_COP": 29,
"FCS_RNG": 3,
"FCS_RNG.1": 1
},
"FIA": {
"FIA_UAU": 2,
"FIA_USB": 1
},
"FPT": {
"FPT_ITE.1": 1
},
"FTP": {
"FTP_ITC": 2
}
},
"certification_process": {
"ConfidentialDocument": {
"1.0, 21 May 2026, Giesecke+Devrient ePayments GmbH (confidential document) 6 specifically \u2022 AIS 1, Version 14, Durchf\u00fchrung der Ortsbesichtigung in der Entwicklungsumgebung": 1,
"design step H13, Version 6.2, 26 June 2025, Infineon Technologies AG, BSI-DSZ-CC-1110-V8-2025 (confidential document) Security Target Lite of the underlying hardware platform, Security Target IFX_CCI_000003h": 1,
"for STARCOS 3.7 COS HBA-SMC, Version 3.2, 24 May 2026, SRC Security Research \u0026 Consulting GmbH (confidential document) [ConfList] Configuration List BSI-DSZ-CC-0976-V5-2026, Configuration List STARCOS 3.7 COS HBA-SMC": 1,
"procedure BSI-DSZ-CC-1110-V8-2025, Version 2, 25 July 2025, T\u00dcV Informationstechnik GmbH (confidential document) [Spec G2 COS] Einf\u00fchrung der Gesundheitskarte, Spezifikation des Card Operating System (COS": 1
}
},
"cipher_mode": {
"CBC": {
"CBC": 10
}
},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {},
"crypto_protocol": {
"PACE": {
"PACE": 11
}
},
"crypto_scheme": {
"KA": {
"Key Agreement": 1
},
"MAC": {
"MAC": 3
}
},
"device_model": {},
"ecc_curve": {},
"eval_facility": {
"SRC": {
"SRC Security Research \u0026 Consulting": 6
},
"TUV": {
"T\u00dcV Informationstechnik": 1
}
},
"hash_function": {
"SHA": {
"SHA2": {
"SHA-256": 3
}
}
},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {
"STARCOS": {
"STARCOS 3": 37
}
},
"pq_crypto": {},
"randomness": {
"PRNG": {
"PRNG": 1
},
"RNG": {
"RNG": 4
}
},
"side_channel_analysis": {
"FI": {
"DFA": 1,
"fault injection": 1,
"malfunction": 1
},
"SCA": {
"DPA": 1,
"SPA": 1,
"side channel": 1
},
"other": {
"JIL": 2
}
},
"standard_id": {
"BSI": {
"AIS 1": 2,
"AIS 14": 1,
"AIS 19": 1,
"AIS 20": 5,
"AIS 25": 2,
"AIS 26": 1,
"AIS 31": 4,
"AIS 32": 2,
"AIS 37": 2,
"AIS 38": 2,
"AIS 46": 2
},
"FIPS": {
"FIPS 180-4": 9,
"FIPS 197": 12,
"FIPS PUB 180-4": 1,
"FIPS PUB 197": 1
},
"ISO": {
"ISO/IEC 15408": 2,
"ISO/IEC 17065": 2,
"ISO/IEC 18031:2005": 1,
"ISO/IEC 18045": 2
},
"PKCS": {
"PKCS#1": 5
},
"RFC": {
"RFC 5639": 15
}
},
"symmetric_crypto": {
"AES_competition": {
"AES": {
"AES": 29
},
"HPC": {
"HPC": 4
}
},
"constructions": {
"MAC": {
"CMAC": 15
}
}
},
"technical_report_id": {
"BSI": {
"BSI TR-03116-1": 1,
"BSI TR-03143": 5,
"BSI TR-03144": 10
}
},
"tee_name": {},
"tls_cipher_suite": {},
"vendor": {
"GD": {
"G+D": 2,
"Giesecke+Devrient": 31
},
"Infineon": {
"Infineon": 10,
"Infineon Technologies AG": 6
}
},
"vulnerability": {}
},
"report_metadata": {
"/CreationDate": "D:20260702102033+02\u002700\u0027",
"/Creator": "Writer",
"/Keywords": "Common Criteria, Certification, Zertifizierung, G2 COS, eHealth, gematik",
"/Producer": "LibreOffice 5.3",
"/Subject": "STARCOS 3.7 COS HBA-SMC from G+D ePayments GmbH",
"/Title": "Certification Report EUCC-3087-jjjj-mm-nnnn; BSI-DSZ-CC-0976-V5",
"pdf_file_size_bytes": 708967,
"pdf_hyperlinks": {
"_type": "Set",
"elements": [
"https://www.iso.org/standard/72913.html",
"https://www.bsi.bund.de/zertifizierung",
"https://www.commoncriteriaportal.org/",
"http://www.commoncriteriaportal.org/",
"https://www.bsi.bund.de/AIS",
"https://www.iso.org/standard/72917.html",
"https://www.iso.org/standard/72906.html",
"https://www.iso.org/standard/72892.html",
"https://certification.enisa.europa.eu/",
"https://www.bsi.bund.de/zertifizierungsreporte",
"https://certification.enisa.europa.eu/publications/eucc-state-art-documents_en",
"https://eur-lex.europa.eu/eli/reg_impl/2025/2462/oj",
"https://www.iso.org/standard/72891.html",
"https://www.gi-de.com/en/cybersecurity-information",
"https://www.iso.org/standard/72889.html"
]
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 39
},
"st_filename": "EUCC-3087-2026-0011 Security Target.pdf",
"st_frontpage": null,
"st_keywords": {
"asymmetric_crypto": {
"ECC": {
"ECC": {
"ECC": 16
},
"ECDH": {
"ECDH": 6
},
"ECDSA": {
"ECDSA": 38
}
},
"FF": {
"DH": {
"DH": 13,
"Diffie-Hellman": 1
},
"DSA": {
"DSA": 1
}
}
},
"cc_cert_id": {
"DE": {
"BSI-DSZ-CC-1110-V8-2025": 1
}
},
"cc_claims": {
"O": {
"O.AES": 7,
"O.PACE_CHIP": 2,
"O.RND": 8
},
"T": {
"T.RND": 5
}
},
"cc_protection_profile_id": {
"BSI": {
"BSI-CC-PP- 0082-V4": 1,
"BSI-CC-PP- 0084-2014": 6,
"BSI-CC-PP-0035-2007": 1,
"BSI-CC-PP-0082-V4": 32,
"BSI-CC-PP-0084-": 4,
"BSI-CC-PP-0084-2007": 1,
"BSI-CC-PP-0084-2014": 51,
"BSI-PP-0084-": 2,
"BSI-PP-0084-2014": 8
}
},
"cc_sar": {
"ADV": {
"ADV_ARC": 2,
"ADV_ARC.1": 9,
"ADV_FSP": 2,
"ADV_FSP.4": 6,
"ADV_IMP": 2,
"ADV_IMP.1": 6,
"ADV_IMP.2": 1,
"ADV_INT.3": 1,
"ADV_TDS.3": 3,
"ADV_TDS.5": 1
},
"AGD": {
"AGD_OPE": 2,
"AGD_OPE.1": 6,
"AGD_PRE": 2,
"AGD_PRE.1": 2
},
"ALC": {
"ALC_CMC": 2,
"ALC_CMC.4": 1,
"ALC_CMC.5": 1,
"ALC_CMS": 2,
"ALC_CMS.4": 1,
"ALC_DEL": 2,
"ALC_DEL.1": 1,
"ALC_DVS": 2,
"ALC_DVS.2": 13,
"ALC_FLR.1": 11,
"ALC_LCD.1": 1,
"ALC_TAT.1": 1,
"ALC_TAT.3": 1
},
"ASE": {
"ASE_CCL.1": 1,
"ASE_ECD": 1,
"ASE_ECD.1": 1,
"ASE_INT.1": 1,
"ASE_OBJ.2": 1,
"ASE_REQ.2": 1,
"ASE_SPD.1": 1,
"ASE_TSS.1": 1
},
"ATE": {
"ATE_COV": 2,
"ATE_COV.2": 1,
"ATE_COV.3": 1,
"ATE_DPT.1": 1,
"ATE_DPT.2": 11,
"ATE_FUN.1": 6,
"ATE_FUN.2": 1,
"ATE_IND.2": 5
},
"AVA": {
"AVA_VAN": 2,
"AVA_VAN.5": 11
}
},
"cc_security_level": {
"EAL": {
"EAL 4": 2,
"EAL 5": 1,
"EAL4": 14,
"EAL4 augmented": 4,
"EAL5": 1,
"EAL5 augmented": 1,
"EAL6": 1,
"EAL6 augmented": 1
}
},
"cc_sfr": {
"FAU": {
"FAU_SAS": 8,
"FAU_SAS.1": 3
},
"FCS": {
"FCS_CKM": 84,
"FCS_CKM.1": 40,
"FCS_CKM.2": 9,
"FCS_CKM.3": 1,
"FCS_CKM.5": 42,
"FCS_CKM.6": 65,
"FCS_CKM.6.1": 2,
"FCS_CKM.6.2": 1,
"FCS_COP": 191,
"FCS_COP.1": 23,
"FCS_COP.1.1": 1,
"FCS_RBG.1": 9,
"FCS_RNG": 35,
"FCS_RNG.1": 32,
"FCS_RNG.1.1": 3,
"FCS_RNG.1.2": 2
},
"FDP": {
"FDP_ACC": 123,
"FDP_ACC.1": 44,
"FDP_ACF": 110,
"FDP_ACF.1": 41,
"FDP_IFC": 7,
"FDP_IFC.1": 16,
"FDP_ITC.1": 35,
"FDP_ITC.2": 35,
"FDP_ITT": 7,
"FDP_ITT.1": 3,
"FDP_RIP": 9,
"FDP_RIP.1": 14,
"FDP_RIP.1.1": 1,
"FDP_SDC": 8,
"FDP_SDC.1": 3,
"FDP_SDI": 7,
"FDP_SDI.1": 1,
"FDP_SDI.2": 11,
"FDP_SDI.2.1": 1,
"FDP_SDI.2.2": 1,
"FDP_UCT": 7,
"FDP_UCT.1": 1,
"FDP_UIT": 8,
"FDP_UIT.1": 2
},
"FIA": {
"FIA_ACC": 1,
"FIA_ACF": 1,
"FIA_AFL": 22,
"FIA_AFL.1": 4,
"FIA_API": 10,
"FIA_API.1": 16,
"FIA_API.1.1": 1,
"FIA_ATD": 10,
"FIA_ATD.1": 20,
"FIA_ATD.1.1": 1,
"FIA_SOS.1": 8,
"FIA_SOS.1.1": 1,
"FIA_UAU": 50,
"FIA_UAU.1": 20,
"FIA_UAU.1.1": 1,
"FIA_UAU.1.2": 1,
"FIA_UAU.4": 12,
"FIA_UAU.4.1": 1,
"FIA_UAU.5": 17,
"FIA_UAU.5.1": 1,
"FIA_UAU.5.2": 1,
"FIA_UAU.6": 12,
"FIA_UAU.6.1": 1,
"FIA_UID": 14,
"FIA_UID.1": 19,
"FIA_UID.1.1": 1,
"FIA_UID.1.2": 1,
"FIA_USB": 32,
"FIA_USB.1": 30,
"FIA_USB.1.1": 1,
"FIA_USB.1.2": 1,
"FIA_USB.1.3": 2
},
"FMT": {
"FMT_LIM": 15,
"FMT_LIM.1": 3,
"FMT_LIM.2": 2,
"FMT_MSA": 68,
"FMT_MSA.1": 8,
"FMT_MSA.3": 39,
"FMT_MSA.3.1": 1,
"FMT_MSA.3.2": 1,
"FMT_MTD": 38,
"FMT_MTD.1": 4,
"FMT_SMF.1": 51,
"FMT_SMF.1.1": 1,
"FMT_SMR": 9,
"FMT_SMR.1": 41,
"FMT_SMR.1.1": 1,
"FMT_SMR.1.2": 1,
"FMT_SRM": 1
},
"FPT": {
"FPT_EMS": 15,
"FPT_EMS.1": 12,
"FPT_EMS.1.1": 1,
"FPT_FLS": 7,
"FPT_FLS.1": 18,
"FPT_FLS.1.1": 1,
"FPT_ITE": 11,
"FPT_ITE.1": 11,
"FPT_ITE.1.1": 1,
"FPT_ITE.1.2": 1,
"FPT_ITE.2": 13,
"FPT_ITE.2.1": 5,
"FPT_ITE.2.2": 1,
"FPT_ITT": 7,
"FPT_ITT.1": 3,
"FPT_PHP": 7,
"FPT_PHP.3": 4,
"FPT_TDC.1": 10,
"FPT_TDC.1.1": 1,
"FPT_TDC.1.2": 1,
"FPT_TST": 2,
"FPT_TST.1": 11,
"FPT_TST.1.1": 1,
"FPT_TST.1.2": 1,
"FPT_TST.1.3": 1
},
"FRU": {
"FRU_FLT": 7,
"FRU_FLT.2": 3
},
"FTP": {
"FTP_ITC": 22,
"FTP_ITC.1": 12,
"FTP_ITE": 1,
"FTP_TRP.1": 5
}
},
"certification_process": {
"OutOfScope": {
"and cryptographic key sizes 2048 bits and 3072 bits modulus length for RSA private key operation is out of scope for the TOE. 378 The TOE shall meet the requirement \u201cCryptographic operation \u2013 CB ECC (FCS_COP.1/CB": 1,
"out of scope": 1
}
},
"cipher_mode": {
"CBC": {
"CBC": 4
}
},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {},
"crypto_protocol": {
"PACE": {
"PACE": 125
},
"TLS": {
"SSL": {
"SSL": 1
}
}
},
"crypto_scheme": {
"KA": {
"Key Agreement": 1,
"Key agreement": 1
},
"MAC": {
"MAC": 33
}
},
"device_model": {},
"ecc_curve": {
"Brainpool": {
"brainpoolP256r1": 4,
"brainpoolP384r1": 4,
"brainpoolP512r1": 4
}
},
"eval_facility": {},
"hash_function": {
"SHA": {
"SHA1": {
"SHA-1": 3
},
"SHA2": {
"SHA-224": 2,
"SHA-256": 11,
"SHA-384": 6,
"SHA-512": 3
}
}
},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {
"STARCOS": {
"STARCOS 3": 181
}
},
"pq_crypto": {},
"randomness": {
"RNG": {
"RND": 15,
"RNG": 36
}
},
"side_channel_analysis": {
"FI": {
"DFA": 1,
"Malfunction": 17,
"malfunction": 1,
"physical tampering": 3
},
"SCA": {
"DPA": 1,
"Leak-Inherent": 15,
"Physical Probing": 2,
"SPA": 1,
"side channel": 1
},
"other": {
"Bleichenbacher attack": 1,
"JIL": 1
}
},
"standard_id": {
"BSI": {
"AIS20": 2,
"AIS31": 1
},
"CC": {
"CCMB-2022-11-001": 1,
"CCMB-2022-11-002": 1,
"CCMB-2022-11-003": 2,
"CCMB-2022-11-004": 2
},
"FIPS": {
"FIPS 180-4": 1,
"FIPS 197": 4,
"FIPS PUB 180-4": 1,
"FIPS PUB 197": 1
},
"ISO": {
"ISO/IEC 7816": 2
},
"NIST": {
"NIST SP 800-38B": 1
},
"PKCS": {
"PKCS #1": 2
},
"RFC": {
"RFC 5639": 1,
"RFC5639": 3
}
},
"symmetric_crypto": {
"AES_competition": {
"AES": {
"AES": 81
},
"HPC": {
"HPC": 1
}
},
"constructions": {
"MAC": {
"CMAC": 43
}
}
},
"technical_report_id": {
"BSI": {
"BSI TR-03111": 3,
"BSI TR-03143": 2
}
},
"tee_name": {
"IBM": {
"SE": 1
}
},
"tls_cipher_suite": {},
"vendor": {
"GD": {
"G+D": 1,
"Giesecke+Devrient": 10
},
"Infineon": {
"Infineon": 2,
"Infineon Technologies AG": 2
},
"NXP": {
"NXP Semiconductors": 1
},
"STMicroelectronics": {
"STMicroelectronics": 1
}
},
"vulnerability": {}
},
"st_metadata": {
"/Author": "Giesecke+Devrient ePayments GmbH",
"/CreationDate": "D:20260423134806+02\u002700\u0027",
"/Creator": "Microsoft\u00ae Word f\u00fcr Microsoft 365",
"/Keywords": "Version 2.2/23.04.2026",
"/ModDate": "D:20260423134806+02\u002700\u0027",
"/Producer": "Microsoft\u00ae Word f\u00fcr Microsoft 365",
"/Subject": "Security Target STARCOS 3.7 COS HBA-SMC",
"/Title": "G+D Security Target to BSI-PP-0082-V4",
"pdf_file_size_bytes": 4100307,
"pdf_hyperlinks": {
"_type": "Set",
"elements": []
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 168
}
},
"protection_profile_links": {
"_type": "Set",
"elements": [
"https://www.commoncriteriaportal.org/nfs/ccpfiles/files/ppfiles/pp0082V4b_pdf.pdf"
]
},
"report_link": "https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/EUCC-3087-2026-0011%20Certification%20Report.pdf",
"scheme": "DE",
"security_level": {
"_type": "Set",
"elements": [
"EAL4+",
"ALC_FLR.1",
"AVA_VAN.5",
"ATE_DPT.2",
"ALC_DVS.2"
]
},
"st_link": "https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/EUCC-3087-2026-0011%20Security%20Target.pdf",
"state": {
"_type": "sec_certs.sample.cc_eucc_common.InternalState",
"cert": {
"_type": "sec_certs.sample.document_state.DocumentState",
"convert_ok": true,
"download_ok": true,
"extract_ok": true,
"json_hash": null,
"source_hash": "3a152200634545304d684eb25e8287ef1b90868c68498176e4156f17f3d1d2bc",
"txt_hash": "5952d52233ac572e4f8c4e485c9bf0880401d96eb257479c3cdc8a8efed90565"
},
"report": {
"_type": "sec_certs.sample.document_state.DocumentState",
"convert_ok": true,
"download_ok": true,
"extract_ok": true,
"json_hash": null,
"source_hash": "517e2b9705ab9016ca985840cba21b034186a2a5e2c48205d1842f58020dee11",
"txt_hash": "05376dc3314e753239585c14fadb5468622a527e2086b8782423850118da35cc"
},
"st": {
"_type": "sec_certs.sample.document_state.DocumentState",
"convert_ok": true,
"download_ok": true,
"extract_ok": true,
"json_hash": null,
"source_hash": "d76b738ba378d159a08ac02d3e93bcc14279b5bbaf1a0393322cd6e7718d666e",
"txt_hash": "fa122615234a076d5146404f825329740373f05981dc4cf536604c919938d429"
}
},
"status": "active"
}