STARCOS 3.7 COS HBA-SMC

CSV information

Status active
Valid from 17.06.2026
Valid until 17.06.2031
Scheme 🇩🇪 DE
Manufacturer Giesecke+Devrient ePayments GmbH
Category ICs, Smart Cards and Smart Card-Related Devices and Systems
Security level ALC_FLR.1, ALC_DVS.2, EAL4+, ATE_DPT.2, AVA_VAN.5
Protection profiles

Heuristics summary

Certificate ID: BSI-DSZ-CC-0976-V5-2026

Certificate

Extracted keywords

Operating System name
STARCOS 3
Vendor
Giesecke+Devrient

Security level
EAL 2, EAL 4
Security Assurance Requirements (SAR)
ALC_FLR, ALC_DVS.2, ALC_FLR.1, ATE_DPT.2, AVA_VAN.5, AVA_VAN
Certificates
BSI-DSZ-CC-0976-V5-2026, EUCC-3087-2026-0011
Evaluation facilities
SRC Security Research & Consulting

Standards
ISO/IEC 15408, ISO/IEC 18045

File metadata

Title KM_C300i26062206000
Creation date D:20260622060106+01'00'
Modification date D:20260622060106+01'00'
Pages 2
Creator KM_C300i
Producer KONICA MINOLTA bizhub C300i

Certification report

Extracted keywords

Symmetric Algorithms
AES, HPC, CMAC
Asymmetric Algorithms
RSA-OAEP, ECDH, ECDSA, ECC, Diffie-Hellman
Hash functions
SHA-256
Schemes
MAC, Key Agreement
Protocols
PACE
Randomness
PRNG, RNG
Block cipher modes
CBC

Operating System name
STARCOS 3
Vendor
Infineon, Infineon Technologies AG, Giesecke+Devrient, G+D

Security level
EAL 2, EAL 4
Security Assurance Requirements (SAR)
ADV_ARC, ALC_FLR, ALC_DVS.2, ALC_FLR.1, ATE_DPT.2, AVA_VAN.5
Security Functional Requirements (SFR)
FCS_COP, FCS_CKM, FCS_RNG.1, FCS_RNG, FIA_UAU, FIA_USB, FPT_ITE.1, FTP_ITC
Protection profiles
BSI-CC-PP-0082-V4-2019
Certificates
BSI-DSZ-CC-0976-V5-2026, BSI-DSZ-CC-0976-V4-2021, BSI-DSZ-CC-1110-, BSI-DSZ-CC-1110-V8-2025, BSI-DSZ-CC-S-0347-2026, EUCC-3087-2026-0011, ANSSI-CC-SITE-2025/05, ANSSI-CC-SITE-2025/03
Evaluation facilities
TÜV Informationstechnik, SRC Security Research & Consulting

Side-channel analysis
side channel, DPA, SPA, malfunction, DFA, fault injection, JIL
Certification process
for STARCOS 3.7 COS HBA-SMC, Version 3.2, 24 May 2026, SRC Security Research & Consulting GmbH (confidential document) [ConfList] Configuration List BSI-DSZ-CC-0976-V5-2026, Configuration List STARCOS 3.7 COS HBA-SMC, 1.0, 21 May 2026, Giesecke+Devrient ePayments GmbH (confidential document) 6 specifically • AIS 1, Version 14, Durchführung der Ortsbesichtigung in der Entwicklungsumgebung, design step H13, Version 6.2, 26 June 2025, Infineon Technologies AG, BSI-DSZ-CC-1110-V8-2025 (confidential document) Security Target Lite of the underlying hardware platform, Security Target IFX_CCI_000003h, procedure BSI-DSZ-CC-1110-V8-2025, Version 2, 25 July 2025, TÜV Informationstechnik GmbH (confidential document) [Spec G2 COS] Einführung der Gesundheitskarte, Spezifikation des Card Operating System (COS

Standards
FIPS 180-4, FIPS 197, FIPS PUB 180-4, FIPS PUB 197, PKCS#1, AIS 20, AIS 31, AIS 37, AIS 46, AIS 38, AIS 1, AIS 25, AIS 32, AIS 14, AIS 19, AIS 26, RFC 5639, ISO/IEC 15408, ISO/IEC 18045, ISO/IEC 17065, ISO/IEC 18031:2005
Technical reports
BSI TR-03116-1, BSI TR-03144, BSI TR-03143

File metadata

Title Certification Report EUCC-3087-jjjj-mm-nnnn; BSI-DSZ-CC-0976-V5
Subject STARCOS 3.7 COS HBA-SMC from G+D ePayments GmbH
Keywords Common Criteria, Certification, Zertifizierung, G2 COS, eHealth, gematik
Creation date D:20260702102033+02'00'
Pages 39
Creator Writer
Producer LibreOffice 5.3

Frontpage

Certificate ID BSI-DSZ-CC-0976-V5-2026
Certified item STARCOS 3.7 COS HBA-SMC
Certification lab BSI
Developer Giesecke+Devrient ePayments GmbH

References

Outgoing
  • BSI-DSZ-CC-1110-V8-2025 - active - Infineon Security Controller IFX_CCI_000003h, 000005h, 000008h, 00000Ch, 000013h, 000014h, 000015h, 00001Ch, 00001Dh, 000021h, 00022h in the design step H13
  • BSI-DSZ-CC-0976-V4-2021 - archived - STARCOS 3.7 COS HBA-SMC

Security target

Extracted keywords

Symmetric Algorithms
AES, HPC, CMAC
Asymmetric Algorithms
ECDH, ECDSA, ECC, Diffie-Hellman, DH, DSA
Hash functions
SHA-1, SHA-224, SHA-384, SHA-256, SHA-512
Schemes
MAC, Key agreement, Key Agreement
Protocols
SSL, PACE
Randomness
RND, RNG
Elliptic Curves
brainpoolP256r1, brainpoolP384r1, brainpoolP512r1
Block cipher modes
CBC

Operating System name
STARCOS 3
Trusted Execution Environments
SE
Vendor
NXP Semiconductors, Infineon, Infineon Technologies AG, STMicroelectronics, G+D, Giesecke+Devrient

Security level
EAL4, EAL 4, EAL5, EAL6, EAL 5, EAL4 augmented, EAL5 augmented, EAL6 augmented
Claims
O.RND, O.AES, O.PACE_CHIP, T.RND
Security Assurance Requirements (SAR)
ADV_ARC.1, ADV_FSP.4, ADV_IMP.1, ADV_TDS.3, ADV_ARC, ADV_FSP, ADV_IMP, ADV_IMP.2, ADV_INT.3, ADV_TDS.5, AGD_OPE.1, AGD_PRE.1, AGD_OPE, AGD_PRE, ALC_FLR.1, ALC_DVS.2, ALC_CMC.4, ALC_CMS.4, ALC_DEL.1, ALC_LCD.1, ALC_TAT.1, ALC_DEL, ALC_DVS, ALC_CMS, ALC_CMC, ALC_CMC.5, ALC_TAT.3, ATE_FUN.1, ATE_IND.2, ATE_DPT.2, ATE_COV.2, ATE_COV, ATE_DPT.1, ATE_FUN.2, ATE_COV.3, AVA_VAN.5, AVA_VAN, ASE_CCL.1, ASE_ECD.1, ASE_INT.1, ASE_OBJ.2, ASE_REQ.2, ASE_SPD.1, ASE_TSS.1, ASE_ECD
Security Functional Requirements (SFR)
FAU_SAS, FAU_SAS.1, FCS_RNG, FCS_COP, FCS_CKM, FCS_RNG.1, FCS_CKM.6, FCS_RNG.1.1, FCS_RNG.1.2, FCS_CKM.1, FCS_CKM.5, FCS_COP.1, FCS_CKM.2, FCS_CKM.3, FCS_RBG.1, FCS_COP.1.1, FCS_CKM.6.1, FCS_CKM.6.2, FDP_ITT, FDP_IFC, FDP_SDC, FDP_SDI, FDP_RIP.1, FDP_SDI.2, FDP_ACC, FDP_ACF, FDP_SDC.1, FDP_ITT.1, FDP_IFC.1, FDP_RIP.1.1, FDP_SDI.1, FDP_SDI.2.1, FDP_SDI.2.2, FDP_ACF.1, FDP_ACC.1, FDP_ITC.1, FDP_ITC.2, FDP_RIP, FDP_UCT, FDP_UCT.1, FDP_UIT, FDP_UIT.1, FIA_API, FIA_AFL, FIA_ATD.1, FIA_SOS.1, FIA_UAU.1, FIA_UAU.4, FIA_UAU.5, FIA_UAU.6, FIA_API.1, FIA_USB.1, FIA_USB, FIA_UAU, FIA_UID.1, FIA_SOS.1.1, FIA_AFL.1, FIA_ATD.1.1, FIA_UAU.1.1, FIA_UAU.1.2, FIA_UAU.4.1, FIA_UAU.5.1, FIA_UAU.5.2, FIA_UAU.6.1, FIA_UID.1.1, FIA_UID.1.2, FIA_API.1.1, FIA_USB.1.1, FIA_USB.1.2, FIA_USB.1.3, FIA_UID, FIA_ATD, FIA_ACF, FIA_ACC, FMT_LIM, FMT_SMR.1, FMT_MSA.3, FMT_SMF.1, FMT_MSA, FMT_MTD, FMT_LIM.1, FMT_LIM.2, FMT_SMR.1.1, FMT_SMR.1.2, FMT_SMF.1.1, FMT_MSA.1, FMT_MSA.3.1, FMT_MSA.3.2, FMT_MTD.1, FMT_SMR, FMT_SRM, FPT_FLS, FPT_PHP, FPT_ITT, FPT_EMS, FPT_ITE, FPT_FLS.1, FPT_EMS.1, FPT_TDC.1, FPT_ITE.1, FPT_ITE.2, FPT_TST.1, FPT_PHP.3, FPT_ITT.1, FPT_FLS.1.1, FPT_TST, FPT_EMS.1.1, FPT_TDC.1.1, FPT_TDC.1.2, FPT_ITE.1.1, FPT_ITE.1.2, FPT_ITE.2.1, FPT_ITE.2.2, FPT_TST.1.1, FPT_TST.1.2, FPT_TST.1.3, FRU_FLT, FRU_FLT.2, FTP_ITC, FTP_ITE, FTP_ITC.1, FTP_TRP.1
Protection profiles
BSI-PP-0084-2014, BSI-CC-PP-0084-2014, BSI-CC-PP- 0084-2014, BSI-CC-PP-0082-V4, BSI-CC-PP-0084-2007, BSI-CC-PP- 0082-V4, BSI-CC-PP-0084-, BSI-PP-0084-, BSI-CC-PP-0035-2007
Certificates
BSI-DSZ-CC-1110-V8-2025

Side-channel analysis
Leak-Inherent, Physical Probing, side channel, SPA, DPA, physical tampering, Malfunction, malfunction, DFA, Bleichenbacher attack, JIL
Certification process
out of scope, and cryptographic key sizes 2048 bits and 3072 bits modulus length for RSA private key operation is out of scope for the TOE. 378 The TOE shall meet the requirement “Cryptographic operation – CB ECC (FCS_COP.1/CB

Standards
FIPS 180-4, FIPS 197, FIPS PUB 197, FIPS PUB 180-4, NIST SP 800-38B, PKCS #1, AIS31, AIS20, RFC5639, RFC 5639, ISO/IEC 7816, CCMB-2022-11-003, CCMB-2022-11-001, CCMB-2022-11-002, CCMB-2022-11-004
Technical reports
BSI TR-03143, BSI TR-03111

File metadata

Title G+D Security Target to BSI-PP-0082-V4
Subject Security Target STARCOS 3.7 COS HBA-SMC
Keywords Version 2.2/23.04.2026
Author Giesecke+Devrient ePayments GmbH
Creation date D:20260423134806+02'00'
Modification date D:20260423134806+02'00'
Pages 168
Creator Microsoft® Word für Microsoft 365
Producer Microsoft® Word für Microsoft 365

References

Outgoing
  • BSI-DSZ-CC-1110-V8-2025 - active - Infineon Security Controller IFX_CCI_000003h, 000005h, 000008h, 00000Ch, 000013h, 000014h, 000015h, 00001Ch, 00001Dh, 000021h, 00022h in the design step H13

Heuristics

Automated inference - use with caution

All attributes shown in this section (e.g., links between certificates, products, vendors, and known CVEs) are generated by automated heuristics and have not been reviewed by humans. These methods can produce false positives or false negatives and should not be treated as definitive without independent verification. For details on our data sources and inference methods, see our methodology. If you believe any information here is inaccurate or harmful, please submit feedback.

Certificate ID

BSI-DSZ-CC-0976-V5-2026

Extracted SARs

ADV_ARC.1, ADV_FSP.4, ADV_IMP.2, ADV_INT.3, ADV_TDS.5, AGD_OPE.1, AGD_PRE.1, ALC_CMC.5, ALC_CMS.4, ALC_DEL.1, ALC_DVS.2, ALC_FLR.1, ALC_LCD.1, ALC_TAT.3, ASE_CCL.1, ASE_ECD.1, ASE_INT.1, ASE_OBJ.2, ASE_REQ.2, ASE_SPD.1, ASE_TSS.1, ATE_COV.3, ATE_DPT.2, ATE_FUN.2, ATE_IND.2, AVA_VAN.5

Similar certificates

Name Certificate ID Actions
STARCOS 3.7 COS HBA-SMC BSI-DSZ-CC-0976-V4-2021 Compare

Scheme data

Cert Id EUCC-3087-2026-0011
Product STARCOS 3.7 COS HBA-SMC
Vendor Giesecke & Devrient GmbH seit 1. Juli 2017 Giesecke+Devrient Mobile Security GmbH seit 1. Juli 2023 Giesecke+Devrient ePayments GmbH
Certification Date 17.06.2026
Category eHealth
Url https://www.bsi.bund.de/SharedDocs/Zertifikate_CC/CC/Gesundheitswesen_SmartCards/0976.html
Enhanced
Product STARCOS 3.7 COS HBA-SMC
Applicant Giesecke & Devrient GmbH seit 1. Juli 2017 Giesecke+Devrient Mobile Security GmbH seit 1. Juli 2023 Giesecke+Devrient ePayments GmbH Prinzregentenstr. 161 81677 München
Evaluation Facility SRC Security Research & Consulting GmbH
Assurance Level EAL4+,ALC_DVS.2,ATE_DPT.2,AVA_VAN.5,ALC_FLR.1
Protection Profile Card Operating System Generation 2 (PP COS G2), Version 2.1, 10 July 2019, BSI-CC-PP-0082-V4-2019
Certification Date 17.06.2026
Expiration Date 16.06.2031
Entries [frozendict({'id': 'EUCC-3087-2026-0011 / BSI-DSZ-CC-0976-V5-2026 (Ausstellungsdatum / Certification Date 17.06.2026, gültig bis / valid until 16.06.2031)', 'description': "The focus of this re-certification was on the transfer of the certification procedure to CC/CEM:2022 and to EUCC. Included is the update of the product life-cycle concerning the involved development and production sites, the underlying HW-certificate as well as the vulnerability analysis andvaluation of the TOE's (crypto) implementation. The certified product itself including its related guidance documentation did not change."}), frozendict({'id': 'BSI-DSZ-CC-0976-V4-2021-MA-02 (Ausstellungsdatum / Certification Date 16.06.2025)', 'description': "The maintenance procedure for BSI-DSZ-CC-0976-V4-2021 covers the update of the product life-cycle concerning the involved development and production sites and additionally addresses the update of the Security Target (ST) and user guidance documentation regards the TOE's random number generation functionality. The certified product itself did not change."}), frozendict({'id': 'BSI-DSZ-CC-0976-V4-2021-MA-01 (Ausstellungsdatum / Certification Date 09.05.2022)', 'description': 'The partial ALC re-evaluation for procedure 0976-V4 covers the update of the product life-cycle concerning the involved development and production sites. The certified product itself did not change.'}), frozendict({'id': 'BSI-DSZ-CC-0976-V4-2021 (Ausstellungsdatum / Certification Date 18.06.2021, gültig bis / valid until 17.06.2026) Zertifizierungsreport / Certification Report', 'description': 'Software'}), frozendict({'id': 'BSI', 'description': 'The partial ALC re-evaluation for procedure 0976-V3 covers the update of the product life-cycle concerning the involved development and production sites. The certified product itself did not change.'}), frozendict({'id': 'BSI-DSZ-CC-0976-V3-2019-MA-01 (Ausstellungsdatum / Certification Date 15.06.2021)', 'description': 'Maintenance Report'}), frozendict({'id': 'BSI-DSZ-CC-0976-V3-2019 (Ausstellungsdatum / Certification Date 21.11.2019, gültig bis / valid until 20.11.2024)', 'description': 'Software'}), frozendict({'id': 'BSI-DSZ-CC-0976-V2-2018 (Ausstellungsdatum / Certification Date 20.09.2018, gültig bis / valid until 19.09.2023)', 'description': 'Software'}), frozendict({'id': 'BSI-DSZ-CC-0976-2015-MA-01 (Ausstellungsdatum / Certification Date 02.08.2018)', 'description': 'The changes are related to an update and reevaluation of the product life-cycle caused by changes in the development and porduction sites. The certified product itself did not change.'}), frozendict({'id': 'BSI-DSZ-CC-0976-2015-RA-01 (Ausstellungsdatum / Certification Date 19.09.2017)', 'description': ''}), frozendict({'id': 'BSI-DSZ-CC-0976-2015 (Ausstellungsdatum / Certification Date 29.12.2015, gültig bis / valid until 28.12.2020)', 'description': 'Security Target'})]
Description The Target of Evaluation (TOE) is the product STARCOS 3.6 COSGKV C1 developed by Giesecke & Devrient GmbH. The TOE is a smart card product according to the G2 Card Operating System (G2-COS) specification from gematik. The TOE is intended to be used as a card operating system platform for specific card types and applications of the card generation G2 in the framework of the German health care system, and therefore implements the mandatory part of the G2-COS specification with the base functionality of the operating system platform only. The TOE implements from the PP-0082-V2 the base part without any of the optional packages.
Subcategory Smartcards

References

Loading...

Updates Feed

  • The certificate was first processed.

Raw data

{
  "_type": "sec_certs.sample.cc.CCCertificate",
  "category": "ICs, Smart Cards and Smart Card-Related Devices and Systems",
  "cert_link": "https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/EUCC-3087-2026-0011%20Certificate.pdf",
  "dgst": "decef58ee90319cc",
  "heuristics": {
    "_type": "sec_certs.sample.cc_eucc_common.Heuristics",
    "annotated_references": null,
    "cert_id": "BSI-DSZ-CC-0976-V5-2026",
    "cert_lab": [
      "BSI"
    ],
    "cpe_matches": null,
    "direct_transitive_cves": null,
    "eal": "EAL4+",
    "extracted_sars": {
      "_type": "Set",
      "elements": [
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ALC_FLR",
          "level": 1
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ASE_REQ",
          "level": 2
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ALC_TAT",
          "level": 3
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "AGD_OPE",
          "level": 1
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ATE_COV",
          "level": 3
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "AGD_PRE",
          "level": 1
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ATE_DPT",
          "level": 2
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ASE_OBJ",
          "level": 2
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ADV_FSP",
          "level": 4
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ALC_DEL",
          "level": 1
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ALC_CMC",
          "level": 5
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ASE_SPD",
          "level": 1
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ADV_IMP",
          "level": 2
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ADV_ARC",
          "level": 1
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ATE_FUN",
          "level": 2
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ALC_DVS",
          "level": 2
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ADV_TDS",
          "level": 5
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ASE_INT",
          "level": 1
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ALC_CMS",
          "level": 4
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ASE_TSS",
          "level": 1
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ASE_ECD",
          "level": 1
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ALC_LCD",
          "level": 1
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "AVA_VAN",
          "level": 5
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ADV_INT",
          "level": 3
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ASE_CCL",
          "level": 1
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ATE_IND",
          "level": 2
        }
      ]
    },
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "3.7"
      ]
    },
    "indirect_transitive_cves": null,
    "next_certificates": null,
    "prev_certificates": null,
    "protection_profiles": {
      "_type": "Set",
      "elements": [
        "af9c3335f79dec6f"
      ]
    },
    "related_cves": null,
    "report_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": {
        "_type": "Set",
        "elements": [
          "BSI-DSZ-CC-0976-V4-2021",
          "BSI-DSZ-CC-1110-V8-2025"
        ]
      },
      "indirectly_referenced_by": null,
      "indirectly_referencing": {
        "_type": "Set",
        "elements": [
          "BSI-DSZ-CC-0879-2014",
          "BSI-DSZ-CC-0891-V2-2016",
          "BSI-DSZ-CC-0976-V2-2018",
          "BSI-DSZ-CC-0945-V3-2018",
          "BSI-DSZ-CC-1110-2019",
          "BSI-DSZ-CC-1110-V3-2020",
          "BSI-DSZ-CC-0916-2015",
          "BSI-DSZ-CC-1110-V8-2025",
          "BSI-DSZ-CC-0782-2012",
          "BSI-DSZ-CC-1110-V6-2023",
          "BSI-DSZ-CC-1110-V7-2024",
          "BSI-DSZ-CC-0945-2017",
          "BSI-DSZ-CC-0782-V2-2015",
          "BSI-DSZ-CC-1110-V2-2019",
          "BSI-DSZ-CC-1110-V5-2022",
          "BSI-DSZ-CC-0945-V2-2018",
          "BSI-DSZ-CC-0976-V3-2019",
          "BSI-DSZ-CC-0891-2015",
          "BSI-DSZ-CC-0976-V4-2021",
          "BSI-DSZ-CC-1110-V4-2021",
          "BSI-DSZ-CC-0976-2015"
        ]
      }
    },
    "scheme_data": {
      "category": "eHealth",
      "cert_id": "EUCC-3087-2026-0011",
      "certification_date": "2026-06-17",
      "enhanced": {
        "applicant": "Giesecke \u0026 Devrient GmbH seit 1. Juli 2017 Giesecke+Devrient Mobile Security GmbH seit 1. Juli 2023 Giesecke+Devrient ePayments GmbH Prinzregentenstr. 161 81677 M\u00fcnchen",
        "assurance_level": "EAL4+,ALC_DVS.2,ATE_DPT.2,AVA_VAN.5,ALC_FLR.1",
        "certification_date": "2026-06-17",
        "description": "The Target of Evaluation (TOE) is the product STARCOS 3.6 COSGKV C1 developed by Giesecke \u0026 Devrient GmbH. The TOE is a smart card product according to the G2 Card Operating System (G2-COS) specification from gematik. The TOE is intended to be used as a card operating system platform for specific card types and applications of the card generation G2 in the framework of the German health care system, and therefore implements the mandatory part of the G2-COS specification with the base functionality of the operating system platform only. The TOE implements from the PP-0082-V2 the base part without any of the optional packages.",
        "entries": [
          {
            "description": "The focus of this re-certification was on the transfer of the certification procedure to CC/CEM:2022 and to EUCC. Included is the update of the product life-cycle concerning the involved development and production sites, the underlying HW-certificate as well as the vulnerability analysis andvaluation of the TOE\u0027s (crypto) implementation. The certified product itself including its related guidance documentation did not change.",
            "id": "EUCC-3087-2026-0011 / BSI-DSZ-CC-0976-V5-2026 (Ausstellungsdatum / Certification Date 17.06.2026, g\u00fcltig bis / valid until 16.06.2031)"
          },
          {
            "description": "The maintenance procedure for BSI-DSZ-CC-0976-V4-2021 covers the update of the product life-cycle concerning the involved development and production sites and additionally addresses the update of the Security Target (ST) and user guidance documentation regards the TOE\u0027s random number generation functionality. The certified product itself did not change.",
            "id": "BSI-DSZ-CC-0976-V4-2021-MA-02 (Ausstellungsdatum / Certification Date 16.06.2025)"
          },
          {
            "description": "The partial ALC re-evaluation for procedure 0976-V4 covers the update of the product life-cycle concerning the involved development and production sites. The certified product itself did not change.",
            "id": "BSI-DSZ-CC-0976-V4-2021-MA-01 (Ausstellungsdatum / Certification Date 09.05.2022)"
          },
          {
            "description": "Software",
            "id": "BSI-DSZ-CC-0976-V4-2021 (Ausstellungsdatum / Certification Date 18.06.2021, g\u00fcltig bis / valid until 17.06.2026) Zertifizierungsreport / Certification Report"
          },
          {
            "description": "The partial ALC re-evaluation for procedure 0976-V3 covers the update of the product life-cycle concerning the involved development and production sites. The certified product itself did not change.",
            "id": "BSI"
          },
          {
            "description": "Maintenance Report",
            "id": "BSI-DSZ-CC-0976-V3-2019-MA-01 (Ausstellungsdatum / Certification Date 15.06.2021)"
          },
          {
            "description": "Software",
            "id": "BSI-DSZ-CC-0976-V3-2019 (Ausstellungsdatum / Certification Date 21.11.2019, g\u00fcltig bis / valid until 20.11.2024)"
          },
          {
            "description": "Software",
            "id": "BSI-DSZ-CC-0976-V2-2018 (Ausstellungsdatum / Certification Date 20.09.2018, g\u00fcltig bis / valid until 19.09.2023)"
          },
          {
            "description": "The changes are related to an update and reevaluation of the product life-cycle caused by changes in the development and porduction sites. The certified product itself did not change.",
            "id": "BSI-DSZ-CC-0976-2015-MA-01 (Ausstellungsdatum / Certification Date 02.08.2018)"
          },
          {
            "description": "",
            "id": "BSI-DSZ-CC-0976-2015-RA-01 (Ausstellungsdatum / Certification Date 19.09.2017)"
          },
          {
            "description": "Security Target",
            "id": "BSI-DSZ-CC-0976-2015 (Ausstellungsdatum / Certification Date 29.12.2015, g\u00fcltig bis / valid until 28.12.2020)"
          }
        ],
        "evaluation_facility": "SRC Security Research \u0026 Consulting GmbH",
        "expiration_date": "2031-06-16",
        "product": "STARCOS 3.7 COS HBA-SMC",
        "protection_profile": "Card Operating System Generation 2 (PP COS G2), Version 2.1, 10 July 2019, BSI-CC-PP-0082-V4-2019"
      },
      "product": "STARCOS 3.7 COS HBA-SMC",
      "subcategory": "Smartcards",
      "url": "https://www.bsi.bund.de/SharedDocs/Zertifikate_CC/CC/Gesundheitswesen_SmartCards/0976.html",
      "vendor": "Giesecke \u0026 Devrient GmbH seit 1. Juli 2017 Giesecke+Devrient Mobile Security GmbH seit 1. Juli 2023 Giesecke+Devrient ePayments GmbH"
    },
    "st_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": {
        "_type": "Set",
        "elements": [
          "BSI-DSZ-CC-1110-V8-2025"
        ]
      },
      "indirectly_referenced_by": null,
      "indirectly_referencing": {
        "_type": "Set",
        "elements": [
          "BSI-DSZ-CC-1110-V8-2025"
        ]
      }
    },
    "verified_cpe_matches": null
  },
  "maintenance_updates": {
    "_type": "Set",
    "elements": []
  },
  "manufacturer": "Giesecke+Devrient ePayments GmbH",
  "manufacturer_web": "https://www.gi-de.com/de/",
  "name": "STARCOS 3.7 COS HBA-SMC",
  "not_valid_after": "2031-06-17",
  "not_valid_before": "2026-06-17",
  "pdf_data": {
    "_type": "sec_certs.sample.cc_eucc_common.PdfData",
    "cert_filename": "EUCC-3087-2026-0011 Certificate.pdf",
    "cert_frontpage": null,
    "cert_keywords": {
      "asymmetric_crypto": {},
      "cc_cert_id": {
        "DE": {
          "BSI-DSZ-CC-0976-V5-2026": 1,
          "EUCC-3087-2026-0011": 1
        }
      },
      "cc_claims": {},
      "cc_protection_profile_id": {},
      "cc_sar": {
        "ALC": {
          "ALC_DVS.2": 1,
          "ALC_FLR": 1,
          "ALC_FLR.1": 1
        },
        "ATE": {
          "ATE_DPT.2": 1
        },
        "AVA": {
          "AVA_VAN": 1,
          "AVA_VAN.5": 2
        }
      },
      "cc_security_level": {
        "EAL": {
          "EAL 2": 1,
          "EAL 4": 1
        }
      },
      "cc_sfr": {},
      "certification_process": {},
      "cipher_mode": {},
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {},
      "crypto_protocol": {},
      "crypto_scheme": {},
      "device_model": {},
      "ecc_curve": {},
      "eval_facility": {
        "SRC": {
          "SRC Security Research \u0026 Consulting": 1
        }
      },
      "hash_function": {},
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {
        "STARCOS": {
          "STARCOS 3": 1
        }
      },
      "pq_crypto": {},
      "randomness": {},
      "side_channel_analysis": {},
      "standard_id": {
        "ISO": {
          "ISO/IEC 15408": 2,
          "ISO/IEC 18045": 2
        }
      },
      "symmetric_crypto": {},
      "technical_report_id": {},
      "tee_name": {},
      "tls_cipher_suite": {},
      "vendor": {
        "GD": {
          "Giesecke+Devrient": 1
        }
      },
      "vulnerability": {}
    },
    "cert_metadata": {
      "/CreationDate": "D:20260622060106+01\u002700\u0027",
      "/Creator": "KM_C300i",
      "/ModDate": "D:20260622060106+01\u002700\u0027",
      "/Producer": "KONICA MINOLTA bizhub C300i",
      "/Title": "KM_C300i26062206000",
      "pdf_file_size_bytes": 125061,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": []
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 2
    },
    "report_filename": "EUCC-3087-2026-0011 Certification Report.pdf",
    "report_frontpage": {
      "DE": {
        "cert_id": "BSI-DSZ-CC-0976-V5-2026",
        "cert_item": "STARCOS 3.7 COS HBA-SMC",
        "cert_lab": "BSI",
        "developer": "Giesecke+Devrient ePayments GmbH",
        "match_rules": [
          "(BSI-DSZ-CC-.+?) (?:for|For) (.+?) from (.*)"
        ]
      }
    },
    "report_keywords": {
      "asymmetric_crypto": {
        "ECC": {
          "ECC": {
            "ECC": 8
          },
          "ECDH": {
            "ECDH": 3
          },
          "ECDSA": {
            "ECDSA": 14
          }
        },
        "FF": {
          "DH": {
            "Diffie-Hellman": 1
          }
        },
        "RSA": {
          "RSA-OAEP": 2
        }
      },
      "cc_cert_id": {
        "DE": {
          "BSI-DSZ-CC-0976-V4-2021": 2,
          "BSI-DSZ-CC-0976-V5-2026": 44,
          "BSI-DSZ-CC-1110-": 1,
          "BSI-DSZ-CC-1110-V8-2025": 7,
          "BSI-DSZ-CC-S-0347-2026": 1,
          "EUCC-3087-2026-0011": 39
        },
        "FR": {
          "ANSSI-CC-SITE-2025/03": 2,
          "ANSSI-CC-SITE-2025/05": 2
        }
      },
      "cc_claims": {},
      "cc_protection_profile_id": {
        "BSI": {
          "BSI-CC-PP-0082-V4-2019": 3
        }
      },
      "cc_sar": {
        "ADV": {
          "ADV_ARC": 1
        },
        "ALC": {
          "ALC_DVS.2": 1,
          "ALC_FLR": 2,
          "ALC_FLR.1": 1
        },
        "ATE": {
          "ATE_DPT.2": 1
        },
        "AVA": {
          "AVA_VAN.5": 2
        }
      },
      "cc_security_level": {
        "EAL": {
          "EAL 2": 2,
          "EAL 4": 1
        }
      },
      "cc_sfr": {
        "FCS": {
          "FCS_CKM": 4,
          "FCS_COP": 29,
          "FCS_RNG": 3,
          "FCS_RNG.1": 1
        },
        "FIA": {
          "FIA_UAU": 2,
          "FIA_USB": 1
        },
        "FPT": {
          "FPT_ITE.1": 1
        },
        "FTP": {
          "FTP_ITC": 2
        }
      },
      "certification_process": {
        "ConfidentialDocument": {
          "1.0, 21 May 2026, Giesecke+Devrient ePayments GmbH (confidential document) 6 specifically \u2022 AIS 1, Version 14, Durchf\u00fchrung der Ortsbesichtigung in der Entwicklungsumgebung": 1,
          "design step H13, Version 6.2, 26 June 2025, Infineon Technologies AG, BSI-DSZ-CC-1110-V8-2025 (confidential document) Security Target Lite of the underlying hardware platform, Security Target IFX_CCI_000003h": 1,
          "for STARCOS 3.7 COS HBA-SMC, Version 3.2, 24 May 2026, SRC Security Research \u0026 Consulting GmbH (confidential document) [ConfList] Configuration List BSI-DSZ-CC-0976-V5-2026, Configuration List STARCOS 3.7 COS HBA-SMC": 1,
          "procedure BSI-DSZ-CC-1110-V8-2025, Version 2, 25 July 2025, T\u00dcV Informationstechnik GmbH (confidential document) [Spec G2 COS] Einf\u00fchrung der Gesundheitskarte, Spezifikation des Card Operating System (COS": 1
        }
      },
      "cipher_mode": {
        "CBC": {
          "CBC": 10
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {},
      "crypto_protocol": {
        "PACE": {
          "PACE": 11
        }
      },
      "crypto_scheme": {
        "KA": {
          "Key Agreement": 1
        },
        "MAC": {
          "MAC": 3
        }
      },
      "device_model": {},
      "ecc_curve": {},
      "eval_facility": {
        "SRC": {
          "SRC Security Research \u0026 Consulting": 6
        },
        "TUV": {
          "T\u00dcV Informationstechnik": 1
        }
      },
      "hash_function": {
        "SHA": {
          "SHA2": {
            "SHA-256": 3
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {
        "STARCOS": {
          "STARCOS 3": 37
        }
      },
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "PRNG": 1
        },
        "RNG": {
          "RNG": 4
        }
      },
      "side_channel_analysis": {
        "FI": {
          "DFA": 1,
          "fault injection": 1,
          "malfunction": 1
        },
        "SCA": {
          "DPA": 1,
          "SPA": 1,
          "side channel": 1
        },
        "other": {
          "JIL": 2
        }
      },
      "standard_id": {
        "BSI": {
          "AIS 1": 2,
          "AIS 14": 1,
          "AIS 19": 1,
          "AIS 20": 5,
          "AIS 25": 2,
          "AIS 26": 1,
          "AIS 31": 4,
          "AIS 32": 2,
          "AIS 37": 2,
          "AIS 38": 2,
          "AIS 46": 2
        },
        "FIPS": {
          "FIPS 180-4": 9,
          "FIPS 197": 12,
          "FIPS PUB 180-4": 1,
          "FIPS PUB 197": 1
        },
        "ISO": {
          "ISO/IEC 15408": 2,
          "ISO/IEC 17065": 2,
          "ISO/IEC 18031:2005": 1,
          "ISO/IEC 18045": 2
        },
        "PKCS": {
          "PKCS#1": 5
        },
        "RFC": {
          "RFC 5639": 15
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 29
          },
          "HPC": {
            "HPC": 4
          }
        },
        "constructions": {
          "MAC": {
            "CMAC": 15
          }
        }
      },
      "technical_report_id": {
        "BSI": {
          "BSI TR-03116-1": 1,
          "BSI TR-03143": 5,
          "BSI TR-03144": 10
        }
      },
      "tee_name": {},
      "tls_cipher_suite": {},
      "vendor": {
        "GD": {
          "G+D": 2,
          "Giesecke+Devrient": 31
        },
        "Infineon": {
          "Infineon": 10,
          "Infineon Technologies AG": 6
        }
      },
      "vulnerability": {}
    },
    "report_metadata": {
      "/CreationDate": "D:20260702102033+02\u002700\u0027",
      "/Creator": "Writer",
      "/Keywords": "Common Criteria, Certification, Zertifizierung, G2 COS, eHealth, gematik",
      "/Producer": "LibreOffice 5.3",
      "/Subject": "STARCOS 3.7 COS HBA-SMC from G+D ePayments GmbH",
      "/Title": "Certification Report EUCC-3087-jjjj-mm-nnnn; BSI-DSZ-CC-0976-V5",
      "pdf_file_size_bytes": 708967,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": [
          "https://www.iso.org/standard/72913.html",
          "https://www.bsi.bund.de/zertifizierung",
          "https://www.commoncriteriaportal.org/",
          "http://www.commoncriteriaportal.org/",
          "https://www.bsi.bund.de/AIS",
          "https://www.iso.org/standard/72917.html",
          "https://www.iso.org/standard/72906.html",
          "https://www.iso.org/standard/72892.html",
          "https://certification.enisa.europa.eu/",
          "https://www.bsi.bund.de/zertifizierungsreporte",
          "https://certification.enisa.europa.eu/publications/eucc-state-art-documents_en",
          "https://eur-lex.europa.eu/eli/reg_impl/2025/2462/oj",
          "https://www.iso.org/standard/72891.html",
          "https://www.gi-de.com/en/cybersecurity-information",
          "https://www.iso.org/standard/72889.html"
        ]
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 39
    },
    "st_filename": "EUCC-3087-2026-0011 Security Target.pdf",
    "st_frontpage": null,
    "st_keywords": {
      "asymmetric_crypto": {
        "ECC": {
          "ECC": {
            "ECC": 16
          },
          "ECDH": {
            "ECDH": 6
          },
          "ECDSA": {
            "ECDSA": 38
          }
        },
        "FF": {
          "DH": {
            "DH": 13,
            "Diffie-Hellman": 1
          },
          "DSA": {
            "DSA": 1
          }
        }
      },
      "cc_cert_id": {
        "DE": {
          "BSI-DSZ-CC-1110-V8-2025": 1
        }
      },
      "cc_claims": {
        "O": {
          "O.AES": 7,
          "O.PACE_CHIP": 2,
          "O.RND": 8
        },
        "T": {
          "T.RND": 5
        }
      },
      "cc_protection_profile_id": {
        "BSI": {
          "BSI-CC-PP- 0082-V4": 1,
          "BSI-CC-PP- 0084-2014": 6,
          "BSI-CC-PP-0035-2007": 1,
          "BSI-CC-PP-0082-V4": 32,
          "BSI-CC-PP-0084-": 4,
          "BSI-CC-PP-0084-2007": 1,
          "BSI-CC-PP-0084-2014": 51,
          "BSI-PP-0084-": 2,
          "BSI-PP-0084-2014": 8
        }
      },
      "cc_sar": {
        "ADV": {
          "ADV_ARC": 2,
          "ADV_ARC.1": 9,
          "ADV_FSP": 2,
          "ADV_FSP.4": 6,
          "ADV_IMP": 2,
          "ADV_IMP.1": 6,
          "ADV_IMP.2": 1,
          "ADV_INT.3": 1,
          "ADV_TDS.3": 3,
          "ADV_TDS.5": 1
        },
        "AGD": {
          "AGD_OPE": 2,
          "AGD_OPE.1": 6,
          "AGD_PRE": 2,
          "AGD_PRE.1": 2
        },
        "ALC": {
          "ALC_CMC": 2,
          "ALC_CMC.4": 1,
          "ALC_CMC.5": 1,
          "ALC_CMS": 2,
          "ALC_CMS.4": 1,
          "ALC_DEL": 2,
          "ALC_DEL.1": 1,
          "ALC_DVS": 2,
          "ALC_DVS.2": 13,
          "ALC_FLR.1": 11,
          "ALC_LCD.1": 1,
          "ALC_TAT.1": 1,
          "ALC_TAT.3": 1
        },
        "ASE": {
          "ASE_CCL.1": 1,
          "ASE_ECD": 1,
          "ASE_ECD.1": 1,
          "ASE_INT.1": 1,
          "ASE_OBJ.2": 1,
          "ASE_REQ.2": 1,
          "ASE_SPD.1": 1,
          "ASE_TSS.1": 1
        },
        "ATE": {
          "ATE_COV": 2,
          "ATE_COV.2": 1,
          "ATE_COV.3": 1,
          "ATE_DPT.1": 1,
          "ATE_DPT.2": 11,
          "ATE_FUN.1": 6,
          "ATE_FUN.2": 1,
          "ATE_IND.2": 5
        },
        "AVA": {
          "AVA_VAN": 2,
          "AVA_VAN.5": 11
        }
      },
      "cc_security_level": {
        "EAL": {
          "EAL 4": 2,
          "EAL 5": 1,
          "EAL4": 14,
          "EAL4 augmented": 4,
          "EAL5": 1,
          "EAL5 augmented": 1,
          "EAL6": 1,
          "EAL6 augmented": 1
        }
      },
      "cc_sfr": {
        "FAU": {
          "FAU_SAS": 8,
          "FAU_SAS.1": 3
        },
        "FCS": {
          "FCS_CKM": 84,
          "FCS_CKM.1": 40,
          "FCS_CKM.2": 9,
          "FCS_CKM.3": 1,
          "FCS_CKM.5": 42,
          "FCS_CKM.6": 65,
          "FCS_CKM.6.1": 2,
          "FCS_CKM.6.2": 1,
          "FCS_COP": 191,
          "FCS_COP.1": 23,
          "FCS_COP.1.1": 1,
          "FCS_RBG.1": 9,
          "FCS_RNG": 35,
          "FCS_RNG.1": 32,
          "FCS_RNG.1.1": 3,
          "FCS_RNG.1.2": 2
        },
        "FDP": {
          "FDP_ACC": 123,
          "FDP_ACC.1": 44,
          "FDP_ACF": 110,
          "FDP_ACF.1": 41,
          "FDP_IFC": 7,
          "FDP_IFC.1": 16,
          "FDP_ITC.1": 35,
          "FDP_ITC.2": 35,
          "FDP_ITT": 7,
          "FDP_ITT.1": 3,
          "FDP_RIP": 9,
          "FDP_RIP.1": 14,
          "FDP_RIP.1.1": 1,
          "FDP_SDC": 8,
          "FDP_SDC.1": 3,
          "FDP_SDI": 7,
          "FDP_SDI.1": 1,
          "FDP_SDI.2": 11,
          "FDP_SDI.2.1": 1,
          "FDP_SDI.2.2": 1,
          "FDP_UCT": 7,
          "FDP_UCT.1": 1,
          "FDP_UIT": 8,
          "FDP_UIT.1": 2
        },
        "FIA": {
          "FIA_ACC": 1,
          "FIA_ACF": 1,
          "FIA_AFL": 22,
          "FIA_AFL.1": 4,
          "FIA_API": 10,
          "FIA_API.1": 16,
          "FIA_API.1.1": 1,
          "FIA_ATD": 10,
          "FIA_ATD.1": 20,
          "FIA_ATD.1.1": 1,
          "FIA_SOS.1": 8,
          "FIA_SOS.1.1": 1,
          "FIA_UAU": 50,
          "FIA_UAU.1": 20,
          "FIA_UAU.1.1": 1,
          "FIA_UAU.1.2": 1,
          "FIA_UAU.4": 12,
          "FIA_UAU.4.1": 1,
          "FIA_UAU.5": 17,
          "FIA_UAU.5.1": 1,
          "FIA_UAU.5.2": 1,
          "FIA_UAU.6": 12,
          "FIA_UAU.6.1": 1,
          "FIA_UID": 14,
          "FIA_UID.1": 19,
          "FIA_UID.1.1": 1,
          "FIA_UID.1.2": 1,
          "FIA_USB": 32,
          "FIA_USB.1": 30,
          "FIA_USB.1.1": 1,
          "FIA_USB.1.2": 1,
          "FIA_USB.1.3": 2
        },
        "FMT": {
          "FMT_LIM": 15,
          "FMT_LIM.1": 3,
          "FMT_LIM.2": 2,
          "FMT_MSA": 68,
          "FMT_MSA.1": 8,
          "FMT_MSA.3": 39,
          "FMT_MSA.3.1": 1,
          "FMT_MSA.3.2": 1,
          "FMT_MTD": 38,
          "FMT_MTD.1": 4,
          "FMT_SMF.1": 51,
          "FMT_SMF.1.1": 1,
          "FMT_SMR": 9,
          "FMT_SMR.1": 41,
          "FMT_SMR.1.1": 1,
          "FMT_SMR.1.2": 1,
          "FMT_SRM": 1
        },
        "FPT": {
          "FPT_EMS": 15,
          "FPT_EMS.1": 12,
          "FPT_EMS.1.1": 1,
          "FPT_FLS": 7,
          "FPT_FLS.1": 18,
          "FPT_FLS.1.1": 1,
          "FPT_ITE": 11,
          "FPT_ITE.1": 11,
          "FPT_ITE.1.1": 1,
          "FPT_ITE.1.2": 1,
          "FPT_ITE.2": 13,
          "FPT_ITE.2.1": 5,
          "FPT_ITE.2.2": 1,
          "FPT_ITT": 7,
          "FPT_ITT.1": 3,
          "FPT_PHP": 7,
          "FPT_PHP.3": 4,
          "FPT_TDC.1": 10,
          "FPT_TDC.1.1": 1,
          "FPT_TDC.1.2": 1,
          "FPT_TST": 2,
          "FPT_TST.1": 11,
          "FPT_TST.1.1": 1,
          "FPT_TST.1.2": 1,
          "FPT_TST.1.3": 1
        },
        "FRU": {
          "FRU_FLT": 7,
          "FRU_FLT.2": 3
        },
        "FTP": {
          "FTP_ITC": 22,
          "FTP_ITC.1": 12,
          "FTP_ITE": 1,
          "FTP_TRP.1": 5
        }
      },
      "certification_process": {
        "OutOfScope": {
          "and cryptographic key sizes 2048 bits and 3072 bits modulus length for RSA private key operation is out of scope for the TOE. 378 The TOE shall meet the requirement \u201cCryptographic operation \u2013 CB ECC (FCS_COP.1/CB": 1,
          "out of scope": 1
        }
      },
      "cipher_mode": {
        "CBC": {
          "CBC": 4
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {},
      "crypto_protocol": {
        "PACE": {
          "PACE": 125
        },
        "TLS": {
          "SSL": {
            "SSL": 1
          }
        }
      },
      "crypto_scheme": {
        "KA": {
          "Key Agreement": 1,
          "Key agreement": 1
        },
        "MAC": {
          "MAC": 33
        }
      },
      "device_model": {},
      "ecc_curve": {
        "Brainpool": {
          "brainpoolP256r1": 4,
          "brainpoolP384r1": 4,
          "brainpoolP512r1": 4
        }
      },
      "eval_facility": {},
      "hash_function": {
        "SHA": {
          "SHA1": {
            "SHA-1": 3
          },
          "SHA2": {
            "SHA-224": 2,
            "SHA-256": 11,
            "SHA-384": 6,
            "SHA-512": 3
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {
        "STARCOS": {
          "STARCOS 3": 181
        }
      },
      "pq_crypto": {},
      "randomness": {
        "RNG": {
          "RND": 15,
          "RNG": 36
        }
      },
      "side_channel_analysis": {
        "FI": {
          "DFA": 1,
          "Malfunction": 17,
          "malfunction": 1,
          "physical tampering": 3
        },
        "SCA": {
          "DPA": 1,
          "Leak-Inherent": 15,
          "Physical Probing": 2,
          "SPA": 1,
          "side channel": 1
        },
        "other": {
          "Bleichenbacher attack": 1,
          "JIL": 1
        }
      },
      "standard_id": {
        "BSI": {
          "AIS20": 2,
          "AIS31": 1
        },
        "CC": {
          "CCMB-2022-11-001": 1,
          "CCMB-2022-11-002": 1,
          "CCMB-2022-11-003": 2,
          "CCMB-2022-11-004": 2
        },
        "FIPS": {
          "FIPS 180-4": 1,
          "FIPS 197": 4,
          "FIPS PUB 180-4": 1,
          "FIPS PUB 197": 1
        },
        "ISO": {
          "ISO/IEC 7816": 2
        },
        "NIST": {
          "NIST SP 800-38B": 1
        },
        "PKCS": {
          "PKCS #1": 2
        },
        "RFC": {
          "RFC 5639": 1,
          "RFC5639": 3
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 81
          },
          "HPC": {
            "HPC": 1
          }
        },
        "constructions": {
          "MAC": {
            "CMAC": 43
          }
        }
      },
      "technical_report_id": {
        "BSI": {
          "BSI TR-03111": 3,
          "BSI TR-03143": 2
        }
      },
      "tee_name": {
        "IBM": {
          "SE": 1
        }
      },
      "tls_cipher_suite": {},
      "vendor": {
        "GD": {
          "G+D": 1,
          "Giesecke+Devrient": 10
        },
        "Infineon": {
          "Infineon": 2,
          "Infineon Technologies AG": 2
        },
        "NXP": {
          "NXP Semiconductors": 1
        },
        "STMicroelectronics": {
          "STMicroelectronics": 1
        }
      },
      "vulnerability": {}
    },
    "st_metadata": {
      "/Author": "Giesecke+Devrient ePayments GmbH",
      "/CreationDate": "D:20260423134806+02\u002700\u0027",
      "/Creator": "Microsoft\u00ae Word f\u00fcr Microsoft 365",
      "/Keywords": "Version 2.2/23.04.2026",
      "/ModDate": "D:20260423134806+02\u002700\u0027",
      "/Producer": "Microsoft\u00ae Word f\u00fcr Microsoft 365",
      "/Subject": "Security Target STARCOS 3.7 COS HBA-SMC",
      "/Title": "G+D Security Target to BSI-PP-0082-V4",
      "pdf_file_size_bytes": 4100307,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": []
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 168
    }
  },
  "protection_profile_links": {
    "_type": "Set",
    "elements": [
      "https://www.commoncriteriaportal.org/nfs/ccpfiles/files/ppfiles/pp0082V4b_pdf.pdf"
    ]
  },
  "report_link": "https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/EUCC-3087-2026-0011%20Certification%20Report.pdf",
  "scheme": "DE",
  "security_level": {
    "_type": "Set",
    "elements": [
      "EAL4+",
      "ALC_FLR.1",
      "AVA_VAN.5",
      "ATE_DPT.2",
      "ALC_DVS.2"
    ]
  },
  "st_link": "https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/EUCC-3087-2026-0011%20Security%20Target.pdf",
  "state": {
    "_type": "sec_certs.sample.cc_eucc_common.InternalState",
    "cert": {
      "_type": "sec_certs.sample.document_state.DocumentState",
      "convert_ok": true,
      "download_ok": true,
      "extract_ok": true,
      "json_hash": null,
      "source_hash": "3a152200634545304d684eb25e8287ef1b90868c68498176e4156f17f3d1d2bc",
      "txt_hash": "5952d52233ac572e4f8c4e485c9bf0880401d96eb257479c3cdc8a8efed90565"
    },
    "report": {
      "_type": "sec_certs.sample.document_state.DocumentState",
      "convert_ok": true,
      "download_ok": true,
      "extract_ok": true,
      "json_hash": null,
      "source_hash": "517e2b9705ab9016ca985840cba21b034186a2a5e2c48205d1842f58020dee11",
      "txt_hash": "05376dc3314e753239585c14fadb5468622a527e2086b8782423850118da35cc"
    },
    "st": {
      "_type": "sec_certs.sample.document_state.DocumentState",
      "convert_ok": true,
      "download_ok": true,
      "extract_ok": true,
      "json_hash": null,
      "source_hash": "d76b738ba378d159a08ac02d3e93bcc14279b5bbaf1a0393322cd6e7718d666e",
      "txt_hash": "fa122615234a076d5146404f825329740373f05981dc4cf536604c919938d429"
    }
  },
  "status": "active"
}