The widespread use of smart cards for highly sensitive patient information requires the utmost care in the card platforms used. The legislator has placed the approval procedure in the area of responsibility of the Federal Office for Information Security (BSI).

In its technical guideline TR-03106 “eHealth – Certification Concept for Generation G2 Cards”, the BSI provides, among other things, for a security evaluation of eHealth card platforms according to Common Criteria. As a basis for this evaluation, the BSI provides the protection profile “Card Operating System Generation 2 (PP COS G2)”. This protection profile defines the overarching security requirements for health cards.

The first step of the concrete evaluation is to derive the security target for the specific card platform. On this basis, the evaluation is carried out. The results of the security evaluation are submitted to the BSI for security certification.

SRC is recognized by the BSI as a test laboratory for security evaluations according to Common Criteria (ISO 15408) and in the field of smart cards.

We are happy to offer you the opportunity to draw on the expertise of our specialists when evaluating your eHealth card platform.