STARCOS

STARCOS ( S mar t C ar d C hip O perating S ystem) is an operating system for chip cards ( Chip Operating System , COS) from Giesecke & Devrient , Munich. It is Z. E.g. on the signature cards db SignaturCard from Deutsche Bank , SIGNTRUST CARD from SIGNTRUST , the businessCard & sprintCard from DGN Deutsches Gesundheitsnetz GmbH, signature cards from the Federal Chamber of Notaries and signature cards from DATEV (status: 2011). In connection with the storage of secret keys on a chip card, the work of the chip card operating system is of crucial security importance.

Features

STARCOS is able to sign hash values delivered by the application (via data to be signed) (i.e. to encrypt with the private key) or to encrypt / decrypt delivered data.

For the signature, you can choose between the padding methods PKCS # 1 Version 1.5 (EMSA-PKCS1-v1_5), EMSA-PSS and ISO / IEC 9796-2.

STARCOS also supports secure messaging in accordance with ISO / IEC 7816-4.

Versions

version	Functions (algorithms)	publication
2.3	RSA -1024 and RSA-2048, MD5 , SHA-1 and RIPEMD-160	???
3.0	RSA-2048, SHA-1 and RIPEMD-160	???
3.2	RSA-1728 and RSA-2048, SHA-256 , SHA-1 and RIPEMD-160	December 19, 2008
3.4	ECDSA 256 bit, SHA-256	???
3.5	???	December 15, 2009

Individual evidence

↑ ^a ^b Security confirmation StarCOS 3.2 QES Version 2.0 (PDF file; 296 kB) Retrieved on April 27, 2015.
↑ Certificate according to § 18 Abs 5 SigG for StarCOS 3.4 Health AHC C1 ( Memento of the original from September 29, 2013 in the Internet Archive ) Info: The archive link was automatically inserted and not yet checked. Please check the original and archive link according to the instructions and then remove this notice. (PDF file), Retrieved on 2017-05-12. @1@ 2

↑ Federal Office for Information Security: Certification Report BSI-DSZ-CC-0682-2010 for STARCOS 3.5 ID GCC C1 from Giesecke & Devrient GmbH ( Memento of the original from March 5, 2016 in the Internet Archive ) Info: The archive link was inserted automatically and not yet checked. Please check the original and archive link according to the instructions and then remove this notice. . GERMAN IT SECURITY CERTIFICATE, (PDF file; 934 kB). Retrieved April 27, 2015. @1@ 2

Web links

[SicherhBestät-1] Security confirmation StarCOS 3.2 QES Version 2.0 (PDF file; 296 kB) Retrieved on April 27, 2015.

[2] Certificate according to § 18 Abs 5 SigG for StarCOS 3.4 Health AHC C1 ( Memento of the original from September 29, 2013 in the Internet Archive ) Info: The archive link was automatically inserted and not yet checked. Please check the original and archive link according to the instructions and then remove this notice. (PDF file), Retrieved on 2017-05-12. @1@ 2

[3] Federal Office for Information Security: Certification Report BSI-DSZ-CC-0682-2010 for STARCOS 3.5 ID GCC C1 from Giesecke & Devrient GmbH ( Memento of the original from March 5, 2016 in the Internet Archive ) Info: The archive link was inserted automatically and not yet checked. Please check the original and archive link according to the instructions and then remove this notice. . GERMAN IT SECURITY CERTIFICATE, (PDF file; 934 kB). Retrieved April 27, 2015. @1@ 2