Version 2020-3 ® TUV, TUEV and TUV are registered trademarks. Any use or application requires prior approval. Certificate Standard Common Criteria for Information Technology Security Evaluation (CC), Version 3.1 Revision 5 (ISO/IEC 15408) Certificate number CC-20-0061440 TUV Rheinland Nederland B.V. certifies: Certificate holder HID Global and developer viale Remo De Feo, 1, 80022 Arzano (NA), Italy Product and SOMA-c016 Machine Readable Electronic Document assurance level ~~ @ID AS QSCD Application, version 3 Assurance Package: = EAL5 augmented with ALC_DVS.2 and AVA_VAN.5 Protection Profile Conformance: EN 419211-2:2013, Protection Profiles for secure signature creation device - Part 2: Device with key Generation, V2.0.1. . EN 41921 1-4:2013, Protection profiles for secure signature creation device - Part 4: Extension for device with key generation and trusted communication with certificate generation application, V1.0.1. u EN 419211-5:2013, Protection profiles for secure signature creation device - Part 5: Extension for device with key generation and trusted communication with signature creation application, V1.0.1. Project number 0061440 Evaluation facility UL located in Basingstoke, UK Applying the Common Methodology for Information Technology Security Evaluation (CEM), Version 3.1 Revision 5 (ISO/IEC 18045) ‘The Designated Body from The Netherlands under Article 30(2) and 39(2) of Regulation 910/2014 declares that: ® The IT product identified in this certificate is a Qualified Signature/Seal Creation Device (QSCD) where the electronic signature/seal creation data is held in an entirely but not necessarily exclusively user managed ® environment. » The IT product meets the requirements laid down in Annex II of REGULATION (EU) No 910/2014 OF THE ‘Common Criteria Recognition EUROPEAN PARLIAMENT AND OF THE COUNCIL of 23 July 2014 (REGULATION). Arrangement for components + Conformity of the IT product with the requirements of Annex II of REGULATION has been certified with an uptoEAL2 evaluation process that fulfils the requirements of Article 30(3.(a)) of REGULATION and the standards listed in the Annex of COMMISSION IMPLEMENTING DECISION (EU) 2016/650 of 25 April 2016. ‘The IT product identified in this certificate has been evaluated at an accredited and licensed/approved evaluation facility using the Common Methodology for IT Security Evaluation version 3.1 Revision 5 for conformance to the Common Criteria for IT Security Evaluation version 3.1 Revision 5. This certificate applies only to the specific version and release of the product in its evaluated configuration and in conjunction with the complete certification report. The evaluation has been conducted in accordance with the provisions of the Netherlands scheme for certification in the area of IT security [NSCIB] and the conclusions of the evaluation facility in the evaluation technical report are consistent with the evidence adduced. This certificate Is not an endorsement of the IT product by TUV Rheinland Nederland B.V. or by other organisation that recognises or gives effect to this certificate, and no warranty of the IT product by TÜV Rheinland Nederland B.V. or by any other organisation that recognises or ape er aan ne ap 98S effect to this certificate, is elther expressed or implied. to EAL7 Validity Date of 1% issue : 10-09-2020 Certificate expiry : 10-09-2025 Hn R.L. Kruit, LEM Systems H TOV Rheinland Nederland B.V. a Westervoortsediik 73, 6827 AV Amhem P.O. Box 2220, NL-6802 CE Amhem The Netherlands www.tuv.com/nl A TUVRheinland® Precisely Right.