NXP JCOP 4 Security Target Lite v3.4 8

7.2   Security Functional Requirements

This section defines the security functional requirements for the TOE. The permitted operations (assignment, iteration, selection and refinement) of the SFRs taken from Common Criteria [3] are printed in bold. Completed operations related to the PP [13] are additionally marked within [ ] where assignments are marked with the keyword "assignment".

7.2.1 COREG_LC Security Functional Requirements

The list of SFRs of this category are taken from the PP [13].

7.2.1.1 Firewall Policy

FDP_ACC.2[FIREWALL]          Complete access control (FIREWALL)

Hierarchical-To                       FDP_ACC.1 Subset access controlDependencies                        FDP_ACF.1 Security attribute based access controlFDP_ACC.2.1[FIREWALL]        The TSF shall enforce the [assignment: FIREWALL access control SFP]on [assign-

ment: S.PACKAGE, S.JCRE, S.JCVM, O.JAVAOBJECT] and all operations among sub-

jects and objects covered by the SFP.

Refinement: The operations involved in the policy are:

• OP.CREATE(Sharing, LifeTime)(*),

• OP.INVK_INTERFACE(O.JAVAOBJECT, method, arg1, ...),

• OP.INVK_VIRTUAL(O.JAVAOBJECT, method, arg1, ...),

• OP.JAVA(...),

• OP.THROW(O.JAVAOBJECT),

• OP.TYPE_ACCESS(O.JAVAOBJECT, class),

• OP.ARRAY_LENGTH(O.JAVAOBJECT, field),

• OP.ARRAY_AASTORE(O.JAVAOBJECT, field).FDP_ACC.2.2[FIREWALL]        The TSF shall ensure that all operations between any subject controlled by the TSF and

any object controlled by the TSF are covered by an access control SFP.AppNote                                It should be noticed that accessing array’s components of a static array, and more gener-

ally fields and methods of static objects, is an access to the corresponding O.JAVAOBJECT.

– OP.ARRAY_ACCESS

– OP.INSTANCE_FIELD

– OP.INVK_VIRTUAL(O.JAVAOBJECT, method, arg1, ...)

– OP.INVK_INTERFACE(O.JAVAOBJECT, method, arg1, ...)

– OP.THROW(O.JAVAOBJECT)

upon any O.JAVAOBJECTwhose Sharing attribute has value ”Standard” and whose

 LifeTime attribute has value ”PERSISTENT” only if O.JAVAOBJECT’s Contextat-

tribute has the same value as the active context.

•R.JAVA.3 ([39], §6.2.8.10): S.PACKAGE may perform

– OP.TYPE_ACCESS(O.JAVAOBJECT, class)

upon an O.JAVAOBJECTwhose Sharing attribute has value ”SIO” only if O.JAVAOBJECT

is being cast into (checkcast) or is being verified as being an instance of (instanceof) an interface that extends the Shareable interface.

•R.JAVA.4 ([39], §6.2.8.6): S.PACKAGE may perform

– OP.INVK_INTERFACE(O.JAVAOBJECT, method, arg1, ...)

upon an O.JAVAOBJECTwhose Sharing attribute has the value ”SIO”, and whose Context attribute has the value ”Package AID”, only if the invoked interface methodextends the Shareable interface and one of the following conditions applies:

a) The value of the attribute LC Selection Status of the package whose AID is”Package AID” is ”Multiselectable”,

b) The value of the attribute LC Selection Status of the package whose AID is”Package AID” is ”Non-multiselectable”, and either ”Package AID” is the value of the currently selected applet or otherwise ”Package AID” does not occur in the attribute Active Applets.

•R.JAVA.5: S.PACKAGEmay perform

– OP.CREATE(Sharing, LifeTime)(*)

upon O.JAVAOBJECTonly if the value of the Sharing parameter is ”Standard” or ”SIO”.

•R.JAVA.6 ([39], §6.2.8.10): S.PACKAGE may freely perform

– OP.ARRAY_ACCESS(O.JAVAOBJECT, field)

– OP.ARRAY_LENGTH(O.JAVAOBJECT, field)

upon any O.JAVAOBJECTwhose Sharing attribute has value ”global array”.FDP_ACF.1.3[FIREWALL]         The TSF shall explicitly authorise access of subjects to objects based on the following additional rules: [assignment:

•The subject S.JCRE can freely perform OP.JAVA(...)and OP.CREATE(Sharing, Life- Time)(*), with the exception given in FDP_ACF.1.4[FIREWALL], provided it is the Currently Active Context.

•The only means that the subject S.JCVM shall provide for an application to execute native code is the invocation of a Java Card API method (through

– OP.INVK_INTERFACE(O.JAVAOBJECT, method, arg1, ...)

– OP.INVK_VIRTUAL(O.JAVAOBJECT, method, arg1, ...)) ]

FDP_ACF.1.4[FIREWALL]         The TSF shall explicitly deny access of subjects to objects based on the following addi-tional rules: [assignment:

•Any subject with OP.JAVA(...)upon an O.JAVAOBJECTwhose LifeTimeattribute has value ”CLEAR_ON_DESELECT” if O.JAVAOBJECT’s Context attribute is not the same as the Selected Applet Context.

•Any subject attempting to create an object by the means of OP.CREATE(Sharing,  LifeTime)(*) and a ”CLEAR_ON_DESELECT” LifeTime parameter if the active con-text is not the same as the Selected Applet Context.

• S.PACKAGE performing OP.ARRAY_AASTORE(O.JAVAOBJECT, field)of the ref-erence of an O.JAVAOBJECT whose Sharing attribute has value ”global array” or ”Temporary JCRE entry point”.

• S.PACKAGE performing OP.PUTFIELD or OP.PUTSTATIC of the reference of an O.JAVAOBJECT whose Sharing ttribute has value ”global array” or ”Temporary JCRE entry point”. ]

AppNote                                FDP_ACF.1.4[FIREWALL]

•The deletion of applets may render some O.JAVAOBJECT inaccessible, and the Java Card RE may be in charge of his aspect. This can be done, for instance, by ensuring that references to objects belonging to a deleted application are onsid-ered as a null reference.

In the case of an array type, fields are components of the array ([26], §2.14, §2.7.7), as well as the length; the only methods of an array object are those inherited from the Object class.

The Sharing attribute defines four categories of objects:

•Standard ones, whose both fields and methods are under the firewall policy,

•Shareable interface Objects (SIO), which provide a secure mechanism for inter-applet communication,

•JCRE entry points (Temporary or Permanent), who have freely accessible methods but protected fields,

•Global arrays, having both unprotected fields (including components; refer to JavaC-ardClass discussion above) and methods.

When a new object is created, it is associated with the Currently Active Context. But the object is owned by the applet instance within the Currently Active Context when the object is instantiated ([39], §6.1.3). An object is owned by an applet instance, by the JCRE or by the package library where it has been defined (these latter objects can only be arrays that initialize static fields of packages).

([39], Glossary) Selected Applet Context. The Java Card RE keeps track of the currently selected Java Card applet. Upon receiving a SELECT command with this applet’s AID, the Java Card RE makes this applet the Selected Applet Context. The Java Card RE sends all APDU commands to the Selected Applet Context.

While the expression ”Selected Applet Context” refers to a specific installed applet, the relevant aspect to the policy is the context (package AID) of the selected applet. In this policy, the ”Selected Applet Context” is the AID of the selected package.

([39], §6.1.2.1) At any point in time, there is only one active context within the Java Card VM (this is called the Currently Active Context).

It should be noticed that the invocation of static methods (or access to a static field) is not considered by this policy, as there are no firewall rules. They have no effect on the active context as well and the ”acting package” is not the one to which the static method belongs to in this case.

It should be noticed that the Java Card platform, version 2.2.x and version 3 Classic Edition, introduces the possibility for an applet instance to be selected on multiple logical channels at the same time, or accepting other applets belonging to the same package being selected simultaneously. These applets are referred to as multiselectable applets. Applets that belong to a same package are either all multiselectable or not ([40], §2.2.5). Therefore, the selection mode can be regarded as an attribute of packages. No selection mode is defined for a library package.

An applet instance will be considered an active applet instance if it is currently selected in at least one logical channel. An applet instance is the currently selected applet instance only if it is processing the current command. There can only be one currently selected applet instance at a given time. ([39], §4).

FDP_IFC.1[JCVM]                 Subset information flow control (JCVM)

Hierarchical-To                       No other components.Dependencies                        FDP_IFF.1 Simple security attributesFDP_IFC.1.1[JCVM]                 The TSF shall enforce the [assignment: JCVM information flow control SFP] on [as-

signment: S.JCVM, S.LOCAL, S.MEMBER, I.DATA and OP.PUT(S1,S2,I)].

FMT_MSA.2[FIREWALL-JCVM] Secure security attributes (FIREWALL-JCVM)

Hierarchical-To                       No other components.

Dependencies                        [FDP_ACC.1 Subset access control, or FDP_IFC.1 Subset information flow control] FMT_

SMR.1 Security roles FMT_SMF.1 Specification of Management Functions

FMT_MSA.2.1[FIREWALL-JCVM] The TSF shall ensure that only secure values are accepted for [assignment:all the security attributes of subjects and objects defined in the FIREWALL access control SFP and the JCVM information flow control SFP].

AppNote                                The following rules are given as examples only.  For instance, the last two rules are

motivated by the fact that the Java Card API defines only transient arrays factory methods.

Future versions may allow the creation of transient objects belonging to arbitrary classes;

such evolution will naturally change the range of ”secure values” for this component.

•The Context attribute of an O.JAVAOBJECT must correspond to that of an installed applet or be ”Java Card RE”.

•An O.JAVAOBJECT whose Sharing attribute is a Java Card RE entry point or a global array necessarily has ”Java Card RE” as the value for its Context security attribute.

•An O.JAVAOBJECT whose Sharing attribute value is a global array necessarily has

”array of primitive type” as a JavaCardClass security attribute’s value.

•Any O.JAVAOBJECT whose Sharing attribute value is not ”Standard” has a PERSISTENT-

LifeTime attribute’s value.

•Any O.JAVAOBJECT whose LifeTime attribute value is not PERSISTENT has an

array type as JavaCardClass attribute’s value.

FMT_MSA.3[FIREWALL]          Static attribute initialisation (FIREWALL)

Hierarchical-To                       No other components.

Dependencies                       FMT_MSA.1 Management of security attributes FMT_SMR.1 Security roles

FMT_MSA.3.1[FIREWALL]        The TSF shall enforce the [assignment: FIREWALL access control SFP]to provide

[selection:restrictive] default values for security attributes that are used to enforce the SFP.

FMT_MSA.3.2[FIREWALL]        The TSF shall not allow the [assignment: none] to specify alternative initial values to

override the default values when an object or information is created.

AppNote                                FMT_MSA.3.1[FIREWALL]

•Objects’ security attributes of the access control policy are created and initialized at the creation of the object or the subject. Afterwards, these attributes are no longer mutable (FMT_MSA.1[JCRE]). At the creation of an object (OP.CREATE), the newly created object, assuming that the FIREWALL access control SFP permits the operation, gets its Lifetime and Sharing attributes from the parameters of the operation; on the contrary, its Context attribute has a default value, which is its creator’s Context attribute and AID respectively ([39], §6.1.3). There is one default value for the Selected Applet Context that is the default applet identifier’s Context, and one default value for the Currently Active Context that is ”Java Card RE”.

•The knowledge of which reference corresponds to a temporary entry point object or a global array and which does not is solely available to the Java Card RE (and the Java Card virtual machine).

FMT_MSA.3.2[FIREWALL]

•The intent is that none of the identified roles has privileges with regard to the default values of the security attributes. It should be noticed that creation of objects is an operation controlled by the FIREWALL access control SFP. The operation shall fail anyway if the created object would have had security attributes whose value violates FMT_MSA.2.1[FIREWALL-JCVM].

FMT_MSA.3[JCVM]                 Static attribute initialisation (JCVM)

Hierarchical-To                       No other components.

Dependencies                        FMT_MSA.1 Management of security attributes FMT_SMR.1 Security roles

FMT_MSA.3.1[JCVM]               The TSF shall enforce the [assignment: JCVM information flow control SFP] to pro-vide

[selection: restrictive] default values for security attributes that are used to enforce the SFP.

FMT_MSA.3.2[JCVM]               The TSF shall not allow the [assignment: none] to specify alternative initial values to

override the default values when an object or information is created.

FMT_SMF.                           Specification of Management Functions

Hierarchical-To                       No other components

.Dependencies                      No dependencies.

FMT_SMF.1.1                         The TSF shall be capable of performing the following management functions:[assign-ment:

•modify the Currently Active Context, the Selected Applet Context and the Ac- Tive Applets

7.2.1.2 Application Programming Interface

The following SFRs are related to the Java Card API.

The whole set of cryptographic algorithms is generally not implemented because of limited memory resources and/or limitations due to exportation. Therefore, the following requirements only apply to the implemented subset.

It should be noticed that the execution of the additional native code is not within the TSF. Nevertheless, access to API native methods from the Java Card System is controlled by TSF because there is no difference between native and interpreted methods in their interface or invocation mechanism.

FCS_CKM.                           Cryptographic key generation

Hierarchical-To                       No other components.

Dependencies                        [FCS_CKM.2 Cryptographic key distribution, or FCS_COP.1 Cryptographic operation]

FCS_CKM.4 Cryptographic key destruction

FCS_CKM.1.1                        The TSF shall generate cryptographic keys in accordance with a specified cryptographic

key generation algorithm [assignment: JCOP RNG] and specified cryptographic key

sizes[assignment: DES: 112, 168 bit AES: 128, 192, 256 bit RSA: 512, 736, 768, 896,

1024, 1280, 1536, 1984, 2048, 4096 bit and from 2000 bit to 4096 bit in one bit steps

ECC:160, 192, 224, 256, 384, 512, 521 bit] that meet the following: [assignment: [1]].

FCS_CKM.1.1[PUF]                 The TSF shall generate cryptographic keys in accordance with a specified cryptographic

key generation algorithm [assignment: key derivation function based on PUF] and

specified cryptographic key sizes [assignment:128 bits] that meet the following: [as-signment: [22]].

Following iterations of FCS_COP.1 use constants as defined in Java Card API Spec [38] and in JCOPX [14], [15] where appropriate.

FCS_COP.                           Cryptographic operation

Hierarchical-To                       No other components.

Dependencies                        [FDP_ITC.1 Import of user data without security attributes, or FDP_ITC.2 Import of user

data with security attributes, or FCS_CKM.1 Cryptographic key generation] FCS_CKM.4

Cryptographic key destruction.

FCS_COP.1.1[ECAdd]             The TSF shall perform [assignment: secure point addition] in accordance with a speci-

fied cryptographic algorithm [assignment: ECC over GF(p)] and cryptographic key sizes

[assignment:LENGTH_EC_FP_160, LENGTH_EC_FP_192, LENGTH_EC_FP_224,

LENGTH_EC_FP_256, LENGTH_EC_FP_320, LENGTH_EC_FP_384, LENGTH_EC_

FP_521 and and from 160 bit to 521 bit in 1 bit steps] that meet the following: [as-

signment:ISO/IEC 14888-3, Annex C [11]].

FCS_COP.1.1[SHA]                 The TSF shall perform [assignment: secure hash computation] in accordance with a specified

cryptographic algorithm [assignment: ALG_SHA³, ALG_SHA_224, ALG_SHA_256,

ALG_SHA_512] and cryptographic key sizes [assignment: ALG_SHA_384, LENGTH_SHA_224,

LENGTH_SHA_256, LENGTH_SHA_384, LENGTH_SHA_512] that meet the following:

[assignment: Java Card API Spec [38] and JCOPX [14], [15]].

FCS_COP.1.1[AES_CMAC]      The TSF shall perform [assignment: CMAC generation and verification]in accor-dance with

a specified cryptographic algorithm [assignment: ALG_AES_CMAC8, ALG_AES_CMAC16,

ALG_AES_CMAC16_STANDARD, ALG_AES_CMAC_128] and cryp-tographic key sizes

[assignment: LENGTH_AES_128, LENGTH_AES_192 and LENGTH_the following:

[assignment: see Java Card API Spec [38] and JCOPX [14], [15]].

FCS_COP.1.1[DAP]                 The TSF shall perform [assignment: verification of the DAP signature attached to

Executable Load Applications] in accordance with a specified cryptographic algorithm

[assignment:ALG_ECDSA_SHA_256 and ALG_RSA_SHA_PKCS1] and cryptographic

key sizes [assignment: LENGTH_EC_FP_256 and LENGTH_RSA_1024 respectively]

that meet the following: [assignment: GP Spec [34]].

AppNote                                 FCS_COP.1.1[ECDHPACEKeyAgreement], FCS_COP.1.1[PIV], FCS_COP.1.1[ECDH_P1363],

FCS_COP.1.1[ECSignature], FCS_COP.1.1[ECAdd] or FCS_COP.1.1[DAP] (for ECC) are applicable

only if the corresponding Module for the cryptographic operation is present in the TOE.

AppNote                                For resistance against attackers with High Attack Potential, the user should always refer to

the guidance given by the Certification Body in the juristiction. The website www.keylength.com

provides a good reference to recommended keylengths.

³Due to mathematical weakness only resistant against AVA_VAN.5 for temporary data (e.g. as used for generating session keys), but not if repeatedly applied to the same input data.

FDP_RIP.1[ABORT]                Subset residual information protection (ABORT)

FDP_RIP.1[APDU]                  Subset residual information protection (APDU)

Hierarchical-To                       No other components.

Dependencies                        No dependencies

.FDP_RIP.1.1[APDU]                The TSF shall ensure that any previous information content of a resource is made un-

available upon the [selection: allocation of the resource to] the following objects: [as-

signment:the APDU buffer].

AppNote                                The allocation of a resource to the APDU buffer is typically performed as the result of a

call to the process() method of an applet.

FDP_RIP.1[GlobalArray_Refined] Subset residual information protection (Global Array)

Hierarchical-To                       No other components.

Dependencies                        No dependencies.

FDP_RIP.1.1[GlobalArray_Refined] The TSF shall ensure that any previous information content of a resource is made unavailable upon [selection: deallocation of the resource from] the applet as a result of returning from the process method to the following objects: [assignment: a user Global Array]

.AppNote                                An array resource is allocated when a call to the API method JCSystem.makeGlobalArray is performed.

The Global Array is created as a transient JCRE Entry Point Object ensur-ing that reference to it cannot

be retained by any application. On return from the method which called JCSystem.makeGlobalArray,

the array is no longer available to any applet and is deleted and the memory in use by the array is cleared

and reclaimed in the next object deletion cycle.

FDP_ROL.1[FIREWALL]          Basic rollback (FIREWALL)

Hierarchical-To                       No other components.

Dependencies                       [FDP_ACC.1 Subset access control, or FDP_IFC.1 Subset information flow control]

FDP_ROL.1.1[FIREWALL]         The TSF shall enforce [assignment: the FIREWALL access control SFP and the JCVM

information flow control SFP] to permit the rollback of the [assignment: op-erations

OP.JAVA(...)and OP.CREATE(Sharing, LifeTime)(*)] on the [assignment:

object O.JAVAOBJECT.

FDP_ROL.1.2[FIREWALL]         The TSF shall permit operations to be rolled back within the [assignment:scope of a select(),

deselect(), process(), install() or uninstall() call, notwithstanding the re-strictions

given in [39], §7.7, within the bounds of the Commit Capacity ([39], §7.8),and those

described in [38]].

AppNote                                Transactions are a service offered by the APIs to applets. It is also used by some APIs to guarantee

the atomicity of some operation. This mechanism is either implemented in Java Card platform or

relies on the transaction mechanism offered by the underlying platform. Some operations of the API

are not conditionally updated, as documented in [38] (see for instance, PIN-blocking, PIN-checking,

update of Transient objects).

7.2.1.3 Card Security Management

•CAP: CAP file inconsistency (response with error code to S.CAD),

•typing error in the operands of a bytecode (only possible in BCV),

•LFC: applet life cycle inconsistency (throw an exception),

•CHP: card tearing (unexpected removal of the Card out of the CAD) and power failure (reinitialize the Java Card System),

•ABT: abort of a transaction in an unexpected context (throw an exception),

•FWL: violation of the Firewall or JCVM SFPs (throw an exception),

•RSC: unavailability of resources (throw an exception),

•OFL: array overflow (throw an exception),

•assignment:

– EDC: checksum mismatch of EDC arrays (throw an exception),

– MOD: functionality of a not present Module is invoked (throw an exception, response with error code to S.CAD),

– SRE: violation of Sensitive Result integrity errors (throw an exception),

– CHP: Abnormal environmental condition (Frequency, Voltage, Temperature)

(reinitialize the Java Card System),

– Physical Tampering

CLC: Card Manager Life Cycle inconsistency (throw an exception),

CHP: General Fault Injection Detection (reinitialize the Java Card Sys-tem)

– CHP: FLASH defects (reinitialize the Java Card System),

– CHP: Integrity protected persistent data inconsistency (reinitialize the Java Card System),

– CHP: Integrity protected transient data inconsistency (reinitialize the Java Card System),

– Memory Access Violation

CHP: Others (reinitialize the Java Card System)

AppNote                                    • The developer shall provide the exhaustive list of actual potential security violations

the TOE reacts to. For instance, other runtime errors related to applet’s failure like

uncaught exceptions.

•The bytecode verification defines a large set of rules used to detect a ”potential security violation”. The actual monitoring of these ”events” within the TOE only makes sense when the bytecode verification is performed on-card.

•Depending on the context of use and the required security level, there are cases, where the card manager and the TOE must work in cooperation to detect and appropriately react in case of potential security violation. This behavior must be described in this component. It shall detail the nature of the feedback informa-tion provided to the card manager (like the identity of the offending application) and the conditions under which the feedback will occur (any occurrence of the java.lang.SecurityException exception).

•The ”resetting of the card session” may not appear in the policy of the card man-ager. Such measure should only be taken in case of severe violation detection; the same holds for the re-initialization of the Java Card System. Moreover, the resetting should occur when ”clean” re-initialization seems to be impossible.

•The resetting may be implemented at the level of the Java Card System as a denial of service (through some systematic ”fatal error” message or return value) that lasts up to the next ”RESET” event, without affecting other components of the card (such as the card manager). Finally, because the installation of applets is a sensitive

process, security alerts in this case should also be carefully considered herein.

AppNote • The action ”reinitialize the Java Card System and its data” is supported by the TOE.

The Java Card System is reinitialized by performing a reset. Additionally the in-ternal Attack Counter may be updated before the reset depending on the detected abnormal event.

•The action ”lock the card session” which is assigned in the PP [13] is not supported by the TOE. Instead the action ”reinitialize the Java Card System and its data” is executed which is a more strict reaction.

•No particular action is taken for the potential security violation ”card tearing” since this is a normal operating condition.

FDP_SDI.2[DATA]                   Stored data integrity monitoring and action

Hierarchical-To                       FDP_SDI.1 Stored data integrity monitoring

Dependencies                        No dependencies

.FDP_SDI.2.1[DATA]                 The TSF shall monitor user data stored in containers controlled by the TSF for [assign-

ment:integrity errors] on all objects, based on the following attributes: [assignment:

integrity protected data].

FDP_SDI.2.2[DATA]                 Upon detection of a data integrity error, the TSF shall [assignment:perform the action

defined in FAU_ARP.1].RefinementThe following data elements have the user data attribute ”integrity protected data”:

•It is also recommended to monitor integrity errors in the code of the native applica-tions and Java Card applets.

•For integrity sensitive application, their data shall be monitored (D.APP_I_DATA): applications may need to protect information against unexpected modifications, and explicitly control whether a piece of information has been changed between two accesses. For example, maintaining the integrity of an electronic purse’s balance is extremely important because this value represents real money. Its modification must be controlled, for illegal ones would denote an important failure of the payment system.

•A dedicated library could be implemented and made available to developers to achieve better security for specific objects, following the same pattern that already exists in cryptographic APIs, for instance.

FDP_SDI.2[SENSITIVE_RESULT] Stored data integrity monitoring and action (Sensitive Result)

Hierarchical-To                       FDP_SDI.1 Stored data integrity monitoring

Dependencies                        No dependencies.

FDP_SDI.2.1[SENSITIVE_RESULT] The TSF shall monitor user data stored in containers controlled by the TSF for [as-signment:integrity errors] on all objects, based on the following attributes:[assign-ment: sensitive API result stored in the com.nxp.id.jcopx.security.SensitiveResultX class].

FDP_SDI.2.2[SENSITIVE_RESULT] Upon detection of a data integrity error, the TSF shall [assignment: throw an ex-ception].

FPR_UNO.                           Unobservability

Hierarchical-To                       No other components.

Dependencies                        No dependencies

.FPR_UNO.1.1                         The TSF shall ensure that [assignment: all users] are unable to observe the operation

[assignment:all operations] on [assignment: D.APP_KEYs, D.PIN, D.Crypto] by

[assignment:another user].