Hierarchical access control policies, in which users and objects are associated with nodes in a hierarchy, can be enforced using cryptographic mechanisms. Protected data is encrypted and authorized users are given the appropriate keys. Lazy re-encryption techniques and temporal hierarchical access control policies require that multiple keys may be associated with a node in the hierarchy. In this paper, we introduce the notion of a multi-key assignment scheme to address this requirement. We define bounded, unbounded, synchronous, and asynchronous schemes. We demonstrate that bounded, synchronous schemes provide an alternative to temporal key assignment schemes in the literature, and that unbounded asynchronous schemes provide the desired support for lazy re-encryption. © 2009 Elsevier Inc. All rights reserved.
Crampton, J. (2009). Cryptographically-enforced hierarchical access control with multiple keys. Journal of Logic and Algebraic Programming, 78(8), 690–700. https://doi.org/10.1016/j.jlap.2009.04.001