Representation and management of multiple keys

We refer to a key-based protection environment featuring active subjects and protected objects. A subject that possesses a key for a given object is allowed to access this object to carry out actions that depend on the specific application. We propose a new key model, called multiple key, or m-key for short. In this model, an m-key consists of a name, a value and a map. The name specifies a set of objects, and the value is used to validate the m-key. Possession of a valid m-key is equivalent to possession of a key for all the objects specified by the m-key name, or for a subset of these objects, as is stated by the map. A subject that holds an m-key referencing a given set of objects can transform this m-key into a weaker m-key referencing only a subset of these objects. M-key revocation is supported.