Multi-Access

Illustration of the multi-access concept in Novij Protocol

Multi-access in Novij Protocol is a system of cryptographic rights delegation without a centralized server. Any operation with data requires a valid key issued by the owner (master client). Rights can be flexibly distributed among users and groups and revoked when necessary. Under the hood is a web of links between blocks, keys, and events that stays invisible to the end user.

Key Architecture

  • Master key (held by the data owner) creates sub-keys and defines their rights.
  • Operation payments can be made either via the master key or from the sub-key owner’s balance — configured at issuance.
  • The block encryption key is updated as needed, for example when moving to the next block or revoking access.
  • When access is revoked, the sub-key stops receiving new encryption keys and can only read old data, but cannot write or decrypt new ones.

Access Rights

The rights matrix is distributed separately for data, groups, and users:

  • Data: read | write | delete
  • Groups: read | edit | delete
  • Users: create | edit | delete

Revocation Mechanism

  • The owner simply stops publishing new encryption keys for a specific sub-key.
  • A user coming online after revocation will only see old blocks and lose the ability to read or write new data.

Partial Data Access

One logical sheet is split into independent blocks:

  • Shared blocks are readable by multiple groups.
  • Private blocks are accessible by a single group.
  • The client assembles the necessary blocks locally to form a complete view.

Real Use Cases

  • IT Project. Developers get read/write access to the repository, the external auditor — read-only. After the review, the auditor’s sub-key is revoked, developers continue work without interruption.
  • Medical Clinic. Doctors are issued sub-keys to access their patients’ records. The lab has read-only access to test results but cannot see personal data. When a doctor leaves, their sub-key is blocked, and new entries remain inaccessible.
  • Sales Department. Managers can write into their own deals, while the director has read access to all deals. When territories are reassigned, the director revokes old sub-keys and issues new ones with limited client segments.
  • HR Department. Recruiters create candidate cards (write), the hiring manager sees status but cannot edit resumes. When the director changes, the old sub-key is revoked and a new one is issued with read rights to all records and write access only to their own notes block.
  • Branch Network. Headquarters holds the master key, branches are issued sub-keys: each has read access to common data and write access to its own branch block. When a branch is closed, the key is revoked, while the entire history remains immutable.