• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.1
• /
• pp.323-342
• /
• 2021

Personal health records (PHRs) is an electronic medical system that enables patients to acquire, manage and share their health data. Nevertheless, data confidentiality and user privacy in PHRs have not been handled completely. As a fine-grained access control over health data, ciphertext-policy attribute-based encryption (CP-ABE) has an ability to guarantee data confidentiality. However, existing CP-ABE solutions for PHRs are facing some new challenges in access control, such as policy privacy disclosure and dynamic policy update. In terms of addressing these problems, we propose a privacy protection and dynamic share system (PPADS) based on CP-ABE for PHRs, which supports full policy hiding and flexible access control. In the system, attribute information of access policy is fully hidden by attribute bloom filter. Moreover, data user produces a transforming key for the PHRs Cloud to change access policy dynamically. Furthermore, relied on security analysis, PPADS is selectively secure under standard model. Finally, the performance comparisons and simulation results demonstrate that PPADS is suitable for PHRs.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.5
• /
• pp.11-21
• /
• 2004

To authorize IPSec-VPN Client in Client-to-Gateway type of the IPSec-VPN system, it can be normally used with ID/Password verification method or the implicit authorization method that regards implicitly IPSec-VPN gateway as authorized one in case that the IPSec-VPN client is authenticated. However, it is necessary for the Client-to-Gateway type of the IPSec-VPN system to have a more effective user authorization mechanism because the ID/Password verification method is not easy to transfer the ID/Password information and the implicit authorization method has the vulnerability of security. This paper proposes an effective user authorization mechanism using an attribute certificate and designs a user authorization engine. In addition, it is implemented in this study. The user authorization mechanism for the IPSec-VPN system proposed in this study is easy to implement the existing IPSec-VPN system. Moreover, it has merit to guarantee the interoperability with other IPSec-VPN systems. Furthermore, the user authorization engine designed and implemented in this paper will provide not only DAC(Discretional Access Control) and RBAC(Role-Based Access Control) using an attribute certificate, but also the function of SSO(Single-Sign-On).

• Journal of Information Technology Applications and Management
• /
• v.10 no.4
• /
• pp.29-50
• /
• 2003

This research provide the basic information to enhance the user-orientedness of usability design guidelines for software products and an effective empirical guidance to classify design attributes of internet shopping mall sites. The results of analysis show that design attributes can be classified into the procedural attribute group, the shopping tool attribute group, the visual attribute group, linguistic attribute group, and others. The results show that shopping tool attribute group can be divided further into the search tool attribute group and purchase tool attribute group and that the visual attribute group can be divided further into the screen condition attribute group and the character legibility attribute group. The research reveals that when designers design software interfaces and features they should take the compound effect of a group of design attributes into consideration to enhance the usability of the system.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.11
• /
• pp.4028-4049
• /
• 2014

Attribute-based encryption (ABE) is a promising cryptographic primitive for implementing fine-grained data sharing in cloud computing. However, before ABE can be widely deployed in practical cloud storage systems, a challenging issue with regard to attributes and user revocation has to be addressed. To our knowledge, most of the existing ABE schemes fail to support flexible and direct revocation owing to the burdensome update of attribute secret keys and all the ciphertexts. Aiming at tackling the challenge above, we formalize the notion of ciphertext-policy ABE supporting flexible and direct revocation (FDR-CP-ABE), and present a concrete construction. The proposed scheme supports direct attribute and user revocation. To achieve this goal, we introduce an auxiliary function to determine the ciphertexts involved in revocation events, and then only update these involved ciphertexts by adopting the technique of broadcast encryption. Furthermore, our construction is proven secure in the standard model. Theoretical analysis and experimental results indicate that FDR-CP-ABE outperforms the previous revocation-related methods.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.10 no.2
• /
• pp.83-89
• /
• 2014

An increasing number of children are now using the Internet. They are starting at a younger age, using a variety of devices and spending more time online. It becomes an important problem to protect the children in online environment. The Internet can be a major channel for their education, creativity and self-expression. However, it also carries a spectrum of risks to which children are more vulnerable than adults. In order to solve these problems, we suggested a binding model of user attributes for enhanced user authentication. We also studied the requirements and prerequisites of a binding model of user attributes. In this paper we described the architecture of binding model of user attributes and showed the effectiveness of the suggested model using simulation. This model can be utilized to enhanced user authentication and service authorization.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.4
• /
• pp.1832-1853
• /
• 2018

The personal health record (PHR) system is a promising application that provides precise information and customized services for health care. To flexibly protect sensitive data, attribute-based encryption has been widely applied for PHR access control. However, escrow, exposure and abuse of private keys still hinder its practical application in the PHR system. In this paper, we propose a coordinated ciphertext policy attribute-based access control with user accountability (CCP-ABAC-UA) for the PHR system. Its coordinated mechanism not only effectively prevents the escrow and exposure of private keys but also accurately detects whether key abuse is taking place and identifies the traitor. We claim that CCP-ABAC-UA is a user-side lightweight scheme. Especially for PHR receivers, no bilinear pairing computation is needed to access health records, so the practical mobile PHR system can be realized. By introducing a novel provably secure construction, we prove that it is secure against selectively chosen plaintext attacks. The analysis indicates that CCP-ABAC-UA achieves better performance in terms of security and user-side computational efficiency for a PHR system.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.7
• /
• pp.3339-3352
• /
• 2016

In ciphertext-policy attribute-based encryption (CP-ABE) scheme, a user's secret key is associated with a set of attributes, and the ciphertext is associated with an access policy. The user can decrypt the ciphertext if and only if the attribute set of his secret key satisfies the access policy specified in the ciphertext. In the present schemes, access policy is sent to the decryptor along with the ciphertext, which means that the privacy of the encryptor is revealed. In order to solve such problem, we propose a CP-ABE scheme with hidden access policy, which is able to preserve the privacy of the encryptor and decryptor. And what's more in the present schemes, the users need to do excessive calculation for decryption to check whether their attributes match the access policy specified in the ciphertext or not, which makes the users do useless computation if the attributes don't match the hidden access policy. In order to solve efficiency issue, our scheme adds a testing phase to avoid the unnecessary operation above before decryption. The computation cost for the testing phase is much less than the decryption computation so that the efficiency in our scheme is improved. Meanwhile, our new scheme is proved to be selectively secure against chosen-plaintext attack under DDH assumption.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.18 no.5
• /
• pp.1260-1272
• /
• 2024

This paper tackles the prevalent challenges faced by existing tourism route recommendation methods, including data sparsity, cold start, and low accuracy. To address these issues, a novel intelligent tourism route recommendation method based on collaborative filtering is introduced. The proposed method incorporates a series of key steps. Firstly, it calculates the interest level of users by analyzing the item attribute rating values. By leveraging this information, the method can effectively capture the preferences and interests of users. Additionally, a user attribute rating matrix is constructed by extracting implicit user behavior preferences, providing a comprehensive understanding of user preferences. Recognizing that user interests can evolve over time, a weight function is introduced to account for the possibility of interest shifting during product use. This weight function enhances the accuracy of recommendations by adapting to the changing preferences of users, improving the overall quality of the suggested tourism routes. The results demonstrate the significant advantages of the approach. Specifically, the proposed method successfully alleviates the problem of data sparsity, enhances neighbor selection, and generates tourism route recommendations that exhibit higher accuracy compared to existing methods.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.10 no.4
• /
• pp.127-132
• /
• 2014

Some laws and regulations may require internet service providers to provide services based on the age of users. Age verification in the online environment should be used as a tool to provide service that is appropriate to child based on age. Using the minimum attribute information, processes on age verification provides the proper guidance to the internet services. However, there is a lack of a globally accepted trust framework for age verification process including evaluation factors for age verification information. In this paper the federation model of user attributes were described and evaluation factors for the age verification information were suggested. Also using the suggested evaluation factors, performance evaluation of federation model of user evaluation was performed. To meet the requirements of evaluation factors, framework of federation model should consider the unlinkability pseudonym support, eavesdropping protection and cloning protection.

• Journal of the Korea Society of Computer and Information
• /
• v.28 no.1
• /
• pp.27-38
• /
• 2023

In this paper, we propose a conversational AI agent based on continual learning that can continuously learn and grow with new data over time. A continual learning-based conversational AI agent consists of three main components: Task manager, User attribute extraction, and Auto-growing knowledge graph. When a task manager finds new data during a conversation with a user, it creates a new task with previously learned knowledge. The user attribute extraction model extracts the user's characteristics from the new task, and the auto-growing knowledge graph continuously learns the new external knowledge. Unlike the existing conversational AI agents that learned based on a limited dataset, our proposed method enables conversations based on continuous user attribute learning and knowledge learning. A conversational AI agent with continual learning technology can respond personally as conversations with users accumulate. And it can respond to new knowledge continuously. This paper validate the possibility of our proposed method through experiments on performance changes in dialogue generation models over time.