• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.9
• /
• pp.3274-3297
• /
• 2021

Permission delegation is an important research issue in access control. It allows a user to delegate some of his permissions to others to reduce his workload, or enables others to complete some tasks on his behalf when he is unavailable to do so. As an ideal solution for controlling read access on outsourced data objects on the cloud, Ciphertext-Policy Attribute-Based Encryption (CP-ABE) has attracted much attention. Some existing CP-ABE schemes handle the read permission delegation through the delegation of the user's private key to others. Still, these schemes lack the further consideration of granularity and traceability of the permission delegation. To this end, this article proposes a flexible and fine-grained CP-ABE key delegation approach that supports white-box traceability. In this approach, the key delegator first examines the relations between the data objects, read permission thereof that he intends to delegate, and the attributes associated with the access policies of these data objects. Then he chooses a minimal attribute set from his attributes according to the principle of least privilege. He constructs the delegation key with the minimal attribute set. Thus, we can achieve the shortest delegation key and minimize the time of key delegation under the premise of guaranteeing the delegator's access control requirement. The Key Generation Center (KGC) then embeds the delegatee's identity into the key to trace the route of the delegation key. Our approach prevents the delegatee from combining his existing key with the new delegation key to access unauthorized data objects. Theoretical analysis and test results show that our approach helps the KGC transfer some of its burdensome key generation tasks to regular users (delegators) to accommodate more users.

• The Research Journal of the Costume Culture
• /
• v.32 no.2
• /
• pp.232-246
• /
• 2024

This study examines options to revitalize a B2B textile trading platform, exploring user satisfaction and perceptions of the importance of several website features. Between June 8 and June 21, 2023, fashion studies majors and domestic fashion brand product planners were asked to use the website of an open B2B textile platform for 30 minutes and then evaluate its features by responding to a survey. The final sample for analysis wad comprised of 150 questionnaires. To analyze the key textile website features, a paired t-test, Importance-Performance Analysis (IPA), and multiple regression analysis were utilized. The analysis classified the key textile website features related to user importance and satisfaction into the following categories: convenience, appearance, product information, and uniqueness. An analysis investigation of the differences in importance and satisfaction for each website evaluation attribute found significant differences in 12 attributes. The IPA analysis revealed that attributes such as product reliability, quality, a convenient search function, and convenient page movement are highly important to users and garner high user satisfaction; these findings demonstrate the importance of maintaining these elements. Images on the main screen, the latest trend information, and product prominence attributes also garner high importance ratings, but result in low user satisfaction, which signifies extensive revision is required. Finally, user evaluation of the convenience, appearance, and product information of the website was found to affect user recommendation intention.

• Journal of Fashion Business
• /
• v.27 no.3
• /
• pp.50-62
• /
• 2023

The e-commerce fashion market has experienced a remarkable growth, leading to an overwhelming availability of shared information and numerous choices for users. In light of this, chatbots have emerged as a promising technological solution to enhance personalized services in this context. This study aimed to develop user-product attributes for a chatbot-based personalized fashion recommendation service using big data text mining techniques. To accomplish this, over one million consumer reviews from Coupang, an e-commerce platform, were collected and analyzed using frequency analyses to identify the upper-level attributes of users and products. Attribute terms were then assigned to each user-product attribute, including user body shape (body proportion, BMI), user needs (functional, expressive, aesthetic), user TPO (time, place, occasion), product design elements (fit, color, material, detail), product size (label, measurement), and product care (laundry, maintenance). The classification of user-product attributes was found to be applicable to the knowledge graph of the Conversational Path Reasoning model. A testing environment was established to evaluate the usefulness of attributes based on real e-commerce users and purchased product information. This study is significant in proposing a new research methodology in the field of Fashion Informatics for constructing the knowledge base of a chatbot based on text mining analysis. The proposed research methodology is expected to enhance fashion technology and improve personalized fashion recommendation service and user experience with a chatbot in the e-commerce market.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.7 no.4
• /
• pp.57-66
• /
• 2011

We implemented the document DRM applying role based access control(RBAC) mechanism for preventing the information leakage of a document which is transmitted in network environment. It must prevent to access document not related to user role and duty, and must allow operation to document for improving security, considering user role and security level according to a document importance. We improved the security of document DRM by adding to the access control module applying RBAC for satisfying security requirements. Though the user access document, our system allows operation authorizations to document by the user's role & security level and the security attribute of RBAC. Our system prevents indiscriminate access to the documents by user who is not associated with the role, and prevents damage the confidentiality and integrity.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.14 no.2
• /
• pp.27-33
• /
• 2018

User authentication scheme is a method for controlling unauthorized users' access to securely share the services and resources provided by the server and for verifying users with access rights. Initial user authentication scheme was based on passwords. Nowadays, various authentication schemes such as ID based, smart-card based, and attribute based are being researched. The study of Lee et al. suggested a user authentication scheme that provides forward secrecy and protects anonymity of users. However, it is vulnerable to attacks by outsiders and attackers who have acquired smart-cards. In this paper, we propose a modified smart-card authentication scheme to complement the weakness of the previous studies. The proposed user authentication scheme provides the security for the ID guessing attack and the password guessing attacks of the attacker who obtained the login request message and the user's smart-card.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.6
• /
• pp.31-45
• /
• 2004

Public Key Infrastructure(PKI) provides a strong authentication. Privilege Management Infrastructure(PMI) as a new technology can provide user's attribute information. The main function of PMI is to give more specified authority and role to user. To authenticate net and role, we have used digital signature. Role Based Access Control(RBAC) is implemented by digital signature. RBAC provides some flexibility for security management. NEIS(National Education Information System) can not always provide satisfied quality of security management. The main idea of the proposed RNEIS(Roll Based NEIS) is that user's role is stored in AC, access control decisions are driven by authentication policy and role. Security manager enables user to refer to the role stored in user's AC, admits access control and suggests DB encryption by digital signature.

• The Journal of Information Systems
• /
• v.27 no.1
• /
• pp.89-110
• /
• 2018

Purpose There is much information in customer reviews, but finding key information in many texts is not easy. Business decision makers need a model to solve this problem. In this study we propose a multi-topic sentiment analysis approach using Latent Dirichlet Allocation (LDA) for user-generated contents (UGC). Design/methodology/approach In this paper, we collected a total of 104,039 hotel reviews in seven of the world's top tourist destinations from TripAdvisor (www.tripadvisor.com) and extracted 30 topics related to the hotel from all customer reviews using the LDA model. Six major dimensions (value, cleanliness, rooms, service, location, and sleep quality) were selected from the 30 extracted topics. To analyze data, we employed R language. Findings This study contributes to propose a lexicon-based sentiment analysis approach for the keywords-embedded sentences related to the six dimensions within a review. The performance of the proposed model was evaluated by comparing the sentiment analysis results of each topic with the real attribute ratings provided by the platform. The results show its outperformance, with a high ratio of accuracy and recall. Through our proposed model, it is expected to analyze the customers' sentiments over different topics for those reviews with an absence of the detailed attribute ratings.

• International Journal of Contents
• /
• v.8 no.3
• /
• pp.79-82
• /
• 2012

In digital contents distribution environments, a user authentication is an important security primitive to allow only authenticated user to use right services by checking the validity of membership. For example, in Internet Protocol Television (IPTV) environments, it is required to provide an access control according to the policy of content provider. Remote user authentication and key agreement scheme is used to validate the contents accessibility of a user. We propose a novel user authentication scheme using smart cards providing a secure access to multimedia contents service. Each user is authenticated using a subset of attributes which are issued in the registration phase without revealing individual's identity. Our scheme provides the anonymous authentication and the various permissions according to the combination of attributes which are assigned to each user. In spite of more functionality, the result of performance analysis shows that the computation and communication cost is very low. Using this scheme, the security of contents distribution environments in the client-server model can be significantly improved.

• Journal of the Institute of Electronics and Information Engineers
• /
• v.50 no.9
• /
• pp.21-31
• /
• 2013

A ciphertext policy-attribute based encryption(CP-ABE) scheme can be used to realize access control mechanism without a trusted server. We propose an attribute-based access control mechanism by incorporating a CP-ABE scheme to ensure only authorized users can access the sensitive data. The idea of CP-ABE is to include access control policy in the ciphertexts, in which they can only be decrypted if a user possesses attributes that pass through the ciphertext's access structure. In this paper, we prove a secure CP-ABE scheme where the policy can be expressed in non-monotonic access structures. We further compare the performance of our scheme with the existing CP-ABE schemes.

• The KIPS Transactions:PartB
• /
• v.13B no.2 s.105
• /
• pp.133-138
• /
• 2006

Learning with Attribute Value Taxonomies (AVT) has shown that it is possible to construct accurate, compact and robust classifiers from a partially missing dataset (dataset that contains attribute values specified with different level of precision). Yet, in many cases AVTs are generated from experts or people with specialized knowledge in their domain. Unfortunately these user-provided AVTs can be time-consuming to construct and misguided during the AVT building process. Moreover experts are occasionally unavailable to provide an AVT for a particular domain. Against these backgrounds, this paper introduces an AVT generating method called GA-AVT-Learner, which finds a near optimal AVT with a given training dataset using a genetic algorithm. This paper conducted experiments generating AVTs through GA-AVT-Learner with a variety of real world datasets. We compared these AVTs with other types of AVTs such as HAC-AVTs and user-provided AVTs. Through the experiments we have proved that GA-AVT-Learner provides AVTs that yield more accurate and compact classifiers and improve performance in learning missing data.