• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.1
• /
• pp.145-164
• /
• 2023

Cloud computing offers a platform that is both adaptable and scalable, making it ideal for outsourcing data for sharing. Various organizations outsource their data on cloud storage servers for availing management and sharing services. When the organizations outsource the data, they lose direct control on the data. This raises the privacy and security concerns. Cryptographic encryption methods can secure the data from the intruders as well as cloud service providers. Data owners may also specify access control policies such that only the users, who satisfy the policies, can access the data. Attribute based access control techniques are more suitable for the cloud environment as they cover large number of users coming from various domains. Multi-authority attribute-based encryption (MA-ABE) technique is one of the propitious attribute based access control technique, which allows data owner to enforce access policies on encrypted data. The main aim of this paper is to comprehensively survey various state-of-the-art MA-ABE schemes to explore different features such as attribute and key management techniques, access policy structure and its expressiveness, revocation of access rights, policy updating techniques, privacy preservation techniques, fast decryption and computation outsourcing, proxy re-encryption etc. Moreover, the paper presents feature-wise comparison of all the pertinent schemes in the field. Finally, some research challenges and directions are summarized that need to be addressed in near future.

• Journal of Korean Library and Information Science Society
• /
• v.43 no.3
• /
• pp.5-26
• /
• 2012

This study is to find the new method for authority control in Korea by surveying status of authority control in university libraries and by analyzing international conceptual model of authority control and VIAF. 2 kinds of survey were done: one is for libraries having authority records and the other is for libraries not having authority records. In survey result, libraries that have authority records want to sustain their own forms of authorized access points and libraries that have no authority records want the rules related to authority and the national cooperative authority control system to be constructed. Based on ICP 2009, FRAD conceptual model, VIAF and this survey result, new authority control is to respect the diversity of forms of the authorized access points. New authority control is to permit authority records that reflect provision for linguistic or cultural environments of each library, confirming to the national cataloging code. Therefore, authorized access points will be displayed according to user preferred forms. For this new authority control, it is needed to make national authority rule, to build the authority records according to library's own rules, and to construct the cooperative authority control system. Also for user preferred authority control, it is needed to describe detailed elements for authority control and relation data between authorized access points, between authorized access points and variant forms. This study could contribute to suggest new authority control that could accept all kinds of authorized access points preferred by nation, libraries, and users.

• Journal of the Korean Society for Library and Information Science
• /
• v.25
• /
• pp.233-264
• /
• 1993

The authorized form is called the heading must be unique and consistent. Without both uniqueness and cosistency, retrieval from the bibliographic database will not be optimal and in some cases may even be impossible. But the authority control is extremely expensive, because it is labour-intensive and dependent on professional investigation and judgement. In fact, it is by far the most expensive function in all of bibliographic control. The processes used to determine the form of access points. maintain. use. and evaluate very accurate authority records reduce the efficiency to generate or merge bibliographic items without modification from any national level bibliographic utilities as well as individual library. In this paper non-authority control system was suggested to solve the disadvantages of authority work. The apparent advantages of the non-authority control system are it is easy to determine the heading, input the bibliographic data. integrate the access points into an existing file, and generate and merge bibliographic data without modification. In addition, non-authority control system can be transmitted into online information retrieval system conducted with a mixture of controlled vocabularies and natural language.

• Journal of the Korean Society for information Management
• /
• v.26 no.1
• /
• pp.279-303
• /
• 2009

This study aims to clearly understand 'Functional Requisite of Authority Data(FRAD)' being studied by IFLA focused on aspect of change from FRAR. In addition, it has established relationship between FRAD and concerned rules by analyzing effect of FRAD on RDA and MARC21 and reviewed cataloguing rules, format and situations of major authority DB implementations concerned about domestic authority controls in reflection of IFLA's activities for authority control. Based on the analysis, it has looked into considerations for domestic authority controls standards such as access control methods, expansion of application scope, introduction of new approaches such as entity-relationship model, reinforcement of roles for national bibliographic agency. These study results would be utilized as basic data for authority control.

• Journal of the Korean Society for information Management
• /
• v.27 no.3
• /
• pp.125-146
• /
• 2010

This study developed a name access point control system for better performance of information retrieval from institutional repositories, which are equipped with authorgenerated metadata processes for self-archiving. In developing name access point control data for the system, the primary data were created from the existing authority. However, unlike the existing authority data, the primary data did not use any authority forms. Instead, the data utilized all the forms provided by the resources as access points. Specifically, field of activity(subject) and title information on authorship were used to distinguish between persons who have the same name. The result showed that the system improved the performance of the information retrieval. The system has been also expected to be utilized over other metadata provided by libraries, in addition to the institutional repositories, in order to provide better quality information.

• Journal of Korean Library and Information Science Society
• /
• v.47 no.2
• /
• pp.201-229
• /
• 2016

The purpose of this study is to make a suggestion on the Korean cataloging rules (KCR) for personal name access points. KCR4 revised in 2003 has been criticized in the absence of related rules. To the end, this study investigates (1) the objectives and functions of personal name access points in the changing bibliographic universe, (2) the detailed rules for persons in RDA and new NCR, and (3) the cases of personal name access points in LC(Library of Congress), NDL(National Diet Library in Japan) authority records. (4) Based on theses, suggested are rules and examples for recording attributes and the authorized access points of persons in KCR to be revised. The data were collected from literature review, the case study, and the interviews with catalogers.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.9
• /
• pp.2550-2572
• /
• 2023

Epidemiological survey is an important means for the prevention and control of infectious diseases. Due to the particularity of the epidemic survey, 1) epidemiological survey in epidemic prevention and control has a wide range of people involved, a large number of data collected, strong requirements for information disclosure and high timeliness of data processing; 2) the epidemiological survey data need to be disclosed at different institutions and the use of data has different permission requirements. As a result, it easily causes personal privacy disclosure. Therefore, traditional access control technologies are unsuitable for the privacy protection of epidemiological survey data. In view of these situations, we propose a black box-assisted fine-grained hierarchical access control scheme for epidemiological survey data. Firstly, a black box-assisted multi-attribute authority management mechanism without a trusted center is established to avoid authority deception. Meanwhile, the establishment of a master key-free system not only reduces the storage load but also prevents the risk of master key disclosure. Secondly, a sensitivity classification method is proposed according to the confidentiality degree of the institution to which the data belong and the importance of the data properties to set fine-grained access permission. Thirdly, a hierarchical authorization algorithm combined with data sensitivity and hierarchical attribute-based encryption (ABE) technology is proposed to achieve hierarchical access control of epidemiological survey data. Efficiency analysis and experiments show that the scheme meets the security requirements of privacy protection and key management in epidemiological survey.

• Journal of the Korean Society for Library and Information Science
• /
• v.45 no.3
• /
• pp.235-257
• /
• 2011

In this study, we proposed the FRAD concept model of authority data schema for author, organization and journal titles included in the academic papers. Academic information includes author names, affiliations, publishers, journals and conferences. They are used as access points, and there are multiple relationships among these entities. It is expected that the use of authority data for academic information based on FRAD conceptual model could improve more accurate retrieval of information, systematic management of academic information, and various forms of knowledge representation. In this study, our entity-relationship authority data will be linked to the document, and included the several properties and relationship to identify the object.

• Journal of Korean Library and Information Science Society
• /
• v.54 no.1
• /
• pp.25-44
• /
• 2023

This study was to prepare a development plan for nationwide authority control system based on national authority sharing system of NLK through the survey targeting on libraries which do not participate in the system. Six plans were suggested to establish a nationwide authority control system based on this survey. First, an authority data construction module and a module linked to the national authority sharing system should be developed. Second, describing external identifiers such as ISNI to the national authority sharing system is to provides reliability of data and to utilizes to build linked data. Third, it is necessary to prepare strategies for promoting the national authority sharing system and diversifying services. Fourth, both authority establishment and non-establishment show difficulties and diversity in the selection and description of authorized access point, so it is necessary to prepare rules related to authorized access points. Fifth, since the data described in authority records is not enough, it is necessary to improve and upgrade authority records by using bibliographic records. Sixth, it is necessary to educate librarians about the necessity and function of authority control. As such, this study is meaningful in that it investigated the current status and requirements of libraries that do not participate in the nationwide authority system and sought ways to establish a nationwide cooperative authority control system.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.1
• /
• pp.302-322
• /
• 2021

In the system of ciphertext policy attribute-based encryption (CP-ABE), only when the attributes of data user meets the access structure established by the encrypter, the data user can perform decryption operation. So CP-ABE has been widely used in personal health record system (PHR). However, the problem of key abuse consists in the CP-ABE system. The semi-trusted authority or the authorized user to access the system may disclose the key because of personal interests, resulting in illegal users accessing the system. Consequently, aiming at two kinds of existing key abuse problems: (1) semi-trusted authority redistributes keys to unauthorized users, (2) authorized users disclose keys to unauthorized users, we put forward a CP-ABE scheme that has authority accountability, user traceability and supports arbitrary monotonous access structures. Specifically, we employ an auditor to make a fair ruling on the malicious behavior of users. Besides, to solve the problem of user leaving from the system, we use an indirect revocation method based on trust tree to implement user revocation. Compared with other existing schemes, we found that our solution achieved user revocation at an acceptable time cost. In addition, our scheme is proved to be fully secure in the standard model.