Motivation

During the previous study period, Q.8/17 prepared the environment for the usage of biometrics in telecommunication applications and provided necessary Recommendations. As biometrics has been widely accepted for identity verification in applications such as e-commerce and e-passport, biometric application systems have presented various challenges related to privacy, reliability and security of biometric data. These challenges become more complicated and demanding when biometric authentication is adopted in an open network environment.

Currently, telecommunication applications using mobile terminals and Internet services demand authentication methods that not only provide high security but are also convenient for users. Tele-medicine, tele-health and e-health are emerging examples of such applications. Biometric authentication is expected to satisfy these requirements but it is also necessary to specify requirements related to usage of Recommendations related to security, safety, and privacy protection. Furthermore, it is intended to address issues like conformance and interoperability testing for the Recommendations, as well as populating the Telebiometric Database.

Recommendations under responsibility of this Question as of 1 December 2008: X.1081, X.1082, X.1083, X.1084, X.1086, X.1088, and X.1089.

Question

Study items to be considered include, but are not limited to:

1. How to further enhance the current Recommendations for their wide deployment and usage?
2. What are the requirements for biometrics authentication in a high functionality network such as NGN?
3. How should security countermeasures be assessed for particular applications of telebiometrics?
4. How should biometric systems and operations including multi-factor authentication be designed in order to be conformant to the security requirements for any application of telebiometrics?
5. How can identification and authentication of users be improved by the use of interoperable models for safe and secure telebiometric methods?
6. What mechanisms need to be supported to ensure safe and secure manipulation of biometric data in any application of telebiometrics, e.g., e-health, tele-medicine or tele-health?

Tasks

Tasks include, but are not limited to:

1. Enhance current Recommendations to accelerate their adoption to various telebiometric applications and populate the telebiometric database.
2. Review the similarities and differences among the existing telebiometrics Recommendations in ITU-T and ISO/IEC standards.
3. Study and develop security requirements and guidelines for any application of telebiometrics.
4. Study and develop requirements for evaluating security, conformance and interoperability with privacy protection techniques for any application of telebiometrics.
5. Study and develop requirements for telebiometric applications in a high functionality network.
6. Study and develop requirements for telebiometric multi-factor authentication techniques based on biometric data protection and biometric encryption.
7. Study and develop requirements for appropriate generic protocols providing safety, security, privacy protection, and consent “for manipulating biometric data” in any application of telebiometrics, e.g., e-health, tele-medicine, tele-health.

Relationships

Recommendations: X.200, X.273, X.274, X.509, X.680, X.805 and X.1051

Questions: ITU-T Qs 1, 2, 3, 4, 5, 6, 7, 10, 11, 12, 15/17, 17/13 and 14/15

Study groups: ITU-T SGs 2, 5, 9, 11, 13, 15 and 16; ITU-R

Standardization bodies: ISO/IEC JTC 1/SCs 17, 27 and 37; ISO/TCs 12, 68 and 215; IEC/TC 25; IETF; IEEE

Other bodies: International Bureau of Weights and Measures (BIPM)