​​

Telebiometrics

(Continuation of Q9/17)

Motivation

During the previous study period, Q9/17 prepared the environment for the usage of biometrics in telecommunication applications and achieved necessary Recommendations. As biometrics has been widely accepted for identity verification in applications such as e-commerce and e-health, biometric application systems have presented various challenges related to privacy protection, reliability and security of biometric data for biosafety and biosecurity applications. These challenges become more complicated and demanding when biometric authentication is adopted in an open network environment.
Currently, telecommunication applications using mobile terminals and Internet services demand authentication methods that not only provide high security but are also convenient for users. Online-banking using a mobile phone and video surveillance using network cameras or CCTV are examples of such emerging applications, where telebiometric authentication is expected to satisfy these demands. Hence, it is necessary to specify requirements for the usage of Recommendations related to security, safety, and privacy protection. Furthermore, it is required to address issues like conformance and interoperability testing for the Recommendations, as well as populating the telebiometric database.
Recommendations under responsibility of this Question as of 23 March 2016: X.1080.1, X.1081, X.1082, X.1083, X.1084, X.1086, X.1088, X.1089, X.1090, X.1091, and X.1092.
Texts under development: X.bhsm, X.pbact, X.tam, X.th2, X.th3, X.th4, X.th5, X.th6, and X.th13.

Question

Study items to be considered include, but are not limited to:
a) How to further enhance or revise the current Recommendations for their wide deployment and usage?
b) What are the requirements for biometrics authentication in a high functionality network such as NGN?
c) How should security countermeasures be assessed for particular applications of telebiometrics?
d) How should biometric systems and operations be developed in order to be conformant to the security requirements for any application of telebiometrics including cloud computing services?
e) How can identification and authentication of users be improved in the aspects of safety and security by the use of interoperable models in telebiometrics?
f) What mechanisms need to be supported to ensure safe and secure manipulation of biometric data in not only existing but also emerging application of telebiometrics, e.g., e-health, tele-medicine, e-commerce, online-banking, video surveillance?

Tasks

Tasks include, but are not limited to:
a) Enhance and revise current Recommendations of telebiometric authentication and populate the telebiometric database.
b) Review the similarities and differences among the existing telebiometrics Recommendations in ITU-T and standards in ISO/IEC.
c) Study and develop security requirements and guidelines for any application of telebiometrics using architectures and frameworks including the ones developed under Question 2/17.
d) Study and develop requirements for evaluating security, conformance and interoperability with privacy protection techniques for any application of telebiometrics.
e) Study and develop requirements for telebiometric applications in a high functionality network.
f) Study and develop integrated frameworks and requirements of telebiometric architectures for cloud computing and data storage environments.
g) Study and develop requirements of telebiometric authentication for trust identity framework.
h) Study and develop requirements for appropriate generic protocols providing safety, security, privacy protection, and consent "for manipulating biometric data" in any application of telebiometrics, e.g., e-health, tele-medicine, e-commerce, online-banking, e-payment, and video surveillance.
i) Study and develop Biology-to-Machine (B2M) protocols for transmitting biological metrics of which interoperate with Machine-to-Machine (M2M) protocols.
j) Study and develop telebiometric applications using bio-signals for applications including but not limited to authentication, identification, and health information monitoring.
k) Study and develop holospheric telecommunication protocol.

Relationships

Recommendations:
• X.200, X.273, X.274, X.509, X.680, X.805 and X.1051.
Questions:
• ITU-T Qs 1/17, 2/17, 3/17, 4/17, 5/17, 6/17, 7/17, 8/17, 10/17, 11/17, 7/13 and 14/15.
Study Groups:
• ITU-D SG2/2; ITU-R SG7; ITU-T SGs 2, 5, 9, 11, 13, 15 and 16.
Standardization bodies:
• IEC/TC 25, IEC/TC 25/JWG 1; Institute of Electrical and Electronics Engineers (IEEE); Internet Engineering Task Force (IETF); ISO/IEC JTC 1/SCs 17, 27 and 37; ISO/TCs 12, 68 and 215; ISO/TC 12/JWG 20.
Other bodies:
• International Bureau of Weights and Measures (BIPM); International Commission on Radiation Units and Measurements (ICRU); Fast Identity Online (FIDO) Alliance; International Labour Organization (ILO); World Health Organization (WHO).