1、 International Telecommunication Union ITU-T X.1092TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (06/2013) SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY Information and network security Telebiometrics Integrated framework for telebiometric data protection in e-health and telemed
2、icine Recommendation ITU-T X.1092 ITU-T X-SERIES RECOMMENDATIONS DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY PUBLIC DATA NETWORKS X.1X.199 OPEN SYSTEMS INTERCONNECTION X.200X.299 INTERWORKING BETWEEN NETWORKS X.300X.399 MESSAGE HANDLING SYSTEMS X.400X.499 DIRECTORY X.500X.599 OSI NETWORKI
3、NG AND SYSTEM ASPECTS X.600X.699 OSI MANAGEMENT X.700X.799 SECURITY X.800X.849 OSI APPLICATIONS X.850X.899 OPEN DISTRIBUTED PROCESSING X.900X.999 INFORMATION AND NETWORK SECURITY General security aspects X.1000X.1029 Network security X.1030X.1049 Security management X.1050X.1069 Telebiometrics X.108
4、0X.1099SECURE APPLICATIONS AND SERVICES Multicast security X.1100X.1109 Home network security X.1110X.1119 Mobile security X.1120X.1139 Web security X.1140X.1149 Security protocols X.1150X.1159 Peer-to-peer security X.1160X.1169 Networked ID security X.1170X.1179 IPTV security X.1180X.1199 CYBERSPAC
5、E SECURITY Cybersecurity X.1200X.1229 Countering spam X.1230X.1249 Identity management X.1250X.1279 SECURE APPLICATIONS AND SERVICES Emergency communications X.1300X.1309 Ubiquitous sensor network security X.1310X.1339 CYBERSECURITY INFORMATION EXCHANGE Overview of cybersecurity X.1500X.1519 Vulnera
6、bility/state exchange X.1520X.1539 Event/incident/heuristics exchange X.1540X.1549 Exchange of policies X.1550X.1559 Heuristics and information request X.1560X.1569 Identification and discovery X.1570X.1579 Assured exchange X.1580X.1589 For further details, please refer to the list of ITU-T Recommen
7、dations. Rec. ITU-T X.1092 (06/2013) i Recommendation ITU-T X.1092 Integrated framework for telebiometric data protection in e-health and telemedicine Summary Recommendation ITU-T X.1092 provides an integrated framework to protect biometric data and private information in e-health and telemedicine.
8、It defines a model of health services using telebiometrics for user identification and authentication. It identifies threats in transmitting various sensory data related to human health and provides countermeasures for secure transmission when applying the integrated framework. History Edition Recom
9、mendation Approval Study Group 1.0 ITU-T X.1092 2013-06-13 17 Keywords Biometric-based e-health integration model, security requirements for each threat, telebiometric data protection, threats for telemedicine (e-health), use cases. ii Rec. ITU-T X.1092 (06/2013) FOREWORD The International Telecommu
10、nication Union (ITU) is the United Nations specialized agency in the field of telecommunications, information and communication technologies (ICTs). The ITU Telecommunication Standardization Sector (ITU-T) is a permanent organ of ITU. ITU-T is responsible for studying technical, operating and tariff
11、 questions and issuing Recommendations on them with a view to standardizing telecommunications on a worldwide basis. The World Telecommunication Standardization Assembly (WTSA), which meets every four years, establishes the topics for study by the ITU-T study groups which, in turn, produce Recommend
12、ations on these topics. The approval of ITU-T Recommendations is covered by the procedure laid down in WTSA Resolution 1. In some areas of information technology which fall within ITU-Ts purview, the necessary standards are prepared on a collaborative basis with ISO and IEC. NOTE In this Recommendat
13、ion, the expression “Administration“ is used for conciseness to indicate both a telecommunication administration and a recognized operating agency. Compliance with this Recommendation is voluntary. However, the Recommendation may contain certain mandatory provisions (to ensure, e.g., interoperabilit
14、y or applicability) and compliance with the Recommendation is achieved when all of these mandatory provisions are met. The words “shall“ or some other obligatory language such as “must“ and the negative equivalents are used to express requirements. The use of such words does not suggest that complia
15、nce with the Recommendation is required of any party. INTELLECTUAL PROPERTY RIGHTS ITU draws attention to the possibility that the practice or implementation of this Recommendation may involve the use of a claimed Intellectual Property Right. ITU takes no position concerning the evidence, validity o
16、r applicability of claimed Intellectual Property Rights, whether asserted by ITU members or others outside of the Recommendation development process. As of the date of approval of this Recommendation, ITU had not received notice of intellectual property, protected by patents, which may be required t
17、o implement this Recommendation. However, implementers are cautioned that this may not represent the latest information and are therefore strongly urged to consult the TSB patent database at http:/www.itu.int/ITU-T/ipr/. ITU 2013 All rights reserved. No part of this publication may be reproduced, by
18、 any means whatsoever, without the prior written permission of ITU. Rec. ITU-T X.1092 (06/2013) iii Table of Contents Page 1 Scope 1 2 References. 1 3 Terms and definitions . 1 3.1 Terms defined elsewhere 1 3.2 Terms defined in this Recommendation . 1 4 Abbreviations and acronyms 2 5 Relationship be
19、tween the biometric e-health service model and privacy . 2 5.1 e-health sensor types . 2 5.2 Biometric information 2 5.3 Privacy information 3 6 General overview of the integration model 3 6.1 Functional requirements . 3 6.2 Authentication procedure . 4 7 Application of the biometric-based integrate
20、d e-health model Terminal application 5 8 Threat for telemedicine (e-health) 6 8.1 Enhanced personal authentication 7 8.2 Personal information leak from e-health terminal 7 8.3 Use of unauthorized biosensor . 7 8.4 Use of unauthorized sensor 7 8.5 Security protocol that ensures availability . 8 8.6
21、Personal information leak from centre . 8 8.7 Medical information leak from centre 8 9 Security requirements for each threat . 8 9.1 Enhanced personal authentication 8 9.2 Personal information leak from terminal 8 9.3 Unauthorized use of biometric sensor 9 9.4 Unauthorized use of e-health sensor . 9
22、 9.5 Security protocol that ensures availability . 9 9.6 Personal information leak from centre . 9 9.7 Medical information leak from the e-health centre 10 10 Countermeasures for each threat 10 10.1 Enhanced personal authentication 10 10.2 Personal information leaks from e-health terminal 10 10.3 Un
23、authorized use of biometric sensor 10 10.4 Unauthorized use of e-health sensor . 10 iv Rec. ITU-T X.1092 (06/2013) Page 10.5 Personal information leaks from e-health centre 10 10.6 Medical information leaks from e-health centre 10 Appendix I Use cases 11 I.1 Introduction 11 I.2 Use cases 11 Bibliogr
24、aphy. 14 Rec. ITU-T X.1092 (06/2013) v Introduction Remote medical systems are technologies in which medical services are transmitted using computers and data communication technologies, and they are also defined as medical systems that diagnose and treat patients in remote locations. Devices are us
25、ed to transmit the patients physical information (electrocardiogram, X-rays, voice, etc.) to the hospital or doctor, which is then examined by the doctor. The doctors instructions for treatment based on a diagnosis are then sent from the hospital to the patient to commence treatment. The patients ph
26、ysical information is shared not only between the patient and doctor, but also between hospitals. However, this kind of remote medical system may be at risk of potential infringements of personal privacy, due to the disclosure of personal and medical information. For this reason, security technologi
27、es are required to protect such a system from vulnerabilities, while effectively safeguarding it against external attacks. To provide stable biometric telemedicine and e-health services, user authentication and service aspects should be considered. Because medical services requiring user health info
28、rmation are provided remotely in the application of biometric telemedicine and e-health services, user identification is a highly important factor. The existing password-based user authentication system has the vulnerability of potential exposure on the open network, whereas public-key infrastructur
29、e (PKI)-based user authentication creates inconveniences regarding key management and entering electronic signature passwords. It could potentially be quite difficult for a patient suffering from a chronic disease to input their electronic signature password whenever they access the terminal for e-h
30、ealth services. Therefore, the introduction of biometric technology is indispensable in providing identification and also convenient in the e-health environment. The following reasons outline why biometrics should be integrated into the telemedicine and e-health environment. E-health provides medica
31、l services related to a users health and life. Therefore, if there is a single error in user authentication, fatal medical problems may arise. As a result, biometrics should be used for enhanced user identification processes. If sufferers of chronic diseases access e-health services, the current pas
32、sword or PKI-based user authentication systems are quite inconvenient, as they require the input of a password. If biometrics are adopted, user convenience will be enhanced through an authentication system that is based on physical feature information, such as the face or fingerprint. Rec. ITU-T X.1
33、092 (06/2013) 1 Recommendation ITU-T X.1092 Integrated framework for telebiometric data protection in e-health and telemedicine 1 Scope To provide secure biometric telemedicine and e-health services, user authentication and service aspects should be considered. This Recommendation provides an integr
34、ated framework for the protection of biometric data and private information in e-health and telemedicine. It defines a model of e-health services using telebiometrics for user identification and authentication. It identifies the threats in transmitting various sensory data related to human health an
35、d provides the countermeasures for secure transmission when applying this integrated framework. 2 References The following ITU-T Recommendations and other references contain provisions which, through reference in this text, constitute provisions of this Recommendation. At the time of publication, th
36、e editions indicated were valid. All Recommendations and other references are subject to revision; users of this Recommendation are therefore encouraged to investigate the possibility of applying the most recent edition of the Recommendations and other references listed below. A list of the currentl
37、y valid ITU-T Recommendations is regularly published. The reference to a document within this Recommendation does not give it, as a stand-alone document, the status of a Recommendation. ITU-T X.1084 Recommendation ITU-T X.1084 (2008), Telebiometrics system mechanism Part 1: General biometric authent
38、ication protocol and system model profiles for telecommunications systems. ITU-T X.1089 Recommendation ITU-T X.1089 (2008), Telebiometrics authentication infrastructure (TAI). ISO/IEC 24761 ISO/IEC 24761:2009, Information technology Security techniques Authentication context for biometrics. 3 Terms
39、and definitions 3.1 Terms defined elsewhere This Recommendation uses the following term defined elsewhere: 3.1.1 e-health b-WHO: e-health is the transfer of health resources and health care by electronic means. 3.2 Terms defined in this Recommendation This Recommendation defines the following terms:
40、 3.2.1 e-health centre: Servers that hold patient information; this includes medical information and identification information (to recognize) the patients. The e-health centre is also responsible for server management. 3.2.2 e-health terminal: Gateways that transmit the collected patients medical i
41、nformation to the remote medical system. This is a device for checking the diagnosis information transmitted by medical staff who have examined the patient. 3.2.3 medical staff: All users related to remote clinical services such as doctors, nurses, etc. 2 Rec. ITU-T X.1092 (06/2013) 3.2.4 sensor: A
42、device for collecting medical information of patients, and a device for collecting biometric information for user certification. It must be able to store device certifications, in order to certify the device. 3.2.5 user: All users related to remote medical services such as patients, medical staff, r
43、emote medical service administrations, insurance administrators, etc. 4 Abbreviations and acronyms This Recommendation uses the following abbreviations and acronyms: ACBio Authentication Context for Biometrics DNA Deoxyribonucleic Acid DoB Date of Birth ID Identity ID it involves a two-step authenti
44、cation procedure. Step 1: The user performs biometric authentication at the e-health terminal using a biometric sensor. Step 2: The e-health terminal performs user authentication and e-health terminal authentication procedures at the e-health centre, sending the health information to the e-health ce
45、ntre. Rec. ITU-T X.1092 (06/2013) 5 X.1092(13)_F02Biometric sensore-health terminalHealth and medicalinformationEnd usere-health sensore-health centreFigure 2 Telemedicine/e-health authentication procedure The e-health terminal maintains the registration and manages the user profile. The user profil
46、e is composed of a biometric reference, identity (ID), password, authentication key, max count, and other information. By default, the user is authenticated by 1:N authentication using the biometric reference data, and additional authentication using an ID and a password is provided. The authenticat
47、ion key is used for e-health sensor and e-health terminal equipment authentication, whereas the max counter information is used for e-health terminal and e-health centre equipment authentication. The following prerequisites should be satisfied in the telemedicine/e-health environment: The e-health e
48、nvironment should have enhanced user identification processes and a lightweight protocol at the real-time level in the provision of e-health services. To enhance user identification, biometric authentication is performed using a biometric sensor and an e-health terminal. Authentication is carried ou
49、t at the e-health terminal to improve communication speed and to protect the biometric information. The e-health terminal and the e-health centre should be provided with a lightweight protocol, compared with the current public-key infrastructure (PKI)-based authentication protocol. 7 Application of the biometric-based integrated e-health model Terminal application The terminal application is in charge of authenticating the e-health terminal user, and acquiring and sending the users health
