1、 I n t e r n a t i o n a l T e l e c o m m u n i c a t i o n U n i o n ITU-T Y.3051 TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (03/2017) SERIES Y: GLOBAL INFORMATION INFRASTRUCTURE, INTERNET PROTOCOL ASPECTS, NEXT-GENERATION NETWORKS, INTERNET OF THINGS AND SMART CITIES Future networks Basic pr
2、inciples of trusted environment in information and communication technology infrastructure Recommendation ITU-T Y.3051 ITU-T Y-SERIES RECOMMENDATIONS GLOBAL INFORMATION INFRASTRUCTURE, INTERNET PROTOCOL ASPECTS, NEXT-GENERATION NETWORKS, INTERNET OF THINGS AND SMART CITIES GLOBAL INFORMATION INFRAST
3、RUCTURE General Y.100Y.199 Services, applications and middleware Y.200Y.299 Network aspects Y.300Y.399 Interfaces and protocols Y.400Y.499 Numbering, addressing and naming Y.500Y.599 Operation, administration and maintenance Y.600Y.699 Security Y.700Y.799 Performances Y.800Y.899 INTERNET PROTOCOL AS
4、PECTS General Y.1000Y.1099 Services and applications Y.1100Y.1199 Architecture, access, network capabilities and resource management Y.1200Y.1299 Transport Y.1300Y.1399 Interworking Y.1400Y.1499 Quality of service and network performance Y.1500Y.1599 Signalling Y.1600Y.1699 Operation, administration
5、 and maintenance Y.1700Y.1799 Charging Y.1800Y.1899 IPTV over NGN Y.1900Y.1999 NEXT GENERATION NETWORKS Frameworks and functional architecture models Y.2000Y.2099 Quality of Service and performance Y.2100Y.2199 Service aspects: Service capabilities and service architecture Y.2200Y.2249 Service aspec
6、ts: Interoperability of services and networks in NGN Y.2250Y.2299 Enhancements to NGN Y.2300Y.2399 Network management Y.2400Y.2499 Network control architectures and protocols Y.2500Y.2599 Packet-based Networks Y.2600Y.2699 Security Y.2700Y.2799 Generalized mobility Y.2800Y.2899 Carrier grade open en
7、vironment Y.2900Y.2999 FUTURE NETWORKS Y.3000Y.3499 CLOUD COMPUTING Y.3500Y.3999 INTERNET OF THINGS AND SMART CITIES AND COMMUNITIES General Y.4000Y.4049 Definitions and terminologies Y.4050Y.4099 Requirements and use cases Y.4100Y.4249 Infrastructure, connectivity and networks Y.4250Y.4399 Framewor
8、ks, architectures and protocols Y.4400Y.4549 Services, applications, computation and data processing Y.4550Y.4699 Management, control and performance Y.4700Y.4799 Identification and security Y.4800Y.4899 Evaluation and assessment Y.4900Y.4999 For further details, please refer to the list of ITU-T Re
9、commendations. Rec. ITU-T Y.3051 (03/2017) i Recommendation ITU-T Y.3051 Basic principles of trusted environment in information and communication technology infrastructure Summary Recommendation ITU-T Y.3051 specifies basic principles for creating a trusted environment in information and communicati
10、on technology (ICT) infrastructure that provides information and communication services. The Recommendation provides the definition, common requirements and the basic principles of creating a trusted environment. History Edition Recommendation Approval Study Group Unique ID* 1.0 ITU-T Y.3051 2017-03
11、-29 13 11.1002/1000/13251 Keywords Trusted environment, information communication technology (ICT). * To access the Recommendation, type the URL http:/handle.itu.int/ in the address field of your web browser, followed by the Recommendations unique ID. For example, http:/handle.itu.int/11.1002/1000/1
12、1830-en. ii Rec. ITU-T Y.3051 (03/2017) FOREWORD The International Telecommunication Union (ITU) is the United Nations specialized agency in the field of telecommunications, information and communication technologies (ICTs). The ITU Telecommunication Standardization Sector (ITU-T) is a permanent org
13、an of ITU. ITU-T is responsible for studying technical, operating and tariff questions and issuing Recommendations on them with a view to standardizing telecommunications on a worldwide basis. The World Telecommunication Standardization Assembly (WTSA), which meets every four years, establishes the
14、topics for study by the ITU-T study groups which, in turn, produce Recommendations on these topics. The approval of ITU-T Recommendations is covered by the procedure laid down in WTSA Resolution 1. In some areas of information technology which fall within ITU-Ts purview, the necessary standards are
15、prepared on a collaborative basis with ISO and IEC. NOTE In this Recommendation, the expression “Administration“ is used for conciseness to indicate both a telecommunication administration and a recognized operating agency. Compliance with this Recommendation is voluntary. However, the Recommendatio
16、n may contain certain mandatory provisions (to ensure, e.g., interoperability or applicability) and compliance with the Recommendation is achieved when all of these mandatory provisions are met. The words “shall“ or some other obligatory language such as “must“ and the negative equivalents are used
17、to express requirements. The use of such words does not suggest that compliance with the Recommendation is required of any party. INTELLECTUAL PROPERTY RIGHTSITU draws attention to the possibility that the practice or implementation of this Recommendation may involve the use of a claimed Intellectua
18、l Property Right. ITU takes no position concerning the evidence, validity or applicability of claimed Intellectual Property Rights, whether asserted by ITU members or others outside of the Recommendation development process. As of the date of approval of this Recommendation, ITU had not received not
19、ice of intellectual property, protected by patents, which may be required to implement this Recommendation. However, implementers are cautioned that this may not represent the latest information and are therefore strongly urged to consult the TSB patent database at http:/www.itu.int/ITU-T/ipr/. ITU
20、2017 All rights reserved. No part of this publication may be reproduced, by any means whatsoever, without the prior written permission of ITU. Rec. ITU-T Y.3051 (03/2017) iii Table of Contents Page 1 Scope . 1 2 References . 1 3 Definitions 1 3.1 Terms defined elsewhere 1 3.2 Terms defined in this R
21、ecommendation . 1 4 Abbreviations and acronyms 1 5 Conventions 1 6 Necessity of trusted environment in ICT infrastructure . 2 7 Requirements for a trusted environment in the ICT infrastructure. 2 8 The basic principles of for a trusted environment in an ICT 3 Appendix I The first steps for creating
22、a trusted environment for cross-border e-commerce 5 Appendix II Use case of creating a trusted environment for rescue systems . 6 Bibliography. 8 Rec. ITU-T Y.3051 (03/2017) 1 Recommendation ITU-T Y.3051 Basic principles of trusted environment in information and communication technology infrastructu
23、re 1 Scope This Recommendation specifies basic principles for creating a trusted environment in information and communication technology (ICT) infrastructure that provides information and communication services. This issue has become extremely important in the modern knowledge society that has seen
24、a significant growth rate in information technology usage. This Recommendation contains a rationale for the necessity for a trusted environment in ICT infrastructure. This Recommendation is relevant for service developers as well as network designers and should be considered as a set of fundamental
25、principles for creating a convenient and secure environment. While the basic principles outlined in this Recommendation aim at creating a trusted environment for the provision of services using ICT, they may be applied in a broader interpretation of the concept of a trusted environment. 2 References
26、 None. 3 Definitions 3.1 Terms defined elsewhere This Recommendation uses the following term defined elsewhere: 3.1.1 trust b-ITU-T Y.3052: Trust is the measureable belief and/or confidence which represents accumulated value from history and the expecting value for future. NOTE Trust is quantitative
27、ly and/or qualitatively calculated and measured, which is used to evaluate values of entities, value-chains among multiple stakeholders, and human behaviours including decision making. 3.2 Terms defined in this Recommendation This Recommendation defines the following term: 3.2.1 trusted environment
28、(in ICT infrastructure): An information and communication technology-enabled environment providing a set of technical and regulatory conditions sufficient for establishing trust between interacting entities. NOTE From a broader perspective, the trusted environment can be perceived as a multidimensio
29、nal concept with technological and societal implications. 4 Abbreviations and acronyms This Recommendation uses the following abbreviation and acronym: ICT Information and Communication Technology 5 Conventions In this Recommendation: The keywords “is required to“ indicate a requirement which must b
30、e followed and from which no deviation is permitted if conformance to this document is to be claimed. 2 Rec. ITU-T Y.3051 (03/2017) The keywords “is recommended“ indicate a requirement which is recommended but which is not absolutely required. Thus this requirement need not be present to claim confo
31、rmance. The keywords “can optionally“ and “may“ indicate an optional requirement which is permissible, without implying any sense of being recommended. These terms are not intended to imply that the vendors implementation must provide the option and the feature can be optionally enabled by the netwo
32、rk operator/service provider. Rather, it means the vendor may optionally provide the feature and still claim conformance with the specification. 6 Necessity of trusted environment in ICT infrastructure Due to the development of information technology and future networks, the number of entities and t
33、heir interactions (e.g., human to human, human to machine, machine to machine) is increasing significantly. In any uncertain circumstance, people need to be able to predict the results of these interactions especially with the entities that they cannot control remotely. To provide the desired level
34、of confidence and protection, it is necessary to conduct a complex of special technical and organizational measures. One possible way is to create a trusted environment in ICT infrastructure. Globalization and the wide spread of information technologies lead to the displacement of the context of tru
35、st by special technological means. Therefore, ICT infrastructure needs to play a role in building a trusted environment with interoperability and information security. In addition, ICT infrastructure needs trust between interacting parties at a high level of responsibility in a resource-limited envi
36、ronment (e.g., to save human lives in emergencies). A trusted environment in ICT infrastructure is necessary for social, critical and life-protecting services (e.g., e-government, e-commerce and e-health). For such services, establishment of trust between service providers and consumers can solve pr
37、oblems of fraud and increase the availability of services. In summary, creating a trusted environment in the ICT infrastructure allows entities to predict the results of their interactions and minimizes risks caused by the growing number of interactions and the loss of their context, while providing
38、 interoperability and information security. 7 Requirements for a trusted environment in the ICT infrastructure A Trusted environment in the ICT infrastructure must meet the requirements specified in clauses 7.1 to 7.4. 7.1 Predictability All participants within a trusted environment are required to
39、be equipped with the capability to predict the outcome of their interactions in order to reduce the risks of negative consequences caused by the inappropriate behaviour of any participant(s). For this, the ICT infrastructure used for a trusted environment is required to meet a certain level of quali
40、ty. Provision of handy user interfaces and systems of access to a trusted environment is recommended for participants to improve predictability, by using comfortable and familiar methods of interaction each time. 7.2 Information security It is required to provide confidentiality, integrity and the a
41、vailability of information, as well as the absence of misinformation (spam, etc.), for all participants interacting within a trusted environment. Each participant is required to be verified for compliance with the common minimal security requirements. Rec. ITU-T Y.3051 (03/2017) 3 Minimal security r
42、equirements for a trusted environment in an ICT infrastructure are required to be developed for all security dimensions b-ITU-T X.805 with the goal of providing electronic exchange of information in a trusted environment at the same level of trust as in a non-electronic interaction. 7.3 Interoperabi
43、lity It is required to enable all participants interacting within a trusted environment to exchange information with any other entity within a trusted environment in an ICT infrastructure. A trusted environment in an ICT infrastructure is required to support internetwork connections to provide unifi
44、ed interaction capabilities to each participant, independent of technical infrastructure (core networks) used. All predictability, information security and availability of administration services requirements are required to be supported for internetwork connections. 7.4 Availability of administrati
45、on services Provision of continuous customer support is required for all interacting participants within a trusted environment in an ICT infrastructure, as well as prompt compensation if service provision fails. A trusted environment in an ICT and its technical infrastructures are required to mainta
46、in the capacity to enrol new participants enabling them to rapidly integrate and start operating within the trusted environment in the ICT. 8 The basic principles of for a trusted environment in an ICT The need to create a trusted environment is associated with the increased convergence of ICT, gene
47、ral mobility and the increasing number of interactions between humans and machines. The task of creating a trusted environment is especially actual for ICT used in socially and economically significant interactions between machines, humans, organizations and other entities. Examples of such interact
48、ions are e-commerce, e-government and emergency rescue guidance. The last is related to a direct threat to human life and also represents a high importance interaction within a trusted environment. On the global scale, a trusted environment is not possible in the absence of ICT interoperability. The
49、 field of interoperability of ICT can be characterized by statements 1 to 3. 1. Presence of a large number of information systems operating within governmental institutions and companies. These systems typically use their own hardware and software, and most of them cannot exchange information directly in “machine-to-machine“ mode. 2. The presence of many competing standards that only hinder information exchange, despite the excellent work carried out by numerous standardization bodies (at national, region
