|
Work item:
|
X.ias
|
|
Subject/title:
|
Functional requirements for the integrated authentication service of telecommunication operators
|
|
Status:
|
Under study
|
|
Approval process:
|
AAP
|
|
Type of work item:
|
Recommendation
|
|
Version:
|
New
|
|
Equivalent number:
|
-
|
|
Timing:
|
2026-03 (No priority specified)
|
|
Liaison:
|
ISO/IEC JCT1 SC27 WG2&WG5, IETF Security OAuth
|
|
Supporting members:
|
China, China Mobile, China Unicom
|
|
Summary:
|
The security of identity authentication would be the first gate to ensure business security, and it should be one of the most basic security service. So many other security services depend on it. Once the identity authentication system was breached, most of security measures of a business system would become vulnerable. At present, so many enterprises (esp. small and medium-sized ones) have not yet been able to establish their own comprehensive identity authentication systems with full consideration of security and protection requirements. So that, it would be hard to resist network attack threats such as authentication information leakage, malicious login, and password brute force cracking, which would pose huge security risks to their businesses.
Telecommunication operators have comprehensive communication network infrastructures and security management technology protection systems. Currently, telecommunication operators provide users with not only large-scale connection services, but also a large number of information services. Furthermore, users would have convenient and unique identity labels based on mobile phone numbers and SIM cards prvoided by telecommunication operators.
Therefore, it is necessary to establish integrated authentication service standards for telecommunications operators to regulate the market, enhance the quality of authentication services, and ensure the security of account systems. This recommendation proposes an integrated authentication service framework for telecommunications operators, outlining the security technical requirements for the infrastructure, functions, management systems, and network architecture of telecommunications operator integrated authentication services. This recommendation provides standard references for the research of secure authentication capabilities, security deployment, and security assessments for the integrated authentication service system of telecommunications operators.
|
|
Comment:
|
-
|
|
Reference(s):
|
|
|
Historic references:
|
|
Contact(s):
|
|
| ITU-T A.5 justification(s): |
|
|
|
|
First registration in the WP:
2024-03-12 11:18:44
|
|
Last update:
2024-03-12 11:21:50
|
|
