7.2.4   Example: Healthcare provider customer      7.2.5   Example: SK Telecom – Mobile Connect
            authentication                                     SK Telecom is the largest mobile operator in South
            A large healthcare provider is now in a multi-year   Korea serving 28 million of the country’s 57 million
            process of rolling out its next-generation authentica-  subscribers. SK Telecom has been a pioneer in
            tion (NGA) platform across mobile and web applica-  harnessing the potential of identity services. As early
            tions. With NGA, the healthcare provider is forging   as 2005, it started offering T-Auth, its own mobile
            new industry best practices for improving healthcare   identity solution supporting a combination of mobile
            access through a two-pronged approach to strong    authentication and attribute matching.
            authentication. First, they have adopted password-   SKT  saw  an  opportunity  in  Korea’s  regulations,
            less FIDO Authentication with biometrics for their   which require content providers to actively ensure
            customers’ online account credentials, reducing    that their customers are authorised to access partic-
            their reliance on highly vulnerable “shared secrets,”   ular content. Effectively, this means that content pro-
            like passwords and one-time-passcodes with strong,   viders are responsible for checking that customers
            unphishable, public key cryptography.              wishing to purchase content are over the legal age.
               While deploying standards-based strong authenti-  SKT realised that its customer account information
            cation like FIDO helps resolve many of the authentica-  could help service providers meet this requirement.
            tion problems organizations have faced around secu-  It designed T-Auth to address this use case with min-
            rity and user experience, healthcare providers still   imal impact on the user experience.
            have to contend with risks associated with lost and   SKT has designed the user journey to minimize
            stolen devices. Thus, the healthcare provider is rolling   user friction during authentication. Figure 38 shows
            out the second core component of the NGA platform   a typical authentication flow: the customer attempts
            – continuous, behavior-based authentication – to   to access a service provider application and is redi-
            ensure that the authenticated user is the same person   rected to the T-Auth mobile app for authentication;
            throughout the lifetime of the session. To do this, the   the customer enters their PIN and biometric sam-
            healthcare provider looks at several user attributes   ple; on successful authentication T-Auth sends the
            (such as the way they hold their phone) and assigns   authentication result and attribute data to the ser-
            risk scores to determine how much access to give a   vice provider.
            user during a session. If high risk is detected during   In early 2017, SKT became compliant with Mobile
            a session, the healthcare provider may challenge the   Connect, the global mobile operator authentica-
            user for additional information before allowing con-  tion, authorisation and identity framework. As a
            tinued access from that device.                    result, T-Auth is now interoperable with other mobile
                                                               authentication and identity solutions provided by
                                                               operators outside of Korea.




            Figure 38 – User Journey to Authenticate to a Gaming Account Using T-Auth



























           52    Implementation of Secure Authentication Technologies for Digital Financial Services