Engineers at Mitsubishi Electric have developed a one-time password system for use on mobile Internet services that is intended to answer the security concerns of corporate network managers about rolling out access to internal resources via cellular handsets.
As penetration of mobile Internet services increases, companies are looking to make available internal resources such as databases or e-mail boxes to their workers on the road. A potential problem at present lies in the password, which is often nothing more than a handful of numbers and letters and can be easily glanced at by fellow passengers on crowded trains.
The new Mitsubishi system, which was unveiled by the company last week and is still in the development stage, effectively scrambles the keys which need to be pressed in order to generate the password.
It does this by arranging the valid password characters, which include numbers one through ten, letters A through Z and a handful of symbols such as the question mark, in an on-screen grid of 10 columns by five rows. The mapping, showing which number key should be pressed for which password character, is shown on a further row underneath the main grid.
This mapping is the key to the system's security. Rather than staying constant, the mapping changes with each key press and with each log-in attempt so while a password might remain the same, the key strokes required to enter it are always different.
The mapping is provided from a server, which can also determine if the correct password was entered, and the password entry software is a Java applet. This means it can run on most current-model Japanese cellular handsets and also some PDAs (personal digital assistant).
"For an eight character password using this system, there are 390,000 possible combinations," said Toshio Hasegawa, a researcher in Mitsubishi Electric's information security department and the developer of the system. He said the system is not yet complete but hopes it will soon be ready for deployment.
The company hopes to commercialize the system later this year. Japan already has 60 million wireless Internet subscriptions and with telephones featuring bright and clear LCD (liquid crystal display) screens, it is easy to glance over someone's shoulder and read their e-mail or see what password they are typing into which site.