Mitsubishi develops one-time password system

Engineers at Mitsubishi have developed a one-time password system for use on mobile Internet services that is intended to answer...

Engineers at Mitsubishi have developed a one-time password system for use on mobile Internet services, to address the security concerns of corporate network managers about rolling out access to internal resources via mobile phones.

As penetration of mobile Internet services increases, companies are looking to make available internal resources - such as databases or e-mail boxes - to their workers on the road. A potential problem at present lies in the password, which is often nothing more than a handful of numbers and letters than be easily glanced at by people sitting nearby.

Mitsubishi's system, which is still in the development stage, scrambles the keys which need to be pressed to generate the password.

It does this by arranging the valid password characters in an on-screen grid of 10 columns by five rows. The mapping, showing which number key should be pressed for which password character, is shown on a further row underneath the main grid.

This mapping is the key to the system's security, and changes with each key press and with each login attempt, so while a password might remain the same, the key strokes required to enter it are always different.

The mapping is provided from a server, which can also determine if the correct password was entered, and the password entry software is a Java applet. This means it can run on most existing Japanese mobile phones and some PDAs.

"For an eight-character password using this system, there are 390,000 possible combinations," said Toshio Hasegawa, a researcher in Mitsubishi Electric's information security department and the developer of the system.

Mitsubishi hopes to commercialise the system later this year.

Read more on Mobile networking