March 23, 2007
NTT Advanced Technology Corporation
NTT Advanced Technology Corporation
 |
 |
Home > News Release > |
|
June 5, 2002 NTT-AT to supply a new version of the personal authentication system for mobile terminals, MobileSAFE
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
[Background]
As the use of the Internet from cellular phones expands through such services as NTT DoCoMo's i-mode, there is a growing demand to use cellular phones as terminals for corporate applications. To meet such a business demand, NTT-AT has been marketing a personal authentication system for mobile terminals, called MobileSAFE. MobileSAFE uses a one-time-password-based personal authentication system*1, known as SAS (Simple & Secure) authentication*2, to protect the information owned by individuals or corporations with an easy-to-use interface for cellular phones equipped with Java applications. It can thus allow secure electronic transactions. It also offers many advantages over conventional one-time password systems, such as a reduction in telecommunications cost for authentication, a reduction in the processing required in both terminals and servers, and a reduction in the total cost, which is one-third or a half that of a conventional system.
In response to NTT DoCoMo's introduction of new cellular phone models (504i series), which have the capability of interworking between i-appli and i-mode browsers, we have decided to market a new version of MobileSAFE that features dramatically improved operability and security.
Providing advanced security and user-friendliness for mobile Internet applications, the new version is expected to find application in a wide range of businesses and services, from corporate internal systems, such as SFA*3, to online trading of financial products, e-commerce, and video or music download sites.
[Outline of the system]
| MobileSAFE comes in two variations. | |
| (1) | Proxy with personal authentication capability (See the attached authentication processing flow diagram) |
| After personal authentication (SAS authentication) with a Java application in a cellular phone, the browser in the phone takes over seamlessly, and provides extremely secure access to corporate internal systems from the cellular phone. (If the cellular phone does not have the capability for interworking between Java applications and the browser, then the interworking is achieved through email. Corporate internal applications do not need to be changed to use this system. It is possible to establish interworking with corporate internal applications with a single operation. | |
| (2) | Incorporation into an Application (SDK: Software Development Kit) |
| MobileSAFE can be built into a mobile Internet application that requires high security. | |
[Features]
| 1. | Easy-to-use and secure personal authentication |
| Even if the terminal is used by someone else, or the password is stolen or maliciously copied through eavesdropping, any access attempt will not pass authentication, thus preventing snoofing. In addition, the system is convenient because no one-time-password card or a token need be carried around. | |
| 2. | Minimal volume of communicated data needed for authentication |
| The authentication processing is completed with only a single exchange of data between the terminal and the server, and no digital certificate is exchanged, as is done in SSL*4. Thus, the volume of data transmitted for authentication is as small as 0.5 KB (cost about one yen). Since the required communications volume is minimal, the system is less susceptible to any interruption of the telecommunications network. | |
| 3. | Extremely light processing load |
| By giving advance notice of the next authentication, the system minimizes the calculation needed for authentication. Since the program to be installed in a terminal takes up only 2 KB for authentication and 1 to 3 KB for encryption, it can be easily implemented in cellular phones or PDAs, and the processing load on the server is minimal. (The program size for encryption depends on the cryptography used.) | |
| 4. | Encrypted communications available |
| With a single exchange of data, it is possible to transmit both the authentication information and the encrypted communication data (optional). You can select the cryptography (common key cryptography). Rijndael, which is the next-generation cryptography standard, has already been implemented in the existing version of MobileSAFE. |
| [System requirements] | |
| -- | Terminal |
| NTT DoCoMo's 504i series (Interworking with 503i, 503iS and FOMA series is through email) |
|
| -- | Server |
| Linux, etc. (with a Java Servelet and database environment) | |
| [Price] | |
| -- | From 375,000 yen for 25 users |
| <Glossary> | ||
| *1: One-time-password personal authentication | ||
| A secure personal authentication system that uses a different password each time an access attempt is made, in order to prevent snoofing in the event that the password becomes known to an unauthorized person. | ||
| *2: SAS (Simple and Secure) authentication | ||
| One-time-password personal authentication based on a unique algorithm to achieve simplicity in processing and high security. It was invented by Professor Akihiro Shimizu, who has filed a patent application jointly with NTT-AT in Japan and the U.S.A . SAS authentication won a Grand Prix Award in the Field of Network Security in NetWorld+Interop2001. | ||
| *3: SFA (Sales Force Automation) | ||
| A comprehensive system designed to bring innovation to marketing activity through IT. | ||
| *4: SSL (Secure Sockets Layer) | ||
| An encrypted communication protocol developed by Netscape Communications in the U.S.A., which combines secret key encryption and public key encryption to prevent eavesdropping, snoofing and tampering. | ||
For inquiries, contact:
| Shibuya or Hada Technology Department-1 Systems Integration Division NTT Advanced Technology Corporation TEL: +81-44-220-2113; FAX: +81-44-220-2025 |
| 1: | i-appli is a trademark of NTT DoCoMo, Inc. | |
| 2: | i-mode is a trademark of NTT DoCoMo, Inc. | |
| 3: | MobileSAFE is a trademark of NTT Advanced Technology Corporation | |
| 4: | Please contact NTT-AT for information on compatible cellular phone models. |
