Xecure Message Service

Xecure Message Service (XMS) is the backbone technology developed by NSS to enable end-to-end security in mobile text messaging. It ensures text messages in transmission and at rest are protected hence offering complete privacy with high-level of security for both businesses and personal.

XMS Technology

As a NSS proprietary application, XMS is arguably the first end-to-end secure SMS solution. It is essentially an Advanced Encryption Standard (AES) based encryption solution that works on public-private keys generated by Elliptical Curve Cryptography (ECC) whose key strengths can be selected as 128 bits, 192 bits or 256 bits.

XMS involves key pairing between users (peer-to-peer mode) or between customer and server, ensuring a secure pairing between any two persons or a person and a server. The Application on the phone is password protected and set by the user during installation, messages are encrypted and signed in the mobile handset and decrypted only at the point of termination (a recipient's mobile handset or server). Thus data at rest, as well as in transit remains encrypted.

XMS rides on the SMS protocol, using a mature, popular technology in a new and innovative business workflow. XMS assures the following:

XMS has bridged the only problem area of the workhorse SMS, by providing it business-ready security features. While GPRS and WAP are emerging technologies that will provide impetus to m Commerce, SMS was not considered as part of the business opportunity thus far by financial services other than for non personal notifications because of its security vulnerabilities.

The XMS application can be downloaded over the air (WAP push) or sent via email to a recipient who can then transfer it to his mobile phone via Blue tooth or IR. The application is light by itself, between 140 -180 KB. Once installed, the user is prompted to enter his password for the application, it generates automatically the user's key pair (private and public keys) public keys are exchanged with the peer group and the person is ready to send out private text. The user interface (UI) is easy and intuitive, and the encrypting is done at the backend, so user experience is good.

Over 70% - 75% smart-phones in the market which are JAVA MIDP 2.0 and Symbian are compatible for XMS. We are looking at a potentially huge market. The application distribution and function is independent of Telco and service providers, which minimise third party dependencies.

Check out who is offering XMS here!

If your local telco is not offering XMS as yet, BUY ONLINE NOW!

XMS Product Suite

XMS: Who is it for?

  • Individuals:
    • Exchange private information with friends, family and associates with XMS Mobile. Visit www.privatexms.com for more information. 
  • Businesses:
    • Protect your business against industrial espionage and prevent information leakage by using XMS for business communications and securing data on the handset.
  • Cellular Providers:
    • Offered as a value added service to their subscriber base, XMS improves ARPU and attracts security conscious customers without adding to infrastructure costs.
  • Banks and Financial Institutions:
    • Enable m-Commerce and mobile banking in new or existing business workflows. Secure and signed XMS messages culd extend trust to transactions and be used to transfer sensitive information like PINs, transactions, billing details, credit card payments, and quotes.
  • Governments and Law Enforcement Agencies:
    • Protect sensitive internal and external message communications against internal/international espionage.
Please use the links below to choose a product category.

XMS Enterprise

The mobile phone today is being adopted in diverse and innovative ways to enhance business productivity, hence SMS is playing a leading role in this adoption.

80% of the 1 billion mobile users worldwide do not leave home without their phones as the desire to communicate more easily and have more timely access to information is universal. Mobile use is soaring as businesses increasingly turn to the mobile phone to get the message across" anywhere, anytime.

Besides social communications, SMS Messaging is increasingly being used as an alternative channel to send and deliver information instantaneously:-

  • to contact employees (as notification pagers)
  • to schedule appointments (as a tool for scheduling)
  • for unobtrusive communication in meetings (one way message)
  • for sending short reports in field operations (confirmation, findings)
  • for internal organizational notifications (bulk message notification to employees)
  • for requesting and passing urgently required business information (sales quote)
  • for communicating sale / purchase decisions with agent / broker while in meetings

XMS technology provides Digital signatures built into the product to enable Government officials or business users to trust the source of their SMS messages, while strong hashing algorithms preserve the integrity of the data contained in the SMS message. Other features include:

  • Password-based user authentication
  • Application level encryption on the handset ensures data remains confidential at rest and in transit.
  • Public/Private key based authentication mechanisms and digital signatures ensure message integrity.

NSS currently offers a number of enterprise-level XMS solutions:

  • XMS Enterprise Server (Telco)
    • Allows a service provider to offer XMS Mobile downloadable over the air via SMS, GPRS or through a web portal.
    • Present a new stream of revenue as customers could be charged a monthly subscription in addition of the one-time download fee
  • XMS Messaging Center
    • Allows XMS messages to be broadcasted to XMS users within an organisation across any mobile networks globally.
    • Extends current mobile to mobile communications to a desktop / laptop and vice versa, enabling two way communication securely.
  • XMS Manager
    • Web based XMS management interface.
    • Issues installable XMS PrivateSMS applications for the enterprise.

 

XMS Enterprise Server (Telco)

XMS Mobile is a J2Me and Symbian based software that allows mobile users to protect their text messages both on the phone as well as in transit across mobile networks.

XMS for Service Providers

XMS Enterprise Server (Telco) runs on Java (1.4.X and onwards) enabled web servers, which can be deployed on any platform (Windows NT 4.0, 2000, XP platforms, Linux, FreeBSD etc.). Please refer to technical specification for details.

XMS Enterprise Server (Telco) comprises a licensed application which allows the service provider to:

  • Offer XMS Mobile downloadable over the air through SMS and a WAP portal (GPRS).
  • Track XMS mobile downloads and manage XMS users through graphical reports relating to subscription, usage and revenue.
  • Restrict downloads to specific number prefixes.

XMS Revenue Potential

  • Easily expandable user network - Considerable viral marketing potential using the application that allows each person to invite friends to download the application (over the air or through a web portal) so that he/she can exchange private SMS messages with them.


  • At no additional infrastructure cost, mobile operators can roll out XMS as a value added service through subscription or prepaid top up. A brand new recurring revenue stream that makes XMS an attractive revenue opportunity for Mobile Operators.
  • High phone compatibility as XMS is supported by any Java MIDP 2.0, Symbian series 60 and UIQ 2.0/2.1 phone.

XMS Manager

XMS Manager is a web based management interface that enables one to issue installable XMS Mobile messaging applications to the employees within the organisation. It provides a truly autonomous and scalable means of rolling out XMS applications to a selected user group with no dependence on cellular / SMS service providers.

Using the XMS manager, businesses ranging from SMEs to large enterprises or government entities can autonomously manage and issue XMS Mobile applications to their employees across locations worldwide and begin to use the SMS medium for secure business communications.

By retaining ownership of XMS Manager, it is not necessary for organizations to share the name or mobile phone number of the end user with a cellular provider or other external providers of XMS technology. Hence, the complete privacy and control in deployment of the XMS solution, enabling protection against industrial espionage.

XMS Manager


XMS Manager

Benefits:

Enables a more secure SMS communications within which include but not limited to:-

  • Contact employees (as notification pagers)
  • Schedule appointments (as a tool for scheduling)
  • Non invasive communication in meetings (one way message)
  • Sending short reports in field operations (confirmation, findings)
  • Internal organizational notifications (bulk message notification to employees)
  • Requesting and passing brief urgently required business information (sales quotes etc.)
  • Communicating sale purchase decisions with agent / broker while in meetings (sell / buy stock)

XMS Messaging Center

XMS Messaging Centre is a separately licensed software that is intended for use by designated end users who would like to extend mobile communication to a desktop / laptop while maintaining a high level of security and trust.

What is XMS Messaging Centre for?

  • Internal communications: Bulk message notification to employees.
  • Company and client communication: Establishing relationships both ways for marketing or product information.
  • Emergency Notification: Provide a trusted line of communication in the event of an emergency or disaster.

BENEFITS:

  • Privacy and security: Encryption and safety features offer secure communication and message privacy.
  • Digitally signed trusted messages: Enable verifiable trust in the source of the message.
  • XMS broadcast: Allows your XMS messages to be broadcasted to mobile users across any networks internationally.
  • Extension of mobile communications: XMS Messaging Centre extends current mobile to mobile communications to a desktop / laptop and vice versa.
  • Convenience & Cost efficient: Most people are contactable on a mobile phone. Sending XMS is chargeable at the normal SMS rate.
  • Zero infrastructure cost: A GSM modem is bundled with the package and integrated with your existing server.

XMS Finance

Through the use of XMS technology NSS has created a number of solutions specifically tailored for banks and other financial institutions to implement safe, secure and trusted transactions for mobile banking (m-banking) or mobile commerce (m-commerce) initiatives.

Security management of wireless-based technology solutions, although similar to other electronic delivery channels, involves unique challenges created by the current state of wireless services and wireless devices.

Financial institutions in particular must comply with regulatory requirements and industry best practices in order to:

  • Ensure the security and confidentiality of customer information.
  • Protect against any anticipated threats or hazards to the security or integrity of such information.
  • Protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any customer.

To complish these requirements all XMS financial products feature two-factor authentication, a pre-requisite for most financial transactions, through:

What you have: A registered handset with the XMS application.
What you know: M-PIN registered with the bank or credit card issuer.

Additional security features for our Banking Solutions also include:

  • Password-based user authentication
  • Application level encryption on the handset that ensures data both at rest as well as in transit remains confidential
  • Public/Private key based authentication mechanisms and digital signatures ensure message integrity

NSS currently offers two XMS financial solutions - please select the relevant links to learn more about them:

  • XMS Mobile Banking

XMS Mobile Banking creates a new secure channel for interaction between a bank and its customers. A Java based application installed on the phone uses digitally signed and encrypted messages for notifications, account access, funds transfers and mobile based payments.

  • XMS Mobile Anti Identity Theft Solution

The XMS Anti Identity Theft solution builds upon the XMS Mobile and XMS Mobile Banking solutions by allowing banks and credit card issuers to securely implement personal two-way authentication of credit card transactions with their customers in a real-time environment.

 

XMS Mobile Anti Identity Theft Solution

The XMS Mobile Anti Identity Theft Solution builds upon the XMS Mobile and XMS Mobile Banking solutions that allow banks and credit card issuers to securely implement personal two-way authentication of credit card transactions in a real-time environment.

Upon usage of a credit card (either online or offline) a secure automated XMS message containing a description, location, time, and amount will be immediately received by the registered phone number of the user from the XMS Server located at the bank or credit card issuer. If the user confirms the purchase, the payment will go through.

If it is denied then payment will not take place and a caution 'flag' will automatically be placed on the user's credit card and normal investigation procedures would commence, which can go a long way in preventing credit card fraud and mitigating online risks such as phishing or identity theft.

Benefits:

  • Real-time authentication: The XMS message is sent as soon as any credit card transaction is made. It therefore ties the user's credit card to his mobile phone for added security. Payment is halted until such confirmation is given, and halted if the user denies such a transaction.
  • Fraud prevention: Due to the need for the user to authenticate transactions, online phishing and real-world unauthorised transactions (skimming) are prevented at the point of sale.
  • Control and User confidence: Allows customers to play a more personal role of being in control of their credit card transactions.
  • Flexible and Ubiquitous: Can be used for both offline and online transactions anywhere in the world.
  • Cost effective: The cost of a normal SMS as opposed to IVR or Call centre agent calling every time a transaction is 'flagged'. Cost effectiveness in manual investigating and processing lower value transactions through process automation.
  • Interfaces with automated response systems and customer relationship databases.
  • Creation of an SMS audit trail for both the bank or credit card issuer and the customer.
  • Ability to couple the XMS Credit Card Solution with other products in the XMS suite to allow for secure peer-to-peer messaging or mobile banking.

 

XMS Mobile Banking

XMS technology is an easy-to-use mobile solution that rides over the widely available SMS based infrastructure. It uses the industry-standard AES encryption algorithm that ensures confidentiality.

XMS Mobile Banking creates a new secure channel for interaction between a bank and its customers. Digitally signed and encrypted messages are used for notifications, account access, funds transfers and mobile based payments. Like ATM operations, XMS Mobile Banking is based on two-factor authentication that meets bank security requirements. XMS Mobile Banking is a virtual ATM on mobile handsets.

Mobile Banking Services

Funds Transfers: Perform funds transfers within the same bank as well as third party banks that are within the existing inter bank settlement environment.

Payments: Pay utility bills, loans and credit card bills from mobile handsets.

Notification & Queries: Sign up for notification on account balance and event updates, access account and other services such as cheque book request, statement request etc. Services can be custom-designed.

How Does It Work?

XMS Banking Workflow

Benefits For Banks

  • Banks create a new revenue stream through Mobile Banking.
  • Banks save through reduced costs per user interaction as customers may perform transactions through automated and inexpensive SMS, instead of IVR or Call Centre Operations.
  • Higher security and trust in Mobile Banking will promote consumer confidence and take up of mobile banking services.
  • Besides creating a new point of interaction with the customer at a personal level, Mobile Banking Services lay a platform for banks to be ahead of the competition, presenting a unique branding opportunity.
  • XMS technology is also being integrated with PREPAID DEBT CARDS enabling money transfers between individuals, utility payments, account information access, etc.

Maximum Security And Assurance

  • XMS Mobile Banking provides two-factor authentication, a pre-requisite for most financial transactions, through:
  • What you have:Registered handset with XMS Mobile Banking application.
  • What you know:M-PIN registered with the Bank.
  • Other security features of XMS Mobile Banking include:
  • Password-based user authentication.
  • Application level encryption on the handset that ensures data both at rest as well as in transit remains confidential.
  • Public / Private key based authentication mechanisms and digital signatures ensure message integrity.
  • Uses Bank grade encryption standard.

User Benefits

  • Mobile Convenience
  • Users can transact and interact with the bank anytime, anywhere.
  • Ease Of Use
  • A user friendly interface with clear instructions which are easy to follow.
  • Peace Of Mind
  • XMS technology combines strong confidentiality and data integrity along with TWO FACTOR AUTHENTICATION to provide maximum security in mobile transactions.

XMS Mobile

Get PrivateXMS ONLINE NOW!!

Besides being a personal communication tool, mobile phones are being used in innovative ways to enhance business productivity and SMS is playing a leading role in this adoption. However communication of plain text SMS over existing GSM specifications make it vulnerable for any sort of classified information exchange or privacy of content. XMS Mobile is a powerful solution for plugging all gaps in security and trust for SMS messages.

 

With the widespread acceptance of SMS as a low cost and effective means of mobile communication, the XMS Mobile product is a powerful solution for plugging all gaps in security and trust for SMS messages and is an end-to-end solution for addressing known vulnerabilities of SMS technology, namely: Spoofing, Snooping, Sniffing and interception.

Key Benefits:

  • CONFIDENTIALITY - Key pair based encryption
  • INTEGRITY - Messages are tamper proof
  • NON REPUDIATION - Signed messages
  • AUTHENTICATION - Only authenticated users can encrypt or decrypt messages
  • CONTACTS & MESSAGES - Can be stored, encrypted and deleted upon loss or theft of handset

XMS Mobile runs as a service to perform security operations (encryption, signing, etc.) on messages using internationally accepted standards. Smart phones and JAVA MIDP 2.0 handsets can send and receive secure and trusted messages to any host (Server) that is built on XMS Enterprise Server components.

Product Features:

  • Provides complete privacy and security of messages that is in transit or at rest.
  • Digitally signed trusted messages.
  • A seamlessly integrated application that syncs with the inbox, existing messaging system and native address book.
  • XMS messages are sent using the existing SMS protocols, so that you are charged the same rate as that of an SMS.
  • Provider independent solution that requires no special collaboration or partnership with any cellular provider across the world to use.
  • Technology (GSM/CDMA) independent
  • Downloadable over-the-air (through SMS), from the internet over GPRS, through IR or Bluetooth.
  • Contacts and messages can be deleted in case of theft or loss of phone -data wipe feature.
  • Utilizes AES, ECC, and SHA-1 encryption technology.
  • Compatible with J2ME MIDP2.0 and Symbian 6.1, 7.0, 1.0s and 8.01 (Series 60 and UIQ) phones.

How It Works:

All that it takes to start using XMS are four easy steps:

 

 

Step 1: Download XMS Mobile
(via GPRS, WAP or from the web)

 

Step 2: Install XMS Mobile

 

Step 4: Initiate PairMe key swap

(with the person you wish to communicate with)

 

Step 4: Send XMS messages securely

FAQs

What is XMS?
Xecure Message Service (XMS) is the name of the technology behind our mobile software that enables end-to-end security and trust in mobile messaging. It encrypts and decrypts your mobile messages as well as provides the trust elements of confidentiality, integrity, non repudiation and authentication to your mobile messages.

Why do I need security and trust for my SMSes?

Currently mobile messages can easily be intercepted and read or altered by hackers and business competitors. There is no assurance of privacy nor can the medium be used to conduct business/financial transactions. PrivateXMS provides end to end security in mobile messaging via authentication, key management and encryption.

What is PrivateXMS?

PrivateXMS is the name of the P2P (Peer to Peer) XMS software that can be downloaded from the web and sits on your mobile handset to enable end to end security and trust in mobile messaging with the people you are communicating with.

Where can I get PrivateXMS?

You can get it from our online PrivateXMS Webstore www.privatexms.com

Do both individuals need PrivateXMS in order to communicate securely?

Yes. Both individuals need to have the application on their phones so that they can send and receive messages securely.

How does PrivateXMS work?

Before you can start using PrivateXMS, the software must be installed on both phones followed by a pairing process.

On sending your first XMS message to another person, a pairing process under the option called “PairMe” will take place. This is normal for PKI based encryption technology.

In essence, when you install XMS on your phone, two keys are generated. One key is kept secret on you phone and is called the Private key. Another key is sent out to other people and is called the Public Key. Only the Public Key can encrypt / decrypt messages by the Private Key. Thus, if you have somebody else's public key, you can send a message that only they can decrypt with their private key. This is why you have to 'pair up' via PrivateXMS's PairMe function before sending any PrivateXMS messages. Each contact only need to be paired once. Is

PrivateXMS bound to my handset or my phone number?

PrivateXMS uses phone number as unique identification to establish the security and trust channel and not the handphone.

Does PrivateXMS protect my messages while they are inside my mobile handset as well?

Yes, PrivateXMS offers complete security and trust for end to end message communication both 'at rest' (in your mobile handset) and 'over the air' (when the message is being sent).
XMS messages that you have written or received remain encrypted at all times and only accessible with the password that only you are aware of.

Should there be interception or spoofing, the messages will remain encrypted hence there is no compromise.

Is PrivateXMS supported by most of the handphone models?

At the moment, most Symbian Series 60, UIQ, and Java enabled (MIDP 2.0) can run PrivateXMS. More handsets are continuously being added while other mobile OS platforms will be made available in the near future. Please visit our www.privatexms.com for updated list of all compatible handsets.

I have a PrivateXMS supported handset and it is also a 3G phone, will PrivateXMS run properly?

Yes, PrivateXMS is supported on most 3G phones as long as the SMS protocol is supported by a compatible handset.

Can I use PrivateXMS across any service providers?

Yes. PrivateXMS messages are always considered as a normal SMS when they are sent through all telecommunication networks. It ensures mobile security and helps keep the contents of private and sensitive SMS messages confidential across different cellular providers and diverse technologies (GSM, CDMA etc.).

Can I send PrivateXMS messages to international number?

Yes. You only need to save your contacts’ number in an international format.

Do I have to pay extra for sending PrivateXMS instead of SMS?

No, PrivateXMS messages actually ride on the existing SMS platform. You will be charged the standard SMS cost; there are no additional fees besides the monthly license fee.

Can I send secure MMS messages?

The current version of PrivateXMS does not encrypt MMS messages. In the future releases, this feature will be supported and allow you to send secure MMS messages using PrivateXMS.

XMS Documentation

Please find here full documentation for the full XMS product suite including XMS Mobile, XMS Enterprise and XMS Banking Solutions. 

XMS Mobile

XMS Technology White Paper

XMS Mobile Brochure

XMS Technology Byline Article

XMS Enterprise

XMS Manager White Paper

XMS Manager Brochure

XMS Mobile Banking

XMS Anti Identity Theft Solutions White Paper

XMS Banking Solutions Technical Paper

XMS Banking Solutions Brochure

Support

All company contact information can be found here.