X-IM: Encrypted Instant Messaging
XIM: Encrypted Instant Messaging Download the Free X-IM Software Now X-IM Features - Standard and Pro Versions Our security and encryption technology explained. Help section for X-IM Software. Advertising Opportunities Our Privacy Statement



The Structure of the X-IM Cryptosystem

Overview

The X-IM Cryptosystem is based on a two separate layers of Strong Encryption.  The first layer of encryption begins when the X-IM Client connects to the X-IM Server; The client generates a new secure session key, signs it with its local private key, encrypts it with an X-IM public key, and transmits it to the server.   All subsequent outgoing and incoming communications from the client are first encrypted with this session key. This is the first layer of encryption.

When a secure message is sent to one or more recipients, a secure session key is created for that message*, encrypted with the recipient(s)' public keys, which are received signed by the X-IM Server at the start of each session, signed by the sender's private key, and transmitted in that state to the recipient, through the existing first layers of encryption between the sender and the X-IM Server, and between the recipient and the X-IM Server. This is the second layer of encryption, which is the client-to-client layer, and is always transmitted within the first layer.

Therefore, all message content is protected by both layers of encryption, the second layer protecting it from X-IM and the X-IM Server as well as from the public. Information which the X-IM Server must know, namely the routing information, is protected by the first layer of encryption. This includes information such as who the message is from and who it is to. This information is protected from the public by the X-IM Server's private keys, whereas the actual message content is protected from the public by both the X-IM Server's private keys and the content's recipient(s)' private keys.   In the accompanying diagram, the communication channels protected by the X-IM Server's private keys (the first layer of encryption) are shaded in blue, while the channels protected by client private keys are shaded in other colors.  In the second layer of encryption, all Alice's incoming communications are protected by Alice's private keys, and are shown in green.   All Bob's incoming communications are protected by Bob's private key and are shown in orange.  So, if Bob and Alice are communicating with instant messages or a chat window, their two-way communications are being protected by a combination of Alice's, Bob's, and the X-IM Server's private keys, as indicated by the green, orange and blue channels in front of Bob.

It is important to note that Alice, Bob and Charlie each have their own unique secure channel to the X-IM Server, although they are all protected by the same private keys and therefore all shown in blue.  Similarly, Bob and Charlie each have their own unique secure channel to Alice (shown in green).

*In the case of instant messages, one session key is created per contact, per direction of communication.  Multiple messages sent to a given contact are encrypted on successive portions of the encryption stream, and are accompanied by synchronization and signature information.  If the destination client has previous unsigned the key and generated the stream, it is able to synch up with the incoming message, and verify that it is the same signature without unsigning it again. Otherwise each message has enough information for the recipient client to verify the signature and create the encryption stream. This method enables the X-IM Client software to operate very efficiently, while maximizing all aspects of security.




Download |  Features |  Our Encryption |  X-IM Cryptosystem Overview |  Support |  Contact/About Us |  Advertise |  Press Releases |  Privacy Statement |  Reseller Program

© Copyright 2003-2004 X-IM Software.     X-IM and X-IM: Encrypted Instant Messaging are trademarks of X-IM Software.