PRIVATE.ME PLATFORM

xSimGuard: SIM Swap Protection

XorIDA splits mobile identity credentials across multiple independent carriers. SIM swap attacks require simultaneous compromise of K-of-N separate organizations — an operationally infeasible attack.

Identity Security COMING SOON XorIDA Powered

Section 01

The Problem

SIM swap attacks redirect phone numbers to attacker-controlled SIMs, bypassing SMS-based MFA. A single social engineering call to one carrier is enough to take over any account.

Mobile phone numbers have become de facto identity anchors. Banks, exchanges, email providers, and social platforms all use SMS as a second factor. A SIM swap at one carrier compromises every account linked to that number.

The FBI reported $68M in SIM swap losses in 2021 alone. High-net-worth individuals and executives are targeted specifically because single-carrier identity is a single point of failure. The attacker only needs to convince one customer service representative.

The Old Way

Section 02

The PRIVATE.ME Solution

xSimGuard splits mobile identity credentials across multiple independent carriers using XorIDA. Verifying ownership requires K-of-N carrier confirmations. A single SIM swap yields zero usable identity.

Instead of anchoring identity to one phone number at one carrier, xSimGuard distributes identity shares across organizationally independent carriers. Each carrier holds one share that reveals zero information about the credential on its own.

Ownership verification requires threshold confirmation from K carriers simultaneously. An attacker must execute coordinated SIM swaps at multiple carriers — an operationally infeasible attack that requires social engineering separate organizations in parallel.

The New Way

Section 03

How It Works

Mobile identity credentials are split via XorIDA across N independent carriers. Ownership verification collects K shares, verifies HMAC integrity on each, and reconstructs the credential only when threshold is met.

Key Security Properties

Multi-carrier distribution: Identity shares span organizationally independent entities. Simultaneous compromise required: Attacker must SIM swap at K carriers in parallel. HMAC integrity: Tampered shares from a compromised carrier are detected and rejected.

Section 04

Use Cases

💰

Wealth Management

High-Net-Worth Protection

Crypto holders and HNW individuals split mobile identity across carriers. Eliminates the single social engineering vector that enables account takeovers.

Asset Protection

🏢

Enterprise

Corporate Executive Security

C-suite mobile identities split across carriers to prevent targeted SIM swap attacks used for business email compromise and wire fraud.

Executive Protection

🏦

Finance

Financial Account Protection

Banking and trading accounts secured against SIM-based MFA bypass. Multi-carrier verification ensures SMS 2FA cannot be defeated by a single SIM swap.

MFA Hardening

🔐

Authentication

Multi-Factor Hardening

Existing SMS-based MFA upgraded from single-carrier to multi-carrier threshold verification. Drop-in replacement that eliminates the SIM swap attack vector.

Drop-In MFA

Section 05

Integration

Quick Start

import { splitIdentity, verifyOwnership } from '@private.me/xsimguard';

// Split mobile credential across 3 carriers (2-of-3)
const shares = await splitIdentity(
  { phoneNumber: '+1-555-0100', imsi: '310260...' },
  ['carrier-a.api', 'carrier-b.api', 'carrier-c.api'],
  { n: 3, k: 2 }
);

// Verify ownership requires threshold from multiple carriers
const verified = await verifyOwnership(shares, challengeToken);

splitIdentity(credential: MobileCredential, carriers: string[], config: { n: number, k: number }): Promise<IdentityShare[]>

Splits mobile identity credentials via XorIDA across N independent carriers. Each carrier receives one HMAC-signed share that reveals zero information about the original credential.

verifyOwnership(shares: IdentityShare[], challenge: string): Promise<VerificationResult>

Collects K-of-N shares from carriers, verifies HMAC integrity on each, reconstructs the credential, and validates it against the challenge token for ownership proof.

Section 05B

Viral M2M Onboarding

xSimGuard enables sub-2-minute carrier-to-carrier M2M setup with zero manual configuration. First carrier invites second carrier via DID, second carrier accepts with one API call, and the trust relationship is live. No pre-shared keys, no IT tickets, no coordination calls.

How It Works

Carrier A runs xlink invite carrier-b-did and receives a single-use invitation URL. Carrier B navigates to the URL in their admin dashboard, sees Carrier A's DID and requested scope (e.g., roaming:hlr-sync), and clicks Accept. The M2M trust relationship is established instantly via cryptographic DID verification — no manual key exchange, no email threads, no shared secrets.

Carrier A: Generate Invitation

const invitation = await generateInvite({
  recipientDID: 'did:key:z6MkCarrierB...',
  scope: 'roaming:hlr-sync',
  threshold: { k: 2, n: 3 }
});

// Share URL with Carrier B (email, SMS, or admin portal)
console.log(invitation.url); // https://carrier-a.api/invite/abc123

Carrier B: Accept Invitation

const result = await acceptInvite(invitationURL);

// Trust relationship now active — can immediately start roaming auth
const verified = await verifyRoamingSubscriber(imsi, carrierId);

Telecom Use Cases

Cross-Carrier Roaming Authentication

International roaming requires real-time HLR/HSS coordination between carriers. Traditional SS7 signaling is vulnerable to location tracking and subscriber impersonation. xSimGuard splits roaming credentials across the home carrier and visiting carrier (2-of-2), ensuring that neither carrier alone can authenticate a roaming subscriber. An attacker compromising one carrier's HSS gains zero usable authentication capability.

GSMA IR.21 COMPLIANCE

GSMA IR.21 mandates roaming security controls to prevent SS7 attacks. xSimGuard provides threshold-based roaming authentication that exceeds IR.21 requirements by eliminating single-carrier authentication as a viable attack vector.

SIM Swap Fraud Prevention ($68B Annually)

SIM swap fraud cost the telecom industry $68 billion in 2021 (FBI data). Attackers social-engineer customer service at one carrier to port a victim's number to an attacker-controlled SIM. With xSimGuard, porting a number requires threshold approval from K-of-N carriers. An attacker must compromise customer service representatives at multiple independent carriers simultaneously — an operationally infeasible attack.

eSIM Provisioning Security

eSIM provisioning involves downloading SIM credentials over-the-air. A compromised provisioning server can issue fraudulent eSIM profiles. xSimGuard splits eSIM credentials across the carrier's provisioning server and a second independent entity (e.g., device manufacturer OEM or third-party HSM provider). The eSIM profile only activates when both shares are present, preventing rogue provisioning even if the carrier's server is compromised.

IoT SIM Security at Scale

IoT deployments use millions of embedded SIMs with long lifecycles (10+ years). A single compromised SIM credential database exposes the entire fleet. xSimGuard splits IoT SIM credentials across the carrier and the IoT platform provider (2-of-2). Fleet-wide credential compromise requires simultaneous breach of both organizations — a security model that scales to billion-device deployments without increasing per-device overhead.

Mobile Money Protection (M-Pesa, GCash, etc.)

Mobile money platforms anchor account access to phone numbers. A SIM swap at the carrier bypasses all account security and enables instant theft. xSimGuard distributes mobile money identity across the telecom carrier and the financial institution operating the mobile money platform (2-of-2). An attacker must compromise both the carrier's customer service and the bank's authentication system to execute theft — a coordinated attack requiring simultaneous social engineering of separate organizations.

2FA Bypass Prevention

SMS-based 2FA is the weakest link in account security because it relies on single-carrier control. A SIM swap at one carrier defeats 2FA for every account using that phone number. xSimGuard upgrades SMS 2FA to multi-carrier threshold verification. The 2FA code is only reconstructable when K-of-N carriers confirm ownership. Existing SMS 2FA infrastructure remains unchanged — xSimGuard operates as a verification layer behind the scenes.

<2 min

Carrier onboarding time

Pre-shared keys

$68B

Annual SIM swap losses

K-of-N

Carrier threshold

NETWORK EFFECT

Each carrier that joins xSimGuard increases security for all existing carriers. A 3-carrier network provides 2-of-3 fault tolerance. A 10-carrier network enables geographic distribution (e.g., US/EU/Asia split) with configurable thresholds per use case. The first carrier to deploy gains immediate SIM swap protection; every additional carrier strengthens the entire ecosystem.

Section 06

Security Properties

Property	Mechanism	Guarantee
Identity Distribution	XorIDA K-of-N splitting	No single carrier holds usable identity
SIM Swap Resistance	Multi-carrier threshold	Requires simultaneous compromise of K carriers
Integrity	HMAC-SHA256 per share	Tampered carrier shares detected
Organizational Independence	Separate carrier entities	No shared employee or process attack surface
Backward Compatibility	SMS bridge layer	Works with existing SMS-based MFA flows

$68M

FBI SIM swap losses (2021)

K-of-N

Carrier threshold

0 bits

Info per carrier share

<1ms

Split latency

VERIFIED BY XPROVE

Verifiable Data Protection

Every operation in this ACI produces a verifiable audit trail via xProve. HMAC-chained integrity proofs let auditors confirm that data was split, stored, and reconstructed correctly — without accessing the data itself.

XPROVE AUDIT TRAIL

Every XorIDA split generates HMAC-SHA256 integrity tags. xProve chains these into a tamper-evident audit trail that proves data was handled correctly at every step. Upgrade to zero-knowledge proofs when regulators or counterparties need public verification.

Read the xProve white paper →

GET STARTED

Ready to deploy xSimGuard?

Talk to Ren, our AI sales engineer, or book a live demo with our team.

Book a Demo

VERIFIABLE WITHOUT CODE EXPOSURE

Ship Proofs, Not Source

xSimguard generates cryptographic proofs of correct execution without exposing proprietary algorithms. Verify integrity using zero-knowledge proofs — no source code required.

XPROVE CRYPTOGRAPHIC PROOF

Download proofs:

Tier 1 HMAC (~0.7KB)
Tier 2 Commit-Reveal (~0.5KB)
Tier 3 IT-MAC (~0.3KB)
Tier 4 KKW ZK (~0.4KB)

Verify proofs online →

Use Cases

🏛️

REGULATORY

FDA / SEC Submissions

Prove algorithm correctness for distributed systems without exposing trade secrets or IP.

Zero IP Exposure

🏦

FINANCIAL

Audit Without Access

External auditors verify secure operations without accessing source code or production systems.

FINRA / SOX Compliant

🛡️

DEFENSE

Classified Verification

Security clearance holders verify distributed systems correctness without clearance for source code.

CMMC / NIST Ready

🏢

ENTERPRISE

Procurement Due Diligence

Prove security + correctness during RFP evaluation without NDA or code escrow.

No NDA Required

Deployment Options

🌐

SaaS Recommended

Fully managed infrastructure. Call our REST API, we handle scaling, updates, and operations.

Zero infrastructure setup
Automatic updates
99.9% uptime SLA
Enterprise SLA available

View Pricing →

📦

SDK Integration

Embed directly in your application. Runs in your codebase with full programmatic control.

npm install @private.me/xsimguard
TypeScript/JavaScript SDK
Full source access
Enterprise support available

Get Started →

🏢

On-Premise Upon Request

Enterprise CLI for compliance, air-gap, or data residency requirements.

Complete data sovereignty
Air-gap capable deployment
Custom SLA + dedicated support
Professional services included

Request Quote →

Enterprise On-Premise Deployment

While xSimGuard is primarily delivered as SaaS or SDK, we build dedicated on-premise infrastructure for customers with:

Regulatory mandates — HIPAA, SOX, FedRAMP, CMMC requiring self-hosted processing
Air-gapped environments — SCIF, classified networks, offline operations
Data residency requirements — EU GDPR, China data laws, government mandates
Custom integration needs — Embed in proprietary platforms, specialized workflows

Includes: Enterprise CLI, Docker/Kubernetes orchestration, RBAC, audit logging, and dedicated support.

Contact sales for assessment and pricing →