Security

UMS understands that systems for emergency communication – particularly those that deliver messages to large populations or communities – can be highly sensitive as any incorrect information or abuse of the system can have adverse consequences. This essentially means that the system must be highly secure. UMS places special importance on security and privacy, and the following security model is followed across all our solutions. UMS Alert ensures that only necessary data is exchanged between users and the operator and secures against third parties gaining access to the public alert function or to privacy data.

 

UMS Alert security and privacy are handled from two different perspectives

Access Control security
Only approved users can access the LBAS solution. Users are granted access to functionality in the API based on groups & roles. Credentials are checked both while accessing the API (WSDL) and also on each request to the server. Any attempt to access a method without having the appropriate authorisation will result in the error message “Unauthorised” from the web service API.

 

Data Exchange security 
Only the required data from a mobile operator’s network is exchanged over the secure API towards the user application. Sensitive data collected from probe systems, inventory, radio planning tool or any other systems at the operator is never exposed in the API. End user clients are limited to define the target area and content, along with any schedule, priority or filtering. Only the status and statistics of the alert transmission and eventual replies to the alerts is transferred back from to the user.

Users will only have access to the front-end of the API and never to the back-end part of the system. There will be no data exchanged between the user and the operator network or vice-versa outside the API.