Secure and private communications are considered as a major concern for all mobile business. Secure communication is essential in military and governmental commercial applications. Security and privacy can be in the form of encrypted short message service (SMS) which is useful in daily life applications. Short message service (SMS) can be used in mobile commerce and mobile banking because it is very important business tool and provide availability and effectiveness in use. Three security aspects are considered in this system; Confidentiality, Integrity and authentication. Confidentiality is implemented using Standard encryption/ decryption algorithm which is the Advanced Encryption Standard (AES). Integrity is implemented by means of Keyed-Hashed Message Authentication Code (HMAC). Authentication is implemented using modified version of Diffie-Hellman algorithm as Zero- Knowledge interactive protocol to perform mutual authentication between the client and the server. In addition to authentication, key generation and distribution has been performed by Diffie-Hellman as an additional function. The objective of this work has been met by implementing standard security services in message exchange between client and server. The system is designed with two tier architecture; the client tier and the server tier, the database is embedded in the server tier. The proposed model is implemented on mobile commerce application as a case study with running examples. The tools used for development include Eclipse which is used as a development platform. Java is the programming language that is used to build the client and server applications. H2 embedded database is the database management system (DBMS) that is used to store the data, and Microsoft Office Visio 2010 is used as advanced illustrative tool.