From wearables to autonomous drones, we are living in a connected world. Businesses around the world have either deployed or are evaluating IoT for their use cases and it has been estimated that around 20 billion connected devices will be communicating with each other by 2020. Internet connectivity for these devices plays a key role in the entire IoT ecosystem since the data from the devices need to be passed to the edge/cloud.

There are multiple options for connectivity for an IoT device based on the signal transmission range. Bluetooth, Wi-Fi, Zigbee, and some others are designed for short distance transmissions, ranging in meters and typically need a gateway to communicate to the internet. Mobile networks like LTE, LTE-M, NB-IoT, and 5G cover a significant range and provide direct access to the internet. Satellite-based communication caters to long-range use cases.

In this blog post, we will be focusing on the challenges associated with switching to CSPs (communications service providers), who provide mobile network-based internet access technologies and the solution to overcome the same.  The ability to switch to CSPs is a key requirement for IoT solutions that have the following types of devices:

•  Remote devices at not-easy-to-reach places (for example, oil exploration in oceans)
•  Secured sealed devices (for example, vending machines, traffic monitor cameras, and autonomous vehicles)

Network access in a mobile network is granted using the SIM (subscriber identification module) card which contains authentication data like IMSI (international mobile subscriber identity) and associated authentication keys. These are mostly hard-coded into the SIM during manufacturing time. If a consumer wants to change the CSP, they can remove the existing SIM and attach the SIM provided by the new CSP. This is feasible for consumer use cases like mobile phones, since a person has easy access to the device and can swap the SIM cards. 

But it is a tedious process to swap embedded SIM card for IoT use cases with the devices mentioned above, since the device is either not easily reachable due to its location or the SIM module is not accessible within the device as it is sealed and secured. Additionally, the IoT devices in the above scenarios are typically managed by an IoT solutions provider and they may also need the flexibility to change the CSP due to technology constraints, costs, location change, or customer needs. So, there must be an easy way to do bulk porting from one CSP to another. The end customer may also need to move to a different CSP if the device needs to operate in a different location because they have either sold the device or the user itself has relocated to a different location, not covered by current CSP.

Taking these challenges into account, GSMA (GSM Association) has come up with a SIM standard called semis. This standard provides a way for CSPs to collaborate and dynamically change the CSP-specific data on the SIM – IMSI and authentication keys over the air. This is achieved by decoupling the provisioning data generation and over-the-air communication to the SIM card. This way any CSP can request and provide the SIM with their network-specific data, thus avoiding the need to swap the SIM card.

There are three types of eSIM technology based on the form factor –

• MFF1/2 - Embedded chip-based which are permanently soldered to the device
• 2/3/4FF - Standard removable SIM with eSIM card capabilities
• Software eSIM on SoCs – This is an emerging technology where eSIM card capabilities are deployed as a software stack on custom SoCs (system on chips). This approach does not meet GSMA eSIM compliance yet.

As part of the standard, two key modules are required for SIM OTA provisioning

• SM-DP – Subscription Manager Data Preparation – used to create the profiles that need to be transmitted over the air
• SM-SR – Subscription Manager Secure Routing – used to communicate with the eSIM card to provision the above profiles

SM-DP is typically hosted at CSP side and SM-SR can be hosted in different ways:

• SM-SR at CSP – In this model, each CSP owns the SIM provisioning for their respective SIMs.
• SM-SR at eSIM manufacturer – In this model, the eSIM manufacturer hosts the SM-SR for all eSIMs card manufactured by them and the CSPs need to route the request from their SM-DP to this SM-SR for any OTA provisioning.
• SM-SR at IoT device manufacturer - In this model, the IoT device manufacturer hosts the SM-SR for all devices manufactured by them and the CSPs need to route the request from their SM-DP to this SM-SR for any OTA provisioning.

To illustrate how various players communicate, as an example, the following flow chart shows the initial provisioning and porting process for eSIMs of form factor 2/3/4FFs and SM-SR is deployed at each CSP level.

Fig. 1 below shows the high-level flow starting from SIM procurement by a CSP called CSP A to provide the IoT service to an enterprise.

• Order eSIM for Inventory
• Deliver eSIM
• Deliver Provisioning Credentials
• Store eSIM Data and Profile
• Procure eSIM
• Deliver eSIM
• Manufacture Device
• Procure Device
• Procure Data Service
• Procure IoT Service. When device goes live,it will connect to CSP A Data Service

Fig. 2 below shows the high-level flow when the IoT service provider wants to move from CSP A to CSP B

• Solution Provider decides to change from CSP A to CSP B.
•  Initiates Port Request.
• Initiate Port Request
• Validate Port Request with Customer. Check for Pending Payments
• Change SM-SR on eSIM to CSP-B SM-SR
• Perform OTA Update
• Accept Port Request
• Transfer eSIM credentials
• Store eSIM credentials
• Provision CSP B Profile
• Perform OTA update. Device now connects to CSP B
• Data Service

Key enhancements on the eSIM sim as compared to the normal SIM card and associated processes:

• eSIM sim can now hold multiple operator profiles
• eSIM supports public/private key-based cryptography for authentication during OTA provisioning
• Additional modules needed for OTA provisioning – SM-DP and SM-SR
• IoT solution provider to support CSP-specific back-end processes/APIs to initiate and manage the swap of data services from one CSP to another

The bottom line is that eSIM technology is supported and deployed by major SIM manufacturers and CSPs across the world. Enterprises looking for global IoT deployments based on mobile network technologies such as 4G and LTE should ensure that the IoT devices support eSIM sim capabilities and the IoT solution provider/IoT stack supports eSIM-related business processes.

In my opinion, the future is strong for software-based SIM module on top of standard application processors. Smartphones already employ TEE (trusted execution environment)-based security to isolate sensitive data and processing like credit card wallets from normal execution of applications. The same eSIM technology can also be adopted for software SIM where the SIM credentials and associated cryptography processing can be done by TEE on the devices. This software approach also provides flexibility in terms of upgrades and dynamic features which are key to dynamic mobile networks based on 5G network slicing.

The future holds strong for software-based SIM on top of standard application processors.

For more information on IoT solutions, please refer to IoT.

References

https://www.gsma.com/newsroom/wp-content/uploads//SGP.21_v2.2.pdf