The eSIM/eUICC and Its Ability to Receive Operator Credentials Remotely
Similar to the traditional SIM, a computing module called an embedded SIM (eSIM) controls the authentication and service access for next generation mobile devices (e.g. smart watches, wearables, connected cars, etc.). However, unlike a traditional SIM, an eSIM is a remotely programmable “electronic” SIM. The eSIM is most often in the form of an “embedded” integrated circuit chip soldered into the device circuit board, but is also offered in traditional SIM packages like the micro and nano formats you would find in your smartphone. The eSIM consists of a smart card container called an embedded Universal Integrated Circuit Card (eUICC) which stores MNO credentials and provides the ability to have those MNO credentials remotely programmed on the card over-the-air (OTA) by a process called remote SIM provisioning (RSP) .
Overview of GSMA Remote SIM Provisioning (RSP) Standards
There are two GSM Association RSP standards, one for IoT services scenarios (referred to as machine to machine or M2M) and one for standalone consumer device scenarios. As you may know, the GSMA published the first completed specification for RSP about three years ago (the M2M version) and have published the latest variation of the specification within the last year (the Consumer version). There is no specification to date for a combined M2M and Consumer RSP system; however, it is being discussed.
Today the GSMA publishes the following specifications:
- M2M version: SGP.01 (Remote Provisioning Architecture for Embedded UICC) and SGP.02
- Consumer version: SGP .21 and SGP .22
The specifications describe similar system components but differ in the communication mechanism between the profile store and the eSIM/eUICC and the initiation mechanism of the profile change operation.
The Consumer version requires an application on the device/eUICC called a Local Profile Assistant (LPA) which includes a local user interface for the end user of the device to control the loading of operator credentials to the device from the mobile operator/provider of choice (“pick a mobile provider”).
The initiation of profile operation is the most significant difference in the architectures where the IoT service/M2M scenario uses a “push” methodology and the Consumer scenario uses a “pull” methodology.
Let’s consider examples of each.
In the IoT service/M2M scenario, consider a connected car company that sells a car model globally which has cellular wide area connections for both telematics and infotainment. In this scenario, the auto manufacturer or dealership may equip the car with cellular connectivity so that they can continuously monitor the health of the automotive systems and notify the customer when their car needs service. In this case, when the car is delivered to a particular country, the auto manufacturer or dealership will program the car with, or “push”, the mobile credentials of the local mobile operator to the car’s telemetry eSIM. Since the dealer is providing cellular connectivity as part of an IoT service, the GSMA M2M RSP architecture is used.
In the Consumer scenario, consider an un-tethered 4G enabled smart watch that is developed by a mobile device manufacturer as a general purpose device. The device is intended to be sold directly or through a distributor with no service of any type. Since the watch has a well-supported OS like Wear OS or watchOS, the purchasing consumer can download various general purpose applications from an app store. In all cases, it is the responsibility of the Consumer to select mobile service from their operator of choice. With an eSIM enabled device, the Consumer will select from an available list of operators on the device, accept service terms and conditions and request or “pull” a set of operator credentials to the device. In the case of a person who travels and spends a good deal of time on two separate continents, if not restricted by a current operator, the Consumer will be able to enter into multiple Operator relationships.
Don’t Let the Names Fool You
Let’s assume you decided to develop a cellular IoT (CIoT) connected device with the latest remotely programmable eSIM/eUICC embedded SIM technology. As a company, you may be developing a device or family of devices that will be sold to consumers. Therefore, you should find a mobile service partner that offers a Consumer RSP system right? – not necessarily. Just because you are making a cellular connected device that you intend to sell to Consumers does not mean you should utilize a GSMA standard Consumer RSP service. Similarly, if you are developing a device you intend to sell to consumers, you should not assume that mobile service providers that offer an RSP service that meets the GSMA M2M architecture standard requires both devices to be machines like a connected car and a smart stop light.
It’s All Based on Business Model
The correct choice is actually based on your business model. It depends on who will be paying directly for the mobile service and entering into a contractual relationship with the mobile operator(s) – you or your end user customer. Let’s go back to the un-tethered 4G enabled smart watch example but consider two different scenarios:
- If the smart watch is developed as a general purpose device and is intended to be sold directly or through a distributor with no service of any type and it is the responsibility of the Consumer to select mobile service from their operator of choice, then you should find a mobile service partner that offers a Consumer RSP system
- If the smart watch is developed as a purpose built device, for example a marathon performance tracking watch, and it is intended to be sold along with a marathon performance tracking service, you should find a mobile service partner that offers an M2M RSP system. In this case, you as the IoT service provider have complete control over the service experience as you control both the device and the device connectivity!
iBasis Global Access for Things offers a single source for mobile data access, globally and entirely on eSIM technology. Today, iBasis is helping a number of IoT Service Providers enable the next generation of mobile connected devices using the IoT service/M2M GSMA RSP standards based architecture. Come join us for the journey!