The GSMA implement a trusted system using certificates based on Public Key Infrastructure ( PKI ) to control what components of a Remote SIM Provisioning system can talk to each other.
The policy is outlined in SGP.14
In order to permit any certified component can talk to any other certified component the GSMA issue signed root certificates.
They have appointed Cybertrust to act as the Root Certificate Issuer for M2M RSP systems ( version 3.1 ) and Digicert as the Certificate Issuer for Consumer RSP systems. The Cybertrust root certificates were acquired by Digicert in 2015. In order to obtain a certificate from one of these sources it is necessary to have SAS certification.
Currently mobile service is distributed on a plastic SIM card that must be purchased and inserted into a device. As SIM cards are becoming smaller and now require a tool to replace them in a device this is inherently more expensive, less reliable and problematic. Whereas most other ‘digital’ services can be purchased online and downloaded ( or streamed ) to a device. Examples of this are music, movies and eBooks. The connected car is being designed with inbuilt eSIMs.
On this site, the word ‘eSIM’ will be used to describe any mechanism used to facilitate an IMSI/Profile download. There are basically 3 main kinds of eSIM:
- eSIMs that comply with standards developed by the GSM Association ( GSMA ). These offer a very high level of security and are accepted by most of the tier 1 MNOs. They derive their level of security by relying on a physical device, a chip which is commonly called an Embedded Universal Integrated Circuit Card ( or eUICC ). These are currently more common in Europe and North America.
- Devices that incorporate software that provides the same functionality of a physical SIM chip. These offer less security than a physical eUICC, but provide a lower cost Bill of Materials. These are very popular in Asia and are commonly referred to as SoftSIMs. Each SoftSIM implementation tends to be proprietary.
- System on a Chip ( SoC ) devices that integrate the eSIM functionality inside an SoC device such as a GSM modem processor chip. They are a cross between an eUICC and a SoftSIM in that the eSIM functionality is implemented in a silicon ‘trusted zone’ inside the processor. These are currently being developed and there is no standard for this.
The Global Certification Forum ( GCF ) is an industry body primarily representing Original Equipment Manufacturers ( OEMs ). It provides a certification process for consumer eUICCs which is described on their web site.
In addition they are developing a standard for SoC eSIMs.
The GSMA ( GSM Association ) is a trade body that primarily represents Mobile Network Operators ( MNOs ).
It is the primary driving force behind the eUICC form of eSIM and has an early working group looking at SoC eSIM.
It is not specified what format should be used to deliver the generic profile from an MNO to an SM-DP or SM-DP+ operator or in a SoftSIM/SoC eSIM application. There are various file formats that can be used to provide the profile e..g UXP, ASN.1 or even a simple Excel spreadsheet. The most commonly used format is UXP as specified by the SIM Alliance. This is called the SIM Profile Mark-up Language and is based on XML.
In addition a file of IMSI/Ki pairs must be generated in order to personalise the generic profile.
All new cars are being designed as being ‘connected’. An eSIM ( eUICC ) provides a better approach in the connected car than a conventional removable plastic SIM. It is more smaller, more robust and can be remotely programmable. By incorporating a programmable device this means that car manufacturers can make a single model that can be sold in various countries. In this application the security provided by an eUICC is key and there is no way that SoftSIMs would be acceptable.
eCall/112, now mandatory for all new car and light commercial vehicle models in the European Union from 31 March 2018, will shorten the time between an accident and the arrival of the emergency services by up to 50 percent throughout Europe, and reduce the number of fatalities on the road by around 10 percent.
In Russia there is an equivalent service called ERA-GLONASS which is based on the Russian GLONASS satellite positioning technology rather than GPS.
An eSIM is ideal to provide these services. In addition they can offer services such as accident management, breakdown and maintenance management, remote vehicle diagnostics, and remote services for customers.
The latest version of the Microsoft Surface ( Surface Pro LTE ) has a consumer eUICC built into it. The version of eUICC is thought to comply with Version 2 of the consumer GSMA RSP standard. This provides LTE/4G service without the need for a regular SIM. However in addition the Surface has a slot for a regular removable plastic SIM card. It is possible to buy and download data plans for various countries using an LPA incorporated into Windows 10.
Operating instructions can be found here.
Machines incorporating eSIMs are expected shortly from Acer, Asus and Lenovo.
The GSM Association ( GSMA ) have developed a standard that has been accepted by most of their member operators around the world ( details here ). This allows the intrinsic ‘digital signature’ content of a SIM card to be downloaded ‘Over-The-Air’ ( OTA ). They initially referred to this as ‘Remote SIM Provisioning ( RSP )’ and the chips that facilitate this were known as eUICC’s ( Embedded Universal Integrated Circuit Cards ), however there is a move to get these chips referred to as eSIMs, but in order to avoid confusion on this site they will be referred to as eUICCs.
There are 2 different kinds of eUICC, one that is used in Machine to Machine ( M2M ) devices like connected cars and the other that is used in Consumer devices like mobile phones.
eUICCs offer significant advantages over conventional removable plastic SIM cards. They are smaller, more robust and can be remotely programmed. Their programability means that a single skew of device can be made for several countries and removes the need for expensive field engineers to replace the SIMs in an M2M application.
In order to remotely provision an eUICC it is necessary to have some software loaded in a server which is called ‘Subscription Manager ( SM )’. The Subscription Manager for an M2M eUICC has 2 components, one is called the SM-DP ( Data Preparation ) and the other is called the SM-SR ( Secure Routing ). The SM in the consumer world has combined and enhanced both functions and is called an SM-DP+.
In the consumer world it is preferable to have a server where the end user can discover what mobile services ( profiles ) are available. This is called a Discovery Server ( SM-DS ).
M2M eUICCs are defined by GSMA documents SGP.01 and SGP.02. SGP.01 is a functional specification while SGP.02 defines the technical realisation of the functional spec. Within the GSMA SGP.01 is defined by the GSMA member operators ( MNO’s ), while the OEMs are tasked with producing SGP.02 which is the technical implementation specification.
Most M2M eUICC’s currently in the field comply with version 3.1 of SGP.02.
The figure below describes the basic architecture used for M2M eUICCs.
An SM-SR is responsible for establishing a secure programming channel to the eUICC while an SM-DP manipulates and personalises the Profile that is provided by the MNO into a suitable format for download. Certificates loaded into each component above and issued by a trusted Certificate Issuer ensures that the whole process is secure.
There are two distinct kinds of profile in the eUICC. The provisioning profile provides default connectivity so that the eUICC can be bootstrapped into full functionality by downloading an operational profile.
Further information about M2M eUICCs can be found on the GSMA web site.
In M2M eUICC applications it is the job of the SM-SR to establish a secure link with the eUICC.
This is normally triggered by an SMS being sent to the SM-SR containing the IP address/URL of the SM-SR associated with the fall-back profile programmed into the eUICC at the factory.