eSIM in IoT

eSIM in IoT

eSIM in IoT

Could you imagine IoT device without plastic SIM cards?  They can still be connected and managed remotely!

Does your mobile phone enable you to use eSIM (digital version of SIM card)? If not, the next one will surely be, as the eSIM solution is gaining more and more of the mobile device market. But what with the other devices? Is your car able to connect with mobile network using eSIM? Quite likely, as since 2018 all new cars in Europe have to be connected to the cellular network and be able to call 112 in case of emergency. But how the network operators and eSIM providers ensure that every emergency call will work with 100% of certainty? There is no plastic SIM card and car has to be connected and managed fully remotely.  There are many dangers along the way: the device might not be reachable, might be switched off or broken, it could be no or very weak network coverage. In our article, you will find out how eSIM solutions providers like IDEMIA, deal with these difficulties. Not only in automotive but also in the whole IoT world.

eSIM and IoT . Can it be a happy relationship?

For last decades, we were the witnesses of a connectivity evolution from 1G to 5G. Each progression could be observed due to the fact, that our mobile devices were able to process more and more data via gaming and streaming platforms.
Do you check the connectivity type – 3G, LTE etc. – in your phone on the daily basis? I bet you do not, until you see the loading spinner on the youtube channel! This is what you, the consumer, expect from the technology – to be robust, reliable and also seamless but not crude and finally, if possible, to be invisible! But there is one thing that makes you annoyed, when you switch your phone to another one – the crude technology is still there and does not help you forget about itself. It’s called a SIM card. A small plastic card which you put inside your device and need to remember to move it in and out every time you switch your phone. If you are lucky, the form factor will remain the same. If not, you will have to order a new card as it will not fit your new device.

There is a remedy for all those worries – just put a small magical “e” in front of SIM and all your problems will disappear. This “e” converts your plastic card with your SIM profile (i.e. software data that authorizes you in front of your mobile operator) into the soldered one on the device. With mobile devices that are equipped with eSIM solution, you do not have to use plastic cards anymore. You just buy your SIM profile on the Mobile operator www site and all profile data will be securely provisioned into your mobile in a few seconds. Moreover, your eSIM is not dedicated to a certain operator. It can handle any and even a few of them at the same time. Just like dual sim solution.

Together with connectivity evolution our surrounding is slightly changing as well. Especially stuff, items, objects around us are becoming more and more interactive. All those Things like industrial, coffee, vending machines, payments terminals, fire alarms, smart doors, medical sensors and cars, they all benefit from mobile connectivity. Thanks to it, they are able to exchange data with other devices and systems.  The concept of network of smart devices is called “Internet of Things”. Sometimes the name “Machine to Machine” is also used. IoT devices use similar connectivity as in your mobile device, but they are not consumer oriented – it means that there is no standard way to maintain SIM profile by a human and the way of provisioning your data is much more complex.  In fact it is very rare that it is you who maintains the SIM technology on IoT market.

eSIM is already in place on this market and it approached it invisibly. Since 2018 all new cars in Europe have to be connected and be able to call 112 in case of emergency, thus all car makers have to equip vehicles with SIM cards and it’s their duty to take care of the billings. Our cars become more and more intelligent due to connectivity pipes to intelligent services where they exchange and analyze telematics data in your vehicle. Being a car maker, it would be nice to have the possibility to change the mobile operator if a new connectivity deal, that provides savings, appears on the market. Unfortunately, such an operation is not that easy to process on the IoT market. Technology approached this business unseen but there is a drawback. IoT tech is not seamless like consumer-oriented is. This is due to the fact that IoT devices are usually maintained remotely, consumer does not approach every single device to perform operation on it, like SIM profile provisioning. In fact, remote access is an uncertainty – the device might not be reachable, might be switched off or broken, it could be no or very weak network coverage.

To reach agility in IoT Connectivity world, the market is working on a new GSMA eSIM IoT standard that will use Consumer wise approach to provide connectivity into IoT market devices.

Why eSIM IoT idea came up?

There is a growing open market of IoT devices that needs the flexible solution for connectivity delivery and management for telematics and infotainment purposes. The special IoT devices sector, Automotive market is included here.

It became clear, that the dedicated for the IoT world, standard new solution has to be designed and  developed.

There are currently solutions present on the market that were considered to be adjusted to the above needs, but they are very complex in terms of deployment and integration, especially for small market players, and not flexible. The market is looking for something different, more mature in terms of flexibility and simplicity on one side and still high security level on the other side.

It’s visible now, that the market is awaiting the Consumer eSIM adaptation – that serves the Consumer (i.e. individual user) mobile devices at the moment – to IoT world and its use cases, with as few changes as possible on the Consumer eSIM card and no changes on the Consumer Remote Subscription Provisioning server side.

eSIM IoT exemplary use cases to be addressed

  1. Farm management supporting use case ->  Provision the IoT device with the profile(s) and switch the profiles during the IoT device lifecycle, rollback including

There is a huge farm that will be efficiently managed thanks to the data gathering (eg. water consumption) from the sensors that will be put in the field. Therefore there is 200 battery-powered IoT devices with sensors bought for the farm, managed by the dedicated system. The devices are paired with the managing system in the farm office, during unpacking them. Then, the management station and each device create a cryptographically strong and authenticated binding. The connectivity between sensors and managing entity, that enables the farm monitoring, would be possible thanks to the Mobile Network Operator (MNO) services (profiles). There is one MNO delivering good level services in the farm area. That’s why the devices are initially provisioned with 200 profiles from this mentioned Operator.  Then the devices are placed in the field.

 The data gathering from the sensors, from the field is now possible. The sensors are working well in terms of the connectivity, with several exceptions – the 50 sensors from one far field area have the problems with connectivity because of low Operator network coverage in this place. That’s why it’s decided to switch to another MNO connectivity for them. This another MNO has better coverage in this area. The 50 profiles are bought from the second MNO,delivered to the dedicated sensors and are immediately enabled there, providing much better connectivity with the management system.

In case one of these 50 sensors is in the area of better coverage of the first MNO services and the IoT device detects that has no access to the network via the new profile, it will switch back to the previous one.

  • Semitrailers fleet tracking supporting use case -> Provision the IoT device with profile(s) and switch the profiles during the IoT device lifecycle

Let’s imagine that we have company managing the fleet of semitrailers globally in several regions. We would like to be able to track our assets – these trailers – all over the time. To be able to do this, each trailer has an asset tracker and environmental sensor IoT.

Each trailer IoT device has the Operators’ services (profiles) covering each major region with the best service plan – price, supported network features, coverage.

The addition/deletion of services (profiles) on the IoT device is done by a managing entity while the semitrailers are located in the base station (i.e. the central base), where the Internet connection is available. The IoT device in the trailer is pre-provisioned there with the Operator A and B profiles, as the trailer is planned to operate in scope of the regions good covered by Operator A or Operator B services. Additionally Operator A profile is enabled, so the semitrailer has the connectivity thanks to the Operator A profile initially. Eventually it goes on the route in the Operator A region. But during the journey to the destination point, the trailer leaves Operator A region and goes through Operator B region.

On the way to the destination the trailer IoT device application wakes up every now and then, checks its environment, approximate location (GPS, cell based, …) and then optionally the availability of accesses. Once realizes that there is no Operator A coverage and Operator B coverage is found, the profile switch is done. The semitrailers central base (station) has rather good awareness of the geographical location and connectivity options of the trailer and therefore can optimize the window for possible remote management (e.g. new profiles provisioning) of the asset tracker and the environmental sensor IoT device.

  • Automotive localization use case ->  provision the car with the local Operator profile immediately after the car activation in the destination country. 

The car manufacturer from country A delivers the bunch of cars for the country B market. Initially, during manufacturing, the cars are provisioned with the country A Operator profiles that enables the connectivity with the car for car manufacturer. After that the cars are delivered to the destination country and there activated. As it’s more convenient, and sometimes even required by the law, to use the connectivity ensured by the local service provider, the local Operator profile is delivered to the car and enabled immediately after the car activation in the destination country.

Adapt eSIM Consumer solution to IoT world – how to?

In eSIM Consumer world everything seems to be easy and straightforward. You as the user can have the default Consumer device and equip it with the connectivity and other mobile services provided by the default chosen Mobile Network Operators (yes, more than one!).

How it’s possible? Let’s clarify it based on the airport use case – you go to the different country for vacation where your domestic Operator has no services available or these services are very expensive in the roaming there. Therefor you need the services from the local provider. To get it, you scan on your mobile Consumer device (e.g. smartphone with eSIM) the QR code exposed on the billboard in the airport, asked for the payment, you process it on your device and that’s it! You are ready to use the services – the profile from the Mobile Network Operator is now downloaded and installed on your phone!

(To get more familiar with the Consumer solution, please look forward for our article dedicated to it)

So in the Consumer world you have the user, who is the main player in this game – he decides what (what kind of services), when and from which Operator to download to his device. Further on the user manages the mobile services (profiles) on his device – could switch between them or even remove the chosen ones. Speaking concisely, he has the full control on the device and everything what’s happening on it in terms of getting and managing mobile services – every remote operation related to getting the mobile services requires his consent. He has to be aware of everything.

And now we have to move this solution into the IoT world, where there is mainly no end user. That’s why it’s not so easy and has to be done very smartly. Especially in terms of security. To ensure that the services are safely delivered to the device and after that are safely managed during the whole lifecycle.

Besides of no end user, there are also additional challenges-constraints in IoT world – in many cases devices are out of physical reach for the device owner, they have low power, they are not constantly available (working in the windows only)  and they are network constraint devices – the common communication protocols are not served in this world in most cases.

Taking these all into consideration, during eSIM Consumer solution adaptation to the IoT world, the following points have to be addressed:

  • enable remote instead of local mobile services (profiles) management i.e. download and profile state management – for sure enabling, switching and deletion.
    • ensure remote profiles management security on the same level as in Consumer solution,
    • enable flexible eSIM binding with remote manager – entity responsible for remote profiles management:
      • easy initial configuration on each level of card/device lifecycle (during production, after it or in the field),
      • easy binding change.
    • ensure this binding authorised and secured,
    • enable serving of variety IoT protocols,
    • enable communication initialization management and communication optimization.

eSIM IoT – our idea for this

IDEMIA is the credential authority for the customers all over the world. Our main business is security assurance. We deliver the security certified solutions to the market. Therefor our duty is to deliver the trusted eSIM IoT solution for our current and future customers. This solution will enable the remote profiles management on the Consumer eSIM in IoT world in the secure way. This will give the trust not only for Mobile Network Operators, but also for devices (in particular also cars) manufacturers and owners.  

Our aim is to deliver the eSIM IoT solution based on the below pillars:

The Security is one of the underestimated subjects of entire ecosystem. We can take a look on security from two different ankles.

The first one is eSIM profile safety. Profile is a sensitive data placed on plastic or digital SIM. Whoever will get the plastic card or capture the profile data, can pretend to be you in Mobile Operator network. To mitigate risk of such attack, the implementation of profile data protection, the way of profile download and storage shall be compliant with the standard that needs to be audited across certification rules. Then we can consider it as trusted and secure.

The second one is a security of your profile management operations. Here you can distinguish between local and remote management. For local use case, protection of local management operation is more on device control side. Whoever get access to the device, can either replace a plastic SIM card, switch or delete a profile on eSIM using dedicated user interface. In Consumer world it is device owner or administrator, who has physical access to it.

For the remote management – the fundamental thing in IoT world – there is a need to have capability to manage the profile from outside of device.

Let’s imagine car manufacturer that performs profile switch on eSIM solution in big set of cars. As a car manufacturer operator, I would like to have trusted management service that is eligible to perform the profiles management operations remotely. Therefore the management service should be trusted in front of eSIM by having the same root of trust represented by Certified Authority,e.g. in PKI standard. The management service is a new entity in the ecosystem, which in IoT world replaces human in interaction with the device. Here, like in Consumer world, the device can be sold to another user.

So such a use case should be adopted in M2M reality as well. It means here, that potentially one management service can be replaced by another one and this should be done in secure way, potentially using another root of trust between eSIM and device owner.

The Security is IDEMIA’s focus here, to deliver the trusted  eSIM IoT solution for the market.

ul. Jaracza 62
90-251 Łódź