Here’s a great article from The Crazy Programmer
The number of internet of things (IoT) connections are expected to reach 25 billion by 2025. As the IoT device connections increase, there is more demand for cellular connectivity from the enterprises and industries that use IoT devices. Embedded Sim technology is a catalyst for digitally managing and connectivity life cycle of the IoT devices. Although there are noticeable tractions in adopting IoT eSIM, there are still some hurdles that face the technology. In this post, we will look at the challenges that face the adoption of IoT technologies and the key parts that comprise IoT eSIMs.
What is IoT eSIM?
IoT eSIM is an embedded Universal Integrated Circuit Card according to GSMA, a global association that sets up telecommunications frameworks. Thus, IoT eSIMs are approved by the largest operators in the world. Unlike the conventional plastic SIM cards that can be removed from the IoT device, IoT eSIMs are soldered directly. Developments in the IoT eSIM or eUICC have enabled them to fit into extreme environments (humidity, vibrations, resistance to water, and high temperatures) and across the IoT device’s life cycle. Among the primary aims of the eSIMs is to create an architectural reference that could promote solution longevity and interoperability.
The eSIM profile holds the unique identity of the device. It also matches the subscription agreement of a customer with a specified network operator. It also enables its profile in the eUICC SIM granting it access to the operator’s network. One advantage of the eSIM profile is replacing it with a new profile provisioned on the eUICC SIM using a remote eSIM provisioning process. The eSIM profiles fall into two categories; Bootstrap or initial activation and the operational profile.
The Bootstrap profile serves two functions when you use and pre-configure it as the base eSIM profile. At first, it can facilitate access to the network to provide the operational profile to the eSIM. It can also act as a fall-back option that enables the international roaming functionality to a network of operators. The customers typically download a customized operational profile that they can access locally and circumvent the potential restrictions to roaming and the costly charges once you enable the bootstrap profile on initial access. Note that you can download over one operational profile when you use eSIM. However, you can only have one active profile at a time.
Essential parts that make up the eSIM technology
When we talk of embedded SIM, various technologies are involved. Therefore, to choose the right solution, you need to understand clearly what the technologies are and how they work. Below are some of the critical parts making up the eSIM.
SM-DP (Subscription Manager Data Preparation)
As part of Remote SIM Provisioning (RSP), the SM-DP prepares the eSIM profiles securely and stores them as they await to be provisioned to the eUICC. The preparation also includes encrypting the profiles using digitally signed certificates. There is a separate SM-SR entity that performs the transfer of the profiles over the air.
This is an acronym for embedded Universal Integrated Circuit Card. eUICC has a dedicated system and write/read capabilities that enable remote provisioning over the air using the RSP process. Thus, the requirement for physical changing of the device’s sim card is eliminated. Since eUICC is a generic term, it equally applies to removable RSP-capable and fixed SIM form factors. eSIMs appear in all form factors.
SM-SR (subscription-manager Secure Routing)
SM-SR performs over-the-air transport of the profiles securely to the eUICC as part of the remote SIM provisioning process. It acts as a complement to the separate SM-DP responsible for preparing eSIM profiles and storage.
RSP (Remote SIM provisioning)
This is a service that is used to deliver the eSIM profile to the eUICC SIM. It gives the users the ability to download securely, enable, attach and disable eSIM profiles remotely. We use the term platform management to describe the different functions that are needed to support the process of remote SIM provisioning.
Challenges to the Adoption of IoT eSIM technology
Reluctance by mobile carriers
Mobile carriers need to rethink their business models to survive the adoption of IoT that is happening worldwide. These carriers need IoT enablers and OEMs to sell cellular data plans by adding flavor to the B2B models to the B2C models they already have. Because eSIMs do not connect the end-users of a specific carrier anymore, there is a fear of losing the clients through a simple button click and their flexibility of changing the subscriptions. It may mean an end to exploitative and expensive roaming charges to the users. This has been a reason the adoption of eSIMs has been very slow despite being around for years.
Changing geographical regulations
Although GSMA is the body responsible for the standardization of solutions for remote SIM Provisioning, there is a variance in the regulations to host a subscription management platform and data centers between countries. Some countries like China require that the data centers be within their jurisdiction. Such regulations inhibit the transfer of data and curtail the adoption of eSIMs.
The return on investment (ROI)
Regardless of who invests in eSIM architecture, ROI is still a sometimes scary consideration. Because of the fall of roaming charges and prices of mobile data that consistently pressure the carrier’s margins, the above assertion is true. Considering the limited applications, the cost of IoT eSIM solution deployment is high. The fact of “keeping-things as are” further complicates the possibility of investing in IoT because there are no severe disruptors to the market.
Today, the biggest threat to any IT deployment is the security aspect. The data being exchanged between the servers and the IoT devices must be handled securely. Although IoT is mature to handle security, any new technology addition brings new gaps and loopholes in security. For instance, waste IoT devices are prone to illegal reuse and reverse-engineering the device once associated with a person’s identity. The hacker can have access the legitimate owner did not correctly disassociate to user and device credentials.
Since you can reprogram the eSIM remotely, they can share the credentials over the air. Hence, eSIMs are open to side-channel attacks. By tapping the communication between the platform and the eSIM, the attacker can access the actual carrier profiles for various fraudulent activities.
The connectivity of IoT devices is now more necessary than ever. With the increase in the number of IoT devices, eSIMs are an ideal connectivity solution. However, besides the various benefits they can offer, eSIMs remain widely unpopular, and their adoption is slow because of the factors enumerated above.