HOME

TheInfoList



OR:

Remote SIM provisioning is a specification realized by
GSMA The GSM Association (commonly referred to as 'the GSMA' or ''Global System for Mobile Communications'', originally ''Groupe Spécial Mobile'') is an industry organisation that represents the interests of mobile network operators worldwide. More ...
that allows consumers to remotely activate the
subscriber identity module A typical SIM card (mini-SIM with micro-SIM cutout) A GSM mobile phone file:Simkarte NFC SecureElement.jpg, T-Mobile nano-SIM card with NFC capabilities in the SIM tray of an iPhone 6s file:Tf sim both sides.png, A TracFone Wireless SIM card ha ...
(SIM) embedded in a portable device such as a
smart phone A smartphone is a portable computer device that combines mobile telephone and computing functions into one unit. They are distinguished from feature phones by their stronger hardware capabilities and extensive mobile operating systems, which ...
,
smart watch A smartwatch is a wearable computer in the form of a watch; modern smartwatches provide a local touchscreen interface for daily use, while an associated smartphone app provides management and telemetry, such as long-term biomonitoring. While ea ...
, fitness band or
tablet computer A tablet computer, commonly shortened to tablet, is a mobile device, typically with a mobile operating system and touchscreen display processing circuitry, and a rechargeable battery in a single, thin and flat package. Tablets, being comput ...
. The specification was originally part of the GSMA's work on eSIM and it is important to note that remote SIM provisioning is just one of the aspects that this eSIM specification includes. The other aspects being that the SIM is now structured into "domains" that separate the operator profile from the security and application "domains". In practise "eSIM upgrade" in the form of a normal SIM card is possible (using the Android 9 eSIM APIs) or eSIM can be included into an SOC. The requirement of GSMA certification is that personalisation packet is decoded inside the chip and so there is no way to dump Ki, OPc and 5G keys. Another important aspect is that the eSIM is owned by the enterprise, and this means that the enterprise now has full control of the security and applications in the eSIM, and which operators profiles are to be used.


Background to the specification

In the background of the technology looked to address the following issues: * The development of non-removable SIM technology - a new generation of SIM-cards like MFF which are soldered into the device. * The appearance and support by mobile operators of the concept of ABC (always best connected) – the opportunity get quality connections from any mobile operator at any point in time. * The explosive growth of the
Internet of Things The Internet of things (IoT) describes physical objects (or groups of such objects) with sensors, processing ability, software and other technologies that connect and exchange data with other devices and systems over the Internet or other comm ...
(IoT) - according to Gartner about 8.4 billion connections in 2017 (up 31% from 2016). * The cost and effort required to swap a SIM in a device that has been deployed in the field.


Origin

The GSM Association (
GSMA The GSM Association (commonly referred to as 'the GSMA' or ''Global System for Mobile Communications'', originally ''Groupe Spécial Mobile'') is an industry organisation that represents the interests of mobile network operators worldwide. More ...
) which brings together about 800 operators and 250 mobile ecosystem companies became the first to come up with the Consumer Remote SIM Provisioning initiative. The beginning of creation the technology was announced in the summer 2014. The complete version of the specification was realized in February, 2016. Initially, the specification was supposed to be used just by M2M devices, but since December, 2015 it has begun being spread over various custom wearable devices, and into enterprise applications like authentication and identity management.
"This new specification gives consumers the freedom to remotely connect devices, such as wearables, to a mobile network of their choice and continues to evolve the process of connecting new and innovative devices," ''Alex Sinclair, Chief Technology Officer, GSMA.''
Besides, the right of independent service providers to transmit commands of loading profiles to SIM-cards in the device has been amended and the possibility to store arrays of profiles in independent certified data centers (Subscriptions manager) has appeared.


Functions and benefits

The specification that covers the carrier selection aspects aims to allow consumers to choose a mobile network operator from a wide range to activate the SIM embedded in a device via a subscription. It aims to simplify the users’ life by connecting their multiple devices through the same subscription. It should also motivate mobile device manufacturers to develop the next generation of the mobile-connected devices that will suit better the
wearable technology Wearable technology is any technology that is designed to be used while worn. Common types of wearable technology include smartwatches and smartglasses. Wearable electronic devices are often close to or on the surface of the skin, where they detec ...
applications. The specification that covers the carrier selection for M2M devices is simpler since typically there is no subscriber involved (e.g. changing the operator in an electricity meter). The language that is used to describe these specification is a little confusing since eSIM is not a physical format (or "form factor" - the phrase that is used to describe the various SIM sizes). The eSIM describes the functionality in the SIM, not the physical size of the SIM - and there are eSIMs in many formats (2FF, 3FF, 4FF, MFF). GSMA have also developed a compliance framework for eSIM devices, eUICCs, and subscription management products - to help with interoperability and security for products supporting eSIM. This is published by the GSMA as SGP.24, the eSIM compliance process describes common compliance requirements for: * Functional interoperability * eUICC security * eUICC production site security * Subscription Management site security


Operation

Remote provisioning on the host device is initiated by the Local Profile Assistant (LPA), a software package that follows the RSP specification. When the LPA wants to retrieve a carrier profile it contacts a subscription manager (SM) service on the internet via
HTTPS Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It is used for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protocol is enc ...
. The address of the SM can be defined: * in a
QR code A QR code (an initialism for quick response code) is a type of matrix barcode (or two-dimensional barcode) invented in 1994 by the Japanese company Denso Wave. A barcode is a machine-readable optical label that can contain information about th ...
scanned by the user * by manually entering entering the SM's host name/Activation code on screen *
hard coded Hard coding (also hard-coding or hardcoding) is the software development practice of embedding data directly into the source code of a program or other executable object, as opposed to obtaining the data from external sources or generating it at ...
by the host device manufacturer in firmware. * via a universal discovery service operated by the GSMA. The LPA is responsible for validating the X.509 certificate of the SM is valid and issued by the GSMA
certificate authority In cryptography, a certificate authority or certification authority (CA) is an entity that stores, signs, and issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate. This ...
. Once validation is complete the LPA will coordinate a secure channel between the eUICC and the SM using challenge-response authentication to enter programming mode. The LPA will request carrier profiles available for download, either by submitting the activation code provided by the user or the eSIM ID (EID) of the eUICC. The SM will provide the requested profile encrypted in a way that only the eUICC can decrypt/install to ensure the network authentication key remains secure.


References

{{Reflist Mobile phone standards Computer access control protocols