How eSIM standards are evolving for secure IoT

Sitting behind cellular communications infrastructure is a vast library of complex technology common, industry-specific engineering standards and specifications. Stakeholder organisations invest extensive effort and engineering resources on an ongoing basis to maintain and progress these. Products and services can thus be improved, creating opportunities to explore new use cases that will enable additional revenue streams. Just looking through the first few pages of one of these publications shows how dependent one specification is on a raft of others, says Said Gharout, head of standards, Kigen.

Some of these documents outline specific protocols in detail. Conversely, others define a technology landscape leveraging multiple technologies to deliver a cohesive architecture or ecosystem. One such example is the GSMA’s standard for Remote SIM Provisioning (RSP) of eSIM & iSIM, which allows cellular carriers’ SIM content to be securely delivered to target SIM ‘containers’ digitally.

Regardless of their scope, the overarching purpose of standards and specifications is to facilitate development, ensure separately delivered components work seamlessly together, and promote widespread interoperability. Additionally, with full industry backing, they reduce market-stifling fragmentation, thereby accelerating adoption.

Progression from SIM to eSIM and iSIM

Since cellular communications’ inception, SIMs have been required so that remote devices can achieve authentication when connecting to a network. Protecting the security credentials stored has been fundamental, yet these must be easily issued to subscribers for placing into their devices. SIM definitions emerged back in the early 1990s, comprising a credit card-sized format, minimal memory capacity (8kB), and a 5V supply voltage. Over the following decades, as cellular technology advanced, SIMs evolved accordingly. They have been compressed to a nano form factor and seen their voltage drop to 1.8V. Increased chip performance and memory capabilities have resulted in greater functionality and stronger security.

With cellular connections now extending beyond consumer handhelds and into IoT devices, etc., the demands being placed on SIMs are changing. Further reductions in size, plus greater electrical and memory endurance, are being mandated.

In response to this, ETSI specified a new class of SIM Form Factor in its TS 102 671 standard (first published in 2010). This set out more robust physical and logical characteristics, including the layout for the permanently fixed (soldered onto the chip) machine-to-machine (M2M) form factors. Moving beyond that, SIM chip suppliers now offer M2M capabilities in a newer form factor, the wafer-level chip scale package (WLCSP), which is even easier to embed and further reduces footprint.

Concurrent advances permitted delivery of discrete, SIM-grade protection within multipurpose cellular chips. A logical secure enclave (tamper-resistant element), hosted on a system-on-chip (SoC) allowed all SIM functions to be carried out—with benefits for footprint, power consumption, and robustness being derived while still maintaining the necessary physical and logical security. The integrated SIM (iSIM) concept was born. However, further work was required to push for wider acceptance through standardisation, as interoperability and partnerships are key to delivering the simplified logistics that accelerate the adoption of Cellular IoT.