The Importance of Embedded SIM Certification to Scale the Internet of Things

The importance of Embedded SIM certification to scale the Internet of Things

gsma.com/connectedliving THE IMPORTANCE OF EMBEDDED SIM CERTIFICATION #connectedliving TO SCALE THE INTERNET OF THINGS 02

Contents

03 Introduction

About the GSMA 04 M2M and IoT: gathering momentum The GSMA represents the interests of mobile operators worldwide, uniting nearly 800 The evolution of the SIM lifecycle operators with almost 300 companies in the 05 broader mobile ecosystem, including handset and device makers, software companies, 05 Ensuring confidence and trust equipment providers and internet companies, in the new Embedded SIM ecosystem as well as organisations in adjacent industry sectors. The GSMA also produces industry-leading events such as Mobile 07 What is being certified, why and by whom? World Congress, Mobile World Congress Shanghai, Mobile World Congress Americas and the Mobile 360 Series of conferences. 09 How testing and certification takes place

For more information, please visit the GSMA 10 A new SIM, a new ecosystem corporate website at www.gsma.com. Follow the GSMA on Twitter: @GSMA. 11 What are the benefits of Embedded SIM certification?

12 Why the GSMA certification standard?

12 Sources

gsma.com/connectedliving THE IMPORTANCE OF EMBEDDED SIM CERTIFICATION #connectedliving TO SCALE THE INTERNET OF THINGS INTRODUCTION 03

Embedded SIM and THE UICC AND THE EUICC What is a UICC (Universal What is a eUICC? Integrated Circuit Card)? This is an Embedded UICC, one the Internet of Things It is the physically secure computing capable of supporting the GSMA device that conforms to the Embedded SIM Specification, specifications written by the ETSI which is not easily removable Smart Card Platform project – a from the radio module. The Subscriber Identity Module – better known as the SIM SIM is one example of a UICC. – has been a vital part of our mobile experience for around a quarter of a century. The SIM controls authentication, 2FF - Mini Sim 3FF - Micro Sim 4FF - Nano Sim MFF2 - M2M Form Factor 25mm x 15 x 0.76mm 15mm x 12 x 0.76mm 12.3mm x 8.8 x 0.67mm 5.0mm x 6.0mm identity and security on a chosen mobile network, effectively operating as trusted ‘gate keeper’ and enabling us to securely access the network and use our mobile devices. Embedded SIM represents be registered on the network. This The SIM has changed form factor several times, getting a shift from the traditional enables simple and seamless mobile physical, removable SIM connections for all kinds of devices smaller with each iteration, before reaching the eUICC to the SIM being part of the device. in IoT. New value offerings and form factor to be used in our new Internet of Things (IoT) When changing mobile networks we business models can be developed and machine to machine communications (M2M) world. have typically had to open up mobile in IoT, for example in the insurance devices and physically swap out the industry – providers can leverage the SIM card. IoT devices are commonly connected car model to create more deployed remotely, so their SIM cards flexible and affordable insurance are not accessible – which is where policies for safer younger drivers. Embedded SIM comes in. Embedded SIM enables digital swapping of The GSMA has worked with SIMs, bringing greater flexibility, industry stakeholders to develop convenience and choice to how we a set of specifications for global connect devices to the global network. Embedded SIM technology that provides a mechanism for remote Embedded SIM in IoT provisioning and management means that manufacturers of IoT and M2M connections. The of connected devices GSMA Embedded SIM specification like connected cars, enables “over the air” provisioning smart meters, eHealth devices and of initial operator subscriptions and more deliver devices with a SIM the ability to change subscriptions already embedded and ready to from one operator to another.

gsma.com/connectedliving THE IMPORTANCE OF EMBEDDED SIM CERTIFICATION #connectedliving TO SCALE THE INTERNET OF THINGS 04

Another key difference Ultimately, the growth M2M and IoT: for the industry is of IoT and Embedded SIM that it will change presents an opportunity the way connected for operators to introduce a whole new world for the SIM device manufacturers interact with new commercial solutions based on suppliers and can even impact the an interoperable and unified global way they source SIMs. Manufacturers standard that enables scalable, The adoption of the Embedded SIM specification of connected devices also have the reliable and secure connectivity. option of sourcing Embedded SIMs While the interoperability of the by the world’s leading mobile operators will bring directly as well as the tried and trusted Embedded SIM also means reduced consumers and manufacturers greater choice method of sourcing from MNOs. fragmentation and the chance to take advantage of the IoT market’s and flexibility in how they connect devices and The remote provisioning capability potential - estimated to be valued combined with the non-removable at as much as US$1.3 trillion by 2025 machines. This will have a significant impact on IoT, form factor enables connected devices (source Machina Research 2016). as everything from smart meters to autonomous cars with long life cycles to be equipped during production, operate reliably connect to the Internet. To address these challenges in difficult environmental conditions IOT MARKET VALUE the GSMA Embedded SIM specification provides a and be managed easily, in market, ESTIMATED over periods of years. This lets device AT mechanism for remote provisioning and management manufacturers invest confidently US$1.3 trillion BY of machine to machine (M2M) connections – and in connected products safe in the 2025 knowledge that they can be remotely enables a simple, seamless mobile connection upgraded without product recall to dealers or the factory. for different types of connected machines.

gsma.com/connectedliving THE IMPORTANCE OF EMBEDDED SIM CERTIFICATION #connectedliving TO SCALE THE INTERNET OF THINGS 05 Ensuring confidence and trust in the new Embedded SIM ecosystem

The Embedded SIM secures access to the mobile network and is there to ensure that the end-user and device are who and what they say that they are, that they can be trusted to act as intended on the network and, equally, that the network can trust them. Certification is there to ensure The evolution of peace of mind for Embedded SIM users and customers. the SIM lifecycle GSMA Embedded SIM - Compliance

Recent research has estimated that immediate industry- wide adoption and deployment of the GSMA Embedded CERTIFICATION ACCREDITATION COMPLIANCE Based on GSMA Protection World-class security auditing Test Houses certified by Profile (SGP.05), Common companies conduct audits GlobalPlatform have to test SIM Specification will deliver 34 per cent higher market Criteria licensed laboratories on behalf of the GSMA compliance of vendors’ platforms realize security evaluation based on auditing standards and eUICCs based on GSMA growth by 2020 (source: Beecham Research). The lifecycle of eUICC products. and methodologies for Test Specification (SGP.11). GSMA Secure Accreditation of the SIM has changed and operators and manufacturers Scheme (GSMA SAS). (Common Criteria EAL4+ certificate) (GSMA certificate) (GlobalPlatform certificate) can leverage Embedded SIM and RSP to their advantage. INCREASING CONFIDENCE HIGHER MARKET GROWTH BY 2020 34% Traditional SIMs have a high degree of confidence, that been very successful if you replace the SIM card in your because they have been mobile handset, it will connect to a proven to be secure new network. This “interoperability” and they behave in a predictable is necessary to ensure broad fashion. It can be expected, with adoption of the technology.

gsma.com/connectedliving THE IMPORTANCE OF EMBEDDED SIM CERTIFICATION #connectedliving TO SCALE THE INTERNET OF THINGS 06 Why is test and certification important?

The GSMA Embedded SIM specification describes what is intended to be a robust, secure, scalable and interoperable solution. But these promises can The changing landscape only be delivered if every technology provider interprets and implements the specification in a compliant manner. Compliance is assured with a multi-layered approach. The GSMA Embedded Embedded SIM manufacturers and subscription managers are required to submit their SIM specification defines products to a series of tests to achieve various certifications to prove compliance. various roles in the service delivery chain. Traditionally, MNOs The testing methodology for The software and data purchased SIMs. In the new landscape, eUICC focuses on functional installed on the eUICC is device manufacturers may choose behaviour and the interfaces tested to ensure that it is to purchase eUICC directly from SIM with backend servers such hack-proof. This “penetration vendors. It will then be necessary for the as the Operator SM-DP (Subscription testing” is done at specialised security manufacturer to “over the air provision” Manager Data Preparation) and SM- laboratories and products that succeed the eUICC to activate it on a network. These features of the GSMA SR (Subscription Manager Secure are certified by national security This function is performed by the Embedded SIM specification - the Routing). Qualified tools are used agencies such as BSI.bund.de. subscription management platforms. eUICC, the remote management and to check the compliance of eUICCs with the GSMA specifications. The The eUICCs must behave in a predictable This flexibility of roles highlights the the flexibility of roles has a profound testing methodology is designed way in response to inputs. This common importance of certification, because impact on the overall life cycle a “new to ensure that the eUICC works functional behaviour is very important entities might be acting in roles that SIM” fit for a “new purpose”. This properly and is interoperable. because eUICCs can have a long life they have not performed traditionally. is illustrated in the figure below; in the field and ownership can change The manufacturing many times. A brake pedal should stop premises of the SIM a vehicle and an accelerator should From today’s linear model... vendor is security make it go. In the world of eUICC audited. eUICCs cannot instructions to download, enable, disable MANUFACTURE SIM SELECT MNO PERSONALISE DISTRIBUTION SIM ACTIVATION USAGE END OF LIFE join the trusted ecosystem unless the and delete must work as predicted, factory has been certified as secure otherwise eUICC will not be easily PRE-ISSUANCE POST-ISSUANCE following a comprehensive audit of adopted and scale will not be achieved. the site. A similar scheme is in place To outcome-based model with repeat provisioning to ensure that the site of operation The testing process itself is of the subscription management carried out by Test Houses PERSONALISEDOWNLOAD (OPERATING PROFILE) servers is similarly secure. The standard and laboratories that have PROFILE that applies is similar to the scheme received prior accreditation SELECT/ MANUFACTURE SIM PERSONALISE PROVISIONING DISTRIBUTION SELECTCHANGE MNO MNO PROVISIONING USUSAGEAGE used by manufacturers of bank and approval from GlobalPlatform. PROFILE ENDEND OF OF cards and national identity cards. These approved Test Houses carry SUBSCRIPTION out a range of key functions, including SUBSCRIPTION testing the provisioning of single and PRE-ISSUANCE POST-ISSUANCE multiple subscriptions, provisioning a new device’s first subscription, making new added subscriptions or changes to existing ones, transferring subscriptions and of course cancelling them. gsma.com/connectedliving THE IMPORTANCE OF EMBEDDED SIM CERTIFICATION #connectedliving TO SCALE THE INTERNET OF THINGS 07 What is being certified, why and by whom? Ensuring quality, delivering confidence A multi-layered quality assurance enables customers throughout the service delivery chain, to have confidence that The GSMA Embedded SIM specification has a their investments will return products that work as they are corresponding test specification. This document defines supposed to, can scale as desired and last as long as needed. the test conditions which must be in place to validate compliant behaviour. The test specification is interpreted SECURE HACK-PROOF by test tools which are certified by GlobalPlatform. eUICC manufacturers can submit their products to test labs that SCALEABLE use GlobalPlatform qualified test tools. If the product FUNCTIONAL INTEROPERABLE passes the tests, it will be certified by GlobalPlatform.

Embedded SIM specialised test laboratories that COMPLIANCE manufacturers and conduct penetration tests to try to subscription managers “hack” the product. Products that prove are required to submit to be impenetrable to the required GSMA Specifications Actual Solution GSMA Test Access to Whole Market their products to a series of tests standard (EAL4+) can be certified. to achieve various certifications The core GSMA The actual solution Manufacturing and GP Compliance specifications that form that the service you’re operational security Programme assisted by a to prove compliance. The security of (eUICC) the de facto standard: about to purchase is is audited by GSMA Qualified Tests Company manufacturing and running on Remote Provisioning Functional compliance Provides the reassurance The anti-hack credentials of an eUICC (subscription management) Architecture for is certified by of knowing that the Embedded UICC GlobalPlatform service has access to are certified in a similar fashion. The operations is assured by Technical Specification a wider market Version 3.1 Hack-proof credentials GSMA Embedded SIM specification has a GSMA managed scheme called 27th May 2016 are certified by national a corresponding “protection profile”, “Security Accreditation Scheme”, with security agencies which is a common criteria where the which sites are audited to a defined “protection profile” is validated and standard so that they demonstrate approved by national security agencies security best practices. If the site passes such as BSI.Bund.de in Germany and the audit, they can join the ecosystem as equivalent agencies in other countries. a trusted entity. Trust is demonstrated Vendors submit their products to with PKI digital certificates.

gsma.com/connectedliving THE IMPORTANCE OF EMBEDDED SIM CERTIFICATION #connectedliving TO SCALE THE INTERNET OF THINGS 08

For many years the GSMA’s This is to help mobile operators SAS Security Accreditation to ensure that the highest level of Scheme (SAS) has enabled security is in place to manage their CERTIFICATION

all GSM operators to assess subscriber credentials. EAL4+ the physical security at supplier sites. GSMA Protection Profile eUICC Protection Profile Penetration Tests EAL4+ Certified The scheme is manage by the SAS Suppliers request an official audit group within GSMA, whose role it is from the GSMA. Auditors visit the GSMA defined a The eUICC An independent By receiveing the to define the security standard which site a conduct a comprehensive site Protection Profile for manufacturer laboratory realises EAL4+ certification, eUICC approved by BSI: implements rules penetration tests to the eUICC will ensure must me maintained at sites where audit based on the applicable GSMA defined in the validate the Protection confidentiality and Embedded UICC Protection Profile Profile implementation integrity of Operators eUICC product is manufactured and security standard (one for the eUICC Protection Profile assets Version 1.1 where subscription management production called SAS-UP and one for 25th Aug 2015 systems are operated. the subscription manager operations called SAS-SM). The audit report will be reviewed by the GSMA SAS Certification eUICC products are Body and if approved, an “Accredited required to be tested to Site” certificate is issued to the supplier. Evaluation Assurance Level 4+ standard. EAL THE HIGHEST LEVEL OF is an international Common Criteria security evaluation standard which ACCREDITATION is designed to give confidence that SECURITY TO MANAGE the designed security features are SAS SUBSCRIBER CREDENTIALS reliably implemented. The certification Security Accreditation Scheme eUICC SM-DP SM-SR Audit Report Audit Report SAS Certified is linked with security mechanisms put in place in the eUICC to avoid For many years the The supplier of the The auditor visits the The audit report is sent If approved an GSMA’s Security products requests site, conducts an official to thre GSMA SAS ‘Accredited Site’ hacking of the data store on the Accreditation Scheme an official audit from audit, then produces Certification body for certificate is issued (SAS) has enabled the GSMA accredited an Audit report for the review and approval to the supplier eUICC. This is specified by the GSMA all GSM operators Auditors GSMA SAS Certification to assess supplier’s Body in a protection profile describing security. what needs to be protected and how. Security Accreditation Penetration testing is performed Scheme for UICC Production - Standard by laboratories that are recognised Version 7.0 27th July 2016 by national security agencies.

GSMA SAS Standard for Subscription Manager Roles Version 2.0

gsma.com/connectedliving THE IMPORTANCE OF EMBEDDED SIM CERTIFICATION #connectedliving TO SCALE THE INTERNET OF THINGS 09

In the test process itself, How testing eUICC manufacturers are responsible for ensuring that their eUICCs are and certification certified in line with GlobalPlatform End-to-end testing approved processes. They must also It is important for service takes place test to ensure compatibility with providers to carry out end- multiple network environments and to-end testing, to field-test the eUICC for compliance with multiple MNO and the device that it is embedded in. profiles over the device’s lifespan. The testing process covers End-to-end testing helps to ensure the functional behaviour and that processes function as required and The GlobalPlatform Processes the interfaces of the supplier that there is complete interoperability between all parts. So that from the 1 GlobalPlatform Product solution. The GSMA test 2 MNO to the end-user, the embedded 3 Qualification – products must SIM works as it should ‘in the field’ and specification is implemented as perform a number of approved the user experience will be satisfactory. a test suite by GlobalPlatform laboratory tests to achieve GlobalPlatform qualification. and this forms the basis of As the internet of things scales, interoperability becomes increasingly GlobalPlatform Laboratory rigorous formal testing by important. Users expect devices to be Qualification - laboratories reliable, long lived and that changing qualified entities. Solutions that must successfully meet criteria network subscriptions need not involve set by GlobalPlatform and use succeed in the testing process the traditional switch-out process. GlobalPlatform qualified test are thereby proven as compliant tools to achieve qualified status. with the GSMA specification. GlobalPlatform Test Tool Qualification - test tools must support GlobalPlatform’s functional requirements and perform a test suite on a number of products during a GlobalPlatform TestFest.

Self-Testing Products - vendors can self-test products by purchasing a GlobalPlatform qualified test tool.

gsma.com/connectedliving THE IMPORTANCE OF EMBEDDED SIM CERTIFICATION #connectedliving TO SCALE THE INTERNET OF THINGS 10

THE ECO SYSTEM HAS A new SIM, CHANGED a new ecosystem

In the evolution from the traditional SIM to the Embedded eUICC, the ecosystem has changed. With the Embedded SIM now being integrated into the device itself – and that device could be a connected car, a smart water meter or any other IoT-enabled, connected device. So this new functionality requires an ecosystem to support it.

The GSMA has worked for several years to build This new ecosystem is this trusted ecosystem for based on trust between Embedded SIM, with a goal of having all relevant stakeholders – common technology and certification trust founded on transparency and the capabilities. The specification was ability to demonstrate that devices and developed to help the new ecosystem platforms comply with one common make Embedded SIM scalable and specification. It is a trusted ecosystem interoperable and to ensure the which is able to deliver a high quality, very highest levels of customer care reliable service to end users and that and security. It has been successful is able to manage sensitive subscriber in the market and adopted by a data and information securely. significant proportion of the world’s leading IoT mobile operators.

gsma.com/connectedliving THE IMPORTANCE OF EMBEDDED SIM CERTIFICATION #connectedliving TO SCALE THE INTERNET OF THINGS 11

What are the benefits of

Embedded SIM certification? THE GSMA EMBEDDED SIM SPECIFICATION OFFERS THE INDUSTRY A RANGE OF BENEFITS: As a provider of connected devices why should Manufacturers can you care about test and certification of Embedded quickly and easily source SIM? Because it enables your devices to reach compliant eUICC products Profiles can be loaded market faster since they do not need to pass through and updated remotely proprietary test processes for every network. and with no need for physical interaction with the M2M device – streamlining management of devices across different environments, use cases and markets

MNOs have the assurance that embedded products From the customer perspective, Therefore mobile operators are compliant before The benefits to operators are new business opportunities are and other stakeholders can profiles are loaded underpinned by the reassurance of enabled through more devices than achieve lower costs without the MNOs also benefit from test and certification of Embedded ever being connected, including need to invest extensive time reduced costs for issuance SIM, include an accelerated M2M hard to reach devices which were and money undertaking product and management of M2M market growth and new business previously uneconomical or impractical certification on a piecemeal SIM products and expanded opportunities. The de facto Embedded to connect. Cost savings, space basis. The ecosystem members market opportunities SIM standard for the industry savings, the ability to personalise also enjoy the peace of mind of End-users enjoy an enhanced prevents market fragmentation while products, plus an improved customer knowing they have in place a customer experience impacting minimally on existing experience all add to the mix. secure solution for over the air since products will now systems and network infrastructure. provisioning underpinned by the work ‘out of the box’ and It brings added reliability, lower world’s leading wireless industry cost less to deploy costs and continued security. representative body, the GSMA.

gsma.com/connectedliving THE IMPORTANCE OF EMBEDDED SIM CERTIFICATION #connectedliving TO SCALE THE INTERNET OF THINGS 12

Major industry players support To find out more about Why the the GSMA Embedded SIM the GSMA remote SIM specification, please see: GSMA provisioning for M2M initiative http://www.gsma.com/ connectedliving/embedded-sim/ 7layers GmbH Safran Identity and Security compliance/universal-profile/ certification Advanced Info Service PLC NEC Corporation AT&T Mobility Nokia Bell Mobility Inc NOS – Comunicações, S.A. standard? BlackBerry Limited NTT Docomo, Inc Bouygues Télécom O2 Czech Republic a.s. GlobalPlatform is a non-profit, China Mobile Limited Oberthur Technologies association which defines and develops The Embedded SIM Test specifications to facilitate the secure China Telecommunications Corporation Orange deployment and management of Specification is designed China Unicom Renault multiple applications on secure to help all industry and Cisco Systems Inc Rogers Communications Canada Inc chip technology. Its standardised Cloud 9 Mobile Communications PLC Samsung Electronics Co Ltd infrastructure empowers service ecosystem stakeholders Com4 AS Scania providers to develop digital services comply with the GSMA COMPRION GmbH Simulity Labs Ltd once and deploy them across different EE Limited SingTel Mobile Singapore Pte. Ltd devices and channels. GlobalPlatform’s Technical Specifications. Emirates Integrated SmarTone Mobile Communications Limited security and privacy parameters The GSMA has also extended Telecommunications Company PJSC Sony Mobile Communications Inc. enable dynamic combinations of epay Limited Starhome Mach secure and non-secure services from multiple providers on the same its successful Security Ericsson STMicroelectronics Srl - Incard Division device, providing a foundation for Evolving Systems Limited Swisscom (Switzerland) Ltd Accreditation Scheme market convergence and innovative FIME SAS (SAS) to cover remote SIM Symantec Corporation new cross-sector partnerships. Gemalto NV Telefónica S.A. provisioning subscription Giesecke & Devrient GmbH Telekom Deutschland GmbH For more information on GlobalPlatform membership management service GigSky Mobile LLC Telenor Group GM Telia Company AB visit www.globalplatform.org providers to ensure the Hewlett Packard Enterprise TELUS Communications Inc robust security and product Huawei Technologies Co Ltd The Alaska Wireless Network, LLC Hutchison 3G UK Limited T-Mobile USA, Inc SOURCES: integrity requirements Intel Corporation Turkcell Iletisim Hizmetleri A.S. 1. Beecham Research – ‘GSMA Jasper Technologies Inc UL TS B.V. are maintained. Embedded SIM Specification JLR (Jaguar Land Rover) Union Telephone Company will deliver 34 per cent higher KDDI Corporation Valid Soluciones Tecnologicas S.A market growth by 2020’ KORE Wireless Group Inc Verizon Wireless KPN B.V. Vodafone GmbH 2. Machina Research – ‘Forecasting LG Electronics Inc Volvo the Internet of Things MediaTek Inc WINS Limited revenue opportunity’ MEO - Serviços de Comunicações e Multimédia SA ZTE Corporation Mobileum, Inc

gsma.com/connectedliving THE IMPORTANCE OF EMBEDDED SIM CERTIFICATION #connectedliving TO SCALE THE INTERNET OF THINGS