ECC Newsletter December 2018

Keeping it eSIMple – The future of mobile

It was a German company called Giesecke & Devrient1 that unveiled the world’s first commercial SIM card in 1991. This product quickly gained acceptance as the global standard for the SIM card format. Over the years the SIM card has been downsized as devices have become smaller — from a credit card-sized piece of plastic with a chip (1FF), to the “Nano” SIM which fits in most smartphones today. Apart from the smaller size, the basic functionality has remained largely unchanged over the years.

Figure 1 - SIM card form factors over the years

MFF2, the smallest form factor depicted in Figure 1 above, was designed to be embedded or soldered onto the circuit board of a device. This type of SIM is designed for devices which may be exposed to extreme conditions (cold, heat, dust, moisture, vibration etc.) and where space on circuit boards is regarded as high value real estate. Embedded SIMs are commonly found in mobile-based machine-to-machine (M2M) devices.

Mobile-based M2M – the switching challenge

Competition across Europe in the consumer market for mobile electronic communications (referred to as Person-To-Person (P2P) communications in this article) has been vibrant for many years and this has been largely enabled by number portability. If a subscriber wishes to switch operator it is a simple matter of approaching a new operator and purchasing a new SIM card, which can then be inserted into the subscriber's device. The subscriber’s number can be ported to the new service provider in a very short period of time. The whole process is quite seamless.

While number portability may not have significant relevance for M2M communications, a different and unique challenge for mobile operators and service providers has emerged. An M2M customer may have hundreds, thousands or millions of devices installed over a wide geographical area (possibly across borders). Physically replacing SIM cards to switch service provider is neither economically nor logistically feasible in most cases. If embedded SIMs are used to overcome environmental challenges (i.e. extreme temperature, moisture, vibration etc.), then the switching challenge becomes even greater and the concept of "operator lock-in" is introduced.

ECC Report 2122 identified “operator lock-in” as a potential competition risk for the emerging M2M market and explored administrative and technical solutions to resolve the issue. One administrative solution that was identified was to assign E.212 numbering resources directly to M2M customers which essentially allows them to generate their own International Mobile Subscriber Identity (IMSI) numbers independent of their host mobile operator. There are examples of this type of solution deployed in the market today but these solutions often result in introducing operational and contractual complexities into the relationship between the service provider and the customer, and the responsibility for regulatory obligations regarding the use of the numbers can become ambiguous.

The alternative to an administrative solution is a technical one where the subscription can be initially provisioned remotely over the air or re-provisioned to facilitating switching of service providers.

In 2013, the GSMA released a first version of its specification3 for an embedded Universal Integrated Circuit Card (eUICC – referred to as eSIM in this article) which provides the capability of managing subscriptions remotely in the M2M communications sphere thereby allowing eSIMs to be managed over the air. This was followed up in 2017 by another specification4 for the P2P market. In certain cases consumer devices may have eSIMs (e.g. tablets, smartphones, wearables, etc.), so the challenge of switching operator without a physical SIM card replacement is also relevant.

A physical SIM replaced by a logical SIM

ECC Report 274, published in November 2018, describes how the traditional SIM card and the eSIM are configured. There are two key identifiers involved:

  1. The Integrated Circuit Card Identifier (ICCID), defined in ITU-T Recommendation E.1185, identifies the physical SIM card and the SIM card issuer.
  2. The International Mobile Subscription Identity (IMSI), defined in ITU-T Recommendation E.2126, identifies a unique mobile subscription.

With traditional SIM cards, the ICCID identifies the physical hardware, and it is possible to have multiple profiles in one SIM card which have different IMSIs. With the eSIM, the GSMA specification introduces a new identifier called the embedded Universal Integrated Circuit Card Identifier (EID). The EID identifies the physical hardware. The ICCID is no longer used for this purpose and is now associated with a SIM profile that is stored logically on the eSIM. This is illustrated on the right hand side of Figure 2 below. Each logical SIM profile is identified by a unique ICCID and IMSI which can be initialised or re-provisioned over the air.

Figure 2 - Identifiers in the traditional SIM and the eSIM (source: ECC Report 274)

Traditional SIM cards are manufactured, pre-programmed and distributed to wholesale partners, retail shops or directly to enterprise customers. The integrity and security of the supply chain is inviolable. A recent whitepaper7 from the GSMA noted that as “well as being secure, the distribution channels for SIM cards also contain ‘business logic’ which is required by various service models. In some channels that logic may even dictate who has control of device connections. It is not practical to combine this logic into a single technical solution for eSIM”. This explains the rationale for having two separate specifications for the M2M and P2P markets. Figure 3 below illustrates the common features of the M2M and P2P specifications.

Figure 3 - Common features of M2M and P2P specifications

Both architectures feature a network-domain remote SIM provisioning system called the Subscription Manager - Data Preparation (SM-DP or SM-DP+). In the P2P solution, SM-DP+ has extra capabilities to support functions specific to the P2P solution. Both architectures rely on a secure element within the mobile device for the storage, management and operation of profiles (i.e. the eSIM). Both architectures use Pre-Shared Key (PSK) and Public Key Infrastructure (PKI) based cryptography. However, for the M2M solution authentication with the Subscription Manager - Secure Routing (SM-SR), PSK is used and only allows a single SM-SR to communicate with the eSIM. For the P2P solution, the PKI-based authentication is used and therefore any SIM and SM-DP+ can connect so long as they share the same root PKI certificate.

Both architectures require a GSMA Certificate Issuer (CI) that issues digital certificates. The certificates then enable entities to securely communicate with each other, and in the P2P solution, mutually authenticate each other. It should be noted that although there are architectural similarities between the P2P and M2M solutions, they are inherently technically different and cannot be overlapped in an implementation that serves both the P2P and M2M markets. ECC Report 274 provides a more detailed description of the over-the-air provisioning ecosystem.

The impact of eSIM

There is no doubt that eSIM will have an impact on the mobile value chain as enabling new business models will ultimately lead to new entrants and alternative ways of delivering new and innovative services. eSIM has the potential to streamline initial provisioning processes and reduce time to market and subscription activation. Furthermore, the updated regulatory framework for electronic communications services in the European Union, due to come into force in December 2018, explicitly promotes the use of over-the-air provisioning technology. This is likely to have a positive effect on market uptake.

Figure 4 - World eSIM shipments split by device year-to-year

IHS Markit8 predicts that eSIM shipments will increase to 986 million units by 2021. Figure 4 above illustrates that, at least initially, most eSIMs will be deployed in M2M devices but that from 2018 onwards there will be significant growth in eSIMs deployed in P2P devices also. This development will change the dynamics of the relationships that exist between the different stakeholders in the industry value chain. If eSIMs are installed in devices at point of manufacture, chipset manufacturers will negotiate with the main device manufacturers directly (i.e. Apple, Samsung etc.) and the physical distribution of SIM cards to points of sale could become redundant in the future. This development will change the mobile operator’s future role and influence in the value chain and their relationship with the end customer — a relationship which was effectively owned by the mobile industry until now. A McKinsey article from 20169 refers to this as “disintermediation of network operators from the end-to-end relationship”. This raises some questions about how P2P customers will interface with mobile service providers in the future and what impact this might have on number portability processes and procedures.

Number portability

As well as examining the architectures defined in the GSMA specifications, ECC Report 274 considers the relevance of Number Portability (NP) in the M2M and P2P markets. For M2M, the relevance of NP is limited as the value of a number assigned to a machine has little relevance when compared to the value of a number assigned to a person. However, if the same numbering ranges are used for both M2M and P2P services it will be difficult for national regulatory authorities to distinguish between and apply separate regulatory treatment — unless, M2M services are confined to specific dedicated numbering ranges. Such ranges already exist in some countries in Europe.

NP will remain a critically important competition enabler for mobile P2P services. With traditional SIM cards, the NP request is usually made by the customer at point of sale. Information is then exchanged between the donor and recipient operators to execute the NP request and, provided everything is in order, the NP request is executed within a short period of time. With eSIM, that interaction between the customer and the service provider at point of sale may decrease or be removed entirely over time. In the future, the customer could buy a mobile device online and request service activation online by choosing from a number of service providers. The customer could also, at a later date, switch service providers through a similar online process. As there is no need to physically change a SIM card, it is essential that NP is properly accounted for in these processes. Regulators will therefore need to review their NP processes to ensure that the data exchange between service providers and customers is synchronised and takes proper account of NP processes and procedures. Safeguards may also need to be put in place to ensure that end-users are not switched to other service providers against their will.

There is no doubt that eSIM is game-changing technology. There are potential benefits for all stakeholders in the mobile value chain, including end users. Regulators will have an important role to play to ensure that these benefits are realised without any adverse effects on competition and consumer protection.

Freddie McBride, ECO Expert, Numbering and Networks

2 ECC Report 212 - Evolution in the Use of E.212 Mobile Network Codes – April 2014
3 GSMA SGP.01 - "Embedded SIM Remote Provisioning Architecture", - version 1.1 of 30 January 2014
4 GSMA SGP.02 - "Remote Provisioning Architecture for Embedded UICC Technical Specification" - version 3.2 of 27 June 2017
5 ITU-T Recommendation E.118 - "The international telecommunication charge card" - 11 May 2006
6 ITU-T Recommendation E.212 - "The international identification plan for public networks and subscriptions" - September 2016
7 GSMA eSIM Whitepaper - "The what and how of Remote SIM Provisioning", March 2018
8 IHS Markit - eSIM Market Projected to Increase Nearly Nine-Fold, to Almost One Billion Shipments – May 2017
9 McKinsey & Company – E-SIM for consumers—a game changer in mobile telecommunications? – January 2016