Amid a world that is in a race to digitalize – be it to improve critical infrastructure, modernize facilities, build intelligent grids and smarter cities, or structure their data better for AI, the underlying mix of technologies often features the combination of cellular technology and security in the form of eSIM. In prior years, IoT devices, often far more memory and network-constrained than connected devices such as smartphones or tablets, have followed a Remote SIM Provisioning (RSP) architecture defined by GSMA’s eSIM M2M specification (SGP.01).
As the needs to address network-constrained devices, such as those operating on the Low Power Wide Area Networks -devices that connect via CAT-M or Narrowband IoT (NB-IoT) or devices that lack a UI become more pressing, the collaborative efforts at GSMA have resulted in a simplified and interoperable RSP under the new ‘eSIM IoT’ standard, laid out in the GSMA SGP.32 specification. This holds the potential to allow connectivity providers to either enter or expand into the LPWAN market, which is globally growing at 55.4% CAGR[i] by 2031, with Narrowband IoT, already a popular connectivity protocol in China, now showing 54% growth in the same period.
The new Kigen eIM solution addresses how connectivity providers and manufacturers can transition to the new standard and take advantage of its simplification with the robust support of our ecosystem.
[i] Source: Counterpoint Research, Juniper Research, and Kigen estimates
This blog summarizes and complements the Kigen eIM Masterclass webinar “Securely managing IoT eSIMs (SGP.32) with Kigen” presented by Saïd Gharout, Head of Standards at Kigen and Chair of eSIM Working Group 2 at GSMA, and Loic Bonvarlet, SVP Ecosystem & Marketing.
One of the standout advantages of Kigen’s solution is its ability to expand reach by activating a new wave of LPWAN IoT devices. Providers can effortlessly tap into exponential growth opportunities as these devices proliferate, unlocking new revenue streams and markets.
Managing extensive fleets of IoT devices can be daunting, but Kigen makes it simple. By leveraging automated and bulk profile management, providers can streamline their operations without requiring extensive backend infrastructure changes. This reduces operational complexity and cuts costs, making it easier to scale as the IoT ecosystem expands.
What truly sets Kigen apart is its support for flexible and dynamic connectivity. With the ability to adapt to changing conditions, such as shifts in location or signal strength or specific vertical business triggers, providers can ensure reliable service wherever devices are deployed.
Kigen’s eSIM solution equips connectivity providers with the tools to scale smarter, manage seamlessly, and connect dynamically – empowering them to lead in the age of IoT.
Look at the demo of Kigen Pulse, the key orchestration layer of the Kigen eIM solution. Kigen Pulse is available for all trials and is production-ready for integration with Open API 3.0 and a fast and agile release cycle.
Several key aspects of the GSMA SGP.32 Specification and Kigen eIM solution were enumerated during the webinar. Here’s all you need to know about these important transitions and how to address your business continuity and growth as connectivity providers: Several key aspects of the GSMA SGP.32 Specification and Kigen eIM solution were enumerated during the webinar
Our eIM webinar addressed how the GSMA SGP.32 supports key use cases for connectivity providers. Whether you are an MNO or MVNO, Kigen can help you use this standard.
Let’s get to the questions you asked:
1. Can you elaborate on the direct and indirect profile download?
In a direct setup, the IoT Profile Assistant (IPA) connects directly to the SM-DP+ (Subscription Manager Data Preparation+). This approach is ideal for devices that support standard HTTP-based communication protocols, allowing for straightforward profile provisioning without need for additional orchestration.
For devices that cannot support HTTP or direct downloads (e.g., those relying on lightweight protocols like CoAP) or to support scenarios where the device is prohibited from accessing the open internet, the eIM acts as an orchestrator between the IPA and SM-DP+. This is defined as indirect profile download. This method simplifies eSIM management integration by consolidating connections to multiple SM-DP+ platforms, reducing backend complexity while maintaining robust profile management. It is especially beneficial for managing low-power IoT devices operating in constrained network environments.
2. Can an eIM retrieve Profiles from numerous SM-DP+ servers?
Yes. To do so, the eIM must comply with the requirements laid out in the technical specification SGP.32 v1.2. All available SMDP+ can be used for the profiles by Kigen eIM. The eIM will allow to download profiles for devices that support only CoAP or ASN.1 binding, where all the SM-DP+ use only HTTP and most of them supporting only JSON binding.
3. What is JSON binding for SAS-SM, and can you explain any alternatives to JSON binding?
ASN (Abstract Syntax Notation) and JSON (JavaScript Object Notation) are both data representation methods that define how messages between the SM-DP+ server and eUICC are transmitted. ASN.1 is a standardised formal notation for describing data structures. Interoperability calls for more structure and uniformity in information exchanged between systems, and as such ASN.1 has proven out to serve this well by being programming language and platform independent and keeping data semantics in check. It is also much more compact (schema size less than 20% in typical cases) see example here. (Opens in an external link)
Traditionally, JSON is a human-readable, text-based protocol (and uses JSON schema) used for describing vital profile information in the SM-DP+. The Kigen eIM solution includes on-the-fly protocol translation for this new simplified binding plays a crucial role in enabling interoperability with legacy SM-DP+ where only JSON may be supported. Saïd discusses these roles in an eIM solution explained in this blog.
4. Is the procedure for remote profile for remote SIM provisioning transparent, or should it be managed at the application level?
Typically driven by business logic that will trigger an eIM action, or at the device level with some local profile management, due to specific device changes (loss of connectivity, sensor change and location change…)
5. Will the SM-DP+ seamlessly integrate with eIM, or will it require similar integration efforts as those needed between M2M SM-DP and SM-SR?
The SM-DP+ is designed to seamlessly integrate with eIM, requiring minimal effort compared to the more complex bilateral integrations between M2M SM-DP and SM-SR. This is because eIM simplifies connectivity by acting as a gateway, streamlining the provisioning process.
6. Is there a need for SM-DS when the eIM is available? Are they complementary?
SM-DS interfaces are retained for legacy purposes, but their use is optional, according to the specification. With an eIM, all the functionalities of SM-DS for consumer applications can be managed. For IoT, the role of the eIM is expected to evolve, streamlining operations and simplifying architecture.
7. How can MNOs/MVNOs leverage Kigen eIM to create new revenue opportunities?
Kigen eIM empowers MNOs and MVNOs to grow revenue by simplifying IoT connectivity management in addition to their existing business models. By bundling IoT eUICC with your connectivity and integrating eIM at the manufacturing stage, you can open doors to a larger addressable market without relying on complex SM-SR dependencies or eSIM-related integrations.
– Expand your reach by offering seamless connectivity services to enterprises that already have IoT eUICCs deployed from other vendors.
– Facilitate ease of activation: Simplify operations by receiving activation codes from other operators and managing profile downloads directly from their SM-DP+.
– Support diverse IoT use cases: Address special connectivity needs for enterprises, unlocking opportunities in logistics, smart metering, and industrial IoT.
With no need for additional infrastructure or complex integrations, Kigen eIM helps MNOs and MVNOs scale their IoT offerings while reducing operational costs and increasing customer satisfaction.
Want to learn more about how Kigen eIM can drive growth for your business? Contact our experts today.
8. Could LPAd be implemented within the various cellular modules? Are you aware of any module vendors with IPAd solutions at this time?
Yes, LPAd can be implemented within modules. Kigen’s ecosystem is at the leading edge of innovation on cellular modules, working closely with each vendor. Please contact our experts to understand how this can benefit you via our partners or to work with us.
9. Does an OS implementing IPAe need GSMA certification? Is it mandatory?
Any certification scheme is voluntary. GSMA certification ensures interoperability and reliability, making it highly recommended for robust and scalable IoT deployments. As the eUICC implements the IPAe, it will be corvered by the security evaluation of the eUICC using GSMA eSA or any equivalent scheme. The functional certification for IPAe will depend on whether defined test cases are available for this component in the GSMA test specifications; otherwise, it will be tested using vendor-specific testing or end-to-end in-the-field interoperability testing. Kigen’s IPAe has already been tested in the field, and its operations have been successful.
10. How can the device communicate locally with the IPAe? Are there standard ADPUs that are used to initiate operations locally for the device?
Kigen IPAe offers an APDU interface for local communication/configuration.
11. What is the purpose of GSMA certification for the eIM?
The GSMA certification ensures the security of eIM software deployment, covering both physical and logical security aspects to guarantee robust and reliable operations. GSMA develops also test specifications for the eIM (SGP.33-3). To the best of our knowledge, the certification program for the eIM is expected to be ready by Q1 2025. Kigen performed end-to-end interoperability testing of its eIM with different third parties.
12 What is the process for eSA Certified Products at the GSMA?
The GSMA eSA (eUICC Security Assurance) is defined by GSMA as security evaluation scheme. An IoT eUICC performing an eSA certification shall follow the Protection Profile (SGP.25v.1). This PP is being certified by BSI to be published as PP-100v2. We invite you to have a look to the join webinar hosted by the Trusted Connectivity Alliance and GSMA to get recent update on eSA for IoT, available to watch here. The webinar slides can be downloaded from the TCA resources library here and an excerpt of the certification process is featured below.
13. When devices are currently in the field based on an M2M-standardized eUICC, how would I move towards the IoT eUICC and way of working without losing control of these existing devices?
This is exactly a key challenge that Kigen Pulse addresses with our eIM solution, which offers a unified view of all your eSIMs, regardless of device and RSP architecture.
Want a copy of the eSIM IoT remote manager webinar slide deck?
Download the eIM Masterclass webinar slides here.
We’d love to hear from you if any of your important questions. If you’d like to have an in-depth discussion on how Kigen eIM can support your needs for eSIM management at scale, please get in touch by expressing your interest in trialing the Kigen eIM.