The GSMA Embedded SIM Specification has the backing of 25 of the world’s largest mobile operators and over 75% of all M2M connections worldwide. The creation of a single, common and interoperable specification for remote provisioning is starting to make a difference for how operators and the wider mobile ecosystem including OEMs can take advantage of the fast-growing Internet of Things market.
Critical to this, of course, is security and a seldom discussed but incredibly important process called ‘Protection Profile’ (PP) which ensures that the Specification has the same levels of security as a standard SIM card.
A PP evaluates the security features of IT products and systems. The PP for the GSMA Embedded SIM will detect a security problem if one arises and then specify the requirements needed to address it.
The diagram below explains the process:
This means that an M2M device with an Embedded SIM that is issued with a GSMA Protection Profile Certificate has an easily identifiable guarantee of security, helping the industry as a whole to scale. The GSMA Protection Profile is also certified by BSI (The German Federal Office for Information Security).
The latest version of the eUICC Protection Profile, called ‘SGP.05 Embedded UICC Protection Profile’ is available here.