GSMA eUICC Security Assurance: Test. Trust. Assure.

Driving confidence in eUICC Security

The embedded UICC (eUICC) is key to safeguarding the end customer’s and the operator’s security. After all, it ensures secure access to networks and a subscriber’s account, as well as related services and transactions. Therefore, it is essential to protect consumer and industry confidence in eUICCs. Which is why we’ve introduced a robust security certification scheme, for the hardware and software components that make up an eUICC: GSMA eUICC Security Assurance (eSA). Further details about the GSMA eSA Scheme principles and methodology created in collaboration with industry stakeholders can be found within SGP.06 and SGP.07.

So, eUICC manufacturers, get your product certified with the GSMA eUICC Security Assurance Scheme. Then take your place among the industry-certified eUICC producers.

Resistance against high-level attack potential

The GSMA eUICC Security Assurance (eSA) scheme, is a dynamic set of procedures for eUICC security evaluation. While based on the Common Criteria approach to security assurance, it is more condensed, making the process fast and efficient. Although the security objectives within the GSMA Protection Profiles still apply (that is, SGP.05 for M2M devices, and SGP.25 for consumer devices).

FAQs

Why is a GSMA eUICC Security Assurance (eSA) Certificate required?

All GSMA eSIM compatible eUICCs that follow the industry GSMA eSIM Specifications (as defined in SGP.01, SGP.02, SGP.21 and SGP.22), need to prove their robustness. This means demonstrating compliance with the product security requirements, specified in SGP.16 and SGP.24.

Currently, there are three permitted methodologies for eUICC manufacturers – shown below. They all require a certificate reference to demonstrate their security evaluation of resistance to high-level attack potential. Along with fulfilment of all the security objectives defined in SGP.25 and SGP.05.

  • Common Criteria PP-0100 or PP-0089 Certification report reference(s)
  • GSMA eSA Certification reference, which is fast and efficient
  • Statement of security evaluation completion by a SOGIS Laboratory (interim solution that is dissolving in January 2022)

How much does it cost to have the GSMA issue the eUICC Security Assurance (eSA) Certificate?

An annual fee is charged to cover the scheme’s administrative costs. Although special conditions apply for GSMA members. If you are interested in becoming a GSMA member, please contact GSMA membership here.