eUICC Security Assurance (eSA)
The global security scheme for eUICC software security – building trust into the future of mobile.
What is eSA?
The embedded UICC (eUICC) is an evolution of SIM technology and key to consumer and IoT-driven digital transformation. So robust security is paramount to protect both operator services and customer data.
That’s why we’ve introduced a rigorous security assurance scheme. If you’re a supplier of eUICCs, it lets you demonstrate that your software is secure and compliant with GSMA eSIM specifications. Or if you’re relying on them for your network, service or product, it lets you assess that security – quickly and reliably.
Why is it important for your business?
Because eSIM connectivity relies on GSMA Specifications, any eSIM must be designed to meet those specifications to ensure interoperability – with any network or service platform it might interact with across the world.
eSA sets out these universal security certificate for all software developers, based on the Common Criteria approach. Yet crucially, it’s more condensed – making it faster and more efficient for your business to gain or check security assurance.
Universally recognised
Security framework that’s agreed by cross-industry mobile industry players and endorsed by the world’s leading mobile connectivity body.
Security robustness
Same security objectives defined for Common Criteria within the GSMA Protection Profiles (SGP.05 for M2M devices and SGP.25 for consumer and IoT devices).
Fast, efficient service
The eSA assurance process is designed for process optimisation and simplicity, supporting streamlined development and deployment.
Drives security improvement
Robust procedures that global vendors and operators can rely on when selecting their eUICC manufacturer or software developer.
Independently valuated
Each supplier product software evaluation is conducted by a GSMA Licensed Laboratory, looking at everything from profile isolation to internal and external communications within the eUICC software solution
Dynamic specifications
The eSIM specifications continually evolves to meet the requirements of the industry, according to measures agreed by a cross-industry group of security experts.
Meets national security needs
Reflects the security needs of the entire ecosystem, with complete transparency as to which suppliers are .
Practical examples of how it helps your business
Whether you’re a manufacturer, software developer or eSIM service provider, eSA improves confidence in your business – and the future of connectivity as a whole.
eUICC manufacturers and software developers
eUICC manufacturers and software developers
Demonstrating security assurance via eSA is the gateway to the GSMA eSIM ecosystem – and essential due diligence for operators, service providers and device manufacturers investing in eSIM solutions. So it provides many benefits:
• Presence on global accredited supplier list boosts business opportunities – being preferred by your customers’ procurement teams.
• Gives you global assurance – security assurance from the world’s leading mobile connectivity association demonstrates your commitment to security and reduces risks for customers.
• Supports speed to market – streamlined accreditation process and appearance on accredited suppliers list enables rapid deployment.
• One accreditation to meet industry expectations – fewer individual inspections from your different customers.
• Expert guidance – rigorous security review highlights potential security, interoperability and compliance requirements.
Mobile operators
Mobile operators
Every operator who passes a test, gets a pass certificate.
- Whether you’re a Mobile Network Operator or a Mobile Virtual Network Operator, you need absolute confidence that data is secure, assets are protected and services work as intended on all relevant eSIM devices.
- The only way to ensure this is when eSIM entities fully comply with GSMA specifications and requirements. eSA is a key element of this:
- Have confidence that you’re choosing an eUICC provider that complies with the GSMA’s rigorous global security standard.
- Be sure of global interoperability.
- Build protections across the entire eSIM ecosystem – insisting on eSA certification encourages a security by design culture.
- Give peace of mind to investors and stakeholders – eSA requires deep supplier commitment and detailed accreditation conducted by highly qualified independent licensed laboratories.
- Cost-free service for mobile operators – avoiding expensive individual security evaluations.
- Supports speed to market – GSMA’s website provides 24/7 visibility of accredited developers and manufacturers so you can make fast, confident decisions.
eSIM device manufacturers
eSIM device manufacturers
Only eSIM devices with certified eUICC software will have the confidence of the eSIM community – particularly operators and eSIM service providers who want confidence that their assets are secure and interoperable.
So, give your devices the edge by ensuring your suppliers are fully compliant with the rigorous GSMA eUICC architecture and requirements:
- In a market where GSMA compliance is a critical operating and security requirement, eSA certification is the ultimate assurance for the eUICC installed within the eSIM Devices.
- Ensure security and interoperability of your eSIM Device in any market worldwide.
- Instantly view accredited suppliers, reducing cost and time-to-market by avoiding expensive, time-consuming individual security evaluations.
- Rely on a rigorous security standard with detailed evaluation conducted by highly qualified licensed laboratories.
- Offers peace of mind to investors and stakeholders with certification from the world’s leading mobile connectivity association
eSIM service providers
eSIM service providers
Only eUICC and subscription managers that meet the GSMA’s eUICC standards will be able to engage successfully – with the verified authentication exchanges required for global interoperability.
So eSA is essential element of validating eUICC certificates, and successfully managing and deploying subscription services:
- Required for eUICC compliance – part of the GSMA remote SIM provisioning compliance process.
- Gives your clients a global assurance of security and interoperability.
- Enables rapid deployment – with a streamlined accreditation process and appearance on accredited suppliers list.
- One accreditation to meet industry expectations – fewer individual inspections by your different customers.
Resources
Further information and insights in the form of test results, blogs and best practice tips