Blog from Arm: Why smart IoT teams welcome eSIM certification

The phrase ‘security and interoperability audits’ usually sends engineers screaming into the dark; but in the case of eSIM certification, smart IoT development teams are running toward it. Why? With the IoT sector expected to reach one trillion connected devices by 2035, bringing commercially successful IoT products to market is top of everyone’s mind. An important part of this journey to commercial success is ensuring that IoT products are secure and interoperable, and eSIM certification helps achieve this goal.

Why eSIM certification?

Industry forecasts predict that up to 4.4 billion IoT devices will be cellular-enabled by 2025 (Machina, 2017). This growth hinges on flexible and secure models for managing connectivity – and that’s where eSIM comes in. eSIM is the global GSMA’s specification that provides a mechanism for remote management or provisioning of consumer and IoT connections.

eSIM allows easy ‘over the air’ change of operator profiles for straightforward access to different networks. This removes the various limitations associated with traditional SIMs and brings greater flexibility and convenience to how IoT devices connect to networks.

The eSIM certification process accomplishes three goals. Firstly, it instills peace of mind by ensuring that only safe devices can join the network and that only certified technology providers can handle the data.

Secondly, by fostering interoperability, it helps avoid fragmentation and allows device makers to sell devices into more markets and for more applications.

Finally, it provides a truly seamless connectivity model that lets organizations, device makers and IoT service providers focus on differentiating through customer service and application innovation.

Overall, having a global unified standard and certification that ensures adherence to that standard, opens the path to a healthy ecosystem, as well as faster and flexible secure IoT device deployment. Use cases grow, time-to-revenue shrinks and innovation speeds up when everyone in the eSIM ecosystem completes certification.

No more fear of eSIM certification

The GSMA has defined and manages, in conjunction with other bodies, a robust testing scheme, spanning both the eSIM hardware running a SIM application and the RSP management server implementation.

Under this scheme, eSIM manufacturers and service providers get their products and operations tested or audited to prove their compliance against the relevant GSMA specifications.

The GSMA actively publicizes and educates the industry about required specifications, tests and audits. The compliance process covers functional behavior and security by design in production and for the server sites.

Third-party, accredited auditors consider functional interoperability, security policy, personnel and physical security, certificate and key management, sensitive process data management, logistics management, computer and network security, and more. Certification reports and digital certificates are issued upon confirmation of compliance, acting as tokens of trust in the GSMA-compliant ecosystem.

This established, robust scheme means that there’s no reason to fear eSIM certification, but rather take advantage of the scalable, reliable and secure connectivity that it reinforces.

Move faster with compliant solutions

One way to accelerate certification is to use components that are already GSMA compliant. Existing compliant blocks can be integrated into unique solutions to speed time-to-certification and time-to-market.

For example, consider a SIM vendor and IoT service provider who wants to move from traditional UICCs to eUICCs and start offering RSP solutions. On the hardware side, instead of spending a long time developing a stack and getting it certified, it can license a secure, GSMA-compliant eUICC SIM OS stack.

On the server side, it can deploy GSMA-certified server solutions for RSP. While using GSMA-compliant components doesn’t guarantee the compliance of the assembled solution, it provides a solid foundation for success. A product based on the blocks that have been independently verified as robust, secure and interoperable is much more likely to be compliant. Also, compliant blocks are more likely to integrate seamlessly with the company’s existing production and connected management environments.

By participating in eSIM certification, the company can also benefit from the expertise and wider ecosystem of the eUICC OS and RSP product provider.

Growing the trusted ecosystem

Certification goes hand-in-hand with trust. The more eSIM-enabled devices and subscription management solutions reach GSMA certification, the faster the trusted ecosystem grows. Secure device identity and remote provisioning are propelling cellular-connected IoT devices into a future with one trillion devices. Arm is already heading toward that future with device makers and IoT service providers today.

For a more detailed overview of GSMA eSIM certification, see our recent Guide on eSIM Certification.