Cloud base eSIM

 

Moving to eSIM become a strategic step forward to provide digital experience for Mobile Network Operartor (MNO) or eSIM Service Provider. There are lots of jobs tobe done to deploy eSIM services like integration, orchestration, business process adjustment, development, device manufacturer onboarding, and many more.

 

Like any other IT solution, eSIM  can be deployed  as on-premise and cloud based model. Now many of eSIM Service Provider companies offers cloud based eSIM as the deployment model. In some use cases, this model gives the flexibility and faster deployment time. The deployment itself will face some challenges like complex technical and architectural issues, rapidly changing legal and regulatory requirement, and integration with multiple Mobile Network Operators.

But even if MNO already have own datacentre in place, chances are to start migration to the cloud. Why? Because cloud service has the following benefits.

·         Scalability - getting the right amount of resources when needed from the many geographic locations where needed.

·         Cost savings - eliminating capital expense of buying hardware and software and reducing operational cost of running an on-site datacentre

·         Reliability - mirroring data at multiple redundant sites on the cloud provider’s secured network for data backup and disaster recovery.

If MNO wants to decide whether hosting own RSP will be beneficial, they need to have a clear understanding of what will be required. Before Service Provider can offer eSIM Remote SIM Provisioning (RSP) services they must perform an audit according to the GSMA's Security Accreditation Scheme (SAS-SM). This shall ensure that the service is provided in accordance with the security expectations of GSMA’s members from the global Mobile Network Operator community. 

 

The following key components of RSP solution can be delivered in already known cloud delivery model like Private cloud, Public cloud, and Hybrid cloud.

·         Ops : operations terminal for administrative access.

·         RSP-SW : eSIM management application.

·         HSM : High-Security-Module for protecting key material in purpose-built hardware. Subscribtion Manager Data Preparation (SM-DP) and Subscribtion Manager  Secure Routing (SM-SR) are part of HSM.

 


 

In these cloud deployment model, as we can see that the operations terminal always located on- premise and the eSIM software always located on the cloud.

Private Cloud maintains eSIM SW and HSM on a private network and is exclusively used by a single organization. It can be located on-premise or hosted by a third-party service provider. SAS-SM security certification must be performed for both sites under the single responsibility of the RSP service owner.

Public Cloud is owned and operated by third-party service providers delivering their cloud resources over the Internet to multiple tenants. As we can see that eSIM SW and HSM  sit on public cloud. The SAS-SM certified datacentres in specific regions can provide the RSP service where needed.

Hybrid Cloud allows HSM and eSIM SW to be split between private and public cloud, which might be required in specific cases to utilise existing infrastructure or to comply with data sovereignty regulation.

Comments

Post a Comment

Popular posts from this blog

Proactive SIM

Image
  SIM card has the ability to interact with outside entities like device or network. With regards of SIM capability to initiate command to the device, it is conducted with proactive command. When the SIM initiate proactive command it means the SIM is in proactive mode. Some example of this proactive commands are DISPLAY TEXT, SETUP MENU, POWER ON CARD, POWER OFF CARD, etc. Some files will be required for SIM / UICC to handle the proactive command. •        EF SUME (Setup Menu Element). This file contains values related to menu title tobe used by SIM / UICC when execute Setup Menu command. •        EF RMA (Remote Management Action). This file contains record with values of proactive command used in remote management.
Read more

EUICC Architecture

Image
  There are some components involved   in Remote SIM Provisioning (RSP) in order to provide eSIM services. These components must be integrated with Mobile Network Operator (MNO) system and eUICC Manufacturer (EUM). Inside the eSIM, the eUICC holds some components contain values, keyset, and profile of eSIM. This is for both M2M and Consumer architecture. According to Global Platform Certifitation (GPC), card architecture contain Security Domain (SD) and Application. Each can come from controlling authorities, application provider, and card issuer.   In eSIM / eUICC Security Domain plays significant roles. It contains connectivity and security variables of eSIM to run the services.  During the integration between the RSP and MNO system these components must be clearly defined. They are ISD-R, ISD-P, and ECASD. 1.        ISD-R (Issuer Security Domain- Root), representation of off-card entity SM-SR. •     ...
Read more

How SIM “talks” to external

Image
  Basically SIM card is one entity in cellular telecommunication system . Like any other smart card, it can be programmed, receive commands, and initiate commands to external system. The external system can be a SIM reader, mobile phone or any other mobile device which can has SIM / eSIM inside it. When SIM talks the command to the external and it will receive answer or response.     The language or the command which SIM talks to the external is APDU (Application Protocol Data Unit). APDU is a command response protocol for pushing functions executed on a smart card or similar device. The command consists of a 4 byte header followed by up to 255 bytes of data. The response contains a 2 byte header followed by up to 256 bytes of data. The headers and data are specified in a suite of standards from ISO and others. The structure of a Command APDU (C-APDU) includes a required header (CLA INS P1 P2) and an optional body ([Lc field] [Data field] [Le field]).   An APDU...
Read more