Internet of Things Photo

Subscription Management

Internet of Things
 
Data Sheet Subscription Management
Data Sheet Roaming Boxes
Data Sheet SIM Bank
Conformity Verification SIM Bank
Declaration of Conformity SIM_Bank
Biggest market revolution in 20 years
Flexible Connectivity Solutions with GoPROVeU!

With Gartner predicting 6.4 bn mobile devices connected to the IoT or M2M worldwide in 2016, business opportunities for mobile network operators (MNOs) and other service providers are huge and setting up the right infrastructure to cater for this revolution in time to gain market share is crucial.


Revolutionary Changes

GoPROVeU! is the subscription management solution from Cairon and achelos addressing in the current version M2M and IoT market.

The growing ecosystem of electronic devices and machines communicating with each other from all corners of the world via mobile networks has prompted the development of the embedded SIM (eSIM or eUICC) technology, which represents the major evolution of the SIM card technology in the last 20 years. SIM cards embedded in M2M devices are able to host multiple provider profiles and offer the owner a greater flexibility of connectivity provider choice. The novelty brought in by embedded SIM technology is the change of ownership. Whereas the removable SIM card is owned by an MNO and provided to the consumer as a subscription token, the eSIM is part of a device and thus is owned by the device owner. Here the MNO merely owns the network access credentials that are loaded to the eUICC over-the-air (OTA) as part of the MNO profile.

The main principles of the GSMA specification design was to maintain the existing SIM ecosystem, including the ordering and activation processes, and compliancy with the industrial standards for SIM cards developed by ETSI and 3GPP. The most important issue was to ensure that the new technology does not compromise mobile network security standards.

As a consequence, the eSIM (also called eUICC) does not differ from the “regular” SIM card from the mobile device interface perspective. The choice of time-proven Global Platform standards for the remote provisioning of subscription data on eUICC, as well as the selection of state-of-the-art algorithms (Elliptic Curves Cryptography, AES) guarantee a high level of security.

GoPROVeU! has been specifically designed to enable the remote management of mobile network operator (MNO) profiles with network access credentials, empowering device owners to make the best possible connectivity choice for their business and M2M devices. In fact, the entire subscription management is managed over the air (OTA).

Cairon and achelos´ GoPROVeU! solution complies with the specifications developed by GSMA and SIMalliance for subscription management, eUICC and interoperable profiles. By loosening the dependencies between eUICC and the eUICC platform, the two institutions are opening the door for independent eUICC and platform providers to grow the adoption of eUICC technology by the M2M market. Cairon and achelos are among the first companies to offer such a comprehensive subscription management solution.

Freedom of Choice

GoPROVeU! is an interoperable solution compatible with eUICC products from various manufacturers. This gives customers a choice of device and provider instead of a closed product ecosystem and allows customers to keep full control of their service. The key to success of subscription management deployments is an open platform that provides an easy and transparent way for all parties to connect: MNO, eUICC manufacturer, device manufacturer and M2M/IoT platform providers. GoPROVeU! can also be easily extended to provide OTA platform features to easily manage eUICC content (Remote File Management and Remote Application Management).

Logical architecture of GoPROVeU!

The GoPROVeU! platform performs two roles: profile warehouse (SM-DP) and remote eUICC manager (SM-SR). A close integration of SM-DP with MNO infrastructure and of SM-SR with the M2M Service Delivery Platform or Fleet Management Platform is the key to success for our subscription management services.

The logical components of the Cairon and achelos GoPROVeU! SM-DP and SM-SR are:


Subscription Management-DP performs the following tasks:

  • Profile warehouse (order and stock management)
  • Personalisation data generation
  • Profile packaging, encryption, and delivery



Subscription Management-SR performs the following tasks:

  • eUICC routing
    • maintains the link to an eUICC during its whole lifetime
  • eUICC platform management
    • manages profile states
    • performs eUICC audit
  • eUICC repository
    • stores the eUICC Information Set (EIS) and history of changes
GoPROVEeU! supports the following procedures:
> eUICC Registration at SM-SR

In addition, the eUICC owner can register eUICCs via batch file provisioning interface at the SM-SR. Any other type of data exchange can be implemented on demand.

> Unpersonalized Profile Verification

This procedure is outside the SM-DP product scope. The unpersonalized profile is created using external tools and procedures. The SM-DP has an interface to import a profile template (proprietary or compliant with the SIMalliance specification).

> Profile Ordering

The SM-DP by default supports the batch ordering mechanism. A file format for input and output files shall be agreed between MNO and Cairon and achelos. This batch file can be imported via SM-DP GUI or via WS interface. Other types of ordering protocols can be implemented on customer demand.

> Profile Download and Installation

In addition to the notification mechanisms defined by the GSMA, notification of the eUICC Owner connected to the SM-SR is supported.

> Profile Download and Installation initiated by SM-SR

This procedure is similar to the Profile Download and Installation defined by GSMA, but can be triggered by the eUICC Owner via SM-SR over ESM2M. Respectively, the eUICC Owner is notified about the results of the operation.

> Master Delete

The “initiator” of this procedure is the eUICC Owner and the stakeholder is notified upon successful completion of the Master Delete procedure.

> Profile Enabling

In addition to the GSMA defined procedure, the eUICC owner can also initiate this procedure via ESM2M interface and is notified after successful completion of the Profile Enabling procedure.

> Profile Enabling via SM-DP

In addition to the notification mechanisms defined by GSMA, the notification of the eUICC Owner connected to the SM-SR is supported.

> Profile Disabling

In addition to the GSMA defined procedure, the eUICC owner can also initiate this procedure via ESM2M interface and is notified after the successful completion of the Profile Disabling procedure.

> ISD-P Deletion

In addition to the GSMA defined procedure, the eUICC owner can also initiate this procedure via the ESM2M interface and is notified after the successful completion of the ISD-P Deletion procedure.

> ISD-P Deletion via SM-DP

In addition to the notification mechanisms defined by GSMA, the notification of the eUICC Owner connected to the SM-SR is supported

> SM-SR Change

The product supports the secure export and import of database entries with relevant eUICC information defined for the SM-SR change (EIS, Audit Trail, history, etc.). The new SM-SR shall be able to securely receive the data from the old SM-SR and resume the service of the affected eUICC fleet. The transferred data is then securely removed from the database of the old SM-SR.

> ISD-P Key Establishment Procedure

ECC-based Key Establishment is fully supported as defined by GSMA.

> Fall-Back Mechanism

The eUICC Owner sets the fallback attribute via ESM2M interface. The SM-SR notifies the eUICC owner about fallback mechanism activation and deactivation in addition to the notification echanism defined by GSMA.

> eUICC Certificate Verification

eUICC certificates are stored in EIS in the SM-SR database and are provided by SM-SR to SM-DP for verification on request.

> Policy Control

The POL2 verification mechanism is supported. The Connectivity Provider provisions POL2 values via ES4 interface or via SM-DP.

GoPROVEeU! Interfaces

The product APIs are declared in a language-neutral format and can be mapped to a number of different programming languages and called via HTTP (also known as REST-services) or via SOAP interfaces defined by GSMA as a standard (ESx).”

M2M subscription management through the eUICC owner

The M2M market covers a broad spectrum of applications ranging from updating electronic billboards, device tracking, in-vehicle-entertainment and accident prevention mechanisms, smart meter monitoring, and IoT applications such as machine lifecycle management or data transfer between devices. All are using mobile networks and requiring MNOs to facilitate accessibility and flexibility for business customers and consumers in this highly profitable market.

Technology-driven application cases to handle Subscriptions

With a growing number of devices fitted with eUICCs, application cases for subscription management technology are manifold:

> Logistics optimisation
  • Mobile connectivity device is produced in country A and can be shipped to any country worldwide
  • To optimise manufacturing processes, the subscription of the destination country is provisioned only after the device is delivered and deployed in this country.
  • An initial (bootstrap) subscription is installed during manufacturing.
> Optimisation of connectivity costs for device fleet
  • M2M SP signs a contract for connectivity services with an MNO
  • All devices in the fleet use the connectivity service of this MNO for communication
  • M2M SP wants to change connectivity provider to optimise costs.
  • Fleet of devices owned by this M2M SP is migrated from the old MNO to the new MNO
> Optimisation of connectivity costs for a single M2M device
  • M2M SP offers an information service to end-users via mobile connection on its devices (e.g. e-book reader)
  • M2M SP may need to steer the subscription selection on a device, including download of new and removal of unused subscription if the device changes its location (for example, moves to another country).
> Consumerdriven network selection
  • Human users purchases a consumer device equipped with eUICC and wants to use it with a connectivity provider of their choice
  • Consumer device able to detect MNO using its own connectivity (WLAN, LTE, …) or using an interface from PC
  • MNO supports enrollment process, allowing users to subscribe to MNO services and to download the subscription from an MNO depot
Deployment scenarios between players
Business-to-business

M2M SP operates a fleet of devices offering a service to business users (e.g., smart meters) with a service availability guarantee for more than 10 years.

Connectivity is included in the M2M service offering and billing for connectivity is transparent to the end user. Connectivity contracts between M2M SP and MNOs are established for a fixed period of time.

Business-to-business-to-customer

Another M2M SP or consumer owns a device purchased from a device manufacturer, OEM, MNO. Connectivity is included in the service to the end user.

Regularity of connectivity provider switch is driven by the application and by the end user profile. Connectivity contracts between M2M SP and MNOs are established for a fixed period of time.

Business-to-customer

MNO, the device manufacturer or service provider offers a device with a service package to an end user (e.g. tablet). The consumer selects a connectivity provider directly or via service provider to install simultaneously multiple subscriptions on a device.

User drives the choice of connectivity provider. In case a device is subsidised, technical enforcement of contractual policies may be required (device lock).

Key features and advantages for GoPROVeU! by Cairon and achelos:
  • Uses state-of-the-art technologies, supporting deployment of the solution in the cloud
  • Supports the use cases defined by GSMA, compliant with GSMA specifications for M2M (version 3.0), with extensions allowing eUICC owner to manage the device fleet directly via dedicated SM-SR interface
  • Compliant with GSMA SAS security requirements allowing certification of subscription manager service
  • Multiple delivery channels: SMS and HTTPS as standard, CAT_TP provided on demand
  • Powerful external interfaces serving the purpose of easy integration with other systems
  • Simple and robust product design Flexible modification of workflows thanks to the selected microservice design concept to meet business requirements in addition to those defined by GSMA
  • Available as SDK, boxed version and as hosted service
  • OTA platform functionality (Remote Applet Management and Remote File Management) available as an additional module
GoPROVeU! runtime environment – chosen by the customer

With the Cairon and achelos GoPROVeU! solution, customer can choose different software to meet the requirements of internal software and IT policies. Cairon and achelos support various software on project basis on the condition of a successful feasibility study.

> Operating system
  • Mobile connectivity device is produced in country A and can be shipped to any country worldwide
  • To optimise manufacturing processes, the subscription of the destination country is provisioned only after the device is delivered and deployed in this country.
  • An initial (bootstrap) subscription is installed during manufacturing.
> Database
  • CentOS (default)
  • RedHat
> Configuration management
  • Configuration files (yaml format), with support of centralised Git repository.
  • Other options (LDAP, Ansible, Consul) can be provided on demand.
> Messaging
  • Apache Kafka
  • TCP/HTTP
> Load balancing
  • Consul
  • Apache httpd
Why Cairon and achelos are the right partners for you

We are independent and experienced players. Our team consists of experts in security and prevention in various market segments. We are developing innovative technical solutions securing electronic identities. Our customers benefit from our strong knowledge in micro-processor-technology, a powerful product portfolio and the consequent implementation of specifications, as well as additional features to meet customer requirements.

 

>  Data Sheet Subscription Management (PDF)