Embedded SIM (eSIM) technology enables the end user to have more reliable connectivity as well as flexibility through the breaking of the bond where the subscription to a cellular network is no longer tied to a single carrier.

The use of eSIM technology, which can be programmed remotely, offers flexibility in managing LTE devices. This technology simplifies network subscription switching, simplifies device deployments and provides tools for automation.

Historically, when individuals, utilities or companies wanted to change a cellular provider, they would have to procure new SIM cards to replace existing SIM cards in devices. The end user had no ownership of the SIM card and had no control over the identity that had been used to register and authenticate onto the cellular network. Using eSIM technology adjusts this ownership structure to allow the end user more control over a device and how it interacts with cellular networks. This is critical for the operation of networks with hundreds of thousands of deployed devices.

Unfortunately, the term eSIM has been marketed in a way that has caused confusion. Questions about what an eSIM profile is, or how to leverage the eSIM form factor, hint at different definitions. An eSIM is an integrated circuit or chip that is physically soldered. This chip can be embedded into a device and that device would not need to have a traditional removeable SIM card inserted into a SIM slot in order to use a cellular provider’s network. All the subscription information that is on the removeable SIM would instead reside on the eSIM in the same device.

However, if a utility wanted to leverage SIM technology, then its devices would not need to contain an eSIM — soldered and nonremovable — because the technology is form factor neutral. Utilities do not have to procure devices with a soldered eSIM to be able to remotely load or change network subscription profiles. They can leverage these capabilities today in devices that rely on traditional removeable SIM cards regardless of the card form factor.

The technology that enables the benefits of eSIM is a computing architecture that can reside within the eSIM chip or within a traditional removeable SIM card. This architecture allows the SIM profile to be independent of any form factor and is referred to as the embedded universal integrated circuit card (eUICC). This technology eases the administrative burden of large deployments and enables the following benefits:

• Remote SIM provisioning
• Zero-touch provisioning
• Subscription management
• Cryptographic key generation
• Zero-trust network execution

By design, SIMs are secure elements. It is a very tiny cryptographic safe or hardware root of trust component that can securely store sensitive keys. SIMs employ analog and digital countermeasures that will become inoperable when tampered with. These secure elements provide cryptography functions by having the capability to encrypt data at the transport layer, and generate public/private key pairs, capabilities offered by GSMA’s IoT SIM Applet For Secure End-to-End communication (IoT SAFE).

There are application programming interfaces (APIs) that can be leveraged by LTE devices to use the SIM as the hardware root of trust. This hardware root of trust can provide the needed attestation for a zero-trust network. To be clear, the SIM would be just one aspect of a zero-trust network. Zero-trust should encompass the entire network where every transaction is authenticated and approved dynamically by a set of inputs.

Enabling Zero-Touch Deployment with eUICC

When devices use the SIM as the hardware root of trust, the SIM can be leveraged for zero-touch provisioning deployments. Any device that needs to be connected to a network needs to be configured before it meets its operational intent. When a technician has to individually unbox each device, connect the device to a computer, and then manually configure each device, this procedure has little to no automation and requires too many manual touch points.

Zero-touch is about decreasing the number of manual steps by automating the setup and configuration of a new device. At a high level, there are two main elements in a zero-touch cellular architecture. The first functional element is a centralized server where configurations are managed and generated. The second functional element in a cellular zero-touch architecture plays a key enabling role that starts when a device boots up.

When a new device boots up for the first time it will leverage a bootstrap profile to securely contact the remote SIM provisioning server for the purpose of securely downloading a new profile specific to that device’s role in the utility network. Unlike the bootstrap profile that makes use of a public cellular network for the interim period when the device does not have its final profile loaded, this new utility profile is considered to be permanent and will be used to connect to the utility’s PLTE network.

After the device registers on the utility PLTE network, it will contact the zero-touch deployment centralized server to grab its configuration file and/or a specialized OS image and will automatically begin the configuration process. Once this process is completed, the device will reboot, attach to the PLTE network, and then begin functioning in its intended role. The actual installation effort is limited to installing the device in the field and powering it on while the rest of the work is completed securely and automatically. (See Figure 1).

A SIM card with eUICC capabilities enables the entire zero-touch process by allowing the utility’s private network subscription to be loaded independently from the device configuration and installation activities.

When considering large scale PLTE device deployments, regardless of the form factor, it is important to work with a technology consultant that can help you analyze all relevant considerations. Just a few things to look at include checking with carriers and device manufacturers to see that your entity’s devices will support eUICC technologies; exploring the benefits available; determining how easy the transition to eUICC-based technology will be; and evaluating the security of the proposed solution.