eBook - TRUSTED eSIM TESTING FRAMEWORK - June 2016

BUILDING A TRUSTED EMBEDDED SIM TESTING FRAMEWORK IN THE AGE OF IOT

INTRODUCTION

3

INTRODUCTION

The launch of the GSMA’s Embedded SIM Specification, together with its accompanying Test Specification, is bringing a variety of new stakeholders into the embedded SIM integration testing environment for commercial Internet of Things (IoT) deployments.

It is also fundamentally changing the way that Mobile Network Operators (MNOs) and device and solution providers will work together in the future. Infotainment system developers for connected cars, for example, may now integrate pre-certified components into their wider solutions, requiring them to conduct extensive integration testing, for which a formal methodology is yet to be established.

For most solution providers, this is new territory.

4

INTRODUCTION

In a bid to support ‘the uninitiated’ this eBook provides an introduction to embedded SIM integration testing and explores key requirements based on FIME’s specialist work to develop a trusted testing framework that will underpin this new and exciting age of IoT.

A ‘NEW DAWN’ IN SIM LIFECYCLE MANAGEMENT: THE EMBEDDED SIM IN THE AGE OF IOT

1

6

Historically, MNOs with the support of SIM manufacturers and specialist testing partners like FIME, have been responsible for

performing the certification, integration testing and maintenance required to manage the full lifecycle of the SIM. In the age of

IoT, things are different.

Connected car manufacturers and other Original Equipment Manufacturer (OEM) IoT solution providers, together with their

partners that manufacturer IoT modems, are now sourcing embedded SIMs directly from SIM manufacturers. This

means that they must also independently manage the lifecycle of the SIM, without the ‘safety net’ support of MNOs.

This change represents a major transfer of responsibility and puts new weight on the shoulders of OEMs which, until now,

have had little exposure to SIM setup, interoperability and integration testing and lifecycle management practices.

The advent of the Internet of Things (IoT) is triggering a profound shift in the waythe SIM card ecosystem operates.

1THE EMBEDDED SIM IN THE AGE OF IOT

7

Complicating matters further, the permanency of the embedded SIM,

combined with the new connectivity requirements of IoT devices, has created a host of new integration and interoperability challenges that

the new ecosystem must overcome in order for the age of IoT to reach its

full potential.

1THE EMBEDDED SIM IN THE AGE OF IOT

8

Unlike the conventional SIM, the embedded SIM is a non-removable component which will remain in place for

the full life of the OEM’s solution. Many IoT solutions like connected cars, for example, will be bought and

sold several times over the lifetime. Their owners will also take them to different locations, supported by different mobile networks.

In order to function optimally, this means that each IoT device must have the ability to update

its mobile network subscription details (to register a new owner) and also connect to a wide variety of

different MNO networks, all without requiring the SIM to be changed.

1THE EMBEDDED SIM IN THE AGE OF IOT

9

1THE EMBEDDED SIM IN THE AGE OF IOT

PRE-ISSUANCE POST-ISSUANCE

POST-ISSUANCEPRE-ISSUANCE

SELECT /CHANGE

MNO

PERSONALISE(OPERATING

PROFILE)

USAGE

END OFSUBSCRIPTION

SELECTMNO

MANUFACTURESIM PERSONALIZE DISTRIBUTION END OF

LIFEUSAGESIMACTIVATION

BASIC PERSONALIZATION(PROVISIONING PROFILE)

MANUFACTURESIM

DISTRIBUTION

PRE-ISSUANCE POST-ISSUANCE

POST-ISSUANCEPRE-ISSUANCE

SELECT /CHANGE

MNO

PERSONALISE(OPERATING

PROFILE)

USAGE

END OFSUBSCRIPTION

SELECTMNO

MANUFACTURESIM PERSONALIZE DISTRIBUTION END OF

LIFEUSAGESIMACTIVATION

BASIC PERSONALIZATION(PROVISIONING PROFILE)

MANUFACTURESIM

DISTRIBUTION

Linear model used today

Outcome-based model with remote provisioning

How the SIM lifecycle has changed in the age of IoT (Source:GSMA)

2EXPLORING THE ‘NEW WORLD’. HOW HAS THE ECOSYSTEM CHANGED?

11

In the ‘old world’ of the removable SIM,the issuing MNO was responsible for ensuring that the component selected was in line with the telecom standards or appropriately certified by GlobalPlatform.

In contrast, because the IoT solution provider sources the embedded SIM directly from the manufacturer, this safeguard no longer exists.

In the age of IoT it is the responsibility of the OEM to ensure that its chosen embedded SIM has been appropriately certified.

2EXPLORING THE ‘NEW WORLD’. HOW HAS THE ECOSYSTEM CHANGED?

1 SIM certification

12

It is also important to appreciate the range of networked entities that must interoperate with the embedded SIM in order for the overall solution to perform optimally over its lifetime. These include:

• The remote provisioning servers (RPS) as controlled by the OEM. These servers are used by the OEM to activate the embedded SIM when the device is first registered to an owner. The OEM also uses the RPS to provide updates to the embedded SIM and to reset the component when ownership of the device is transferred to a third party. MNOs must also integrate their own RPS into the connectivity chain, to enable them to transmit their unique profile to the embedded SIM.

• Multiple MNO networks which will provide the network connectivity over the lifecycle of the device. Here, the embedded SIM must be appropriately configured to enable each MNO to load its own profile before network connectivity can be granted. Networks must also work together to deliver a seamless connectivity experience and a clear view of data flows that pass between the embedded SIM and the OEMs.

2EXPLORING THE ‘NEW WORLD’. HOW HAS THE ECOSYSTEM CHANGED?

2 End-to-end interoperability

13

It is vital that each OEM recognizes that it has just one chance to get this right; the embedded SIM is a system-critical, permanent and non-removable component.

The effectiveness of this component will, ultimately, determine how well the overall solution functions over the

course of its lifetime.

The combination of these factors means that the future of IoT is contingent on the

industry’s ability to establish a robust and thorough embedded SIM integration and interoperability testing framework.

To make this happen each participating stakeholder has its own role to play.

2EXPLORING THE ‘NEW WORLD’. HOW HAS THE ECOSYSTEM CHANGED?

3 One chance for success

3TESTING AND INTEGRATION REQUIREMENTS BY STAKEHOLDER GROUP

3TESTING AND INTEGRATION REQUIREMENTS BY STAKEHOLDER GROUP

15

To understand the varied integration and interoperability testing requirements needed to establish a robust embedded SIM management ecosystem, it is helpful to explore the responsibilities of each stakeholder group.

• Embedded SIM manufacturers • IoT modem manufacturers • RPS solution providers • Mobile network operators

16

3TESTING AND INTEGRATION REQUIREMENTS BY STAKEHOLDER GROUP

Product certificationManufacturers of embedded SIMs must ensure that products are appropriately certified according to the processes outlined by GlobalPlatform, or another GSMA approved certification body. Commonly, this means performing certification testing in accordance with the test specifications that accompany each certification scheme.

MNO platform testingIn the age of IoT, embedded SIM manufacturers must ensure that their product is future-proofed for multiple network environments. Given that the IoT device is likely to undergo changes in both ownership and supporting MNO, the manufacturer must test its embedded SIM prior to shipment to ensure interoperability with the full range of remote provisioning servers that are currently in use around the world.

1 Embedded SIM manufacturers

17

3TESTING AND INTEGRATION REQUIREMENTS BY STAKEHOLDER GROUP

MNO profile testingManufacturers must conduct extensive MNO profile acceptance testing prior to shipment, to ensure that the overall solution is able to successfully accept new MNO profiles that are issued over its entire lifetime.

Security evaluationThe GSMA has defined a protection profile for the embedded SIM to guide manufacturers through the security evaluation process. It is important that manufacturers engage with a Common Criteria security evaluation process in compliance with this protection profile prior to shipment.

End-to-end validationManufacturers must also conduct end-to-end testing, in which the functionality of their products is fully tested and verified ‘in the field’.

18

3TESTING AND INTEGRATION REQUIREMENTS BY STAKEHOLDER GROUP

Integration testingIoT modem manufacturers must conduct robust integration testing to ensure their chosen embedded SIM functions appropriately once it is soldered into the modem. Standardization in this area is yet to be established; modem manufacturers are partnering with embedded SIM manufacturers to test their individual combinations of products to ensure interoperability and support the loading and activation of multiple MNO profiles.

A standardized approach is greatly preferable, however, in order to satisfy the full lifecycle demands of, say, a connected car, where the embedded SIM and modem combination must connect to multiple networks and support subscriptions changes required by the transference of device ownership.

2 IoT modem manufacturers

19

3TESTING AND INTEGRATION REQUIREMENTS BY STAKEHOLDER GROUP

End-to-end validationIoT modem manufacturers must also conduct end-to-end testing, in which the functionality of their products is verified ‘in the field’. Some manufacturers are attempting to simulate this environment by connecting the embedded SIM to a legacy removable SIM slot in order to perform end-to-end validation. This enables the manufacturer to continue to use monitoring tools that had been developed for the ‘old world’ removable SIM environment.

FIME does not endorse this approach since the testing conditions in this model are significantly different to those of the final solution. MNO profiles, for example, are very sensitive to changing conditions. Functional errors in the final solution that go undetected due the variance in testing conditions may also be impossible to resolve post-issuance due to non-removable nature of the embedded SIM.

20

3TESTING AND INTEGRATION REQUIREMENTS BY STAKEHOLDER GROUP

RPS testingOEMs must conduct thorough testing to ensure their solution interoperates seamlessly with the remote provisioning servers (RPS) of MNOs.

MNO profile testingExtensive MNO profile interoperability and configuration testing must be performed by the OEM once their chosen embedded SIM has been integrated, to ensure the solution is able to support connectivity to multiple MNO networks over the course of its lifetime.

3 RPS solution providers

21

3TESTING AND INTEGRATION REQUIREMENTS BY STAKEHOLDER GROUP

Integration testingWhere the OEM is deploying a multiple-vendor solution, when the embedded SIM and remote provisioning server originate from different vendors, for example, thorough integration testing is required to ensure the elements interoperate appropriately.

22

3TESTING AND INTEGRATION REQUIREMENTS BY STAKEHOLDER GROUP

End-to-end validationAs with IoT modem manufacturers, some OEMs (notably in the connected car industry) are attempting to simulate the ‘in the field’ environment by connecting the embedded SIM to a removable SIM slot in a legacy model, in order to perform end-to-end validation testing.

This practice enables the solution provider to continue to use monitoring tools that were developed for the ‘old world’ removable SIM environment. Again, FIME does not endorse this approach since the testing conditions in this model are significantly different to those of the final solution.

The variance in testing conditions may fail to reveal interoperability errors that are impossible to address once the solution has entered production, due to the non-removable nature of the embedded SIM.

23

3TESTING AND INTEGRATION REQUIREMENTS BY STAKEHOLDER GROUP

In the ‘old world’, where each MNO was responsible for the lifecycle management of removable SIMs, standards had been well established for managing the lifecycle of the SIM.

In the age of IoT, however, MNOs must now integrate unfamiliar remote provisioning servers into their network and load their profiles onto independently managed embedded SIMs.

This creates a host of interoperability and integration testing requirements that MNOs must address, as individual networks and as a global connectivity infrastructure, in order to support IoT solution providers with seamless services.

4 Mobile network operators

24

3TESTING AND INTEGRATION REQUIREMENTS BY STAKEHOLDER GROUP

RPS testingEach MNO will need to validate the integration of the remote provisioning server (RPS) with its network to ensure its solution interoperates seamlessly with the RPS’ of future customers. This will pass through the validation of the interfaces with the different elements of the server.

Profile testingIn order to guarantee interoperability with the full range of available

eUICCs on the market, SIMalliance has defined an interoperability profile specification. MNOs will need to validate that their own profile respect

all requirements defined by SIMalliance and integrate them in accordance with the GSMA specification.

End-to-end validationMNOs will need to validate that they will be able to remotely

manage the future lifecycle of their profile on targeted eSIMs. They will conduct Over The Air (OTA) update validation testing

to ensure their profiles have been correctly interpreted and loaded onto the IoT solution’s embedded SIM.

4BUILDING A TRUSTED TESTING ECOSYSTEM FOR THE EMBEDDED SIM

26

4BUILDING A TRUSTED TESTING ECOSYSTEM FOR THE EMBEDDED SIM

The new embedded SIM ecosystem is abundant with new stakeholders, each with new responsibilities, for delivering a quality service to the end customer. One of the biggest challenges the ecosystem now faces is for stakeholders to establish a secure and trusted connectivity chain, so their various technologies can interoperate appropriately.

This means building technical standards and a robust framework for interoperability and integration testing that will enable stakeholders to share sensitive subscriber information securely.

27

4BUILDING A TRUSTED TESTING ECOSYSTEM FOR THE EMBEDDED SIM

FIME is recognized by the market as a leading trusted consulting and integration testing services. It is working closely with the GSMA, GlobalPlatform and the Global Certification Forum, together with a wide range customers and industry stakeholders, to establish a robust testing and certification framework fit for the age of IoT.

FIME’s aim is to minimize:• The cost of embedded SIM testing and validation • The time required to complete the process

This enables all stakeholders to capitalize on the huge opportunities presented by connected devices.

For further information and assistance with embedded SIM integration and interoperability testing, contact FIME today.

5ABOUT FIME

29

FIME offers comprehensive consulting services, technical training, technology design, test tools and certification testing across the financial services, telecom, transit and identity sectors. Its experts support projects from start to finish, resolving the technical challenges its customers face when implementing a complete portfolio of specifications, standards and multi-brand industry requirements.

FIME speaks the language of its customers and uses its 20+ years of experience to ensure that card and mobile transactions services are implemented efficiently and successfully. It supports a range of technologies including contact, contactless, EMV chip, near field communication (NFC), host card emulation (HCE), tokenization, secure element (SE), machine to machine (M2M), internet of things (IoT) and trusted execution environment (TEE).

Partnering with the international and national payment schemes, and industry bodies, FIME ensures its multi-brand offering is always aligned with the latest market requirements.

5ABOUT FIME

FIME. One Action. A billion transactions. www.fime.com | Twitter | LinkedIn | YouTube

CO. INFOGRAPHIC

ALL OVER THE WORLD

REFERENCES

ACCREDITATIONS

MEMBERSHIPS

PARTNERS

DISTRIBUTORS