Tag: SM-SR

Enterprise M2M Use Cases: #2 Corporate Customer Fleet Management Change M2M Device MNO

mustnotgrumbleLeave a comment

GSMA Official Document 12FAST.13 – Embedded SIM Remote Provisioning Architecture published in December 2013 provides a technical specification to enable the remote provisioning and management of Embedded SIMs to allow the “over the air” provisioning of an initial operator subscription and the subsequent change of subscription from one operator to another.  The technical specification includes technical use cases for the provisioning of the Embedded Universal Integrated Circuit Card.  The following are worked examples of business use cases for M2M provisioning.

Use Case #2: Corporate Customer Fleet Management Change MNO

Pamela wishes to upgrade the telematics capabilities of City Deliveries’ existing vehicles.  The existing vehicles are after-market fitted with an M2M device including an eUICC embedded SIM provisioned to MNO B.

Pamela wishes to migrate these subscriptions from MNO B to MNO A to take advantage of dedicated telematics software provided by MNO A.

Use Case Flow:

  1. City Deliveries enters into a subscription with MNO A for the after-market devices
  2. MNO A knows the eUICC-IDs for the devices and the ID of the registered SM-SR
  3. The eUICC is registered with a common SM-SR between MNO A and MNO B
  4. MNO A initiates provisioning of the devices
  5. MNO A initiates the Profile Download and Installation which results in an ISD-P created in the eUICC for the MNO, containing a Profile in disabled or enabled state. The SM-SR has updated the EIS for this eUICC accordingly.
  6. MNO A activates the subscription and all the devices are operative with MNO A
  7. MNO B initiates de-provisioning for all the eUIDDs
  8. MNO A’s profile is cleared from all devices

Alternative Flow (Step 3):  The eUICC is registered with a different SM-SR

  • Note: To allow remote access to the eUICC the eUICC Manufacturer (EUM) registers the eUICC at a selected Subscription Manager Secure Routing (SM- SR). This means that related information which is relevant throughout its further lifetime, in particular the Platform Management Credentials, Provisioning MSISDN, are stored in the SM-SR database. Without this step, remote access to the eUICC will be impossible
  1. If MNO A manages their profiles with a different SM-SR than MNO B then the management of the eUICCs will be handed over.  In this case SM-SR X will request the necessary data to manage the eUICCs (e.g. the appropriate access credentials, characteristics of the eUICCs, previous SM-SRs) in the M2M devices from SM-SR Y.  SM-SR X will not want the SM-SR Y to have knowledge of the eUICC profile management credentials it will have.  Therefore SM-SR Y and SM-SR X perform a change of eUICC management responsibilities involving the eUICCs in the process.  As a consequence SM-SR X becomes the entity managing the eUICCs on behalf of the MNO A.

More detail is provided by the macro procedures E.5 in GSMA Official Document 12FAST.13 – Embedded SIM Remote Provisioning Architecture 

Enterprise M2M Use Cases: #1 Corporate Customer Fleet Management New M2M Order Provisioning

mustnotgrumbleLeave a comment

GSMA Official Document 12FAST.13 – Embedded SIM Remote Provisioning Architecture published in December 2013 provides a technical specification to enable the remote provisioning and management of Embedded SIMs to allow the “over the air” provisioning of an initial operator subscription and the subsequent change of subscription from one operator to another.  The technical specification includes technical use cases for the provisioning of the Embedded Universal Integrated Circuit Card.  The following are worked examples of business use cases for M2M provisioning.

Use Case #1: Corporate Customer Fleet Management New Order

Pamela, the purchasing manager of City Deliveries purchases a number of M2M enabled vehicles for their company’s fleet.  The new vehicles include an embedded SIM provisioned to Mobile Network Operator A.

Pamela is happy as MNO A is there existing network operator and enters into a subscription with MNO A for the M2M enabled vehicle devices.

Use case flow:

  1. MNO A initiates the provisioning of a number of devices included in City Deliveries subscription
  2. MNO A already use Subscription Manager Secure Routing (SM- SR) to which the eUICC is registered and hence the SM-SR does not need changing.
  3. The MNO Profile is downloaded and installed to the eUICC by the SM-SD.  The ISD-P created in eUICC for MNO, containing profile in disabled state, SM- SR updated EIS.
  4. Target profile is enabled on the eUICC. As this is a new eUICC on the first MNO then no previously enabled profile requires disabling.
  5. MNO A activates the subscription

More detail is provided by the macro procedures 1, 2 & 3  in GSMA Official Document 12FAST.13 – Embedded SIM Remote Provisioning Architecture 

Embedded SIM SM-DP & SM-SR

mustnotgrumble1 Comment

The GSMA has united the mobile operators and SIM suppliers behind a single Embedded SIM specification to avoid costly, fragmented & incompatible technical solutions and help accelerate the M2M market.  In order to support M2M use cases with no human intervention and to facilitate the secure over the air installation of mobile operator credentials into a SIM, two new key network elements have been specified by the GSMA:

Subscription Manager Data Preparation (SM-DP):

  • Role that securely creates and encrypts operator Profiles and then securely installs them into the eUICC
  • The SM-DP securely packages profiles to be provisioned on the eUICC. The SM-DP manages the installation of these profiles onto the eUICC
  • The Profile Enabling procedure between the MNO and the SM-DP is used to enable a Profile previously downloaded and installed on an eUICC. The procedure is initiated by the MNO owning the Profile to be enabled.

Subscription Manager Secure Routing (SM-SR)

  • Role that which enables secure download, enablement, disablement and deletion of Profiles on the eUICC
  • The SM-SR ensures the secure transport of both eUICC platform and eUICC profile management commands in order to load, enable, disable and delete profiles on the eUICC

Certificates & Credentials:

  • The Embedded Universal Integrated Circuit Card (eUICC) Certificate is issued by the eUICC Manufacturer for a specific individual eUICC and is certified by the eUICC Manufacturer Certificate which are issued to a GSMA accredited eUICC Manufacturer.  The eUICC Certificate enables eUICC authentication and certification to other entities; the authenticated key set establishment between a SM-DP and an eUICC and authenticated key set establishment between a SM-SR and an eUICC
  • Download and installation are protected by Profile Installer Credentials shared between the SM-DP and the Issuer Security Domain Profile
  • The architecture of the eUICC and its remote Provisioning system complies with the requirements of 3GPP TS 21.133 [21133] “3G Security, Security Threats and Requirements”