What Is eSIM and How Does It Work? Explained for IoT and Everyday Users

By Riley ThompsonTechnology News

Why Do We Need eSIM? How It Works and Why Everyone Is Talking About It

We’re once again on the brink of a technological revolution (I’ve lost count of which one). The Internet of Things (IoT) is bringing new business models, new use cases, and another shake-up of the entire telecom market. As with any major shift, there are tons of competing directions, solutions, and technologies—so it’s a real mix, and it’s hard to say exactly how it will all play out.

There are several key areas of development, a sort of matrix of needs where solutions are ranked by data transfer speed and distance. For example, NFC and BLE are used for payments, LoRa and ZigBee for sensors, and there are cellular-based solutions like 4G/5G (LTE-M and NB-IoT).

In my opinion (since I work with cellular networks), the simplest and most ready-to-deploy IoT segment is the one based on cellular networks using eSIM. That’s what I’ll talk about here, from both hardware and software perspectives, but at a “good to know” level.

Why Traditional SIM Cards Are Outdated

Current cellular network architecture relies on SIM cards. Without getting too technical, a SIM is a classic black box—a secure element that allows 100% accurate subscriber identification (yes, I know SIMs can be hacked).

Each SIM card has a certified GSMA OS, with a profile installed according to the mobile operator’s requirements. There are various features, keys, OTA updates, and SIM menus. The technology is mature and works well for everyone.

For mobile operators, the main downside is cost. Manufacturing and delivering SIM cards to distribution points costs money, and logistics from the factory to the end user can be much more expensive than the SIM card itself.

For individual customers, the main issue is time. You have to go get a SIM, break it out, and insert it. You could use a courier, but that just increases logistics costs.

But these are minor compared to the problems faced by integrators managing large fleets of connected devices:

  • M2M SIMs are more expensive due to higher requirements for thermal and vibration resistance. They use polycarbonate instead of ABS plastic, different adhesives, etc.
  • Installing SIM cards in equipment is labor-intensive. While installing at the factory is manageable, replacing SIMs in the field across hundreds or thousands of devices is daunting.
  • Once a manufacturer chooses an operator, they’re locked in. The operator can dictate prices. Multi-SIMs with profiles from several major players exist, but they’re only a partial fix.
  • Logistics headaches: If you assemble 100 devices for one region but need to send them elsewhere, you have to manually swap SIMs. Used nano-SIMs need to be tracked, and so on.
  • Roaming issues: Imagine a truck with a GPS tracker traveling from Kazakhstan to England. You either pay high roaming fees or swap the SIM for a travel SIM from an MVNO. But trackers are usually hidden and hard to access. Plus, the truck might be local today and 5,000 km away tomorrow, increasing maintenance costs.

These are just the most obvious problems—there are many more in reality.

eSIM: A Tool for Integrators

Many people mistakenly think eSIM was created for consumers. In fact, the Remote SIM Provisioning (RSP) system was originally designed for centralized loading and management—strictly B2B, strictly M2M. Only later did GSMA release a specification for the B2C market.

There are actually two standardized GSMA eSIM systems: one for M2M/B2B, and another for B2C (consumers). The main difference is that M2M eSIM uses a “push model” (the administrator loads the profile), while B2C eSIM uses a “pull model” (the user decides what and when to load).

Key Terms and Components

  • eUICC: The “SIM” itself—a chip module with an OS, usually as an SMD component, but it can also be in a regular SIM card form factor. The chip belongs to the device manufacturer, but the profiles loaded onto it belong to the mobile operator. Technically, an eUICC with an active profile works just like a regular SIM card and must be GSMA certified.
  • LPA: A software service in the eUICC, mainly for B2C. It handles profile downloads, local discovery, and user interface functions—managing profiles on the device (phone), such as loading, activating, deactivating, or deleting profiles.

On the server side, several services are required:

  • SM-DP (Subscription Manager Data Preparation): Generates, stores, and protects operator profiles (eSIMs), and loads them onto the eUICC. It also provides data to the SM-SR server.
  • SM-SR (Subscription Manager – Secure Routing): Manages profile status on the eUICC (activate, deactivate, delete) and secures the communication channel for profile delivery.
  • SM-DP+: For B2C, this combines the functions of SM-DP and SM-SR, handling creation, download, remote management, and protection of operator credentials.
  • SM-DS (Subscription Manager Discovery Server): Allows SM-DP+ to interact with eUICC devices without knowing which network they’re on. It notifies devices when a profile is available for download, supporting the pull model.
  • CI (Certificate Issuer): Issues certificates for system authentication.
  • EUM (eUICC Manufacturer): The manufacturer of the eUICC chips.

Security

eUICC security is confirmed by a Common Criteria EAL4+ certificate (for B2C, this is still in development but coming soon). Production and process security are ensured by GSMA requirements: SAS-UP for eUICC and SAS-SM for the server side (RSP). Functional testing and certification follow GSMA SGP.23 rules, with programs created by GlobalPlatform in cooperation with GSMA, the Global Certification Forum, and PTCRB. Only GSMA SAS-accredited eUICC manufacturers and RSP platform owners can apply for certification. Certificates are required to participate in the GSMA-approved eSIM ecosystem.

For those interested in the details: PKI (Public Key Infrastructure) is used for security.

What’s Next?

Becoming an MVNO (virtual operator) is getting easier and cheaper—still millions, but in rubles, not dollars. Even mid-sized companies can now create their own virtual operator with a pool of numbers to manage their distributed IoT networks: ATMs, POS terminals, utility meters, and all sorts of IoT equipment.

Major Russian MNOs have accepted the new rules and are actively testing remote authentication for new subscribers. They’re not against MVNOs—traffic is traffic, and most people are tied to their MNO by phone number, not by a physical SIM card. Many just don’t bother switching operators.

Work is already underway to localize RSP platforms in Russia. Once launched and certified, we’ll see large-scale government projects—railways, power grids, and smart cities.

What Does eSIM Bring to IoT?

  • eUICC modules as SMD components take up less space and are more reliable than regular SIM cards, even M2M versions. They’re more resistant to heat and vibration, and more energy efficient.
  • eSIM solutions are ready for mass adoption. Unlike alternative technologies, mobile networks are already deployed and offer nearly 100% coverage in populated areas.
  • Competition in the mobile market prevents monopolies and price hikes.
  • Devices work “out of the box” right after first power-up.
  • Easy to connect remote buildings to the network.
  • Centralized administration of all devices.
  • Settings can be changed on the fly, for all equipment or selectively.
  • Manufacturers can choose the best connectivity option without extra agreements with wired providers. Connectivity doesn’t depend on local small operators.
  • Simple and cheap logistics: all equipment leaves the factory identical, and regional settings are configured over the air. It’s easy to reconfigure a batch for a new region with just a few clicks.
  • Welcome, Big Data! Real-time data collection and analysis with any sampling accuracy: leaks, peak usage, average consumption, usage patterns, fraud detection, overall assessment, and more.

All this will lead to new services and interaction scenarios. The possibilities for IoT have been described many times, so I won’t repeat them here—but it’s going to be exciting.

eSIM for Consumers (B2C)

For the B2C segment, eSIM will bring new marketing battles, new ways to attract and retain customers, and new lead generation tools borrowed from banking and other industries. The main focus will be on travel connectivity and promotional services, as well as a new era in corporate communications.

How eSIM Works for People—Debunking the Myths

What about tomorrow? I can’t predict the whole future, but the SIM card’s fate is pretty clear. ARM has announced iSIM. We had embedded SIMs, now we’ll have integrated SIMs. The SIM will be built right into new SoC chips, alongside the modem, processor, RAM, GPU, and more. Instead of a 4 mm² SMD component, it’ll be less than 1 mm², right on the main chip.

This will further reduce power consumption and required space. iSIM will be even easier to include in any device—actually, it’ll just be there by default. Not using it would be silly. So, the number of IoT devices will only grow, and prices will keep dropping.

Welcome to cyberpunk!

Leave a Reply