Using LwM2M for Remote SIM Provisioning on IoT devices
Low power Cellular IoT is the preferred LPWAN for massive IoT. But vendor lock-in and the requirement for multiple MNOs for multinational deployments make SIM provisioning challenging for enterprises. LwM2M device management promises an efficient, standardized solution
Low Power Cellular IoT is gaining traction as the preferred low power wireless area network (LPWAN) technology for massive IoT – a network supporting applications that require a huge volume and density of devices to provide wide coverage for applications such as smart meters, smart streetlights, and cargo asset trackers.
Cellular IoT leverages the same network all smartphones use every day to connect massive IoT devices to the cloud. The technology can connect over kilometers, supports a high density of IoT devices, and can operate from modest power sources. Other key advantages include Internet Protocol (IP) interoperability which enables a bidirectional link between end-devices and the cloud without the need for expensive and complex routers or gateways. Further advantages include future proofing, scalability, security, and high quality of service (QoS).
Narrow band (NB)-IoT and LTE category M1 (LTE-M) are the two underlying technologies supporting low power cellular IoT. They are different technologies, although some commercial low power cellular IoT modems can support both simultaneously. The selection between NB-IoT and LTE-M is largely determined by region, as well as the data throughput and latency requirements of each use case.
However, despite its clear advantages there’s a major challenge threatening to stall cellular-based massive IoT rollouts. Connectivity of cellular IoT devices to the network requires the use of a Subscriber Identity Module (SIM) - a combination of secure software and hardware that identifies and authenticates devices that wish to access the network. Initially the provisioning of connectivity profiles in eSIM has been created for machine-to-machine use cases such as managing connectivity in cars and designed to provide a high level of control to mobile network operators (MNOs). But this arrangement is ill-suited to enterprises wishing to connect millions of (potentially resource-constrained) devices to a cellular network for massive IoT applications.
“Enterprises tells us that although things have improved, there are still limitations when using the MNO-oriented SIM for the low power cellular IoT provisioning processes. Worse still, the current process lacks compatibility with NB-IoT,” explains Stephane Quetglas, Mobile Connectivity Solutions Marketing Director with Thales, a global technology provider. “But now a solution is near. A new eSIM for IoT standard is nearing adoption and is far more enterprise oriented, compatible with NB-IoT, and destined to increase business agility.”
The solution Quetglas cites comprises: eSIMs/integrated-SIMs (iSIMs); Remote SIM Provisioning (RSP); a new eSIM standard (SGP.32) architecture that moves SIM provisioning away from “push” (machine-to-machine (M2M)) to adapt to a “pull” (consumer) model for IoT devices; and Lightweight M2M (LwM2M), an interoperable industry standard for massive IoT device management. This technical article explains how this will work.
From SIMs to eSIMs and iSIMs
Cellular networks use regulated spectrum allocations. This brings robust, reliable service, security, and global coverage. But it also brings a degree of complexity because connection to the network is only granted to individually identified and authenticated wireless devices. As mobile telephony took off, the industry adopted SIMs for identification and authentication. The SIM was carried on a Universal Integrated Circuit Card (UICC), a compact plastic smart card that plugged into the mobile handset. The SIM contained information such as a unique serial number, international mobile subscriber identity (IMSI) number, security authentication and ciphering information, a list of the services the user has access to, passwords, and other information.
With the handset activated, the cellular network interrogates the SIM and once satisfied with its identity and authentication, it grants access to the network. Removing the SIM from the handset and plugging it into another device repeats the process and allows that device access to the network while disconnecting the original handset.
SIM technology has rapidly developed. Advances have gradually shrunk the device and transformed it from a removable UICC to a component that is forever soldered directly to the electronic assembly of the cellular device – an eSIM or “eUICC”. An even later development has resulted in the iSIM, a dedicated System-on-Chip (SoC) secure enclave and an eUICC OS that forms part of the mobile device’s CPU. (Figure 1.)
Figure 1: SIMs have migrated from a UICC to a soldered component (eSIM) and now to an integrated part of the mobile device’s silicon (iSIM). (Image courtesy: Thales.)
“eSIMs and iSIMs are becoming popular for IoT devices because they eliminate the need to plug in a discrete UICC into each end-device. That’s impractical when you are connecting millions of products to the cellular network,” says Waseem Haider, Principal Analyst, IoT, Enterprise Research with TechInsights, a semiconductor intelligence firm. “It also makes the manufacturing process easier. The supplier can just add a component on to the board or CPU rather than having to manually put SIM cards into slots. Moreover, there is no need to change a SIM card when switching connectivity providers.”
Haider says that of the two billion cellular IoT connections made in 2022, 600 million were performed by eSIM or iSIM. That number is set to boom as massive IoT rolls out.
There’s a major difference between the process of connecting a smartphone to a cellular network and an IoT end-product. In the first instance, the smartphone will be in the hands of a user, and the process is controlled by them “pulling” the instructions for provisioning, often using a QR code or an alternative internet link. (The process is detailed in the GSMA SGP .21/.22 standard.) Such a method is not efficient for a fleet of IoT devices and requires end-user intervention. In the case of an M2M or IoT device, an end-user will rarely be present, so the provisioning is “pushed” from the MNO to the remote device (GSMA SGP .01/.02 standard) using RSP.
“More than 300 million devices of the 2 billion Cellular IoT connections were Remote SIM Provisioning (RSP) capable in 2022, meaning that these devices are using the RSP capability to change MNO profile actively,” says Haider. “The relevant GSMA standard facilitates provisioning using over-the-air commands.”
Although the M2M RSP overcomes the need for a human operator when joining a cellular network, it is currently not ideal for massive IoT. For one, the standard is really designed for the convenience of MNOs rather than massive IoT service providers. And second, and perhaps even more crucial, the process is not compatible with NB-IoT, one of the leading low power cellular IoT technologies.
The GSMA is addressing this problem with the introduction of GSMA SGP.31/.32. The standard is specifically designed to overcome the challenges of network provisioning for massive IoT: it is well suited to the provisioning of resource-constrained devices; it is fully compatible with NB-IoT and LTE-M; and it makes it much easier for enterprises to control the process.
GSMA SGP.31/.32 includes some functionality from SGP .21/.22 including: IoT Profile Assistant (IPA) - which provides functionality such as profile download, discovery service, and notification handling; a rollback fallback mechanism; remote IoT device network profile triggering; and simpler integration and reduced costs for massive IoT deployments. The IPA can be implemented directly in the eSIM to further simplify the adoption of cellular for enterprises, removing the need for additional integration and testing work.
“SGP.31/.32 is an evolution rather that a revolution and encompasses the best parts of the original consumer and M2M standards, while learning from the shortcomings of those standards when attempting to apply them to LPWANs,” says Loic Bonvarlet, SVP Product and Marketing with Kigen, a supplier of secure SIM technology.
The tests and compliance specifications for GSMA SGP .31/.32 are expected to be finished by 2024 with commercial solutions expected to be launched some time in 2025. (Figure 2.)
Figure 2: The GSMA SGP.31/.32 IoT SIM standard builds on the success of consumer and M2M models but adds LPWAN support and is more convenient for massive IoT enterprises. (Image courtesy: GSMA (Architecture) & TechInsights’ Telecoms Strategies Group.)
“With the implementation of GSMA SGP .31/.32 we expect that there will be 36% RSP-capable connections by 2030 from 6.6 billion of total Cellular IoT Installed Base",” says TechInsights’ Waseem Haider. (Figure 3.)
Figure 3: Cellular IoT installed base forecast with percentage of RSP-capable connections, 2022 to 2030. (Image courtesy: Techinsights’ Telecoms Strategies Group.)
Why LwM2M is the Best Solution for RSP
The introduction of GSMA SGP .31/.32 hands back control of cellular device provisioning to enterprises, but they still require a simple and reliable mechanism to trigger the process, especially when those devices are remotely situated.
“When you consider it closely, it’s clear that eSIMs and iSIMs are now integral parts of the IoT device rather than a separate plug-in entity. It therefore seems a natural step to consider provisioning of the SIM as part of the overall device management software task,” says Christophe Serrano, Head of Product at IoTerop. “That simplifies the task for the enterprise as the workflow is abstracted by the device management software provider, a service they control, rather than the MNO, one they don’t. It also helps the enterprise avoid MNO lock-in contracts.
“And soon, things will get even better with a ‘rule engine’ that will allow device management software to mix an eSIM remote manager (eIM) with device management capabilities,” adds Serrano. “We will then be able to define criteria to dynamically allocate profiles - depending on geography, coverage, signal strength, and the preference for a given MNO.”
An ideal candidate for SIM provisioning as part of an overall device management service is LwM2M. The protocol is an interoperable industry standard ideally suited to the management of resource-constrained IoT devices as well as more powerful and complex IoT devices including routers and gateways. It was created by the Open Mobile Alliance (OMA) to bring together existing standards—that each contributed to a full solution for device management—into a single, cohesive common service layer. The result is a solution that reduces IoT device management complexity and boosts security while supporting the scalability and security demanded by massive IoT.
IoTerop has developed a highly optimized commercial implementation of a LwM2M stack called IOWA. IOWA is fully compliant with the LwM2M specifications, has passed LwM2M MNO certification (for example, the certification programs of AT&T and Verizon), and features a full implementation of LwM2M Version 1.0, 1.1, and 1.2 within its streamlined stack. IOWA is the perfect complement to ALASKA, IoTerop’s device management platform that enables data collection, remote configuration, security updates, firmware updates, and device monitoring. (Figure 4.)
Figure 4: ALASKA and IOWA use LwM2M for comprehensive device management. Shown here is an example of remote management of a water meter.
In addition to the other device management task it handles with ease, LwM2M is particularly suited to eSIM and iSIM profile management. LwM2M transports the messages required to perform RSP back and forth. That allows for flexibility in RSP implementations; for example, using IoTerop’s IOWA and ALASKA, it would be possible to pause and resume an RSP process if the network is poor, avoiding having to restart the operation from scratch. This mirrors what happens when LwM2M is used for over-the-air updates.
Process interoperability is ensured through pre-defined RSP and other SIM operations. The protocol’s remote provisioning capability is a critical feature that allows devices to seamlessly switch between various operators or networks and perform configurations over-the-air. This flexibility is essential, not only when considering the device’s location, but also for specific application requirements, such as the features offered by the cellular network at each location.
It is the Subscription Manager Data Preparation + (SMDP+) that stores network profiles and makes them available for download. ALASKA and IOWA handle the profile management by facilitating protocol interactions between the SMDP+ and the eSIM/iSIM. Better yet, OMA SpecWorks already issued a LwM2M Object (representing a collection of device properties, organized in a logical fashion to share a unified data model between devices and managing platforms; in this case Object ID 3443) to handle IoT RSP. (Figure 5.)
Figure 5: ALASKA and IOWA are well suited to cellular IoT remote SIM provisioning by facilitating protocol interactions between the SMDP+ and the eSIM/iSIM.
Key Benefits of LwM2M for RSP
Beyond its other device management capabilities, LwM2M includes many other features that make it ideally suited to RSP. Key benefits include:
- Unified management interface: LwM2M provides a unified management interface for application, device, communication, and SIM management, ensuring consistent user experience and reducing integration challenges.
- Scalability: LwM2M is scalable, catering to both small and large IoT deployments. By utilizing it for RSP, enterprises can ensure that as their IoT deployments rapidly grow, eSIM/iSIM management won’t stall rollout.
- Reduced complexity: By centralizing eSIM/iSIM operations within the LwM2M framework, organizations can reduce the complexity associated with handling multiple systems or protocols. They can also leverage an existing communication channel rather than having to build a new one.
- Improved Security: LwM2M has inherent protection features that can be extended to eSIM/iSIM management. This ensures that operations such as profile switching are carried out securely.
- Cost efficiency: By using LwM2M for RSP, enterprises can avoid additional capital and operational costs from data usage, power consumption, and the investment in separate systems for RSP. Note that SMDP+, eIM, and IPA will still be required.
- Streamlined troubleshooting: With a unified system for RSP, diagnosing and resolving issues becomes more efficient. Service providers can pinpoint problems faster and apply solutions consistently across devices and SIM profiles.
- Future proofing: By integrating eSIM/iSIM management with LwM2M, it ensures that the system remains relevant and adaptable to future changes as the IoT rapidly expands.
LwM2M is already a proven commercial solution for device management of utility applications such as smart meters and smart streetlights. That makes it the prime candidate for general massive IoT device management. And now cellular IoT, eSIMs and iSIMs, SGP.31/.32 are joining the protocol to offer an efficient, simple, and secure way to orchestrate connectivity for millions of IoT devices. The technologies will hand control of the SIM provisioning operation from MNO to enterprise. That enhances flexibility and convenience, and lowers costs.
But there is still some work to do. The tests and compliance specifications for GSMA SGP .31/.32 won’t be finished until next year and commercial solutions won’t hit the market until 2025. And it’s important to think of the best way to implement these new technologies before they hit the mainstream. For example, Kigen’s Bonvarlet, says: “It’s important to anticipate as much as possible and set things up at the point of device manufacturing because even with RSP, field management will still be bandwidth and energy costly for cost sensitive and single charge battery operated IoT devices.”
Key players in the RSP segment—companies like IoTerop, Kigen, and Thales—are working together today to ensure that the inevitable engineering wrinkles are ironed out before LwM2M-based RSP’s widespread adoption. In doing so, they are ensuring that massive IoT will fulfill its potential much faster than it might otherwise have done.
Together with partner companies Kigen, TechInsights and Thales, IoTerop has produced a webinar entitled Advancing Global Cellular IoT through SGP.32 eSIM, iSIM, and LwM2M which builds on the content in this technical article. The webinar includes contributions from:
- Loic Bonvarlet, SVP Product and Marketing, Kigen
- Waseem Haider, Principal Analyst, IoT, Enterprise Research, TechInsights
- Stephane Quetglas, Mobile Connectivity Solutions Marketing Director, Thales
- Christophe Serrano, Head of Product, IoTerop