Subscription Management Secure Routing explained
eUICC (embedded universal integrated circuit card) technology enables businesses to swap subscription services and manage IoT (or M2M) SIM profiles ‘over-the-air’ (OTA), without the need to physically access a device’s SIM. An eUICC SIM is often called eSIM and can be a pluggable SIM card or an embedded (chip) SIM.
SM-SR (Subscription Management Secure Routing) is an important part of the network architecture that makes this OTA provisioning possible. Read on to discover how SM-SR helps to simplify remote SIM management to meet your specific IoT application usage needs.
What is the function of SM-SR in M2M devices?
There is a standard framework for IoT device eUICC SIM (eSIM) provisioning and management, set out by the GSM Association (Global System for Mobile Communications).
This framework comprises two types of server that work in tandem. One of these servers is called Subscription Manager Data Preparation (SM-DP). This is a kind of storage hub for all the profiles which are available for download to eSIMs, along with other important information such as an IMSI (subscriber ID numbers), subscription-related data for various operators, and authentication keys. The SM-DP stores information in encrypted form. Different providers will have different eSIM profiles available depending on the strength of their MNO eco-system and their in-house capabilities.
SM-SR (Subscription Management Securing Routing) is the other server. As its name suggests, its function is to provide a secure routing path for transmission of information from the SM-DP to the eSIM. Depending on the policies or business rules defined pre-deployment, the SM-SR will ensure that the correct operator credentials are installed on the device’s SIM. Thereafter, the SM-SR is central to remotely managing the eSIM, by enabling, disabling and deleting profiles as required during the product’s lifetime and according to the established policies.
The leading MVNO service providers will typically offer access to their SM-SR and handle all the factory provisioning of SIMs and security keys as well as the in-life operation. It is not necessary to license an RSP platform of your own although that option does exist.
How does SM-SR remotely manage eSIM profiles securely?
Let’s say you need an IoT device to swap from an existing operator profile to a new one. Your provisioning platform downloads the new profile to the SM-DP. The SM-SR routes this information to the eSIM, encrypting it to ensure it cannot be intercepted by hackers. After it is downloaded to the eSIM, the SM-SR issues an activation command to the eSIM. Following this command, the new subscription is activated, and the old one is automatically deactivated.
It is possible to delete inactive profiles or they can be retained as a fall-back or insurance profile option. Most eSIMs can store up to 4 profiles.
The SM-SR operates according to business rules which can be entered via a command portal (User Interface) or via API calls passed from a “Rules Engine”. Profile transactions can be on per eSIM basis or can be performed in bulk (so called campaigns) or most powerful of all they can be dynamically automated by the Rules Engine based on things like location or data usage.
For example, an enterprise might decide than when a SIM (device) is in country X, then it should always use Network Y. This choice might be made based on perceived quality, coverage, costs or because there are regulations in place which prevent permanent roaming.
Effective IoT SIM management
SM-SR provides a secure transportation route for important profile management commands. This makes it possible for credentials to be enabled, disabled or deleted as and when required. As such, SM-SR enables businesses to tap into the biggest benefit of eUICC technology: namely, the ability to control and manage IoT devices completely remotely, without having to physically access the SIM.
Network switching & remote SIM management
If different operators used their own technical solutions for remote SIM management, it would be difficult to switch from one network operator to another. Thanks to a GSMA standardised architecture comprising SM-DP and SM-SR servers, subscription management is straightforward, making it possible for businesses to switch between operators as required for cost or coverage reasons.
Security and fall-back
This standard provisioning architecture uses a Secure Channel Protocol (SCP). Encryption keys are loaded into the eSIM during manufacturing and are imported into the SM-SR. Businesses can be assured that IoT eSIMs are just as secure as traditional SIMs and contactless payment solutions.
Find out more
For more information on the best way to manage connected IoT assets, take a look at the Wireless Logic SIMPro platform.
Wireless Logic enables organisations to make the best possible decisions regarding the suitability of 4G LTE, Low Power and 5G technology, in line with current needs and future goals.
To explore your options, speak to us today. For further education around all things IoT, our IoT glossary is full of definitions and explanations.