embedded uicc remote provisioning discussion
Skip this Video
Download Presentation
Embedded UICC Remote Provisioning Discussion

Loading in 2 Seconds...

play fullscreen
1 / 39

Embedded UICC Remote Provisioning Discussion - PowerPoint PPT Presentation

  • Uploaded on

3GPP/SA3-LI#46 Tdoc SA3LI12_074 Quebec City, Canada July17-19 2012. Embedded UICC Remote Provisioning Discussion. Source: Rogers Wireless Contact: Ed O’Leary ([email protected]), George Babut ([email protected]). Introduction.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about ' Embedded UICC Remote Provisioning Discussion' - edward-saunders

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
embedded uicc remote provisioning discussion
3GPP/SA3-LI#46 Tdoc SA3LI12_074

Quebec City, Canada

July17-19 2012

Embedded UICC Remote Provisioning Discussion

Source: Rogers Wireless

Contact: Ed O’Leary ([email protected]),

George Babut ([email protected])

  • This document provides information regarding existing deployments and future deployments of remote provisioning and Embedded UICC
  • It provides some regulatory concerns and specific LI concerns for the currently envisioned deployments
a brief history
A brief History
  • M2M study concludes that
    • Smaller UICC required for Embedded Devices
    • Non removal
    • Remote provisioning of UICC required (embedded UICC)
  • Dutch consumer Affairs, determines that m2m may provide anti competitive front for incumbent MNO.
    • Inability to change subscription
  • Brazilian Government wants easy access for users, multi-profiled SIM
    • MNO policies on termination, and or start of service
    • Social policy to improve communication infrastructure, access Broadband
  • Smart Phones Vendors eye opportunity to become virtual MNO, via remote provisioning
  • ITU floats idea on new MCC or MNC codes for M2M device
  • Several groups start addressing the issue
    • GSMA
    • SIM Alliance
    • Standards
      • ETSI
        • SCP
        • M2M
      • 3GPP
      • TIA
      • ATIS
      • Formation later this year of Onem2m, new partnership program with other interest groups and stakeholders http://onem2m.org/
      • Global Platforms
mno impetus
MNO Impetus
  • Declining activations and revenue
    • Saturated markets, Regulatory policy
    • These are key market indicators
  • All IP networks coming on line
    • New capabilities, new economic models
    • Internet of Things, forecast 10X increase in subscriptions
  • 5th 6th generations devices, are smaller.
    • Embedded device into electronic
  • Threat to current Business models
    • M2M – current focus
    • Smart Phones – some vendor focus
  • Four models
    • MNO build out
    • Vendor Build out/ operated supported by MNO/ MNOs
    • Third party MNO hosted
    • MNO build out supported by Third party HLR (MNO ) and Billing
mno focus
MNO focus
  • Today the eUICC focus is on M2M only, however it is expected to rapidly move to smart phones
  • Operators need time to revamp back end business systems that support activations of smart phones using eUICC
    • ordering, inventory management, commissions, tracking warehousing, prepaid, billing, customer care, Multiple Sim vendors, certification …..
  • Operators focusing on the business rules, architecture and interconnection requirements for M2M
uicc vendor impetus
UICC Vendor Impetus
  • Ownership of UICC changing
    • Potential to sell services to M2M device, M2M vendor, M2M aggregator, and the M2M user
    • User apps, eg electronic car VIN, auth key to start, engine app (settings)
    • Anything requiring the security a SIM card provides
    • Inventory and management of cards
      • Batches per MNO
      • Batches to fewer MNO with high volumes lowers costs
    • Open up new relationships to device vendors and MNO
uicc vendor focus
UICC Vendor Focus
  • New Architectures for provisioning
    • New revenues
      • Provisioning and re-provisioning from operators
      • lease of space on eUICC for third party apps
      • Subscription Management functions
      • Subscription preparations functions
    • Lower cost
      • Smaller form factors, more chips per die
      • Higher run and volume production
    • Security model
m2m vendor impetus
M2M vendor impetus
  • Remote activation of devices
    • Can be tied to payment and commissions
  • Reduced costs
    • Size of pluggable SIM, and its receiving connector
    • Inventory, management for operators
  • Reduced foot print, access to more devices
    • Competition with WIFI access in device
      • Camera, printers, eHealth
m2m vendor focus
M2M Vendor Focus
  • Cost reductions
    • Component parts
  • Reduced Carrier testing/ interop
    • Donor MNO only
  • Size reductions
    • Open up new markets for embedded devices
smart phone vendor impetus
Smart Phone Vendor Impetus
  • Virtual MNO, can hide the operator from the consumer, just manage access, cellular WiFi etc
  • Smaller foot print allows more room for MIMO antennas, required for greater data rates
  • Installation of their own apps, protect SN, IMEID, boot keys, NFC wallets, password and keys for services
smart phone vendor focus
Smart Phone Vendor Focus
  • Unknown,
    • there have been attempts at Secure Elements in the past
    • ongoing battle with MNO on Branding,
      • SIM provides access and control over some features in the device, ie access to Fax and CS Data
    • Shrinking revenue pie
  • Jasper
    • A MNO which utilizing their HLR or hosting the MNO M2M HLR and providing a unique Billing options provide third party MNO m2m services
      • Control, and Billing not very well supported in existing MNO service complex’s
        • Many m2m devices to one customer
        • Specific pricing plans for low data rates or off hr usage

Some examples

  • http://m2m.vodafone.com/home/
  • ttp://www.telenorconnexion.com/
  • http://www.business.att.com/enterprise/Family/mobility-services/machine-to-machine/
  • http://www.rogersm2mbusiness.com/on/en/m2m-solutions
  • http://www.orange-business.com/en/mnc2/themes/m2m/
  • http://m2m.telekom.com/
current m2m services
Current M2M services
  • Cars
    • Telematics, and E Call, aka GM Onstar
      • Remote kill, start, door open, tracking,
  • E-readers and Tablets
    • Pre installed embedded devices, awaiting activation of mobile services
  • eHealth and mHealth coming
current thinking
Current thinking
  • As supported in various organizations
    • When an m2m device is shipped and installed it needs to have credentials to access the network, in order to be provisioned to a servicing MNO
    • This requires a Donor MNO to provide the initial credentials that are shipped in the embedded device, and then a means to install new credentials from the serving MNO
    • This model uses the exiting networks without changes
      • Supports old networks and new
      • Does not require new means and methods to hotline and provision devices which would require upgrades to some networks that will see capital investment frozen until the technology is sunseted
      • Requires a change to the eUICC to support remote provisioning, but it is changing anyways.
current thinking1
Current thinking
  • The eUICC or a network entity may allow or control multiple profiles within the eUICC
    • Provisioning profile, MNO profiles
    • Only one will be active at a time.
      • May be required for regulatory reasons, (Brazil)
      • May provide redundancy for critical infrastructure (SCP REC Use case)
    • The M2M device is not supposed to active a new profile on its own
current thinking2
Current thinking
  • UICC can support multiple applications
    • SIM
    • ISM
    • USIM
  • In a NFC model
    • MNO supporting many applications and digital wallets and applications, including 3 party apps












one possible envision
One possible envision

Security domain controlled by some entity (SM-SR/ Donor MNO)

Profile Management system that provides access to MNO and their applications

Digital lockers for other applications

All lockers are isolated from one and another

and for something completely different
And for something completely different
  • An now some discussion on regulatory issues and LI
critical infrastructure
Critical Infrastructure
  • “Critical infrastructure refers to processes, systems, facilities, technologies, networks, assets and services essential to the health, safety, security or economic well-being of Canadians and the effective functioning of government.
  • Critical infrastructure can be stand-alone or interconnected and interdependent within and across provinces, territories and national borders. Disruptions of critical infrastructure could result in catastrophic loss of life, adverse economic effects and significant harm to public confidence”. 
  • http://www.publicsafety.gc.ca/prg/ns/ci/index-eng.aspx
critical infrastructure1
Critical Infrastructure
  • In Canada Rogers, Bell, Telus have been designated Critical Infrastructure
  • Currently under ISO 27000 like Cyber Security Assessment and risk assessment on ability to offer telecommunication to Canadians
  • In US a new bill was introduced into the Senate Feb 2012, “The Cybersecurity Act of 2012” which outlines similar risk assessments
    • Yet to be passed into law
  • In Europe : Mandate M/487 to Establish Security Standards
critical infrastructure2
Critical Infrastructure
  • Other governments are in the process of such actions
  • Why
    • Recent attacks of Stuxnet on essential M2M devices
    • 2003 Black out in Northeast North America
      • Highlighted Hydro grid, and Smart grid reliability and its consequences on the public
      • Banking, cellular, gas pumps, transportation all affected
        • Standstill of economy and people
        • Threat to the digital economy
high level architecture proposal
High level architecture proposal

Source (ETSI SCP 11 0101)

critical infrastructure3
Critical Infrastructure
  • Source of the eUICC
    • Since the device vendor can source the eUICC, some countries may have issues with its origin
    • Some countries may require their m2m device vendors to source locally
    • It not clear yet how the eUICC will be identified in this regards
    • A certification process is anticipated
critical infrastructure4
Critical Infrastructure
  • Issues
    • Location of SM-SR (Subscription management- Secure Routing)
      • Would likely be required to reside in Canada, under Canadian control
        • Removes the risk of outside influences
          • Governments
          • Disasters
          • Cyber attacks on specific countries
      • Profile management
        • Changing MNO profiles during a warrant
critical infrastructure5
Critical Infrastructure
  • Provisioning profile
    • May have the same constraints as the location of SM-SR
      • Ie an attack on the provisioning Profile holder may cripple service, activations and telecommunications in Canada
      • Attack on DNS servers can do the same thing
        • (VPN and or dedicated facilities (current SS7))
    • May be at business odds, ie competitor or roaming partner
      • Runs into anti competitive behaviours
    • Likely to be a Canadian Entity controlled
      • Yet to be addressed by regulatory
anonymous emergency call
Anonymous Emergency Call

Most countries now require a subscription or proof of identity when purchasing Prepaid phones, SIM cards to stem the rash of E call, prank or otherwise

  • A donor MNO may or may not have a MSISDN
  • It may appear to be anonymous to Public Safety
    • It may violate existing rules and laws (identification of the user to the device)


  • USA proposal S.3427 -- Pre-Paid Mobile Device Identification Act (Introduced in Senate - IS) 2009- 2010 believe the carriers implement a policy without the Bill passing
  • Canada report (2006) on OECD countries, Simon Frazier University, However department does not exist anymore so links to those web pages are broken
anonymous emergency call1
Anonymous Emergency Call
  • From Canada Paper, Registration required
legal intercept
Legal Intercept
  • To be considered if the SM-SR controls profiles, and multiple profiles
  • The SM-SR is a TSP and is subject to legal interception.
  • The SM-SR will know which profile is active and which profiles are loaded
    • It may be required to provide profiles and which one is active.
    • It forces an issue with dynamic updating, not currently supported in some jurisdictions, in Europe , Dynamic triggers would allow the seamless capture, only if the SM-SR signals the change of profile to LEA
  • The SM-SR may be required to provide additional information
    • If the SM-SR has a view on the applications or wallets in the profiles, it is required to report that, and may be required to supply crypto keys it has.
  • These provide Operational considerations
legal intercept1
Legal Intercept
  • If the Donor MNO allows multiple Profiles to be stored on the device and to be able to active them when they chose.
    • No indication when the profile changes
    • If the Donor is foreign , no Dynamic triggering or other means to alert LEA of a change in MNO
  • If the device appears as permanent roamer,
    • it may roam on all MNO’s based on the roaming algorithms established in the device until a local MNO is provisioned
  • The Donor MNO may provide Trial or full access to services until a local MNO is provisioned
    • Limited LEA access
wireless number portability
Wireless Number portability
  • Legislation enacted to protect the consumer
    • Retain same MSISDN while changing MNO
    • These systems have not been included into the architecture
      • (some users may want to continue with this model, ie SCADA users with modems)
    • Standards have allowed for the M2M Control to move outside the MNO control (MTC Server)
      • New Addressing schemes being proposed to save on exhaustion of E164 numbers
      • Architecture does not support this
        • New addressing
        • MNO and MTIC provisioning
        • Number portability between MTC-S and MNO
  • There will be issues with Privacy
    • If SM-SR is a local or foreign entity, then some information is past as the device is provisioned with new MNO credentials (old MNO, New MNO, IMSI/ E164 address pairs)
    • If Donor MNO is a foreign entity, then some information is past as the device is provisioned (pending the solution, the Donor MNO may have back door access to the profiles)
    • When re-provisioned, the Donor MNO is again involved with new MNO
    • If the Donor is in country and the device moves to a competing MNO, the Donor acquires market intelligence it would not otherwise have
    • The EUICC vendor will also get information on each provision as it must compile and provide the required profiles to be sent to the device
      • Today the SIM vendor only knows IMSI ranges and file structures, but here it might pick up m2m services, and any 3 party application that are installed
  • European commission
    • Commission proposes a comprehensive reform of the data protection rules (Jan 25 2012)
    • Rules on how user data is handled internally and aboard
  • LI Issues
    • While the Donor Profile is active, m2m device is roaming in the target MNO network
      • GPRS data is Encrypted
      • Issues with forecast planning for capability and Global limits to issue warrants
    • If third party provisioned
      • Device may be roaming,
      • If data is sent back to MNO, then some LI information may be lost in the Donor GGSN
      • IP mapping to target address may be missing or not accessible
      • Multiple copies (clear plus encrypted from MNO GGSN)
    • Profile changes during a warrant
reference material
Reference material


  • http://www.digiworldsummit.com/2011/UserFiles/File/RUBON_JF_DWS2011.pdf
  • http://www.gi-de.com/gd_media/media/documents/complementary_material/smart__newsletter/smart-02-2011_Subscription_Management.pdf
  • http://www.gemalto.com/php/pr_view.php?id=1179
  • http://www.cinterion.com/products-and-services/services-and-solutions/flexible-subscription-management.html
  • http://www.ericsson.com/res/thecompany/docs/publications/ericsson_review/2011/m2m_remotesubscriptions.pdf
  • http://www.gsma.com/connectedliving/embedded-sim/
  • http://www.gsma.com/connectedliving/wp-content/uploads/2012/04/gsmaconnectingcarsthetechnologyroadmapv2.pdf
  • USA: Cyber Security Act 2012 http://www.hsgac.senate.gov/download/the-cybersecurity-act-of-2012-s-2105
  • Mandate M/487 to Establish Security Standards, Final Report Phase 1, Analysis of the Current Security Landscape
reference material1
Reference material


  • TS 22.368 Service requirements for machine-type communications
  • TR 23.888 Architectural Enhancements for machine-type communications
  • TS 33.868 Security aspects of Machine-Type Communications
  • TR 22.868 Study on facilitating machine to machine communication in 3GPP systems
  • TR 33.812 Feasibility study on the security aspects of remote provisioning and change of subscription for Machine to Machine (M2M) equipment (Release 9)
reference material2
Reference material


  • SCPREQ(11)0018_Embedded_SIM_Use_Cases_and_Requirements
  • SCPREQ(11)0019r1_WI_Embedded_SIM_Use_Cases_and_Requirements
  • SCPREQ(11)0061r1_Report_Approved_report_of_SCP_REQ_#29
  • SCPREQ(11)0072r7_Draft_Embedded_UICC_Requirements_Specification__agreed_skele
  • SCPREQ(11)0075r1_Multiple_Active_Profiles
  • SCPREQ(11)0078r2_High_Level_Architecture_for_eUICC_and_Remote_Provisioning
  • SCPREQ(11)0093_eUICC_Ecosystem_Presentation
  • SCPREQ(11)0101_embedded_UICC_high_level_architecture_and_principles_
  • ts_102689v010 Machine-to-Machine communications (M2M); M2M service requirements


  • OECD (2012), “Machine-to-Machine Communications: Connecting Billions of Devices”, OECD Digital Economy Papers, No. 192, OECD Publishing. http://dx.doi.org/10.1787/5k9gsh2gp043-en




  • Commission proposes a comprehensive reform of the data protection rules (Jan 25 2012) http://ec.europa.eu/justice/newsroom/data-protection/news/120125_en.htm
reference material3
Reference material

SFU Link

  • In Google
  • www.sfu.ca/cprost/docs/GowPrivacyRightsPrepaidCommServices.pdf
  • Quick view , the link below may not work due to the security tags
  • https://docs.google.com/viewer?a=v&q=cache:6yyKzA4_G-cJ:www.sfu.ca/cprost/docs/GowPrivacyRightsPrepaidCommServices.pdf+prepaid+cell+phone+registration&hl=en&gl=ca&pid=bl&srcid=ADGEESgeF-aWm0kngygCLsdbAPBFuO5dpMJ6DEP0zqdW-cToVbw9Z1BVvwg-5GGq4LsxxFjXxJTPC4kkf_9jLCKJImr6lqqLap-byitpah9Ku9YTXk5gYglWQDNJ0JzZixDnB1v2K_RX&sig=AHIEtbTwvlkpAAJzL58LkP3eQn5-bejQ5A