China Mobile and NTT Docomo develop multi-vendor eSIM for IoT

© Flickr/cc-licence/jbdodane

© Flickr/cc-licence/jbdodane

  • World's first multi-vendor embedded subscriber identity module system
  • Based on Remote Provisioning Architecture for Embedded UICC3.1
  • Designed to help manufacturers exporting from Japan to China
  • The two telcos have been jointly developing IoT technologies

China Mobile Communications Corporation and NTT Docomo have announced today that they have jointly developed the world's first multi-vendor embedded subscriber identity module (eSIM) system within their commercial environments based on the GSMA's Remote Provisioning Architecture for Embedded UICC3.1 (GSMAv3.1) standard.

The system enables interoperability between the two carriers' eSIM systems, which adopt different vendors' subscription management platforms. Previously, for different carriers to reprogram the same eSIM, they had to adopt an eSIM system of one vendor. The new multi-vendor eSIM system incorporates subscription management platforms of two different vendors – one by G+D Mobile Security that DOCOMO has adopted and the other by Gemalto, which China Mobile has adopted.

The two operators say they have been jointly developing IoT technologies and related business based on the Strategic Cooperation Framework Agreement (SCFA). The new multi-vendor eSIM system is one of the results of this agreement.

China Mobile and Docomo say they will continue developing services for their corporate enterprise customers, especially for manufacturers exporting goods from Japan to China, such as cars, industrial equipment and agricultural machines. Their goal is to allow them to seamlessly switch from a Japanese mobile carrier to Chinese carrier without replacing their SIMs.

SIM security

According to a report from Beecham Research, cited by the GSMA earlier this year, the immediate industry-wide adoption and deployment of the GSMA Embedded SIM Specification will deliver 34 per cent higher market growth by 2020. The GSMA says that the lifecycle of the SIM has now changed, enabling operators and manufacturers to leverage embedded SIM and remote provisioning architecture (RPA) to their advantage.

Embedded SIM manufacturers and subscription managers are required to submit their products to a series of tests to achieve various certifications to prove compliance. The security credentials of an eUICC are certified in a similar fashion – this makes them, in the GSMA’s words, “hack proof”. The specification has a corresponding “protection profile”, which is a common criteria where the protection profile is validated and approved by national security agencies such as BSI.Bund.de in Germany and equivalent agencies in other countries. Vendors submit their products to specialised test laboratories that conduct penetration tests to try to hack the product. Products that prove to be impenetrable to the required standard (EAL4+) can then be certified.

The security of (eUICC) manufacturing and (subscription management) operations is assured by a GSMA managed scheme called “Security Accreditation Scheme”, with which sites are audited to a defined standard so that they demonstrate security best practices. If the site passes the audit, they can join the ecosystem as a trusted entity and gain a PKI digital certificate.

Email Newsletters

Sign up to receive TelecomTV's top news and videos, plus exclusive subscriber-only content direct to your inbox.