M2M eSIM Management for IoT with achelos SM-DP and SM-SR

The SM-DP prepares and manages all M2M eSIM profiles of the MNO. The remote provisioning of the encrypted profile is performed through a secure tunnel between SM-SR and eSIM.

The SM-SR is used by the IoT Service Provider to manage the connectivity lifecycle of its fleet of eSIM capable M2M devices (profile activation, deactivation, deletion).


eSIM System Architecture for M2M Devices

To be reachable by the SM-SR the eSIM must have an active profile providing 3GPP connectivity (SMS and data). This requires that a bootstrap profile is loaded already during production by the eSIM manufacturer.


Profile Repository

  • Secure storage of generated profiles
  • Profile Lifecycle Management, from creation to deletion with customisable reuse policies

Profile Order Management

  • Creation and encryption of personalised profile packages for download

Profile Download Manager

  • Download of ordered profile packages (through secure connection via SM-SR)

Logical components of achelos SM-DP


eSIM Repository

  • Secure storage of eSIM information and their respective configuration and state
  • eSIM Lifecycle Management (profile activation, deactivation and deletion)

Delivery Manager

  • Secure communication with eSIM over 3GPP connectivity
  • Support of SMS and HTTPS transport protocol (CAT-TP on demand)

Logical components of achelos SM-SR

Prototyping M2M eSIM Management with achelos SM-DP+

A defining difference between the consumer and the M2M architecture is where and how eSIM management operations are controlled.

Naturally smartphone users want to have full control over the device and its connectivity and expect it not be possible for a back-end system to make any changes without their consent. On the other hand the ability to make changes controlled by the back-end remains a mandatory requirement for M2M as part of an automated device connectivity management that must work without any human intervention for efficiency and scalability.

This operational control is expressed in two specific components: the LPA (Local Profile Assistant) on Consumer devices and the SM-SR (Secure Routing) in the M2M solution. So how would it be possible to apply eSIM management procedures as standardised for Consumer devices to IoT devices?

One potential scenario is the split of the LPA into an IoT device part and a back-end part. This back-end component would be playing a role similar to that of today's M2M SM-SR.


eSIM System Architecture for M2M Devices with SM-DP+

This approach allows profile management operations to be performed in push mode from this back-end component. Another advantage is that the support of lightweight IoT protocols could be enabled by splitting the protocol stack between device and back-end without any changes to existing SM-DP+ systems.

Although it's not clear if or when such a solution for M2M might be standardised, building device and system prototypes early offers major benefits to players in the IoT market. It's quite possible that both standards will remain in place and a number of competing solutions may exist for IoT, targeting different device and use case requirements.

With our off-the-shelf SM-DP+ product, extensive knowledge of all components in the GSMA M2M and consumer architecture and proven experience in design of complex, state-of-the-art software solutions, we are in a good position to fast track your prototyping or Proof-of-Concept project.