Remote profile management was already defined in GSM under the term OTA (Over-The-Air). It is used by a mobile network operator (MNO) to access and update its profile which is either loaded on SIM (single profile, non-reprogrammable) or eSIM (multi profile, reprogrammable).

In both cases OTA can be used to manage the profile's data files as well as its applications without having a physical connection to the card.

The first Java Card was introduced in 1996 and is now widely used as the OS for embedded security tokens across industries such as mobile telecom, banking and health. It's a software technology that allows Java-based applications, so called applets, to be run on smart cards.

These applications give the card issuer the ability to make the devices application specific and to create interoperable applications not bound to a specific manufacturer's smart card product.

Leveraging a hardware secure element, or ‘Root of Trust’, to establish end-to-end, chip-to-cloud security for IoT products and services is a key recommendation of the GSMA IoT Security Guidelines. This requires both the provisioning and use of security credentials that are inside a secure place within the device.

IoT SAFE (IoT SIM Applet For Secure End-to-End Communication) provides a common mechanism to secure IoT data communications using a highly trusted SIM, rather than using proprietary and potentially less trusted hardware secure elements implemented elsewhere within the device.