THE NEXT

GENERATION SIM
AND HOW IT WORKS
An iBASIS Whitepaper By Richard Pellegrini

This paper will look at the characteristics of the

traditional, Standard SIM and of the next generation of
SIM and explain how they are different and the resulting
benefits of the next generation of SIM technology
 NOV. 10, 2017

THE NEXT GENERATION SIM

AND HOW IT WORKS

Internet of Things providers who offer a thing CONNECTING TO A MOBILE NETWORK

and a thing service will often deploy their globally ATTRIBUTES OF A TRADITIONAL SIM

delivered or traveling smart devices with a Mobile devices can only connect to mobile networks to which they
are authorized to connect. As a result, an authentication procedure
standard or “roaming-only” global SIM capability. is performed every time a mobile device initiates a connection to a
With a roaming-only global SIM, data must mobile network. Once authenticated, mobile devices can only use
the mobile services to which they are subscribed. On Global System
originate and terminate from the network of the for Mobile Communications (GSM) networks, a small removable
“home” mobile network operator (the mobile computing module installed in the mobile device called a Subscriber
Identity Module (SIM) controls the authentication and service access
network operator whose network credentials are establishment process.
currently being used to connect to the foreign
mobile network). As a result, data that is generated
by a connected device can be routed across very IDENTIFYING INFORMATION
long distances before it is consumed for use. The SIM consists of a smart card container called a Universal
Integrated Circuit Card (UICC) and Mobile Network Operator (MNO)
This can result in poor user experience. With the credentials (network connection data) called the Operator Profile. A
next generation SIM capability, the credentials UICC is referenced by an identification number called the Integrated
Circuit Card Identifier (ICCID). The ICCID is a 20 digit number that
of a mobile network operator in the country or identifies the MNO that issued the SIM including the operator’s
region can be dynamically downloaded to the mobile country code (MCC) and mobile network code (MNC).

smart device, allowing for data access in the local Within the Operator Profile data is additional information that
area and resulting in lower latency and, therefore, identifies the mobile device. The International Mobile Subscriber
Identity (IMSI) is a unique number that identifies the device within
improved user experience. the carrier’s network. The IMSI is a 15 digit number that includes the
MNO’s MCC, MNC, and a Mobile Subscriber Identification Number
(MSIN). Depending on mobile services allowed on a particular
This paper will look at the characteristics of IMSI (data only, voice, or SMS), for voice or SMS, a Mobile Station
the Traditional, Standard SIM and of the Next International Subscriber Directory Number (MSISDN) is required to
route phone calls and messages (SMS) to the mobile device.
Generation SIM and explain both how they are
A representation of a traditional, standard SIM is shown in Figure 1.
different as well as the resulting benefits of the As shown, the standard SIM contains a single Operator Profile, or set
next generation of SIM technology. of network credentials, and must connect to local mobile network
or foreign mobile networks in a roaming arrangement. As a single
operator SIM, the issuing MNO has full over-the-air (OTA) control of
updating profile configuration files.

© 2019 iBASIS. All rights reserved. iBASIS.COM 2

 NOV. 10, 2017

Figure 1 Representation of a Standard SIM

SECURITY INFORMATION CONNECTING TO A MOBILE NETWORK

ATTRIBUTES OF THE NEXT GENERATION eSIM
The Subscriber Identity Module provides many security features
for Internet of Things devices communicating on mobile networks Similar to the traditional SIM, a computing module called an
including: Embedded SIM (eSIM) controls the authentication and service
access establishment processes for next generation mobile devices
• Secure identification of devices (identity management) via EIR
(e.g. smart watches, wearables, connected cars). However, unlike a
• Authentication and authorization traditional SIM, an eSIM is a remotely programmable, embedded or
“electronic” SIM. The eSIM is most often in the form of an integrated
• End-to-end encryption of device data and signaling using Public circuit chip soldered into the device circuit board, but is also offered in
Key Infrastructure (PKI) traditional SIM packages like the micro and nano formats you would
find in your smartphone.
Within its single security domain, the SIM can be protected with a
Personal Identification Number (PIN). If the PIN is incorrectly entered The eSIM consists of a smart card container called an embedded
multiple times (usually three), the SIM card blocks itself. If this occurs, Universal Integrated Circuit Card (eUICC) and MNO credentials. An
the MNO can provide an eight digit Personal Unblocking Key (PUK) to eUICC is referenced by an identification number called the eUICC ID
unblock the device. (EID). The EID is a 32 digit number that identifies the mobile services
issuer of the eSIM including the issuer’s mobile country code (MCC)
and issuer ID. The eUICC can be thought of as a “larger container”
than the UICC of a standard SIM.

Compared with the standard SIM, the Operator Profile data on an

eSIM holds additional information that identifies the mobile device

© 2019 iBASIS. All rights reserved. iBASIS.COM 3

 NOV. 10, 2017

Figure 2 Representation of an eSIM

on a particular MNO’s network. Unlike the standard SIM, however, A PROGRAMMABLE SIM
the eSIM can hold multiple sets of Operator credentials or “virtual
HOW DOES IT WORK?
profiles”. Each MNO’s virtual profile includes the IMSI that identifies
the device within that MNO’s network, and depending on the mobile The eSIM is a remotely programmable SIM. Within the eSIM there
services allowed on a particular IMSI, an MSISDN is still required to exists multiple security domains, one for the controlling authority
route phone calls and messages to the device. Also, each of the virtual (usually the eUICC Manufacturer) and one each for the MNO
profiles can be thought of as a virtual SIM in their own MNO specific profiles or Issuers of the virtual profiles. In simple terms, there is a
container with their own ICCID. shared portion of the eSIM and there can be multiple MNO profile
locations depending on the overall memory size of the eUICC chip.
A representation of a next generation eSIM is shown in Figure 2. As
The controlling authority domain, also known as eSIM Root System,
shown, the eSIM contains multiple Operator virtual profiles where
controls the transmission, storage, activation, deactivation, and
each MNO profile owner has full over-the-air (OTA) control of
deletion of MNO profiles from the eUICC by communicating over-the-
updating the configuration files of their own virtual profile when it is
air with an off-chip Remote SIM Provisioning (RSP) system operated
active.
by the controlling authority. Only one virtual profile or MNO security
domain can be active at given time on the eUICC. This represents one
virtual SIM with its corresponding ICCID, IMSI and MSISDN. Table 1
summarizes the differences between the Standard SIM and the eSIM.

© 2019 iBASIS. All rights reserved. iBASIS.COM 4

 NOV. 10, 2017

Table 1

ATTRIBUTE STANDARD SIM eSIM

Operator Credential Programming In SIM Manufacturing only Over-the-Air (OTA)

Operator Credentials One Operator Profile Multiple Operator Virtual Profiles

More Secure (most often

Security Less Secure (removable)
embedded, non-removable)

Update Logistics
Card is remotely programmed OTA
(for new permanent location or Card must be removed and replaced
with new MNO credentials
new MNO)

GOVERNED BY STANDARDS WHAT PROBLEMS DOES THE eSIM SOLVE?

The GSM Association’s (GSMA) Embedded SIM Specification provides The logistics associated with shipping, testing, and activating millions
a single, de-facto standard mechanism for the remote provisioning and of IoT devices around the world requires significant orchestration and
management of Machine to Machine (M2M) connections, allowing resources. With standard SIM technology, an IoT Service Provider
the “over the air” provisioning of an initial operator subscription as (IoTSP) needs to order and stock SIMs from multiple MNO partners
well as future changes of subscription from one operator to another. around the globe. When shipping their connected devices to customers,
GSMA Embedded SIM is a vital enabler for M2M connections the IoTSP must be cognizant of the delivery destination and insert
including the simple and seamless mobile connection of all types into the device the correct SIM card for the desired regional mobile
of connected machines. operator. With eSIM technology, the SIM is a single programmable SIM
that can be incorporated as an integrated circuit chip on a device circuit
board or can be a commercial pluggable (e.g. 3FF or 4FF) or ruggedized
(e.g. MFF1 or MFF2) format. With the eSIM, the IoTSP can insert the
same eSIM card in every device delivered and program the card, or
embedded chip in the device, to the correct regional mobile operator
when the device is turned on in the delivered country

ABOUT iBASIS
iBASIS is the leading communications solutions provider enabling operators and digital players worldwide to perform and transform. Powered by
Tofane Global, iBASIS represents an estimated USD 1+ billion in annual revenue, is the third largest wholesale voice operator, ranks as the Top 3
LTE IPX vendor with 660+ LTE destinations and serves 1,000+ customers across 18 offices worldwide. iBASIS optimizes access, connectivity, and
value-added solutions, so customers achieve high return on voice, mobile data, and IoT requirements to be first in their respective markets and
in the digital era.
iBASIS provides the end-to-end Global Access for Things™ connectivity solution, delivering single source access for local LTE-M and NB-IoT
worldwide provisioned through GSMA-standard eSIM/eUICC technology. The solution simplifies IoT devices connection through one unified
platform for seamless, remote, programmable, and secure provisioning management and data analytics. For more information, visit www.iBASIS.com.

© 2019 iBASIS. All rights reserved. iBASIS.COM 5