eUICC SIMs (aka eSIM) present a significant step forward in cellular connectivity for IoT devices. What does the architecture look like for implementing eUICC SIMs? This article provides a technical deeper dive and explains the benefits of the so-called Consumer Profile architecture over M2M Profiles.
The convenience of deploying SIMs digitally
If you are deploying a fleet of IoT devices, you don’t have to worry about buying SIMs, getting them shipped and clearing customs, managing an inventory of physical SIMs and having a process in place for swapping SIMs when needed. eUICC SIMs eliminates all of that by converting a physical SIM into a digital profile that can be downloaded on-demand onto an eUICC SIM.
For unmanaged IoT devices, eSIM/eUICC means you can deploy once and never have to visit the device location for a SIM swap to change your connectivity provider.
eUICC SIMs are also known popularly as eSIM, but not to be confused with an embedded SIM (which are also sometimes referred to as eSIMs). For more information on the differences, please have a look at this recent Twilio blog post: What is the Difference between eSIM and Embedded SIM in IoT?. I will continue to speak of eUICC SIM in this piece, to be technically accurate.
The two different architectures of eSIM: M2M Profiles and Consumer Profiles
There are two types of eSIM profiles that come with differences in how exactly SIMs are provisioned.
First, let’s take a look at the infrastructure elements necessary to manage M2M Profile eSIMs. In the architecture shown below, based on standards developed by the GSMA, SM-DP (Subscription Manager - Data Preparation) serves as the repository for SIM profiles. The SM-SR (Subscription Manager - Secure Routing) has a secure connection to the eUICC SIM and can manage the SIM profiles on the eUICC SIM.
The M2M profile uses a ”Push” model, where the instructions to the eUICC SIM are pushed from the SM-SR to the eUICC SIM. Each eUICC SIM can only be controlled by one SM-SR. The SM-SR facilitates the download of SIM profiles from the SM-DP to the eUICC SIM and also manages the SIM profiles as needed, for enable/disable/delete operations. So in effect, whoever controls the SM-SR, controls the eUICC SIM. In practice, it is not possible to switch the eUICC to use an SM-SR from another connectivity provider. With the M2M architecture, the only way to have full control over the M2M Profile eSIMs is to run your own SM-SR and SM-DP and load SIM profiles from different connectivity providers onto your SM-DP server. Note, though, that this may not always be possible due to intellectual property rights associated with applets that run on a SIM profile.
Consumer Profiles are based on a simplified architecture and use a “Pull” model where the control of the eUICC SIM is locally on the IoT device and SIM profiles are downloaded from an enhanced SM-DP server, the SM-DP+, on-demand. There is no separate SM-SR element. Part of the SM-SR functionality gets subsumed into the SM-DP+ element (SM-DP with some of the SM-SR functions that facilitate a secure connection to the eUICC SIM and download of SIM profiles). The rest of the SM-SR functionality appears on the device in the form of LPA (Local Profiles Assistant). The LPA downloads SIM profiles from the SM-DP+ server and installs them on the eUICC SIM. It also interfaces with the eUICC SIM to manage (enable/disable/delete) the SIM profiles as needed. So unlike M2M Profiles, with Consumer Profiles you are in full control of how the SIM profiles are managed on your eUICC-capable device.
Consumer Profiles are a better fit for IoT devices
“Consumer Profiles'' is a misnomer – in most cases it is a better fit for IoT devices than machine-to-machine (M2M) profiles. When you pair a Consumer Profile eSIM with an LPA in the IoT device, you get full control on how the SIM profiles are downloaded and managed on your eSIM. You don’t have to set up additional infrastructure elements associated with M2M profiles, like the SM-SR. With Consumer Profiles, it is as simple as pointing your eSIM to an SM-DP+ server from which it can download a SIM profile. You are not locked into a connectivity provider who provides the SM-SR for managing your eSIMs, either. Each M2M SIM Profile can only be controlled by one SM-SR, with the relationship between the two being permanent. So, for the lifetime of your device, you have to continue using the SM-SR from your connectivity provider, preventing you from ever decoupling yourselves from that connectivity provider.
Having an LPA function on the IoT device is critical to using a Consumer Profile eSIM in your IoT device. The LPA is typically implemented as software on the device. The interaction between LPA and the rest of the components in the eSIM solution is standardized by GSMA (see https://www.gsma.com/newsroom/wp-content/uploads/SGP.22_v2.2.pdf).
The LPA has multiple functions
- Download SIM profiles from the SM-DP+ server over a secure and standardized interface
- Interact with the eUICC SIM to install/enable/disable/delete SIM profiles. This is again via a standardized interface.
- Provide APIs/command line tools to interact with the LPA (for example to tell the LPA where to download a new SIM profile from).
Note: The LPA may also be implemented directly on the eSIM, in which case it is called the LPAe. When it is implemented in the device firmware/OS, it is referred to as LPAd.
Get your Twilio Super SIM Profile today
Twilio Super SIM® is available for download as an eSIM profile. You can reserve, download and manage your Super SIM profiles.
When you are ready to set up a new device, you can reserve a Super SIM profile for an eUICC SIM (identified by the eID), receive a confirmation that the reservation is done and then simply download the SIM profile from the Twilio SM-DP+ server. Here is the typical call flow that you will likely end up using for downloading Super SIM profiles:
Once the Super SIM profile is installed and activated, you can manage it like a regular Super SIM.
The Super SIM profile is just one of the SIM profiles on your eSIM and can coexist with SIM profiles from other connectivity providers.
With a Super SIM profile installed on your eSIM, you get :
- Global connectivity with a single SIM and not have to strike deals with multiple mobile operators and manage them
- Flexibility to switch between the Twilio Super SIM profile and another connectivity provider’s profile whenever you want. The main benefit from eSIM, not being tied to a single connectivity partner, is still preserved
Vijay is a Principal Product Manager for Twilio IoT, responsible for the Twilio Distributed IoT Mobile Core that drives Super SIM and other IoT cellular connectivity products. Vijay is a telecom industry veteran, having designed and built 3G and LTE packet core and edge computing solutions, as well as technologies for improving radio network efficiency. He has also made significant contributions in the standards space, having authored 17 RFCs in the IETF and numerous contributions to 3GPP LTE specifications.
Find out how Twilio Super SIM lets you take control of your cellular IoT connectivity with one SIM that works anywhere, at any scale.
Get Twilio's Super SIM online and receive SMS commands from the internet
Get Twilio's Super SIM online and receive SMS commands from the internet
Learn more about Super SIM Network Access Profiles. The way to control your cellular network permissions using Super SIM.