This week Apple announced two new flagship phones with eSIM support. This has raised many questions on what an eSIM actually is and why it is so important for the industry. Remember that our work is primarily on M2M (Machine to Machine) or IoT (Internet of Things) connectivity rather than consumer mobile but we hope this post will give you more clarity.
The concept of the eSIM is complicated.
A common misconception is that eSIM refers only to embedded SIM hardware - the MFF2 SIM card form factor is shown below.
This isn’t true. eSIM refers to eUICC or embedded UICC. The embedded UICC software can be deployed on embedded SIM hardware like MFF2, or removable plastic SIM cards like 4FF. We don't know the exact embedded hardware that Apple is using for its eSIM support - it could be the standard MFF2, or something even more miniaturized.
With eSIM, you can change the entire contents of a SIM over the air. Changing the contents of the SIM is similar to completely swapping the SIM card. The device now has different network authentication keys and will connect to a different backend mobile network, or a core network. Just like when you switch SIM cards, your phone number, for example, will change. There are two architectures that have been approved for eSIM, one for machine to machine SIMs (e.g. a new Audi) and one for consumer (e.g. iPhone XS or Samsung Gear S2 3G smartwatch). We are in the process of integrating M2M eSIMs into our platform for a customer but we aren’t experts on the consumer example.
eSIM is secure by design.
What we do know is that in any eSIM scenario, the individual in possession of the device cannot necessarily just load 'any carrier' onto the eSIM of their own device. eSIM is designed from the ground up to be very secure, just like a regular SIM card. Typically whoever issues the physical eSIM hardware in the first place will control what's called the 'subscription manager' - the server that securely coordinates which SIM profiles can be loaded onto the eSIM at any time. In the case of M2M SIMs, we know that the subscription manager (or "SM-SR") must be securely integrated directly to a 'data preparation' server (or "SM-DP") provided by each and every carrier that can be 'switched' onto the SIM.
Build once, deploy everywhere.
Twilio's approach to global coverage is different from eSIM, but compatible. Rather than move devices from one backend mobile network to another, we're building a globally distributed, cloud-native mobile network with a single API interface and a single billing relationship. Still, some of our customers use eSIM to switch between the global Twilio SIM profile and a profile provided by a regional carrier - e.g. for their devices in China.
The are many different approaches to solving global connectivity. At Twilio we are building an IoT connectivity platform to help developers build once and deploy everywhere. Learn more at www.twilio.com/wireless