SGP.31/32 – Remote SIM Provisioning for IoT

Ian Marsden

Founder & CTO

LinkedIn

The GSMA has released SGP.31/32: the Remote SIM Provisioning standard for IoT. Will this really enable global, ubiquitous connectivity and trigger the predicted upsurge in IoT deployments?

Read on to find out about the standard and how it might affect your new or existing IoT initiatives.

A brief history of Remote SIM Provisioning (RSP)

Cellular connectivity was designed to support consumer devices. People (in general) live in one country, only need to roam for short periods, and can change their network provider by swapping SIMs or scanning a QR code.

It’s a different story for IoT. Manufacturers may not know where devices will be deployed – and they’d rather not build multiple variants for different locations. Many devices have limited intelligence and no users to operate them. They may need to roam for long periods (but that causes problems). And changing network providers by swapping SIMs or scanning QR codes is usually impossible.

In response, the GSMA introduced eSIM, the embedded Remote SIM Provisioning (RSP) Architecture, for provisioning and managing network profiles on devices using over-the-air commands.

The first standard, SGP.01/02, addressed the requirements for machine-to-machine (M2M) devices. (GSMA standards use the naming format SGP.x1 for architecture and requirements documents, SGP.x2 for the related technical specifications.)

Driven by demands from companies like Apple and Samsung, the GSMA then introduced a second, simpler standard called SGP.21/22 for consumer devices.

Both standards require eUICC SIMs to store and manage multiple network profiles on devices. The M2M standard involves pushing profiles to devices while the consumer standard enables users to pull profiles to their devices.

Why do we need a new standard for IoT?

The M2M standard works well for larger players, such as the automotive industry and mobile virtual network operators (MVNOs) with the resources and capability to fully implement the standard.

But for some other players and deployments with constrained devices, it has significant challenges.

Operational challenges with SGP.01/02

When a business wants to change their connectivity provider, the current and new providers need to integrate their systems so that device management data can be transferred and the devices linked to the new provider’s system. This is complex and costly, with commercial, legal, and engineering implications. Often it’s just not a feasible proposition.

The standard is designed to make it easier for Original Equipment Manufacturers (OEMs) and mobile virtual network operators (MVNOs) to access profiles from mobile network operators (MNOs). But this isn’t straightforward, requiring significant engineering work and interoperability testing.

Device challenges with SGP.01/02

The M2M standard was created before the dramatic increase in constrained IoT devices, such as asset trackers, meters, and sensors.

These devices are often battery-operated and need to conserve power as much as possible. They typically connect to low-power wide area networks (LPWANs), sleep for long periods, use lightweight protocols and have limited intelligence.

The standard requires devices to support SMS, use connection-oriented protocols and respond promptly to management instructions. The devices must complete profile downloads in one session, even though large profiles can take several minutes to download on LPWANs.

Many constrained devices don’t meet these requirements. NB-IoT networks don’t support SMS, data can be lost if devices are sleeping when messages are sent to them, and modems sometimes close connections to conserve power before downloads are complete.

SGP.31/32 – the new RSP standard for IoT

In response to the challenges, the GSMA has developed the SGP.31/32 standard for IoT.

The IoT standard is based on the simpler consumer RSP standard. It removes the requirement for complex integrations between providers and addresses the needs of constrained devices.

A backend server (called an eSIM IoT Manager or eIM) can act as a proxy user interface, enabling devices to trigger a profile download from an MNO’s profile store. It can also be used to manage deployments centrally, pushing profiles to individual devices or fleets of devices when required.

SGP.31/32 benefits for IoT

SGP.31/32 makes a number of provisions to support constrained devices and simplify integrations between providers:

• Removes requirement for SMS support, so remote SIM provisioning can be used with NB-IoT devices.
• Includes provision for the eIM to act as an intermediary for devices that use lightweight protocols such as CoAP and LwM2M or that can’t use HTTP to connect to the internet.
• Includes requirements to minimise device communications and allow devices to operate asynchronously in case they’re sleeping when commands are sent to them.
• Simplifies integrations between providers to avoid the provider lock-in experienced with the M2M standard.

Hold the celebrations

It’s going to be a while before fully functional SGP.31/32 solutions are available.

The GSMA released the technical specification in May 2023. We anticipate that platform and SIM certifications will be achieved in 2024. The earliest that the first GSMA-certified solutions will be available is likely to be in 2025.

And these first solutions won’t include the full set of new features. A number of provisions, such as support for using lightweight protocols, are not included in the first release of the standard. Some vendors may release proprietary solutions that include these features but there’s no guarantee their solutions will integrate and operate with other providers.

The IoT standard is not backwards compatible with the M2M standard and there’s no migration path forward from the M2M standard. Any deployments using the M2M standard will need to continue using that model until end-of-life.

Despite the drawbacks, SGP.31/32 aligns better with the needs of many IoT use cases. It’s likely to increasingly be used in place of the M2M standard for new deployments, particularly when solutions with the full set of provisions become available.

Ian Marsden

Founder & CTO

LinkedIn

Ian has a passion for developing technology-based solutions that deliver real improvements to businesses, the environment and quality of life.

Previously he co-founded CompXs to deliver the world’s first ZigBee design. Prior to CompXs, Ian held senior software leadership roles at Philips and has since spearheaded the ground-breaking innovation of our global AnyNet Secure cellular solution.