METAMORFOZ ICT INC.
Remote Provisioning
Platform
M2M
Consumer
Security Scheme Same As NFC
Libraries
Status
SCP80/81
Already in OTA platform
SCP03
GP Amendment D
SCP03T
GP Amendment D + SGP 02 v3.2
M2M BASIC COMPONENTS
MSISDN 1
to
MSISDN 2
2
1
SM - DP
3
3
eUICC
SM - SR
4
GGSN
1
BEGIN
2
ISD-P Creation
3
SMSC PUSH_SMS (IP, PORT, UniqueID)
4
PROFILE DOWNLOAD & ENABLE
PROFILE GENERATION
Profile ASN.1
Profile DER
RSP M2M Solution Stakeholders
✓ The diagram is the high- level
representation of the M2M main system
elements.
✓ Beyond STK and BIP support, no
additional requirements on M2M
devices to enable usage of eUICCs.
SM-DP (Data Preparation ) : Is responsible for preparing, storing and protecting operator Profiles (including the operator credentials).
SM-SR (Secure Routing ): The SM-SR is responsible for managing the status of Profiles on the eUICC.It also secures the communications link
between the eUICC and SM-DP for the delivery of operator Profiles.
The GSMA M2M solution was the first Remote SIM Provisioning solution developed.
There were two reasons for this:
✓ The M2M solution is simpler as end user interaction is not required, or desirable, in the B2B2C segment
✓ The immediate commercial need was for technical solutions that supported B2B2C deployments along wt Regulatory (eCall)
Remote
Provisioning
• Subscription Manager
Data Preparation
(SM-DP)
Platform
Management
• Subscription Manager
Secure Routing
(SM-SR)
RSP M2M/IoT Solution
Consumer RSP Components
CONSUMER
Profile
Download
Request
1
3
2
LPA
SM - DP+
eUICC
4
1
Subsriber Starts Profile LPA
2
GET eUICC INFO & Authenticate Parameters
3
Authenticate with DP+
4
PROFILE DOWNLOAD & CONFIRMATION
5
ENABLE
PROFILE GENERATION
Profile ASN.1
Profile DER
Uses of ESIMs
Provisioning of
multiple subscriptions
An service provider sets-up subscriptions for a number of
connected devices to start
telecommunication services with a network operator.
Provision of first
subscription with a
new device
An customer purchases a new type of
device from a device vendor /
distribution channel.
Subscription
change
An customer changes the subscription for a
device to stop services with the current mobile operator
and start services with a new mobile operator.
Stop
subscription
A customer sells his device and stops the
subscription for services from the current mobile operator.
Transfer
subscription
An customer transfers subscription between devices.
GSMA Consumer Architecture
SM-DP+
Responsible for the creation, download, storing and the protection of
Operator credentials (the Profile).
SM-DS
Discovery Service provides a means to notify the LPA when Profile
data is available for download to the eUICC.
LPA Local Profile Assistant
A set of functions in the device responsible for providing the capability to
download encrypted Profiles to the eUICC
eUICC
Secure element installed in the device to enable the downloading and installation of one or more
subscription Profiles.
eSIM Provisionning Channels
QR Code
Mobile App – SDK
Discovery Service
Activation through ES
Major OS implementation:
✓ iOS and Android SDK to facilitate Operators a frictionless implementation of
eSIM installation via APP.
✓ The SDK enables the interaction with the RSP platform to download and
install an eSIM profile without requiring any QR code.
✓ Other additional functionalities like device compatibility and locked device
checks.
Customer app integration:
✓ Metamorfoz facilitates how to orchestrate the install of eSIMs though a
customer app by providing an SDK for easy cross-platform integration.
✓ This SDK provides all the functionality in iOS and Android ecosystems
to interact with the local “LPA” (local profile assistant) for managing the
eSIM on the device.
Full digital onboarding:
✓ Our SDK enables an all-digital customer onboarding directly from the app.
✓ It manages the eSIM installation process without the
need to use QR codes. It also provides extra
functionality to check if the device is compatible with
eSIM and if it the device is locked to a specific operator.
ESIM download via Carrier App
Mobile app with end-to-end platform to service inbound travellers
Traveler lands in the
country
Operator promotes
mobile app through
specialized sales
channels for inbound
travelers
User registers
and buys a
prepaid
connectivity plan
Customer downloads
an eSIM and attaches
to operator’s network
Customer enjoys local
quality and data speeds
and manages plan in app
Ready Applications available:
Metamorfoz provides ready applications as value added services to the Carriers such as;
✓ Mobile Marketing SIMple Dialog
✓ Mobile Signature ECC Ready
✓ MDES
✓ Multi IMSI Application
✓ Coverage Monitoring
✓ IMEI Tracker Application
Use Case Example
✓ The end user manages their own device and Profiles within it.
✓ Everything is remotely managed, requiring no human interaction
✓ Usage of LPA in the device (or eUICC) that assists with the download
✓ The eUICC connects to the SM-SR using Bearer Independent Protocol
of Profiles and end user interface security.
✓ Where the underlying bearer being either SMS, CATTP orHTTPS.
✓ All Profile downloads use IP protocols and use the HTTPS bearer.
✓ Device adaptation is not required for the M2M solution.
✓ Usage of ‘Discovery Service’ that devices can check from anywhere,
✓ SM-SR holds a database of all the eUICCs under its control and
any time, the ready Profiles waiting to be downloaded from an SM-DP+.
the key sets
✓ SM-SR swap might be required in case of change of operator
for negotiation of new cyrptographic keys.
M2M/IoT vs Consumer
RSP PLATFORM
Proprietary
Components
SM-DP User
Interface
SM-DP Data
Generation
BSS/OSS
Integration
TBD
Campaign
Management
REST API
Standard
Components
SM-DP
SM-SR
SM-DS
SM-DP+
WIB/S@T
Script
Templates
SM-DP
Integration
Components
Bearer (SMPP/TLS/CAT_TP Plumbing)
OTA Platform (Optional)
Physical
Components
eUICC Chip
eSIM Chip
SIM Card
Embedded
Software
eUICC-OS
eSIM-OS
(U)SIM/LTE-OS
* Metamorfoz provides full solution where the components are shown with
above.
Full Solution Offering*
M2M
Consumer
LOCAL DEPLOYMENT AT MNO OR TRUSTED THIRD PARTY PREMISES
RSP
Platform
Certification
Operations
& Support
EUICC
Delivery
RSP
M2M/IoT
GSMASAS
SM
Integration
E-Kart
EUICC
RSP
Consumer
GSMASAS
UP (EUICC
outsource)
Training
Any other
SIM Vendor
(SIM Alliance)
Dedicated
Support
Security
Independence
Data Localization
Regulatory Compliance
ESIM Offering / On Site Deployment
Tasks
Days
Status
HW Order
30
Not started
Setup (APP Server, HSM, Firewall, SMS, HTTPS, Port, URL)
56
Not started
Security AUDIT
30
Not started
Security
30
Not started
GSMA CERTIFICATION
5
Not started
Pilot Run
200
Not started
Monitoring
70
Not started
Full Certification
2
Not started
DC Preparation
Launch
✓ Changes in the calendar during the research and analysis phase may come up.
✓ The above plan does not include IT Integration processes.
Project Plan
For Failover and Load Balancing, Metamorfoz recommends two application servers and Oracle RAC servers. To
increase message per second, Mobile Network Operator (MNO) may add more than two application servers.
This document is prepared with the following estimations:
✓300 eUICC profile generation&download transactions per second
✓20.000.000 Subscriber
Recommended HSM:
✓Safenet Luna Network HSM 5
✓Thales nShield Connect
This configuration is given in the table.
Description
IP Address
OS
CPU
RAM
Env.
HDD (GB)
RSP App Servers
XXX.XXX.X.X
RedHat 6.x
6vCPU
16GB
Prod
OS + 600GB
2
DB Cluster Servers
XXX.XXX.X.X
RedHat 6.x
6vCPU
32GB
Prod
OS + 200GB
3
Storage NAS For DB Data
Space
1 TB
Quantity
RAID 5/6
1
Switch
24 Port
1
Cabinet
24 U
1
Firewall + Load Balancer
HW
1
RAID 5
1
Network
2
RSP App Servers Disks for
Logging
For Oracle RAC installation, Metamorfoz recommends:
Detail
1TB SSD
HSM
✓To use compatible host bus adaptor in the application servers with the storage array.
✓To use Raid 5 or 6 since disk operations will be %50 read and %50 write.
Recommended Hardware
Thank You