ebook - TRUSTED esim TESTING FRAMEWORK - June 2016 BUILDING A TRUSTED EMBEDDED SIM TESTING FRAMEWORK IN THE AGE OF IOT

Transcription

1 ebook - TRUSTED esim TESTING FRAMEWORK - June 2016 BUILDING A TRUSTED EMBEDDED SIM TESTING FRAMEWORK IN THE AGE OF IOT

2 INTRODUCTION

3 3 INTRODUCTION The launch of the GSMA s Embedded SIM Specification, together with its accompanying Test Specification, is bringing a variety of new stakeholders into the embedded SIM integration testing environment for commercial Internet of Things (IoT) deployments. It is also fundamentally changing the way that Mobile Network Operators (MNOs) and device and solution providers will work together in the future. Infotainment system developers for connected cars, for example, may now integrate pre-certified components into their wider solutions, requiring them to conduct extensive integration testing, for which a formal methodology is yet to be established. For most solution providers, this is new territory.

4 4 INTRODUCTION In a bid to support the uninitiated this ebook provides an introduction to embedded SIM integration testing and explores key requirements based on FIME s specialist work to develop a trusted testing framework that will underpin this new and exciting age of IoT.

5 A NEW DAWN IN SIM LIFECYCLE MANAGEMENT: THE EMBEDDED SIM IN THE AGE 1OF IOT

6 1THE EMBEDDED SIM IN THE AGE OF IOT The advent of the Internet of Things (IoT) is triggering a profound shift in the way the SIM card ecosystem operates. Historically, MNOs with the support of SIM manufacturers and specialist testing partners like FIME, have been responsible for performing the certification, integration testing and maintenance required to manage the full lifecycle of the SIM. In the age of IoT, things are different. Connected car manufacturers and other Original Equipment Manufacturer (OEM) IoT solution providers, together with their partners that manufacturer IoT modems, are now sourcing embedded SIMs directly from SIM manufacturers. This means that they must also independently manage the lifecycle of the SIM, without the safety net support of MNOs. This change represents a major transfer of responsibility and puts new weight on the shoulders of OEMs which, until now, have had little exposure to SIM setup, interoperability and integration testing and lifecycle management practices. 6

7 7 1THE EMBEDDED SIM IN THE AGE OF IOT Complicating matters further, the permanency of the embedded SIM, combined with the new connectivity requirements of IoT devices, has created a host of new integration and interoperability challenges that the new ecosystem must overcome in order for the age of IoT to reach its full potential.

8 8 1THE EMBEDDED SIM IN THE AGE OF IOT Unlike the conventional SIM, the embedded SIM is a nonremovable component which will remain in place for the full life of the OEM s solution. Many IoT solutions like connected cars, for example, will be bought and sold several times over the lifetime. Their owners will also take them to different locations, supported by different mobile networks. In order to function optimally, this means that each IoT device must have the ability to update its mobile network subscription details (to register a new owner) and also connect to a wide variety of different MNO networks, all without requiring the SIM to be changed.

9 1THE EMBEDDED SIM IN THE AGE OF IOT How the SIM lifecycle has changed in the age of IoT (Source:GSMA) Linear model used today MANUFACTURE SIM SELECT MNO PERSONALIZE DISTRIBUTION SIM ACTIVATION USAGE END OF LIFE PRE-ISSUANCE POST-ISSUANCE Outcome-based model with remote provisioning PERSONALISE (OPERATING PROFILE) MANUFACTURE SIM BASIC PERSONALIZATION (PROVISIONING PROFILE) DISTRIBUTION SELECT / CHANGE MNO USAGE END OF SUBSCRIPTION PRE-ISSUANCE POST-ISSUANCE 9

10 2EXPLORING THE NEW WORLD. HOW HAS THE ECOSYSTEM CHANGED?

11 11 2EXPLORING THE NEW WORLD. HOW HAS THE ECOSYSTEM CHANGED? 1 SIM certification In the old world of the removable SIM, the issuing MNO was responsible for ensuring that the component selected was in line with the telecom standards or appropriately certified by GlobalPlatform. In contrast, because the IoT solution provider sources the embedded SIM directly from the manufacturer, this safeguard no longer exists. In the age of IoT it is the responsibility of the OEM to ensure that its chosen embedded SIM has been appropriately certified.

12 2EXPLORING THE NEW WORLD. HOW HAS THE ECOSYSTEM CHANGED? 2 End-to-end interoperability It is also important to appreciate the range of networked entities that must interoperate with the embedded SIM in order for the overall solution to perform optimally over its lifetime. These include: The remote provisioning servers (RPS) as controlled by the OEM. These servers are used by the OEM to activate the embedded SIM when the device is first registered to an owner. The OEM also uses the RPS to provide updates to the embedded SIM and to reset the component when ownership of the device is transferred to a third party. MNOs must also integrate their own RPS into the connectivity chain, to enable them to transmit their unique profile to the embedded SIM. Multiple MNO networks which will provide the network connectivity over the lifecycle of the device. Here, the embedded SIM must be appropriately configured to enable each MNO to load its own profile before network connectivity can be granted. Networks must also work together to deliver a seamless connectivity experience and a clear view of data flows that pass between the embedded SIM and the OEMs. 12

13 13 2EXPLORING THE NEW WORLD. HOW HAS THE ECOSYSTEM CHANGED? 3 One chance for success It is vital that each OEM recognizes that it has just one chance to get this right; the embedded SIM is a system-critical, permanent and nonremovable component. The effectiveness of this component will, ultimately, determine how well the overall solution functions over the course of its lifetime. The combination of these factors means that the future of IoT is contingent on the industry s ability to establish a robust and thorough embedded SIM integration and interoperability testing framework. To make this happen each participating stakeholder has its own role to play.

14 3TESTING AND INTEGRATION REQUIREMENTS BY STAKEHOLDER GROUP

15 15 3TESTING AND INTEGRATION REQUIREMENTS BY STAKEHOLDER GROUP To understand the varied integration and interoperability testing requirements needed to establish a robust embedded SIM management ecosystem, it is helpful to explore the responsibilities of each stakeholder group. Embedded SIM manufacturers IoT modem manufacturers RPS solution providers Mobile network operators

16 16 3TESTING AND INTEGRATION REQUIREMENTS BY STAKEHOLDER GROUP 1 Embedded SIM manufacturers Product certification Manufacturers of embedded SIMs must ensure that products are appropriately certified according to the processes outlined by GlobalPlatform, or another GSMA approved certification body. Commonly, this means performing certification testing in accordance with the test specifications that accompany each certification scheme. MNO platform testing In the age of IoT, embedded SIM manufacturers must ensure that their product is future-proofed for multiple network environments. Given that the IoT device is likely to undergo changes in both ownership and supporting MNO, the manufacturer must test its embedded SIM prior to shipment to ensure interoperability with the full range of remote provisioning servers that are currently in use around the world.

17 17 3TESTING AND INTEGRATION REQUIREMENTS BY STAKEHOLDER GROUP MNO profile testing Manufacturers must conduct extensive MNO profile acceptance testing prior to shipment, to ensure that the overall solution is able to successfully accept new MNO profiles that are issued over its entire lifetime. Security evaluation The GSMA has defined a protection profile for the embedded SIM to guide manufacturers through the security evaluation process. It is important that manufacturers engage with a Common Criteria security evaluation process in compliance with this protection profile prior to shipment. End-to-end validation Manufacturers must also conduct end-to-end testing, in which the functionality of their products is fully tested and verified in the field.

18 18 3TESTING AND INTEGRATION REQUIREMENTS BY STAKEHOLDER GROUP 2 IoT modem manufacturers Integration testing IoT modem manufacturers must conduct robust integration testing to ensure their chosen embedded SIM functions appropriately once it is soldered into the modem. Standardization in this area is yet to be established; modem manufacturers are partnering with embedded SIM manufacturers to test their individual combinations of products to ensure interoperability and support the loading and activation of multiple MNO profiles. A standardized approach is greatly preferable, however, in order to satisfy the full lifecycle demands of, say, a connected car, where the embedded SIM and modem combination must connect to multiple networks and support subscriptions changes required by the transference of device ownership.

19 19 3TESTING AND INTEGRATION REQUIREMENTS BY STAKEHOLDER GROUP End-to-end validation IoT modem manufacturers must also conduct end-to-end testing, in which the functionality of their products is verified in the field. Some manufacturers are attempting to simulate this environment by connecting the embedded SIM to a legacy removable SIM slot in order to perform end-to-end validation. This enables the manufacturer to continue to use monitoring tools that had been developed for the old world removable SIM environment. FIME does not endorse this approach since the testing conditions in this model are significantly different to those of the final solution. MNO profiles, for example, are very sensitive to changing conditions. Functional errors in the final solution that go undetected due the variance in testing conditions may also be impossible to resolve post-issuance due to non-removable nature of the embedded SIM.

20 20 3TESTING AND INTEGRATION REQUIREMENTS BY STAKEHOLDER GROUP 3 RPS solution providers RPS testing OEMs must conduct thorough testing to ensure their solution interoperates seamlessly with the remote provisioning servers (RPS) of MNOs. MNO profile testing Extensive MNO profile interoperability and configuration testing must be performed by the OEM once their chosen embedded SIM has been integrated, to ensure the solution is able to support connectivity to multiple MNO networks over the course of its lifetime.

21 21 3TESTING AND INTEGRATION REQUIREMENTS BY STAKEHOLDER GROUP Integration testing Where the OEM is deploying a multiple-vendor solution, when the embedded SIM and remote provisioning server originate from different vendors, for example, thorough integration testing is required to ensure the elements interoperate appropriately.

22 22 3TESTING AND INTEGRATION REQUIREMENTS BY STAKEHOLDER GROUP End-to-end validation As with IoT modem manufacturers, some OEMs (notably in the connected car industry) are attempting to simulate the in the field environment by connecting the embedded SIM to a removable SIM slot in a legacy model, in order to perform end-to-end validation testing. This practice enables the solution provider to continue to use monitoring tools that were developed for the old world removable SIM environment. Again, FIME does not endorse this approach since the testing conditions in this model are significantly different to those of the final solution. The variance in testing conditions may fail to reveal interoperability errors that are impossible to address once the solution has entered production, due to the non-removable nature of the embedded SIM.

23 23 3TESTING AND INTEGRATION REQUIREMENTS BY STAKEHOLDER GROUP 4 Mobile network operators In the old world, where each MNO was responsible for the lifecycle management of removable SIMs, standards had been well established for managing the lifecycle of the SIM. In the age of IoT, however, MNOs must now integrate unfamiliar remote provisioning servers into their network and load their profiles onto independently managed embedded SIMs. This creates a host of interoperability and integration testing requirements that MNOs must address, as individual networks and as a global connectivity infrastructure, in order to support IoT solution providers with seamless services.

24 3TESTING AND INTEGRATION REQUIREMENTS BY STAKEHOLDER GROUP RPS testing Each MNO will need to validate the integration of the remote provisioning server (RPS) with its network to ensure its solution interoperates seamlessly with the RPS of future customers. This will pass through the validation of the interfaces with the different elements of the server. Profile testing In order to guarantee interoperability with the full range of available euiccs on the market, SIMalliance has defined an interoperability profile specification. MNOs will need to validate that their own profile respect all requirements defined by SIMalliance and integrate them in accordance with the GSMA specification. End-to-end validation MNOs will need to validate that they will be able to remotely manage the future lifecycle of their profile on targeted esims. They will conduct Over The Air (OTA) update validation testing to ensure their profiles have been correctly interpreted and loaded onto the IoT solution s embedded SIM. 24

25 4BUILDING A TRUSTED TESTING ECOSYSTEM FOR THE EMBEDDED SIM

26 26 4BUILDING A TRUSTED TESTING ECOSYSTEM FOR THE EMBEDDED SIM The new embedded SIM ecosystem is abundant with new stakeholders, each with new responsibilities, for delivering a quality service to the end customer. One of the biggest challenges the ecosystem now faces is for stakeholders to establish a secure and trusted connectivity chain, so their various technologies can interoperate appropriately. This means building technical standards and a robust framework for interoperability and integration testing that will enable stakeholders to share sensitive subscriber information securely.

27 27 4BUILDING A TRUSTED TESTING ECOSYSTEM FOR THE EMBEDDED SIM FIME is recognized by the market as a leading trusted consulting and integration testing services. It is working closely with the GSMA, GlobalPlatform and the Global Certification Forum, together with a wide range customers and industry stakeholders, to establish a robust testing and certification framework fit for the age of IoT. FIME s aim is to minimize: The cost of embedded SIM testing and validation The time required to complete the process This enables all stakeholders to capitalize on the huge opportunities presented by connected devices. For further information and assistance with embedded SIM integration and interoperability testing, contact FIME today.

28 5ABOUT FIME

29 29 5ABOUT FIME FIME offers comprehensive consulting services, technical training, technology design, test tools and certification testing across the financial services, telecom, transit and identity sectors. Its experts support projects from start to finish, resolving the technical challenges its customers face when implementing a complete portfolio of specifications, standards and multi-brand industry requirements. FIME speaks the language of its customers and uses its 20+ years of experience to ensure that card and mobile transactions services are implemented efficiently and successfully. It supports a range of technologies including contact, contactless, EMV chip, near field communication (NFC), host card emulation (HCE), tokenization, secure element (SE), machine to machine (M2M), internet of things (IoT) and trusted execution environment (TEE). Partnering with the international and national payment schemes, and industry bodies, FIME ensures its multi-brand offering is always aligned with the latest market requirements.

30 CO. INFOGRAPHIC ALL OVER THE WORLD REFERENCES ACCREDITATIONS MEMBERSHIPS PARTNERS DISTRIBUTORS FIME. One Action. A billion transactions. Twitter LinkedIn YouTube