One SIM to rule them all: How eUICC transforms IoT connectivity

Gregory: So, as you were saying, the main problem that it's solving is to have what we call a single platform.

When you are a device maker and you want to launch different products in different countries, every time you need to understand: I have these devices that need to go to that country, I need to work with this carrier to have the right SIM or profile to embed directly in my device in this location.

And the same, depending on the locations where the device needs to go. Because when you are a device maker, you produce a lot of devices for different countries, so different operators that you need to work with. Embedding an eUICC that can be sold directly into your product will help you to facilitate the production, the initialisation of your devices, independently of the country.

Because then, thanks to the connectivity management platform that we have at Thales - that we call Thales Adaptive Connect - we have the capability remotely to push a new profile depending on the countries where the device will end up connecting. It will have the capability to provide a first local connectivity, so that when you reach a country, it says "I need to be in that country first," and in Brazil it will connect and then it will download a new profile - the operational profile, that's what we call it - so that the device can run with the local profiles and everything that will be required locally for this device to be up and running for the device maker and the service provider who will use it.

Ruth: But it's not like an electronic SIM, right? What changes for device manufacturers? You mentioned that you solder it directly onto the board or chip.

Gregory: It's the same thing as what we experienced in the consumer market. It is the same, a little bit, as the consumer market. In the beginning, when you wanted to change a phone or move from one operator to another operator, you were calling the operator and saying, "I'm a new subscriber, I have a new phone." So, you were taking your SIM - your physical SIM - from your phone, you were removing it and putting it in your new phone. Either you are changing phones, or if you are changing operators - mobile network operators - you are contracting a new contract with a new operator. They were sending to your home a new card, and you were just installing this card, which is a physical element as well, into your new device.

With eSIM, we have a form factor also that is there. It's a soldered SIM that is inside your device. It means that all the physical handling that you are doing with the traditional SIM - this form factor has changed to this new form factor. It's already integrated into your mobile, if I'm taking this example.

And through what we call secure channels, with this eSIM technology, the thing that you have to do - with a mobile phone it's easy - generally you receive from the operator an activation code, a kind of QR code. You scan it through the Wi-Fi of your phone, then you scan it, and then you will download the new subscription on your phone directly. So, there is no need for you to have access to this physical SIM, for instance.

Ruth: Mm.

Gregory: In the IoT market, thanks to the SGP.32 standard - what I was referring to on the consumer side was based on SGP.22 - it's more or less the same. We're using this eSIM technology, but as IoT devices, we don't have, as with smartphones, the capability to download or to scan the QR code.

Therefore, the SGP.32 standard, thanks to the platform that we're building that is called Thales Adaptive Connect, allows with a UI that is cloud-based, to initiate those activation codes and then push them to the device.

Ruth: Okay, makes sense. Then what happens when your device needs to connect or switch carriers?

Gregory: As I was saying, during the manufacturing process, most of the time we need to have what we call a bootstrap. It means a first connectivity. When your device will start up in a certain country, it will say "I'm here, I already have connectivity that is present." The device will connect to what we call, thanks to the SGP.32 standard, an SM-DP+ platform to manage this connectivity that we call Thales Adaptive Connect.

And then we will determine through this platform, with a kind of rule-based orchestration layer if you want, or fleet management - we'll say for each group of devices that will connect with this range of devices, we know that when they will land in France, or in Poland, or in the UK, they will need to download a specific profile. So, during this time, the platform will say "you are device A, you need to get this specific operator profile for this specific country." It'll download it, and then this new profile will become what we call the operational profile, which means the one that will be always active for the device to interact and send data to the device management platform or to the service provider to collect the data from this IoT device.

Ruth: And how do you ensure both device and network security? I can imagine that's a consideration you have to make when things are remotely programmable.

Gregory: That's a very key point, especially when we see all the new regulations that are starting to pop up. So, in Europe, we have the CRA - the Cyber Resilience Act - that is coming. In the US we have the US Cyber Trust Mark also that will be there. And we see more and more regulations that are asking for security, which is starting to be very important.

So indeed, in terms of security, we have different fronts. First, our hardware is GSMA certified, is EAL certified, so it's showing that it's a root of trust that has a lot of security measures inside.

Then the platform that we have and that we are building is also certified by third parties. But we need to think about the overall ecosystem and the benefit of using eSIM. The eSIM is what we call the root of trust. It means it can be the foundation - the hardware foundation - of the security of the device that you can use.

So not only for connectivity management, but also for the security lifecycle of your devices, meaning that you will have the capability remotely, through a platform as well, to manage those credentials or security lifecycle of your devices using the eSIM as the root of trust. So, at Thales, cybersecurity is one of the key pillars that we have on top of connectivity. And that's why at Thales we are bringing this connectivity and security management platform to help our customers to navigate and have an easy solution that - I don't want to say it's plug-and-play, but the way I want to say it is something that's easy to deploy on connectivity and on security. Because we want to remove this burden, because there are a lot of things to do when you deploy your IoT project.

But we want to make sure that the device is secure, the device has a strong identity, it will be the right device that will send all the right data to the application server from the service provider to take decisions if they have to take any decisions depending on the data that they're collecting from the field.

Ruth: Let's dive into some use cases. Are there specific use cases that become only possible with eUICC that weren't possible before?

Gregory: I think today most of the use cases are a bit the same, independently of the form factor. You have the capability for different verticals - smart meters, automotive, healthcare, and so on - to manage this connectivity. The benefit of the eUICC is that for device makers and service providers, it helps you to manage groups of devices. You don't need to send people physically to change the SIM cards.

So, for instance, in extreme conditions - oil and gas, or you want to put your tracker on some technology - you want to have something that is for remote monitoring. You don't send everybody every time because it has a cost. So, the benefit of what this eSIM is providing, not only for the manufacturing process, but also for all the maintenance of your devices during their lifetime, will ease a lot of the operations from the service providers who are operating those devices in the field.

Ruth: And that then makes it obviously not only faster, but also you will save some costs on your maintenance team, and it'll probably be safer because you can react really quickly, right?

Gregory: Exactly.

Ruth: Mm. So...

Gregory: Cost is an important factor because in the end you manage remotely those operations. In the past you were sending technicians and so on. And also, the benefit of IoT and where IoT is booming is to have the capability to try to act remotely so that you can take actions or decisions in a faster way.

Ruth: I'm sure you might not be able to tell any customer names, but can you share a concrete example, maybe explaining a little bit of the setup and the benefits and outcomes?

Gregory: We have various types of customers with Thales. So, if I focus on IoT, we are working with some leading MNOs in the US or in Europe, also in Asia. We also are working directly with device makers that see a strong benefit in some verticals for the usage of eSIM, and also service providers that can be from the smart meter world or from track and trace or from healthcare, where they see the benefit of the usage of these solutions.

From all the things that we said in the beginning - to have cellular connectivity, it's important because of the global coverage that you have. The technology of the SIM also allows the device maker and the service provider to choose the connectivity that they want to use, to streamline also the process for manufacturing, but also remove a lot of complexity, as we're seeing together. A few minutes ago, all the logistics and the maintenance of devices once all those devices are deployed in the field.

Ruth: So, you said automotive, healthcare, industrial appliances, even big oil platforms would benefit probably from a remote solution, you said. And within automotive, I suppose that also means driverless cars, or what is the use case?

Gregory: So, I think today the example that we can make for any service provider - for instance, resilience is important. You are in a country, and in some countries, potentially one network will work better than another one. So, with this platform, you have the capability remotely to say "okay, maybe the network that I have is not good enough for the device to send me data. I will try a new network." Like that, I will push a new operator profile to this device to collect the data.

Also, most of the time, even if we have a lot of very nice coverage in each country, some operators are better positioned in some specific regions. So, with this platform, you have the capability - for instance, you are working on an asset tracker, you use it in some countries, you can definitely change from one operator from one country to another.

Let's focus on this asset tracking, for instance. If I take the example, you are using currently your device, depending on the technology of the cellular technology - and because there are a lot of technologies, it can be 4G, 5G, narrowband IoT, Cat-M1 - but for instance, independently of this, it's a similar technology.

You are doing a device, and your device needs to run in France, in the UK, in Italy, in Germany, in Switzerland, and you have different operators. Even if some operators have what we call roaming agreements with partners, potentially you want - because of cost also - you want to have a dedicated local operator that will support it.

So, with this platform, you will have the capability to make agreements locally, and then with the same device, same platform, this device will run with the local operational profile in each country that you will select, and then you will contract with the local carrier.

Ruth: Okay. Would that be a service provider like Orange who operates in many different countries that would be interested in this?

Gregory: Orange can be interested also for their customers, to say "you want to have a solution that is SGP.32 compliant? We have something." So, the benefit of this solution for IoT is for all the IoT value chain. It can be for MNOs, MVNOs, device makers, but also service providers who are the ones in the end who are managing those devices.

This system can apply independently of - not the vertical - but the different actors in this IoT ecosystem. It can be a benefit also, indeed, as you said, for MNOs and MVNOs, but also service providers and device makers.

Ruth: Fantastic. What should developers know about integrating eUICC into their IoT devices? Are there specific technical requirements?

Gregory: How can I say? Most of the time when you are working in the cellular ecosystem, you work with what we call modem makers or module makers - people like Telit and this kind of companies that in the end are integrating these modules with the modem, with the chipset, to provide cellular connectivity.

And most of the time, device makers are integrating directly these modem capabilities inside - these modules directly into their devices. The benefit of working with module makers is that once it's done, then you integrate it into your platform and then it's easy. And because they do some certification, they integrate everything.

So that's one of the benefits of working with them. And some device makers, they want also potentially, depending on the technology, to integrate directly the eUICC on what we call their main PCB, their main board, then to select different modem makers from the market. I will not say it's something that is easy or difficult - it depends on the level of expertise that you have. But then it's connectivity, so you need to have some experts on the design, on all these kinds of things.

Ruth: And we have already mentioned that total cost of ownership is very attractive. The lower operational complexity makes it very attractive.

And I read a study, I think that you also published, that eSIM connections alone are projected to exceed, I think, 4.5 billion by 2027. So, this is not just a trend or an emerging tech anymore, right? It's becoming a serious foundation for IoT deployments worldwide. What's driving companies to make this transition, or do companies still need to be convinced to switch to eUICC technology?

Gregory: I think as you said, we see a big trend first in IoT for cellular connectivity. So that's one key thing - we see that cellular connectivity has benefits for quality, coverage, for device lifetime. Also, security features, as we were seeing in the beginning, but also to comply with regulations, which is important.

And indeed, IoT with this, we see a big trend and acceleration in this eSIM market. So, either the eSIM or the iSIM - the integrated SIM - that's something a bit similar but different. It's something that is integrated directly inside the modem.

And the big benefit of using this eSIM technology is what we said - it's to help manufacturers to simplify this process for industrialisation, but also for deployment. And for the device maker and the service provider also to operate until the long lifetime of the device that will be deployed in the field.

From time to time, we have devices that are there for more than 10, 15, or 20 years. So, from this lifetime, you need to have the capability to act and change, for instance, if you have any issues. So that's why this kind of technology, plus also the solution that we're providing on top for the management of connectivity, is very important. Because you need to provide the capability with this technology and the platform to remotely change if you have any issues and also be very conscious of the lifetime of the devices.

Some of them, and even most of them in IoT, are battery-powered. So also, there is a lot of work that has been done on our side because battery saving, and the usage of the battery is very important in this IoT deployment.

Ruth: Hmm. Yeah, we did have some very interesting podcast episodes about power management recently. I'll probably link them in the show notes, so to make some cross-references. That's always interesting. Where do you see this technology in the next coming years? What developments excite you most about it?

Gregory: I think we're still building SGP.32. It's there, so we have some customers, some pre-deployments and so on, and we see that it's really booming.

Where we see a big trend also is in this management of connectivity and security. This is where we at Thales want to grow much more, to help our customers to tackle the security challenges that they will face for their IoT devices.

Even if indeed, you can have local attacks that can still happen, you have also remote attacks. And we at Thales, we really want to position ourselves as a trusted partner on connectivity and on security. So, we see, with the regulations that are coming and that will be deployed soon, post-quantum cryptography is also very important, and that's something that we are investing a lot in this area.

And a lot of innovation also that we're working on that I cannot really say much about, to provide benefits again on the usage of those platforms for device makers and service providers, to see the full power and the benefit of using this kind of solutions.

Ruth: And if one of our listeners now is considering eUICC for their IoT project, what would be your recommendation? How should they start?

Gregory: Go to Thales first. So, if they want to work on the eUICC, I think that's hardware that they can purchase directly from Thales. It's something that they can directly design into their PCB, as I was saying in the beginning. Module makers also are there to support device makers who want to integrate this technology into their devices, into their PCBs. So that's something that is important and that is there. And there are a lot of partners that can support for this integration and then deployment.

Ruth: Mm-hmm. Terrific. I will put your contact information and the resources and necessary links in our show notes, and on the podcast page, so everybody can look it up.

After listening to this episode, is there anything that I have not asked you that you wish I had asked you?

Gregory: I think we covered already a large scope of this discussion on IoT. Again, the IoT market, the way we see it, is growing exponentially. We see more and more needs also for this eSIM technology, the combination of connectivity and security.

So, we see that there is a lot to do in this market, and also the benefit of what we want to achieve - that we want to address all the verticals in IoT that have a need for cellular connectivity. So, it can be track and trace, automotive, healthcare, security cameras, fixed wireless access.

I think we have the capability to cover all the different use cases and different verticals from this IoT market and ecosystem.

Ruth: Yeah, it sounds really flexible, and it has a very low barrier to step into this technology, right? You have really demonstrated today that the eUICC technology - it really is a mouthful, isn't it? - transforms cellular connectivity and makes it seamless and remotely manageable. Thank you so much, Gregory, for being on the show. It has been truly insightful and great to chat with you, and I hope you enjoyed the episode as well.

Gregory: I did. Thanks a lot, Ruth, for this invitation and the discussion that we had together on this very interesting IoT cellular connectivity system. Thank you very much for your time.

Ruth: Thank you. It was really great chatting with you. So, thank you for listening to We Talk IoT - stay curious and keep innovating.