IoT Glossary

Subscription Management Secure Routing: what is SM-SR?

Enabling the secure routing of profile information to an eSIM.

Subscription Management Secure Routing explained

eUICC (embedded universal integrated circuit card) technology enables businesses to swap subscription services and manage IoT (or M2M) SIM profiles ‘over-the-air’ (OTA), without the need to physically access a device’s SIM. An eUICC SIM is often called eSIM and can be a pluggable SIM card or an embedded (chip) SIM.

SM-SR (Subscription Management Secure Routing) is an important part of the network architecture that makes this OTA provisioning possible. Read on to discover how SM-SR helps to simplify remote SIM management to meet your specific IoT application usage needs.

What is the function of SM-SR in M2M devices?

There is a standard framework for IoT device eUICC SIM (eSIM) provisioning and management, set out by the GSM Association (Global System for Mobile Communications).

This framework comprises two types of server that work in tandem. One of these servers is called Subscription Manager Data Preparation (SM-DP). This is a kind of storage hub for all the profiles which are available for download to eSIMs, along with other important information such as an IMSI (subscriber ID numbers), subscription-related data for various operators, and authentication keys. The SM-DP stores information in encrypted form. Different providers will have different eSIM profiles available depending on the strength of their MNO eco-system and their in-house capabilities.

SM-SR (Subscription Management Securing Routing) is the other server. As its name suggests, its function is to provide a secure routing path for transmission of information from the SM-DP to the eSIM. Depending on the policies or business rules defined pre-deployment, the SM-SR will ensure that the correct operator credentials are installed on the device’s SIM. Thereafter, the SM-SR is central to remotely managing the eSIM, by enabling, disabling and deleting profiles as required during the product’s lifetime and according to the established policies.

The leading MVNO service providers will typically offer access to their SM-SR and handle all the factory provisioning of SIMs and security keys as well as the in-life operation. It is not necessary to license an RSP platform of your own although that option does exist.

How does SM-SR remotely manage eSIM profiles securely?

Let’s say you need an IoT device to swap from an existing operator profile to a new one. Your provisioning platform downloads the new profile to the SM-DP. The SM-SR routes this information to the eSIM, encrypting it to ensure it cannot be intercepted by hackers. After it is downloaded to the eSIM, the SM-SR issues an activation command to the eSIM. Following this command, the new subscription is activated, and the old one is automatically deactivated.

It is possible to delete inactive profiles or they can be retained as a fall-back or insurance profile option. Most eSIMs can store up to 4 profiles.

The SM-SR operates according to business rules which can be entered via a command portal (User Interface) or via API calls passed from a “Rules Engine”. Profile transactions can be on per eSIM basis or can be performed in bulk (so called campaigns) or most powerful of all they can be dynamically automated by the Rules Engine based on things like location or data usage.

For example, an enterprise might decide than when a SIM (device) is in country X, then it should always use Network Y. This choice might be made  based on perceived quality, coverage, costs or because there are regulations in place which prevent permanent roaming.

Effective IoT SIM management

SM-SR provides a secure transportation route for important profile management commands. This makes it possible for credentials to be enabled, disabled or deleted as and when required. As such, SM-SR enables businesses to tap into the biggest benefit of eUICC technology: namely, the ability to control and manage IoT devices completely remotely, without having to physically access the SIM.

Network switching & remote SIM management

If different operators used their own technical solutions for remote SIM management, it would be difficult to switch from one network operator to another. Thanks to a GSMA standardised architecture comprising SM-DP and SM-SR servers, subscription management is straightforward, making it possible for businesses to switch between operators as required for cost or coverage reasons.

Security and fall-back

This standard provisioning architecture uses a Secure Channel Protocol (SCP). Encryption keys are loaded into the eSIM during manufacturing and are imported into the SM-SR. Businesses can be assured that IoT eSIMs are just as secure as traditional SIMs and contactless payment solutions.

The architecture also means that businesses can retain ‘insurance options’ within their devices in the form of fall-back and bootstrap connectivity. So if there’s a drop-off in performance with a current subscription for instance, you have the option of reverting to a previous operator profile.

Find out more

For more information on the best way to manage connected IoT assets, take a look at the Wireless Logic SIMPro platform

Wireless Logic enables organisations to make the best possible decisions regarding the suitability of 4G LTE, Low Power and 5G technology, in line with current needs and future goals.

To explore your options, speak to us today. For further education around all things IoT, our IoT glossary is full of definitions and explanations.

Wireless Logic

[contact-form-7 id="fd7df5e" title="WP - Gated Content - New one for Jen"]

[contact-form-7 id="20126" title="Generic Sales Contact V2"]

[contact-form-7 id="19345" title="Trial Request"]