Subscription Management Secure Routing: what is SM-SR?

Enabling the secure routing of profile information to an eSIM.

eUICC (embedded universal integrated circuit card) technology enables businesses to swap subscription services and manage IoT (or M2M) SIM profiles ‘over-the-air’ (OTA), without the need to physically access a device’s SIM. An eUICC SIM is often called eSIM and can be a pluggable SIM card or an embedded (chip) SIM.

SM-SR (Subscription Management Secure Routing) is an important part of the network architecture that makes this OTA provisioning possible. Read on to discover how SM-SR helps to simplify remote SIM management to meet your specific IoT application usage needs.

What is the function of SM-SR in M2M devices?

There is a standard framework for IoT device eUICC SIM (eSIM) provisioning and management, set out by the GSM Association (Global System for Mobile Communications).

This framework comprises two types of server that work in tandem. One of these servers is called Subscription Manager Data Preparation (SM-DP). This is a kind of storage hub for all the profiles which are available for download to eSIMs, along with other important information such as an IMSI (subscriber ID numbers), subscription-related data for various operators, and authentication keys. The SM-DP stores information in encrypted form. Different providers will have different eSIM profiles available depending on the strength of their MNO eco-system and their in-house capabilities.

Let’s say you need an IoT device to swap from an existing operator profile to a new one. Your provisioning platform downloads the new profile to the SM-DP. The SM-SR routes this information to the eSIM, encrypting it to ensure it cannot be intercepted by hackers. After it is downloaded to the eSIM, the SM-SR issues an activation command to the eSIM. Following this command, the new subscription is activated, and the old one is automatically deactivated.

It is possible to delete inactive profiles or they can be retained as a fall-back or insurance profile option. Most eSIMs can store up to 4 profiles.

The SM-SR operates according to business rules which can be entered via a command portal (User Interface) or via API calls passed from a “Rules Engine”. Profile transactions can be on per eSIM basis or can be performed in bulk (so called campaigns) or most powerful of all they can be dynamically automated by the Rules Engine based on things like location or data usage.

Effective IoT SIM management

SM-SR provides a secure transportation route for important profile management commands. This makes it possible for credentials to be enabled, disabled or deleted as and when required. As such, SM-SR enables businesses to tap into the biggest benefit of eUICC technology: namely, the ability to control and manage IoT devices completely remotely, without having to physically access the SIM.

Network switching & remote SIM management

If different operators used their own technical solutions for remote SIM management, it would be difficult to switch from one network operator to another. Thanks to a GSMA standardised architecture comprising SM-DP and SM-SR servers, subscription management is straightforward, making it possible for businesses to switch between operators as required for cost or coverage reasons.

Security and fall-back

This standard provisioning architecture uses a Secure Channel Protocol (SCP). Encryption keys are loaded into the eSIM during manufacturing and are imported into the SM-SR. Businesses can be assured that IoT eSIMs are just as secure as traditional SIMs and contactless payment solutions.