Using LwM2M for remote SIM provisioning on IoT devices

Low-power cellular IoT is the preferred low-power wide-area network (LPWAN) for massive IoT deployments. However, vendor lock-in and the requirement for multiple mobile network operators (MNOs) in multinational deployments make subscriber identity module (SIM) provisioning challenging for enterprises.

‍

In this article, we discuss how the Lightweight Machine-to-Machine (LwM2M) protocol promises an efficient, standardised solution. We also provide insights on how we readily enable LwM2M RSP through the IoTerop Alaska device management platform and the IoTerop Iowa software development kit (SDK).

‍

Low-power cellular IoT is gaining traction as the preferred low-power wireless-area network (LPWAN) technology for massive IoT that requires supporting a huge volume and density of devices to provide wide coverage for applications such as smart meters, smart streetlights, and cargo asset trackers.

‍

Cellular IoT leverages the same network that smartphones use every day to connect massive IoT devices to the cloud. The technology can:

• connect over kilometers;
• support a high density of IoT devices, and
• operate from modest power sources.

‍

Internet protocol (IP) interoperability also enables a bidirectional link between end-devices and the cloud without the need for expensive and complex routers or gateways. Other key advantages include future proofing, scalability, security, and high quality of service (QoS).

‍

Narrow band (NB)-IoT and long term evolution (LTE) category M1 (LTE Cat M1 or LTE-M) are the two underlying technologies supporting low-power cellular IoT. They work differently, although some commercial low-power cellular IoT modems can support both simultaneously. The decision to use either NB-IoT or LTE-M is largely determined by region as well as the data throughput and the latency requirements of each use case.

‍

However, despite the clear advantages of low-power cellular IoT, a major challenge threatened to stall cellular-based massive IoT rollouts. Connecting cellular IoT devices to a network requires the use of a subscriber identity module (SIM) — a combination of secure software and hardware that identifies and authenticates devices that wish to access the network.

‍

Initially, the provisioning of connectivity profiles in eSIM was created for machine-to-machine use cases, such as connected vehicles, and designed to provide a high level of control to MNOs. However, that arrangement was ill-suited to enterprises needing to connect millions of (potentially resource-constrained) devices to a cellular network for massive IoT applications. 

‍

Fortunately, this now has a solution, and it is a combination of the following technologies and specifications:

‍

• eSIMs/integrated-SIMs (iSIMs);
• Rremote SIM provisioning (RSP);
• GSMA’s SGP.31 and SGP.32 standards specifying and describing the eSIM IoT architecture and requirements for remotely provisioning eUICCs in network-constrained and/or user interface-constrained IoT devices, moving SIM provisioning for IoT devices away from the ‘push’ model of the eSIM M2M specification and enabling the ‘pull’ model of the eSIM consumer specification, and
• Lightweight M2M, an interoperable industry standard for massive IoT device management.

‍

This technical article explains how the solution works.

‍

From SIMs to eSIMs and iSIMs

‍

Cellular networks use regulated spectrum allocations. This ensures robust, reliable service, security, and global coverage. However, a certain degree of complexity arises from the fact that a network connection is granted only to individually identified and authenticated wireless devices.

‍

When mobile telephony took off, the industry adopted SIMs for identification and authentication. The SIM was placed on a universal integrated circuit card (UICC), a compact plastic smart card that plugged into the mobile handset. It contained information, such as:

‍

• a unique serial number;
• an international mobile subscriber identity (IMSI);
• security authentication and ciphering information;
• a list of the services the user or ‘subscriber’ has access to;
• passwords, and
• other data.

‍

When a handset is activated, the cellular network interrogates the SIM and, once satisfied with its identity and authentication, it grants the device access to the network. Removing the SIM from a handset and plugging it into another mobile phone repeats the process, allowing the new device to access the network while disconnecting the original handset.

‍

SIM technology has rapidly developed. Technological advances have gradually shrunk mobile phones and transformed the SIM carrier from a removable UICC to a component that is soldered directly to the electronic assembly of the cellular device — an embedded UICC (eUICC) — and the embedded SIM or eSIM came to be. An even later development has resulted in the integrated SIM or iSIM, a dedicated System-on-Chip (SoC) secure enclave and an eUICC OS that forms part of the mobile device’s CPU.

‍

eSIMs and iSIMs are suitable for IoT. ‘They eliminate the need to plug in a discrete UICC into each end-device. That’s impractical when you are connecting millions of products to the cellular network,’ says Waseem Haider, Principal Analyst, IoT, Enterprise Research with TechInsights, a semiconductor intelligence firm. ‘It also makes the manufacturing process easier. The supplier can just add a component onto the board or CPU rather than having to manually put SIM cards into slots. Moreover, there is no need to change a SIM card when switching connectivity providers.’ 

‍

eSIM and iSIM introduce flexibility to cellular IoT connectivity. Not requiring physical SIM swaps for local MNO adaptability means original equipment manufacturers (OEMs) can use one SKU instead of creating multiple variants of the same device, each one personalised for a specific geographical destination and network. Devices can, thus, be shipped anywhere and then remotely provisioned with the profiles of whichever MNO is locally available. 

‍

There’s a major difference between the process of connecting a smartphone to a cellular network and doing the same for an IoT end-product.

‍

In the first instance, the smartphone will be in the hands of a user, and the process involves them ‘pulling’ provisioning instructions, often using a QR code or an alternative internet link. This is detailed in the GSMA SGP.21/.22 or eSIM consumer standard. Such a method is not efficient for a fleet of IoT devices as it requires end-user intervention. 

‍

In the case of an M2M or IoT device, an end-user is rarely present, so provisioning instructions are ‘pushed’ from the MNO to the remote device, using RSP. This is detailed in the GSMA SGP.01/.02 or eSIM M2M standard. Although this eliminated the need for a human operator to facilitate an IoT device’s connection to a cellular network, it is not ideal for massive IoT. For one, the standard is really designed for the convenience of MNOs rather than massive IoT service providers. Additionally, and perhaps even more importantly, it is not compatible with NB-IoT.

‍

The GSMA addressed these problems with the GSMA SGP.31/.32 or eSIM IoT standard. Here is how it overcomes the challenges of network provisioning for massive IoT:

‍

• It is well-suited to the provisioning of resource-constrained devices.
• It is fully compatible with NB-IoT and LTE-M.
• It gives enterprises better control over the process.

‍

GSMA SGP.31/.32 includes some functionality from SGP.21/.22 including;

‍

• IoT Profile Assistant (IPA), which provides functionality such as profile download, discovery service, and notification handling
• A rollback fallback mechanism
• Remote IoT device network profile triggering
• Simpler integration and reduced costs for massive IoT deployments

‍

The IPA can be implemented directly in the eUICC or the device, which further simplifies the adoption of cellular for enterprises as it removes the need for additional integration and testing work. (Figure 1.)

‍

‍

The GSMA SGP.32 technical specifications, in particular, significantly simplified and streamlined eSIM IoT remote management. It is already accelerating global cellular IoT adoption rates. Juniper Research projects that cellular IoT connections will grow 60% between 2025 and 2030. Specifically, the total number of cellular IoT connections globally will increase from 4.1 billion in 2025 to 6.5 billion in 2030, registering a net change of 2.4 billion connections. (Figure 2.)

‍

‍

Why LwM2M is the best solution for RSP

‍

GSMA SGP.31/.32 hands control over cellular device provisioning to enterprises, but there remains a need for a simple and reliable mechanism to trigger the provisioning process, especially when those devices are remotely situated.

‍

‘When you look at it closely, it’s clear that eSIMs and iSIMs are now integral parts of the IoT device rather than a separate plug-in entity. Therefore, it seems a natural step to consider provisioning the SIM as part of the overall device management software task,’ says Christophe Serrano, Head of Product Marketing at Trasna. ‘That simplifies the task for the enterprise, as the workflow is abstracted by the device management software provider, a service they control, rather than the MNO, one they don’t. It also helps the enterprise avoid MNO lock-in contracts.’

‍

‘Things are even better with a “rule engine” that allows device management software to mix an eSIM remote manager (eIM) with device management capabilities,’ adds Serrano. ‘We can then define criteria to dynamically allocate profiles — depending on geography, coverage, signal strength, and the preference for a given MNO.’

‍

LwM2M is an ideal candidate for SIM provisioning as part of an overall device management service. The protocol is an interoperable industry standard suited to the management of resource-constrained IoT devices as well as more powerful and complex IoT devices, such as routers and gateways. It was created by the Open Mobile Alliance (OMA) to bring together existing standards related or relevant to device management into a single, cohesive common service layer. The result is a solution that reduces IoT device management complexity and boosts security while supporting the scalability and security demands of massive IoT.

Key benefits of LwM2M for RSP

‍

Beyond its device management capabilities, LwM2M includes many other features that make it ideally suited to RSP. Key benefits include:

‍

• Unified management interface: LwM2M provides a unified management interface for application, device, communication, and SIM management, ensuring consistent user experience and reducing integration challenges.
• Scalability: LwM2M is scalable, catering to both small and large IoT deployments. By utilising it for RSP, enterprises can ensure that as their IoT deployments rapidly grow, eSIM/iSIM management won’t stall rollout.
• Reduced complexity: By centralising eSIM/iSIM operations within the LwM2M framework, organisations can reduce the complexity associated with handling multiple systems or protocols. They can also leverage an existing communication channel rather than having to build a new one.
• Improved Security: LwM2M has inherent protection features that can be extended to eSIM/iSIM management. This ensures that operations such as profile switching are carried out securely.
• Cost efficiency: By using LwM2M for RSP, enterprises can avoid additional capital and operational costs from data usage, power consumption, and the investment in separate systems for RSP. Note that SMDP+, eIM, and IPA will still be required.
• Streamlined troubleshooting: With a unified system for RSP, diagnosing and resolving issues becomes more efficient. Service providers can pinpoint problems faster and apply solutions consistently across devices and SIM profiles. 
• Future proofing: By integrating eSIM/iSIM management with LwM2M, it ensures that the system remains relevant and adaptable to future changes as the IoT rapidly expands.

IoTerop Iowa and Alaska by Trasna: Enabling the LwM2M protocol for massive IoT

‍

Trasna has developed two solutions that make enterprises readily able to integrate LwM2M for RSP. They are IoTerop Iowa and IoTerop Alaska.

IoTerop Iowa is an ultra-compact client-side software development kit that is a highly optimised commercial implementation of the LwM2M stack. Iowa SDK has the following characteristics:

• Fully compliant with the LwM2M specifications
• Has passed LwM2M MNO certification
• Features a full implementation of LwM2M version 1.0, 1.1, and 1.2 within its streamlined stack

Using Iowa, enterprises can readily implement LwM2M-baseds RSP. They can install Iowa in their IoT devices to enable these end IoT products to communicate with LwM2M-capable machines and servers. They may also use it in their Gateway devices to activate the LwM2M Gateway extension protocol, facilitating Lw2M2M communication even with LwM2M-incapable devices.

Iowa is the perfect complement to IoTerop Alaska, a cloud-based IoT device management platform that enables data collection, remote configuration, security updates, firmware updates, and device monitoring. (Figure 3.)

‍

‍

Alaska is a resource-efficient and secure platform that enables over-the-air (OTA) IoT device management and facilitates the flow of data from IoT devices to data management systems. More importantly, it supports massive IoT rollouts, as it can be used to manage a network of thousands, even millions, of IoT devices.

‍

One of Alaska’s greatest strengths is its out-of-the-box support for LwM2M. This translates to ready compatibility with constrained devices that ‘must’ communicate using LwM2M, including those on older LwM2M versions that can not be updated to the latest specification.

‍

A true plug-and-play setup can be achieved when Alaska is paired with Iowa. By implementing Iowa client-side and managing IoT devices on the Alaska platform, enterprises can benefit from a streamlined LwM2M-enabled RSP process.

‍

Iowa and Alaska: Operationalising LwM2M for eSIM and iSIM profile management

Aside from being capable of handling device management tasks with ease, LwM2M is particularly suited to eSIM and iSIM profile management. LwM2M transports both the outbound and inbound messages required to perform RSP. This allows for flexibility in RSP implementations. Using Iowa and Alaska, it’s possible to pause and resume an RSP process if the network is poor, avoiding having to restart the operation from scratch. This mirrors what happens when LwM2M is used for over-the-air updates.

‍

Process interoperability is ensured through pre-defined RSP and other SIM operations. The protocol’s remote provisioning capability is a critical feature that allows devices to seamlessly switch between various operators or networks and perform configurations over-the-air. This flexibility is essential, not only when considering device location but also specific application requirements, such as the features offered by the cellular network at each location.

‍

While it is the Subscription Manager Data Preparation + (SMDP+) that stores network profiles and makes them available for download, Alaska and Iowa handle profile management by facilitating protocol interactions between the SMDP+ and the eSIM/iSIM. Even better, OMA SpecWorks has issued an LwM2M Object (representing a collection of device properties, organised in a logical fashion to share a unified data model between devices and managing platforms; in this case Object ID 3443) to handle IoT RSP. (Figure 4.)

‍

‍

For even better integration and simpler operations, Trasna has combined Workz eSIM IoT Cloud orchestration with Alaska device management, creating a unified SIM and device management platform that takes care of the entire IoT remote management workflow, including profile preparation and storage, which would otherwise have to be provided separately.

‍

What’s next?

‍

LwM2M is already a proven commercial solution for device management of utility applications, such as smart meters and smart streetlights in smart cities. This makes it the prime candidate for general massive IoT device management. Combined with cellular IoT, eSIMs and iSIMs, SGP.31/.32, it makes for a simple, efficient, and secure way to orchestrate connectivity for millions of IoT devices. This solution transfers control over the SIM-provisioning operation from MNOs to enterprises. It also lowers costs and enhances flexibility and convenience.

‍

Enterprises can readily implement massive IoT with LwM2M RSP using Trasna’s turnkey solutions, particularly the IoTerop Alaska device management platform and the client-side IoTerop Iowa SDK. Trasna makes an even deeper integration possible by unifying eSIM orchestration and device management on a single, cloud-based platform.

‍

Yes, there is still some work left to do. Even with the eSIM and iSIM, which allow provisioning post-deployment, planning and early-stage device configuration, particularly during manufacturing, are still crucial to ensure IoT devices will be power- and bandwidth-efficient. Fortunately, the key players in the RSP segment, Trasna included, are continuously working to resolve whatever engineering obstacles stand in the way of the widespread adoption of LwM2M-based RSP.

‍

Talk to a Trasna technical consultant now to discuss how you can implement LwM2M-based RSP for massive IoT using Alaska and Iowa withor our complete eSIM IoT device management platform.

‍