Podcast

Podcast: iSIMs bring smaller, better, faster IoT and consumer devices

January 4, 2023

Posted by: Barto Szkaradek

Catch the latest Trending Tech Podcast to hear how integrated SIM technologies will change Internet of Things and consumer communications, enabling smaller device footprints, greater system integration, higher performance, and increased memory capacity. To get the latest news, we talk to two Thales’ Digital Identity & Security experts, Stephane Quetglas and Laurent Leloup. And make sure you stay for the hilarious story of scammers scamming scammers, from Robin Duke-Woolley, CEO of Beecham Research. As podcast host, Jeremy Cowan says, ‘Scammers in trouble? Stop it, I’m welling up!’

Listen on

Listen to all episodes

Jeremy Cowan  00:04

Hi and Welcome to Episode 31 of the Trending Tech Podcast. This time it’s on how Integrated SIMs are coming! And What will iSIMs do for you? Thanks for joining us for today’s …. Sometimes Serious, Sometimes Light-hearted look at Digital Transformation for Enterprises.

Now, I’m sure you’ve read about iSIMs. We’ve certainly been writing about plans for integrated SIMs on IoT-Now.com since 2019! But just to recap, iSIM is a new technology enabling a SIM card’s functionality to be integrated into a device’s main processor. Today, we’re going to be talking about iSIMs with experts from Thales, who I’m pleased to say are our sponsors today. Thales is a global technology provider with more than 81,000 employees on five continents. The group works to deliver digital innovations in Big Data, Artificial Intelligence, Connectivity, Cybersecurity and Quantum Technology. Basically, the things we like to talk about.

A warm welcome to you. My name’s Jeremy Cowan, I’m co-founder of the telecoms and technology sites www.IoT-Now.com , www.VanillaPlus.com , and www.TheEE.ai , which covers Artificial Intelligence for The Evolving Enterprise.  And our first guest today is Stephane Quetglas, who is marketing director at Thales Digital Identity & Security, and he’s also Board Director at Trusted Connectivity Alliance. Stephane, welcome.

 

Stephane Quetglas  01:49

Hello, Jeremy. Thanks for having me.

 

Jeremy Cowan  01:51

Great to have you here. Also joining us is Laurent Leloup, product line manager at Thales Digital Identity and Security. Laurent, welcome.

 

Laurent Leloup  02:01

Thanks for inviting us, happy to be there.

 

Jeremy Cowan  02:03

Last but not least, it’s always a pleasure to have with us Robin Duke-Woolley, CEO and Founder of the international consultancy, Beecham Research. Robin, great to have you here again.

Robin Duke-Woolley 02:15

And you Jeremy. Great to be here.

Jeremy Cowan  02:18

OK, to understand iSIM we need to look at the ieUICC GSMA specification. That is quite a mouthful, isn’t it? The specification is, though, a milestone that enables the tech to be commercialised. And iSIM could soon be rolled out in a host of new devices to connect to mobile services. In fact, Vodafone, Qualcomm Technologies, and Thales have recently demonstrated a working smartphone using iSIM.  iSIM allows greater system integration, higher performance, and increased memory capacity. It’s really the latest evolution of eSIM or SIM technology in which eSIMs are embedded into devices. eSIMs, however, require a separate chip: with iSIM that isn’t necessary, and it removes the need for dedicated space assigned to SIM services.

Now …. before we go any further, I always like to check the road ahead in technology with our guests. So, let’s take a quick look at serious Tech News stories you’ve found.   And later, as usual we’ll look for some Light Relief in our closing section, What The Tech!  We’ll discuss a couple of Tech News stories that amazed or amused us! OK. Laurent, what serious Tech News have you come across?

 

Laurent Leloup  03:45

Well, I recently read an article on ZDNET about Singapore government’s willingness to educate the citizens about the risks the cyber risks, actually. So, they have a cybersecurity agency, which created a task force and one of the things they did, for instance, was to create what they call an ‘internet hygiene portal’. So, on this portal actually any user can type any web address they want. And this web address will be checked about the latest protocol standards, security standards. So, you can check that, for instance, if you use an e-commerce site, it is actually secure. Or you can also as an enterprise, check your website to check if it’s implemented latest security measures. And so this cybersecurity agency wants to not only educate the citizens about the cyber risk, but also they want to create a Task Force to improve several steps, like they want to safeguard the critical information infrastructures like the energy grid, to create an interagency counter measure, counter ransomware unit. They want to improve international cooperation. So, all that shows that some governments are really taking this seriously to try to improve the cybersecurity risk.
(https://www.zdnet.com/article/singapore-wants-citizens-to-arm-up-take-accountability-for-personal-cyber-hygiene/ )

 

Jeremy Cowan  05:01

Indeed. I think a round of applause for Singapore, as far as I’m concerned. I wish more countries were taking these kind of proactive measures. Obviously, helping citizens to identify sites that are protecting their visitors is a great idea, as are steps to cut out phishing for consumers and ransomware for businesses. I think we need to keep a look out for more on this. As IoT device achieve massive scale this is going to become increasingly important. Robin, what did you make of this?

 

Robin Duke-Woolley  05:39

Yes, I totally agree. And I think that, as you say, hats off to Singapore actually, for drawing attention to this and trying to get their citizens involved in looking at their security and trying to make their security better. I think that trying to get citizens involved in that is a really interesting way forward, and important as well. Because it’s not just up to the authorities to get things right. This is an open space for everybody that participates in, and there is a responsibility that comes with that. So, I think that making that clear, by Singapore, I think is a very good point.

 

Jeremy Cowan  06:20

Yeah, I like the parallel with hygiene because you get that when you go into a restaurant and you see the hygiene or otherwise of the restaurant, and it’s great to see this done for  websites. Yeah, we’ll post the links to all of today’s stories as we go through them later in the podcast. These will be in the podcast transcript, so anyone can follow up the stories that we talk about. Thank you, guys.

Let’s look at iSIMS, which goes to the heart of today’s podcast.  Laurent, let’s rewind for a moment, shall we? What exactly are integrated SIMs and who’s going to benefit from them?

 

Laurent Leloup  06:58

Okay, so to understand integration, we have to understand what is a System-on-Chip, which is abbreviated as a SOC. When you have a complex device with many functions, like for instance, smartphones, with audio treatments, graphics processing units, WiFi, cellular modem, so you can go on with the list. And when such devices are sold in very large volumes, it’s always beneficial to design a single chip that will embed all the functionalities rather than using several discrete chips, because a single chip with multiple functions will be much cheaper than if you have to buy many chips, each entering a single function. And it will also look to reduce power consumption to have a smaller footprint on the printed circuit board of your device. So that’s the benefits of integration. And the next step in this integration journey is inside the System-on-Chip to include the secure area, which will be able to host the SIM operating system. And so, who will benefit from them? Actually, all device makers, whether on consumer market or IoT (Internet of Things) market will benefit from it as it will allow you to have a simpler bill of materials, because you don’t have to buy one discrete component. It will also reduce further the power consumption, free space on the device motherboard. So, all those things are very important for many IoT devices.

 

Robin Duke-Woolley  08:18

That’s great. Yeah. So just picking that up to Stephane. Perhaps I could ask you, how do iSIMs move the game on from eSIMs? Why do we need them?

 

Stephane Quetglas  08:29

Yeah, so Laurent explained a number of benefits brought by the integrated SIM. What is important to consider is that the variety of devices that are being connected and will be connected in the future to cellular networks is increasing greatly. So, that brings new needs and the new requirements. For instance, 10 years ago, we are not talking about connecting a Smart Label to a cellular network to track some sensitive goods for instance, when shipping them to the final customer. And today that’s a use case that exists. So, you can imagine that in such a small product that is a label basically, it’s stuck on there on the box, you cannot put a separate SIM or separate eSIM. So, here integration is very, very important. I think that the main reason for having integrated SIMs is that these devices that are connected are changing in terms of shape, in terms of function as well. And they are going smaller and smaller, running most of the time on battery. So, the low power consumption that Laurent mentioned is also very, very important.

The integrated SIM is bringing these benefits. It’s also, like an embedded SIM, able to bring the same flexibility in terms of connectivity management. You can remotely change it, you can remotely manage the connectivity for the connected device, and that’s an evolution in terms of form factor and performance over the eSIM, but the core value and the core benefit of the eSIM will remain as well.

 

Robin Duke-Woolley  10:09

That’s great. Now, in the early days of eSIM, embedded SIM, there was a danger of fragmentation of the market with proprietary versions. Is there a danger of that happening with iSIM? I mean, as far as eSIM is concerned, the GSMA introduced the technical spec, this was in about 2014 so it was quite some time ago. And so, is there a danger of fragmentation in the iSIM market do you think as that develops, in the same way that there used to be with with eSIM?

 

Stephane Quetglas  10:42

Well, I think the need for standards remains the same for the very same reasons for integrated SIM. Of course, you may find at the moment some propositions that are based on proprietary interpretation of what an integrated SIM should be. But the standardisation brings a number of benefits to all the stakeholders in the ecosystem. The first would be that the security of the integrated SIM will be guaranteed with an industry-endorsed evaluation process, security evaluation process of product. The other is interoperability and therefore this will bring a much better scalability. So, yes, I think for the integrated SIM, the industry has taken the right approach to standardise it also, like the embedded SIM, the standardisation is very, very well advanced, because you have the specification already available. And now, we are more in a in the process of implementing the standard certifying products in order to be ready for commercial launch. So, fragmentation will exist. But what we believe at Thales is that we need to go for the standardised version of integration as soon as possible and this is exactly what we’re doing.

 

Jeremy Cowan  12:06

Laurent, if the GSMA’s iSIM standards are already drafted, is it just a case now of ‘hurry up and wait’ for iSIMS to arrive? What are the next steps to get iSIMs actually deployed?

 

Laurent Leloup  12:20

Actually, I think standards are more than drafted because current GSMA standards and certification process already takes into account the integrated SIM specificities. But what needs to be understood is that SIM or embedded SIM operating systems today are hosted in a highly secure chip, which are designed to resist all kinds of logical and physical attacks. And independent labs will put this hardware to the test using state-of-the-art expertise and very extensive equipment to perform very sophisticated attacks such as side channel attacks (SCA), fault injection attacks (FI). For the SOC to resist the same sophisticated attacks, which is a requirement to pass GSMA certification. The SOC makers need to redesign their chips to include the same hardware countermeasures, which are currently implemented on discrete SIM chips, like sensors that will detect all kinds of glitches or perturbations coming from the external world. So, the next step is in order to have iSIM widely deployed and accepted by the ecosystem is to wait for SOC new designs, which will be able to pass the certifications. So, in the meantime, there could be some proprietary implementation, but they won’t be endorsed by GSMA, may not be trusted by all the MNOs, so basically, they won’t be scalable.

 

Robin Duke-Woolley  13:32

So just picking up on that Laurent, the iSIM is activated in a 2-step process, as far as we understand. Does that reduce complexity?

 

Laurent Leloup  13:43

Okay, let’s take a step back and look at the embedded SIMs. What we call the activation is the loading of sensitive assets inside the chip that will be used to ensure the security of the profile management operations, like the download of a new profile or the deletion of an existing one. And the loading of the sensitive assets are done today by the eUICC manufacturer in secure production facilities, audited by GSMA-accredited auditors to check that the production environment is respecting all the requirements mandated by the GSMA. And this is a heavy process with very stringent requirements that all eUICC manufacturers need to go through today.

Now, when we talk of integrated SIM, the eUICC manufacturer does not have access to the physical chip because they are directly sent by the SOC maker to the OEM (original equipment manufacturer), and then it is the OEM that will load those sensitive data. So, without the two-step process, what that would mean is that each OEM would have had to pass the exact same audit to prove that their production facilities are as secure as eUICC manufacturers’ production site, which would have been a showstopper for most OEMs. So, that’s why the two-step process was created. With the 2-step process the sensitive data are protected by a unique SOC key by the eUICC manufacturer – by unique SOC key I mean it will be different on each SOC. Then those protected data will be sent by the UICC manufacturer to the OEM, which has no way to tamper with the data because they are protected by the SOC key. And each data will only be able to be loaded on the right SOC.

So, only the right SOC will be able to unlock the protection of the sensitive data on the fly inside the chip, when the OEM will load the data on the chip in its facilities. And that thanks to this two-step perso process – so, two step because first step, the SoC maker will have a unique key and second step, the eUICC manufacturer will lock the data with his key – thanks to this process the OEM can avoid the burden to pass any kind of security audits on each of their sites because they will never have access to the sensitive data.

 

Jeremy Cowan  15:51

Stephane, I’m trying to get a handle on the big picture. How big an impact on the market could iSIMs have? I think recent research suggested that by 2025, there could be 200 million iSIM-compliant consumer and IoT devices in use. Now 200 million devices is a heck of a target in two years. Is that accurate in your view?

 

Stephane Quetglas  16:15

Yes, I think it is. The potential for integrated SIM is very important. And the reason for that is you mentioned IoT and consumers – I think the reasons are a little bit different if we look at these two sides of the market. For IoT, the low power networks that will allow more devices to connect easily to gather data and send data to the IoT application, they will present the biggest growth in IoT. So, that means the advent of these low power technologies and the integrated SIM they really come together very nicely, which explains the growth for integrated SIMs.

In the consumer market, the other very interesting segments that will benefit from the integrated SIM is the wearable segments because you have to have very small products, with very little space inside the device to implement the connectivity features. So integrated SIM is a perfect fit there. And also, because integrated SIM simplifies the integration, or the addition of this eSIM functionality inside the device, for the entry range and the lower mid-range smartphones can be also something very interesting to optimise the cost of these devices. So, we believe that this 200 million figure that you mentioned, is a realistic target for integrated SIM.

 

Robin Duke-Woolley  17:57

That’s really interesting. So Laurent, what does iSIM offer in terms of secure connectivity, getting sort of right down to the meaning of iSIM and what it’s for? Can you say a bit more about that? And also, is it more secure than eSIM? Is iSIM more secure than eSIM?

 

Laurent Leloup  18:13

So, it’s not more secure than eSIM, but it offers the same level of security. So that’s why it’s really important to check that an iSIM has the GSMA certification, to prove that it reached the same security levels. The GSMA certification covers three things. The first one is it ensures that the secure area of the SOC that will host the iSIM OS is as resistant to sophisticated attacks as the chips which are currently used for embedded chips.

The second thing, it ensures that the sensitive assets loaded by the OEM in their production facilities are also protected thanks to the 2-steps process I was referring to earlier. So even if there is nothing to do on the production side, as explained before, that process will however imply an audit of the SoC maker facilities, where the unique SOC keys, will be loaded inside each SOC. And an audit of eUICC maker that will prepare the sensitive data protected by the SoC key.

And the last thing covered by GSMA certification is to ensure that the iSIM is fully compliant with remote SIM provisioning standards, ensuring full interoperability with any remote SIM provisioning-compliant servers available in the market, namely the SM-DP+ servers.

 

Jeremy Cowan  19:25

So Stephane, just to sort of summarise what are the Top 3 benefits of iSIMs?

 

Stephane Quetglas  19:31

The top three benefits, I think, we obviously need to start with the gain in terms of size that you can achieve. So, that allows you to implement the cellular connectivity in much more device types then before. That will be really the first one. And I think it’s important like I said too in wearables and also in IoT when you can find a lot of small sensors that will be used for Smart Cities applications, for instance.

The low power consumption is also super important. And it’s a real difference with the other implementation of the of the SIM functionality that we know today that are based on dedicated chips. When you think about having, for instance, a smart water meter deployed in the field for 15 or 20 years, that’s a lot. Every milli ampere counts in this case. So, you really need to be very, very careful about the power consumption of the whole device and integrated SIM brings definitely an advantage there.

The third one, which is also very important, is the fact that integrated SIM is easier to handle for OEMs. In terms of device design, device validation, certification, and even manufacturing and logistics will be simpler. And this is great also, because in IoT more and more companies who are not, experts in connecting devices will try and connect their devices for the first time. So, having a solution that makes it easier for them to achieve their goals, to launch the solutions and devices connected to the cellular network is great. So here, the integrated SIM is also bringing lots of benefits.

 

Robin Duke-Woolley  21:35

Terrific. And Laurent, is it right to say do you think that iSIMs represent the next evolutionary phase after eSIM? Or would you say that they’re more likely to co-exist, perhaps? Do you think that one will lead to the other, or do you think that they’re going on into the market together in tandem?

 

Laurent Leloup  21:55

Well, both are true, they will go in tandem. But I think it’s true also to say that it’s the next evolutionary phase, for the reasons explained before. So, to develop on that, it is a next step of integration inside a single chip, allowing all the advantages that we already mentioned like reduced bill of materials, reduced cost, more power, more efficient power consumption, smaller footprint. But this is a complex step to take because a discrete SIM or discrete embedded SIM, is one of the most secure chips you can find today on the market, with similar security to what you can find on banking cards or government electronic documents like electronic ID or driving licence.

And until now, SOC makers did not decide to move in this direction due to the complexity of implementing the state-of-the-art security. But this has changed now, and several SOC makers are moving this way. However, it will take time for all SOC manufacturers to design a secure area inside their chip that will be able to reach the required resistance. So, it will start with pioneer SOC makers with SOC design mainly for low power cellular modems, for NB-IoT, and LTE-M CAT-1bis, then it will come to 5G SOCs, but that will take years. It won’t be done overnight. And despite the inexorable iSIM ramp-up that we will see, I’m confident that we will keep seeing discrete embedded SIMs for many years to come.

 

Robin Duke-Woolley  23:15

Okay, that’s great.

 

Jeremy Cowan  23:16

Thank you all, that is really helpful.

Okay, let’s unwind for a moment and see what in the world of tech has amused or amazed us lately. Robin, I’m going to ask you to go first. What have you seen?

 

Robin Duke-Woolley  23:29

Well, I saw this story from The Register and it just made me smile. Scammers scamming scammers. (Laughter) So scammers have scammed their fellow cyber criminals out of more than two and a half million dollars on three dark web forums alone over the last 12 months.

 

Jeremy Cowan  23:47

D’you know, my heart bleeds. (Laughter)

 

Robin Duke-Woolley  23:49

That’s what I thought. (Laughter)

 

Jeremy Cowan  23:54

I can hardly describe the depths of my indifference to their suffering. (Laughter)

 

Robin Duke-Woolley  24:00

It goes further actually, because some of them are talking about being scammed out of large amounts of money. But then other threat actors seem to be indignant about having their money stolen as anyone else would. (Laughter) But no matter the amount, because one of them was complaining about being scammed for $2.

 

Jeremy Cowan  24:24

(Laughter) For sheer time wasting, it could hardly be beat. I must say there was a cheer around the office when we heard about this one. What I particularly like is that they’re all turning their guns on each other.

 

Robin Duke-Woolley  24:34

I think that’s terrific.

 

Jeremy Cowan  24:35

Happy days!

Robin Duke-Woolley  24:36

I mean, the more we get of that the better. Yeah, absolutely. Yeah.

 

Jeremy Cowan  24:39

And this was on The Register.com? https://www.theregister.com/2022/12/08/scammers_scam_cybercriminals_sophos/

 

Robin Duke-Woolley  24:42

Yeah, it was on The Register.

 

Jeremy Cowan  24:43

Great story. Great site. Thanks, Robin. I love that. Stephane what’s made you smile in the news lately?

 

Stephane Quetglas  24:50

Well, lately I was looking at wired.com and then I found an article on AI-generated arts and I was really amazed with what is going on at the moment. There are some technologies that you can use. Several, I think four services that you can use to, for instance, have a picture being designed based on a description that you give of this picture. And basically, anybody can turn into an artist using these services. And it looks like many, many people are embracing it. In the article, they say that more than 20 million images are actually created every day. So maybe not all of them will be really outstanding. But I think it’s very interesting to see how we can with such a such technology have access to better design, actually, maybe in everyday life, because not everybody is a great artist, for sure. But if we can have something better, in general, better design, because more people have access to these tools,  I think that’s great.

And to finish on this one, it was even a professional artist from Pixar working on their movies was really astonished by the results of these tools. So, this can give you a flavour of the quality of what can be done. I don’t think it’s going to kill artists. (Laughter) People will still be there to get the right, the right indications to these tools. But yeah, I think maybe it can make the world a little bit nicer.
https://www.wired.com/story/picture-limitless-creativity-ai-image-generators/

 

Robin Duke-Woolley  26:41

It probably won’t make me into a Leonardo da Vinci though. (Laughter)

 

Jeremy Cowan  26:46

What I find encouraging is the way that from this story, AI image generators seem to work best, certainly in this instance, in partnership with artists, as you say Stephane. It’s not by replacing them. I mean, it seems to benefit the artists because the person in need of the art, can actually achieve something very quickly. And it minimises the cost and obviates any concerns about copyright.

 

Stephane Quetglas  27:15

I think copyright is something that is important to consider. There are some discussions about it, it seems according to the article, indeed. But that’s a new tool. I think you need to consider it as a new tool and you need to use it in a proper manner. And that’s something that’s beyond technology.

 

Jeremy Cowan  27:36

I think it’s actually extremely positive. And that story was on wired.com. Good. Well, the link will be in our transcript, as I say. And let us know on LinkedIn what you think about the news, you’ll mostly find me on LinkedIn at Jeremy Cowan, that’s C O W A N. And just before we go, let me say a big thank you, first to Robin Duke-Woolley of Beecham Research. Thanks, Robin.

 

Robin Duke-Woolley  28:05

Thanks, Jeremy. Very good to be here.

 

Jeremy Cowan  28:08

And how can people reach you for a bit more information, Robin? Where can they find you?

 

Robin Duke-Woolley  28:14

info@BeechamResearch.com .

Jeremy Cowan  28:15

Brilliant! And our thanks also to Stephane Quetglas of Thales. It’s been great to have you with us, Stephane.

 

Stephane Quetglas  28:21

Thank you, Jeremy. It was a great discussion today. Thank you very much.

 

Jeremy Cowan  28:25

Really fun! And where can listeners find you?

 

Stephane Quetglas  28:28

Well, I’m on LinkedIn. Obviously. Stephane Quetglas at Thales.

 

Jeremy Cowan  28:34

Lovely. Plus, big thanks to Laurent Leloup of Thales, today’s sponsors. We really appreciate your input, Laurent.

 

Laurent Leloup  28:42

Thanks. I really appreciate it being there as well. You can also find me on LinkedIn, Laurent Leloup at Thales Group.

 

Jeremy Cowan  28:48

Brilliant! And don’t forget, you can subscribe to the Trending Tech Podcast wherever you found us today. So, a High Five to our fantastic audience around the world. There’s now more than 6,000 of you worldwide. So, a Big Up to you. And as you know, we give a SHOUT OUT to anyone who gives us 5 stars on Apple Podcast and leaves a REVIEW. Because reviews help us find , and help new listeners to find us. This time we want to say a TRENDING TECH Thank You to Ginn007 . They described the Trending Tech Podcast as “IoT at its best – Enjoyable, easy to listen to, but most importantly informative.” Thank you Ginn007!

And if YOU give us a good review at podcasts.apple.com/digital-transformation we could be giving you a Shout Out next time! So, keep checking www.IoT-Now.com , www.VanillaPlus.com  and www.TheEE.ai , where you’ll find more Tech News, plus Videos, Top-Level Interviews, Event Reviews and a whole lot more. And join us again soon for another Trending Tech Podcast looking at Enterprise Digital Transformations. Bye for now!