SGP.31/.32 specification – what is it and what does it mean for my business?

eSIM has been having somewhat of a resurgence of interest in the consumer sector lately, primarily driven by rapidly increasing smartphone adoption of the technology. However, in the IoT sector, adoption has been continuing at pace for some years now – with clear benefits including future-proofing deployments, leveraging the flexibility and resilience of single-SKU global deployments via multi-IMSI and local profile solutions.

As of the end of May 2023, the much-anticipated SGP.32 standard has been published by the GSMA. Let's take a look at the background on the GSMA standards, and what this means for the IoT industry.

Who are the GSMA and what are SGP standards?

The GSM Association (Global System for Mobile Communications) is a non-profit industry organization that represents the interests of mobile network operators worldwide. One of the key roles of the GSMA is facilitating consensus building and harmonization across the mobile industry – developing common industry standards that make mobile work in a globally interoperable way.

The SGP standards include the technical specifications and frameworks operators use for the design and implementation of eSIM (eUICC), and Remote SIM Provisioning (RSP) architecture.

The evolution of Remote SIM Provisioning (RSP)

Remote SIM Provisioning (RSP) is what gives eSIM its "programmability" over the air. A profile can be remotely downloaded from a profile store (SM-DP / SM-DP+) and enabled, disabled, deleted, or switched on the eSIM. Today there are slightly different architectures for "IoT" (M2M) and "Consumer". The principle is broadly the same, but there are differences in the technical architecture and user experience.

For Machine-to-Machine (M2M) / IoT architecture, where the device typically does not have an interface – this requires a “push" mechanism, where the device must be discovered and authenticated, with the eSIM profile pushed down to the device. This typically employs a more complex architecture (SM-DP & SM-SR, and the use of SMS). This is defined by the SGP.0x (often referenced as “SGP.02” or “M2M”) eSIM specifications.

"Consumer" eSIM architecture utilizes an operator’s “SM-DP+” – the server where their eSIM profiles reside. The end user uses a “pull” mechanism to initiate the download of a profile, by performing an action such as scanning a QR code, providing authentication to the server to release a profile. Through the UI of the device (such as the settings screens), the end user can manage their installed eSIM profiles via a device-based Local Profile Assistant (LPA). This is defined by the SGP.2x (often referenced as “SGP.22” or “Consumer”) eSIM specifications.

What's new in SGP.31/.32?

The lines are increasingly blurring between Consumer and IoT applications, with new devices in the consumer space being realized – more akin to IoT devices with power and interface constraints. There's also a desire from network operators and MVNOs to make their architecture simpler and more efficient, whilst maximizing support for different verticals and user cases. Plus, a growing need to deploy at ever greater scale, and further improve the end-user experience, regardless of the application.

This market evolution increasingly requires a hybrid “Consumer IoT” approach, which the new SGP.31/.32 standards are designed to address. SGP.31/.32 allows for standards-based interoperability with any operator’s "Consumer" eSIM profiles via their existing SM-DP+. The key difference however is that user interaction is not required (per the "pull" model), with the Local Profile Assistant (LPA) becoming an "IPA" (IoT Profile Assistant) – "IPAd" (device-based) or "IPAe" (embedded as an application within the eSIM) – providing the functions that enable the eSIM inside the device to be interoperable with any SM-DP+.

SGP.31/.32 introduces a further component, the eIM (eSIM IoT Remote Manager). eIM is a standardized eSIM provisioning tool that facilitates the deployment and management of eSIM-enabled IoT devices at a large scale. Its purpose is to standardize the process of mass deployment of eSIM-enabled IoT devices, also known as Massive IoT.

Unlocking new potential

Leveraging the hybrid approach made possible by the new standards, enables many powerful new user cases such as:

• Single SKU for OEMs – where, with remote configuration via eIM, mass provisioning could be managed to different operators around the world for a single product variant.
• Better scalability via reduced complexity – meeting the emerging needs of iSIM, fleet management, smart cities, and utilities.
• Support for additional protocols such as CoAP / UDP, and download of a profile via WiFi or Bluetooth – benefits devices in highly power-constrained scenarios like metering or sensors, and factory-based initialization of eSIM profiles in devices in a territory where the profile loaded is not supported with cellular service.
• Standalone Consumer IoT devices, such as trackers or smartwatches – being able to benefit from traditionally IoT product offerings, like multi-IMSI global roaming with KORE OmniSIM.

Recognizing the value that these new specifications deliver, KORE has been actively involved in the development of these specifications with our partners. Incorporating SGP.31/.32 into our roadmap is unlocking many exciting new business models for eSIM, and greater interoperability for traditional IoT and Consumer devices. Get in touch with our Sales team today to discuss how KORE can leverage these new standards to benefit your business.