GSMA SGP.32 and eIM: Scalable, Secure eSIM Provisioning for IoT
The exponential growth of IoT applications, from smart meters and industrial sensors to fleet management and connected healthcare, has introduced a pressing need for scalable, secure, and automated methods to manage cellular connectivity across a wide variety of devices. Many of these devices operate in environments with limited bandwidth, lack user interfaces, or are deployed at scale where manual provisioning is impractical.
To address these realities, the GSMA introduced SGP.32, the 3rd Remote SIM Provisioning (RSP) specification in the eSIM ecosystem, following the M2M model (SGP.02) and the Consumer model (SGP.22). Published first in July 2023, SGP.32 is designed from the ground up to serve main IoT needs: automation and scalability. It builds on the strengths of its predecessors while resolving many of their limitations, offering a flexible and modern architecture tailored to the constraints and demands of connected devices in the field.
Overcoming the Limitations of Previous Models
One of the main shortcomings of the Consumer model is its reliance on manual user interaction for eSIM activation, like entering or scanning an Activation Code on the device, a requirement that is not practical for IoT devices that lack screens, input methods, or even physical access. On the other hand, the M2M model relies on SMS as channel for download trigger which makes it not feasible for LPWAN scenarios such as NB-IoT or LTE-M, where SMS is frequently unsupported, unreliable, or too costly.
SGP.32 comes to address these constraints with a lightweight, asynchronous, and fully IP-based provisioning architecture, removing dependencies on SMS and physical interaction entirely.
New entities of the eSIM IoT Architecture
In terms of novelty, the new standard introduces at its core two new functional entities tailored for IoT:
eIM (eSIM IoT Remote Manager): a secure remote server responsible for eSIM profile download and lifecycle operations (profile enable, disable or delete). The eIM can automatically initiate the download, installation, and activation of eSIM profiles in response to triggering events generated by the device internal logic (e.g. device restart, timer), whether on an individual unit or across a fleet of devices.
IPA (IoT Profile Assistant): a lightweight functional entity responsible for executing eSIM profile operations on the device, based on instructions received from the eIM. It acts as the local interface to the eUICC, handling tasks such as profile download, installation and lifecycle operations.
For IPA deployment the SGP.32 standard is flexible, specifying two variants of implementation, each one with its own advantages:
- IPA (Device level IPA): in this configuration the IPA logic is included in the device’s application processor or OS environment. This model offers flexibility for manufacturers to integrate the assistant in the device firmware or middleware stack.
- IPAe (eUICC-resident IPA): in this case, the IPA is hosted directly on the eUICC itself, reducing device-side integration complexity and enabling a fully encapsulated approach, ideal for highly constrained or minimal-stack IoT devices.
Remote profile download is central operation to the SGP.32 eSIM IoT system, offering two flexible flows:
- Direct Download, the device connects securely to the SM-DP+ over HTTPS, triggered by the eIM.
- Indirect Download: the eIM downloads the profile from the SM-DP+ and delivers it to the device via the IPA using lightweight protocols like CoAP or MQTT, ideal for constrained or intermittently connected devices.
Unified SM-DP+ and eIM: The Simartis Advantage
What sets Simartis apart is its natively integrated SM-DP+ and eIM solution, developed entirely in-house. This unified architecture and solution functional design enhances the flexibility, ensure seamless orchestration between SM-DP+ Profile Inventory, download logic, and on-device execution:
Key advantages offered:
- End-to-end control over the entire eSIM lifecycle: from personalization to download and activation
- Simplified integration through a common API surface and unified data model
- Operational agility, enabling rapid onboarding of new device types or customer requirements
Conclusion
GSMA SGP.32 marks a fundamental evolution in eSIM provisioning, intelligent, automated, and ready for IoT scale. Simartis brings this standard to life with a unified platform, enabling operators and enterprises to deploy secure cellular connectivity to any device, anywhere, efficiently and at scale.
