By Alejandro Pulido & Laurent Sustek.
The implementation of eSIM in mobile devices is reaching new heights. This month, a second eSIM-only handset has been officially launched. The iPhone 14 is another proof of how essential eSIM will become for device makers and mobile operator. The Apple device might be the observation vehicle towards eSIM adoption and as a potential replication model for other OEMs.
According to the “eSIM Market Outlook report” by Kaleido Intelligence, in 2027 we may expect more than 4.5 billion of eSIM connection worldwide driven by the Consumer Market, which represents a 1400% of growth rate between 2022 and 2027.
To ensure a high-level of security and address technological trends MNOs and OEMs are already making the most of hardware-based security capabilities and enabling a great variety of use cases covering remote SIM provisioning enriched with user onboarding, key storage of applications, digital access control to homes and cars, online authentication and so many others.
The connected devices opened a door for all players to join the mobile application revolution and it seems the eSIM will be the trusted enabler for all these non-telecom applications to work.
How the eSIM proves its security levels?
Nowadays, several studies have highlighted that citizens are more aware and more disquiet with the cyber security in all ambits. According to Accenture’s Cost of Cybercrime Study, 43% of attacks are directed to small business and particular users that are not prepared to defend themselves, the direct cost of the cybercrimes has increased dramatically from 2015.
It is easy to see the relationship between the cybercrimes in general and the lack of security in user devices, if passwords are accessible by other applications running in the device, there is a clear security problem that will lead to a potential attack.
The main asset of the Secure Element in general, and the eSIM in particular, is the security that it provides. All eSIM functionalities are tested with an exhaustive set of criteria where processes, as authentication with external servers, or the execution of functions, simple or complex, are defined, implemented, and tested to ensure that the eSIM is indeed interoperable, functional and reliable. If the eSIM is certified following all the necessary industry standards defined by GSMA, it provides State-of-the-art Security and it’s the answer for more trusted and secure user devices along the way.
How to extend the same levels of eSIM security to other sectors other than telecom?
The eSIM has already proven itself in the telecom industry as a source of high-level security to build in secure and innovative devices. If we can replicate that to other sector that could potentially mean we could also provide a countless number of value-added services, that will end in a substantial improvement of the security for the user, providing even more value and trust to systems that have to be secure and trustable, such as payment, new crypto wallets, identity, access control, eHealth and many more.
A solution: eSIM with Strongbox Applet
To improve the security of their devices’ applications, Google created and manage the Android Ready SE Alliance, an environment build to define a new technology that allows to securely store credentials in a Tamper Resistant Element (such as the eSIMs) within the connected device, by an interest group of Secure Element vendors.
In this group, the Strongbox Applet was defined to be hosted in any Secure Element that met the functional and security requirements to ensure that there’s a full compromise with the security.
The strongbox applet is a hardware backed KeyStore where users’ credentials are stored and managed, and it communicates with the OS security module. It eliminates the need of implementing another tamper resistant secure element in the device to work with the eSIM.
How it works?
The basics of StrongBox is to provide the user all the power of the cryptographic engine inside the Secure Element to be usable for protecting their credentials.
Differently than the 2 Factor Authentication mechanisms (SMS, email or calls) that rely on network availability to ensure user authenticity, the StrongBox applet provides a similar 2FA solution locally in the device, without the need to confirm information outside of the user’s device. This way the user’s data never leave the device.
Because of how this technology works behind the scenes, the strongbox is enabling lots of new uses cases. The applet can assure the user’s credentials are not shared with all the applications, but only needs its validation to work.
That’s why, implementing an eSIM solution with strongbox is accelerating the entire process of the development of secured connected devices. By adding the strongbox into the eSIM solution, device makers can reduce cost, size, power consumption and efforts as only one element needs to be integrated into their devices, and this element is already present in most of the smartphones worldwide.
Read Valid’s latest white paper to know more about “The benefits of eSIM for Non-Telecom Applications” and how the strongbox applet can boost your eSIM initiative. Download it here.