Rise of the Virtual SIM

Written by: Iain Maxwell

June 22, 2017 - As the telecoms industry prepares to adopt embedded SIM (eUICC) in M2M and the Consumer devices, the Virtual SIM is a new contender in this domain. It raises some key questions: how will the MNOs will deal with this new technology? What does it mean for the OEMs? How much will it compete with eUICC technologies? Will it ‘kill off’ SIM and ultimately eUICC? UL will attempt to address these and other key questions raised by this new technology.

The Rise of the Virtual SIM

Introduction

The telecoms market is constantly evolving to provide new features and services. The role and scope of the SIM (subscriber identity module) has not changed significantly since it was first introduced by G&D in 1991 on Elisa Oyj’s (formerly Radiolinja) GSM network in Finland. But a wave of change has been sweeping across the telecoms landscape driven by business use cases and also consumer demand, and currently there are two main trends:

  1. Virtual Subscriptions is not a new concept, which involves establishing a basic connection with the network via one main physical SIM in a device then creating additional virtual subscriptions managed by an application on the device. Allowing the end-user to manage their personal and work accounts separately, or adding additional subscriptions for other physical devices such that each device has its own individual number all tied back to the original main SIM number.
  2. Embedded UICC (eUICC) involves installation of the GSMA’s eUICC in the device allowing the end-user to switch SIM subscriptions (SIM profiles) on demand via a Local Profile Assistant (LPA) application in Consumer RSP devices or allowing the Service provider (SP) to push the same function to their Machine-to-Machine (M2M) devices in the field.

Virtual Subscriptions and GSMA’s eUICC technology caters for two different types of business use cases, but at both their cores is the ability to access different subscriptions and use them as required. Virtual Subscriptions rely on use of one physical SIM and M2M and the Consumer RSP domains make use of the much smaller eUICC form factor where subscription switching can be done without physically changing the SIM, therefore the industry adopted latter. The advantages and disadvantages of eUICC are well documented and will not be discussed in the article.

The Virtual SIM

But there is another less publicised movement in the industry, namely the SoftSIM or Virtual SIM, which is a virtualised SIM residing in handset memory. The term is commonly misused and mixed with eUICC, but Virtual SIM is not a physical SIM, nor is it an eUICC embedded on the baseband of the device. It is a simulation of a SIM residing in the device’s memory in the OS application layer, including the subscriber’s identity and mechanism to authenticate them to the network allowing them to access their desired services.

The OEMs in general are keen on moving to a virtual SIM as it will save even more space than eUICC allowing them to meet end-user and ultimately MNO demands. This trend towards miniaturization is also evident for the eUICC as demonstrated by the proof of concept demo of Qualcomm’s Integrated UICC (I-UICC also known as iUICC) at MWC 2017 in Barcelona, where the eUICC is logically integrated into Qualcomm’s Snapdragon baseband chip.

It is well known that Apple has always wanted to remove the SIM form factor entirely since they launched their first iPhone, and they have explored the use of Virtual SIM in the past with a series of patents filed that go back as far as 2007. But in the past GSMA had opposed the Virtual SIM idea in general (not just Apple’s potential version) on the grounds that its location and over-the-air (OTA) activation represented a potential security weakness as it resides in the handset OS application layer.

Enabling the Virtual SIM

The emergence of the Trusted Execution Environment (TEE) amongst other benefits, helps to solve this problem. It is a secure area of the handset’s CPU, or even as another separate hardware chip depending on the implementation, that provides confidentiality and integrity for applications and their associated data, thus offering a higher level of security than the device OS and at the same time more functionality than the eUICC.

Qualcomm’s ‘Virtual SIM’ patent is based on Trustonic’s TrustZone TEE, as is Intel’s IPT and Samsung Knox which also introduces secure device boot. Intel’s SGX is a faster TEE implementation which needs much more memory. A recognised, reliable and stable TEE platform may help deliver the level of security required to enable the rise of the Virtual SIM.

However, these proprietary implementations of TrustZone have not been publicly disclosed for review, so it is unclear what level of assurance they provide. If malicious code shares the same CPU as the TEE there is always a risk of side-channel communication attacks. Physical attacks on the TEE are viewed as a lesser risk as they are not scalable, but TrustZone keys are stored in unencrypted flash and Intel SGX/IPT keys are stored in the CPU. Extracting the keys from either locations is generally difficult, but unfortunately the interface to the CPU is unprotected.

Rise of the Virtual SIM

Virtual Subscriptions implementations have existed for some time and continue to grow, but full blown Virtual SIM solutions are now entering the market.

In the Virtual Subscriptions trend BlackBerry acquired Movirtu Virtual SIM Solutions to deliver ‘WorkLife’ which allows a subscriber to use up to 9 mobile numbers on one device. Simgo’s ‘Virtual SIM Platform’ uses a cloud server to store thousands of SIMs virtually that can be used by their customers on demand and also offers test SIM services for device interoperability testing. iQsim’s Virtual SIM solution and implementa’s ‘Virtual SIM Platform’ both work in a similar fashion but they also target the M2M market.

Full blown Virtual SIM solutions are also starting to appear and KnowRoaming's ‘Soft SIM Platform’ fools the handset into believing that a SIM has been inserted (currently only supported by select Alcatel and ZTE phones). Their virtual SIM solution is not an eUICC, but instead integrated into the baseband firmware of the device. This is run in the TEE and their ‘Roam Now’ application allows users to select and manage their subscriptions that are stored in the cloud via their proprietary over-the-air (OTA) platform. UCloudlink's ‘CloudSIM’ does something similar via their ‘GlobalMe’ application but currently it is only in the ‘Xiaomi Mi Max’ handset. Huawei’s ‘P9’ handset included their virtual SIM implementation called ‘SkyTone’ but it was only available in some countries in Asia.

RedteaMobile’s ‘ReadTea vSIM’ is a turn-key solution where their proprietary Subscription Manager platform delivers Virtual SIMs on demand to the End-User on an extensive range of local Chinese and Korean devices; vivo, OPPO, XIAOMI, Lenovo ZUK, ZTE Nubia, Meizu, Letv,  Smartisan, and Samsung. This Virtual SIM solution is widely deployed in China and by the end of 2017 it is expected that 100M devices will support with Redtea technology. Redtea’s ‘vSIM’ resides in device OS - Android for consumer devices and Linux/RTOS for IoT devices. The subscription credentials and other sensitive cryptographic operations e.g. authentication algorithm, reside either in the TrustZone (TEE) or embedded Secure Element (eSE), depending on the secure medium installed in the device. But market demands have led RedteaMobile to start development on a Virtual SIM solution compliant with GSMA’s eUICC architecture. They will support all the different M2M and Consumer RSP interfaces but instead of the Subscription Manager profiles terminating in the eUICC they will terminate in the Virtual SIM.

KnowRoaming have also started working with some of the major SIM vendors to deliver interoperability with the GSMA M2M architecture for their SM-DP (Subscription Manager - Data Provisioning) and SM-SR DP (Subscription Manager - Secure Routing) platforms.

Conclusion

Ultimately the eUICC offers better security than the TEE, plus market demand generated by the MNO investments in eUICC infrastructure mean that eUICC is here to stay. But Virtual SIM solutions are becoming more prevalent. In markets with existing Virtual SIM implementations or with new implementations on the way, it means that we are entering a time where Virtual SIM and Embedded SIM will live side by side on the same device. However, many regions in the world might never experience this co-habitation. Currently the two solutions are not competing against each other due to the early arrival and resulting prevalence of one solution over the other, but it is only a matter of time before they do.

It is expected that the big players in the telecoms industry, and also potentially Service Providers (SPs) in the M2M industry, will flex their might and influence to drive the evolution of the SIM down one of these paths resulting in a single solution. Which one will win the battle of Virtual SIM Vs Embedded SIM is still unclear - or can they in fact continue to co-exist?

Until we get to that point, be it single or multiple co-existing solutions, the differences between Virtual SIM and eUICC may even start to blur, especially if Virtual SIM became a standardised solution making it easier to realise its value. This could result in more initiatives like RedteaMobile’s and KnowRoaming’s GSMA compliant Virtual SIM solutions appearing in the market. But as the SIM continues to evolve it still has its place in the telecoms industry now and for the foreseeable future – just not in the existing form factor in all the devices which we currently carry around with us.

Disclaimer

These are the personal opinions of UL’s employees and its guests and should not be misunderstood as representing the opinion of UL's clients, suppliers or other relations.