Applus+ Laboratories receives the license to conduct security evaluations for eSIM under the GSMA eUICC Security Assurance Scheme
The GSMA eUICC security assurance (eSA) scheme is an independent security evaluation scheme for evaluating embedded UICC (eUICC) against the provisions of PP-0089 and PP-0100. The scheme aims to establish trust for Mobile Network Operators (MNOs) and other risk-owners ensuring that their assets, including profiles for eUICC remote provisioning, are secure against state-of-the-art attackers. The scheme is based on the ISO 15408 Common Criteria methodology, optimized for GSMA compliant eUICCs.
The scheme owner is the GSMA, and it is operated by the Certification Body ‘Trust CB’, in accordance with the provisions and expectations of ISO 17065.
Applus+ has successfully met all of GSMA’s and TrustCB’s requirements to become a security evaluation laboratory, and is ready to conduct eSA evaluations for the remote provisioning functionality on eSIM/eUICC, for both M2M and Consumer Device solutions.
The eSIM and the Remote provisioning functionality
eUICCs are device-embedded SIM cards that allow “over the air” provisioning for the first subscription with a telecommunications operator, as well as subsequent subscription changes from one operator to another.
Unlike traditional SIM cards, this solution avoids having to physically change the card but requires a common ecosystem for eSIM manufacturers and operators. The GSMA compliance programs are frameworks that define the requirements for an eUICC to enter the RSP (Remote SIM provisioning) ecosystem, applicable to both M2Ms and Consumer Device solutions.
eUICC M2Ms (machine-to-machine) are solutions designed for mobile connections made by any type of machine, such as smart meters, smart vehicles, traffic lights and surveillance devices, among others. eUICC Consumer Devices are an equivalent solution for personal consumption products, such as mobiles, tablets, laptops and wearables.
eUICC Applus+ Service Portfolio
This new accreditation reinforces Applus+ position as a partner for eUICC developers. Besides this new GSMA eUICC Security Assurance scheme, GSMA offers two alternative routes to certify the security of eSIMs.
Applus+ is able to evaluate eUICC following the three options (GSMA Security, Common Criteria and GSMA interim) and can help you decide the best approach for your project. Moreover, Applus is also accredited to conduct functional and interoperability testing for GlobalPlatform Certification, the last step for eUICC compliance with GSMA requirements.