STMicroelectronics just announced it is now accredited by the GSMA for loading embedded SIM (eSIM) chips with connection credentials such as certificates and operator profiles before shipping.

In the internet of things field, our industry has been agreeing on two aspects for a while:

• The IoT business will be booming, although in spite of overoptimistic projections, no one really knows when and to which extent,

• The IoT is not secure enough to ensure a peaceful deployment.

Starting from these points, many have been developing solutions, based on their original set of beliefs, developments and positioning. The consensus is that the huge diversity of the IoT business requires an almost equally huge diversity in terms of security solutions. Those solutions vary from fully software-based to fully hardware-based with some steps in between.

The eSIM, or embedded SIM, is the fully hardware-based solution that builds upon the security technology and procedures developed for years in the secure transactions industry to bring a comparable level of security to the internet of things business.

In order to bring interoperability and security in this universe, after years of hesitation, the GSMA has finally published a series of standards known as the “Security Accreditation Scheme (SAS).” These standards aim at safeguarding the integrity of the UICC, of Embedded SIMs with remote provisioning capabilities. The GSMA SAS is twofold:

• SAS for UICC Production (SAS-UP): a well-established scheme operating since 2000 through which UICC manufacturers subject their production sites and processes to a comprehensive security audit,

• SAS for Subscription Management (SAS-SM): to enable security auditing and accreditation of the providers of embedded SIM subscription management services.

The list of sites accredited for SAS-UP reveals no surprise: most major smart card vendors have their production site accredited including Gemalto, Idemia (under both Morpho an Oberthur names), G+D, and also Beautiful Card, DZ Card, Eastcompeace, FutureCard, NovaCard, Valid and Workz, among others.

In a world that evolves from hardware to software and from software to services and in which competition has brought the prices of SIM cards or eSIMs down, the added value is shifting to subscription management services. The list of SAS-SM sites includes also the usual suspects, Gemalto, Idemia (only Oberthur this time), G+D, along with Telenor Group, a Norway based mobile network operator, Truphone, a UK-based global communication services provider, and card vendors Valid and Wuhan Tianyu.

This week, STMicroelectronics announced it has received the GSMA accreditation for SAS-UP, making the company the first semiconductor developer to enter this business, creating a disruption in the existing value chain. To be more specific, STMicro in Caserta, Italy, is accredited for embedded form factor eSIMs, and STMicro in Rousset, France is accredited for wafer level.

With this vertical integration move, ST might shake up the value chain for the whole industry. Until now, ST was selling semiconductors to companies in charge of packaging them and, then data preparation, initialization, personalization and subscription management were completed by ST (and others’) customers. This latest announcement makes ST appear as willing to take the business of its customers, a move that is generally not appreciated in any industry. Let’s wait and see how the embedded SIM value chain will evolve.