UK-based IoT security provider Crypto Quantique, Luxembourg-based IoT connectivity provider ZARIOT, and Ireland-based eSIM vendor Kigen have aligned to implement the GSMA’s IoT-SAFE standard to leverage the hardware root-of-trust in a cellular hardware-based SIM with quantum-safe technology for the first time, they have said. The alliance further secures IoT connectivity, at all stages, and “radically changes the way enterprises can use SIM, eSIMs or iSIMs using quantum-safe technology.
The IoT SAFE standard, launched in 2021, enables IoT providers to use the cellular SIM as a standardised ‘root-of-trust’ to authenticate and authorise IoT devices and protect IoT data. A root-of-trust, in the context of digital security, implies a common technical component that can be relied upon to perform critical security functions. The GSMA has placed this root-of-trust in the subscriber identity module (SIM), the integrated circuit that stores an international mobile subscriber identity (IMSI) number and related authentication keys, in cellular IoT devices.
The SAFE in IoT SAFE stands for SIM applet for secure end-to-end communication; developed as a JavaCard application, it works with all SIM form factors, including physical SIMs, embedded SIMs (eSIMs), and integrated SIMs (iSIMs). The point is to make the security mechanism in cellular IoT devices common and consistent, across the industry, in order to make the whole ecosystem more robust – “rather than using proprietary and potentially less trusted hardware secure elements implemented elsewhere within the device”, says the GSMA.
A statement explained the alliance in terms of each partner’s role. It said: “Each SIM produced by Kigen is fully certified in both manufacture – GSMA Security Accreditation Scheme for UICC Production (SAS-UP) – and management – GSMA Security Accreditation Scheme for Subscription Management (SAS-SM). Crypto Quantique provides the embedded code baseline that can be deployed on a host microcontroller that utilises the IoT-SAFE applet provisioned on the SIM, giving cellular IoT native access to their security technology for the first time.
“This enables a fully secure connection between the device, Crypto Quantique’s QuarkLink IoT security management platform, and cloud service provider or data centre… ZARIOT… allows customers to utilise telecom network tools such as IoT-SAFEto innovate, build and secure new products. ZARIOT brings solution flexibility, security and comprehensive support… by integrating both in-house and innovative partner features in the SIM, transforming it into a secure, intelligent and independent processor.”
Crypto Quantique claims to offer “end-to-end” IoT security (“from the design of the chip, to enabling a secure connection… to the cloud”), and works with Semiconductor vendors like STMicroelectronics, Microchip, and Renesas as well as OEMs including Wurth Elektronik. Shahram Mossayebi, co-founder at the firm, said: “By using ZARIOT’s flexible connectivity tools, leveraging Kigen’s IoT-SAFE in a novel way on its certified eSIM technology, we are able to provide cellular IoT devices with a hardware root-of-trust, hugely raising the standard of IoT security.”
Kigen has a new blog, available here, about the rise of eSIM in 2024, with key use cases for roaming, satellite connectivity, AI “ecosystems”, and industrial IoT.
