IoT Connectivity

Overview

IoT connectivity technologies fall broadly into two groups—cellular-based and unlicensed LPWAN (low-power wide-area network). Cellular IoT technologies operate in the licensed spectrum, which ensures reliability through relatively consistent and standardized infrastructure.

If you’re looking for a solution, read this guide to selecting the right managed IoT service solution provider. For an understanding of the technology, read on..

Cellular Connectivity

Connectivity Management Platforms

There is a big difference between traditional SIMs that you would find in a smartphone and IoT SIMs. Smartphone SIMs are generally unique to an individual – the phone is either owned by someone or assigned to them by their company.

IoT devices are usually belong to a group of devices owned by a business – this could either be the supplier of the devices or the customer, depending on the arrangement. There could be anything from a few SIM’s to literally millions of SIM’s in a group, and all of these SIM’s need to managed together.

For instance, whereas a smartphone has a unique bill for that SIM, the bill for an IoT device will often by aggregated with all the SIM’s in the group – i.e. a business would buy a pool of data for all their SIM’s and not be subject to additional charges unless the sum total of all data usage exceeds the pool. This is useful as one device may enter an alarm state and begin transmitting 10x as often as it normally would – for a non-aggregated SIM, this may exceed the allowed data limit (reported as an ‘overage’) which will lead to excess charges. If an aggregated data pool is used, this will not happen.

Connectivity Management Platforms provide connectivity, control and security of IoT assets and devices. Key features that they provide include:

  • Aggregate data
  • Control billing
  • Monitor usage
  • Locate SIM’s
  • Manage API usage
  • Manage SMS services
  • View device performance
  • Activate & Suspend accounts
  • Control data usage
  • Change eUICC profiles (see eSIM Management plaforms below)
  • Provide end-end security (potentially via blockchain enabled SIM’s)

Example Connectivity platforms are SimPro from Wireless Logic, and AnyNet+ from eseye.

Anynet Connectivity management platform for IoT - Eseye

Cellular Connectivity Operators

Operators provide the connectivity service (along with many other services) – they may or may not own their own physical RF infrastructure (base stations).

Mobile Operators are grouped in to operator types:

Mobile Network Operators (MNO’s)

Cellular networks are owned and operated by Mobile Network Operators (MNO’s). MNO’s own and operate all the equipment and license the frequency spectrum required from the local government. I

In the UK, there are currently four MNO’s – EE, Vodafone, O2 and Three.

Here is the list of MNO’s in Europe.

Mobile Virtual Network Operators (MVNO’s)

MVNO’s do not own their own network infrastructure – they bulk purchase network connectivity from MNO’s. Due to their bulk purchasing arrangements, their SIM’s are often lower cost than purchasing directly from MNO’s, and they provide many value adding services – especially in the world of IoT.

MVNO’s can include anything from supermarkets to low cost startup network operators in the smartphone world. However in IoT, new types of MVNO are being created – see here for a short introduction to these.

MVNO’s are the primary method of connectivity in IoT, which is reason why most of the IoT connectivity providers featured here are MVNO’s – they should be your first port of call if you are implementing an IoT solution.

Mobile Virtual Network Enablers (MVNE’s)

Creating a mobile operator from scratch is not the core market of many of IoT companies. To assist with all the administration and setup and management of the network, there are Mobile Virtual Network Enablers (MVNE’s).

Again there are MVNE’s for the consumer smartphone market, and MVNE’s for IoT including Transatel, Tata Communications and several others.

They are also grouped in to Tiers:

  • Tier 1 carriers possess a network in which it’s the sole operator- meaning it has a direct connection to the Internet and the networks it uses to deliver voice and data services.
  • Tier-2 carriers operates the same way, except they may get a portion of its network from a tier-1 operator by way of a concept known as “peering,” which can be loosely defined as piggybacking onto the network already in place by a tier-1 source.
  • Tier-3 refers to a carrier who gets 100% of its network through a tier-1 or tier-2 operator, with no direct-access of its own.

Note that the Mobile operator tiers described above are different from the commonly referenced IP network tiers.

There is clearly an overlap between operator types and operator tiers, and the types – MNO, MNVO and MVNE are there more descriptive and useful terms used when discussing mobile operators.

SIM Types

SIM form factors are the standardized sizes subscriber identity modules (SIMs) are manufactured in.

There are several SIM form factors including traditional removable UICC SIM’s 2FF, 3FF, 4FF and newer SIM categories including eSIM (eUICC), removable eSIM, iSIM, and Soft SIM.

Traditional SIMs (2FF, 3FF, 4FF)

Traditional SIMs are still the most common today, particularly in smart phones. They general have fixed SIM profiles which are tied to a single network, with the optional ability to roam to other networks. Traditional UICC SIM’s do not support Remote Provisioning (RP).

UICC (Universal Integrated Circuit Card) can be thought of as the functional block of a SIM card.

A UICC SIM card contains:

  • unique serial number (ICCID)
  • international mobile subscriber identity (IMSI) number
  • security authentication and ciphering information
  • temporary information related to the local network
  • list of the services the user has access to,
  • personal identification number (PIN)
  • personal unblocking key (PUK) for PIN unlocking

Example UICC architecture:

eSIM & eUICC

The term eSIM usually refers to a standalone chipset in either an MFF1 or MFF2 form factor which is physically embedded into a device.

eUICC is the software capability that allows multiple profiles, remote provisioning and over the air profile management.

It possible to purchase traditional removable SIM cards (2FF, 3FF, 4FF, etc) with eUICC capabilities. Just to keep things interesting, these are sometimes also known as eSIM cards, or Removable eSIMs.

Whether truly embedded or removable, the eSIM is utilized in the majority of devices/things today.

Typically, a eUICC embedded device or removable SIM card will have more memory than a traditional SIM (typically a minimum of 512 kb) to allow the storage of multiple operator profiles at any one time.

Although today not all MFF form factors support RP, this is rapidly changing alongside the rise of embedded IoT devices and aligned with the standardization work completed by the GSMA covering both M2M and consumer applications.

iSIM

The iSIM is an approach whereby SIM functionality is integrated at the MCU/application processor level, in essence creating a containerized secure location from which operator profiles can be stored and managed.

The iSIM is also often referred to as the iUICC. Due to its integrated approach, small footprint, and with functionality integrated into an existing chipset, the iSIM is viewed as a form factor to help bring cellular connectivity to lowend/computing, processor-capable devices and/or those within the LPWA category.

Removable eSIM

The removable eSIM refers to the traditional removable form factor in either 2FF, 3FF, or 4FF format, with additional RP capabilities.

Because RP is not a hardware concept, it is possible to integrate RP capabilities onto a removable SIM

Soft SIM

A device with a Soft SIM doesn’t have any SIM hardware at all – the SIM functionality is delivered onto the device virtually, or over the air (OTA), once the user switches it on.

Multi-IMSI

Multi-IMSI” is an abbreviation for Multiple International Mobile Subscriber Identities. An IMSI is a unique number that lets Mobile Network Operators authenticate their subscribers so they can access the MNO’s network—and any networks the MNO has established roaming agreements with.

With Multi-IMSI, you have a single service provider (such as EMnify), but multiple subscriber identities, each of which can connect to a limited number of carriers. (This is the “allowed network coverage” list.) When your device needs to connect to a carrier that isn’t on the list, it automatically changes IMSIs to get a new list of approved networks. 

There’s no need for OTA provisioning, new integration, new APIs, or new portals. And your device can bring data from one carrier to another—because you’re still just managing one MNO subscription.

This is different to eUICC where switching profiles involves switching from one MNO to another (as described below). eUICC is more flexible but can also be more complex so end users need to consider the pros and cons of the different approaches for their use case.

https://www.emnify.com/en/resources/whats-is-multi-imsi#:~:text=Quick%20definition%3A%20%E2%80%9CMulti%2DIMSI,has%20established%20roaming%20agreements%20with.

Mobile Network Parameters

IMSI

The international mobile subscriber identity is a number that uniquely identifies every user of a cellular network. It is stored as a 64-bit field and is sent by the mobile device to the network.

An IMSI is generally represented as a 15 digit number which consists of:

ICCID

The  Integrated Circuit Card IDentifier is the identifier of the SIM itself (either physical or virtual eUICC). The SIM/ICCID contains one or more IMSI’s.

IMEI

The International Mobile Equipment Identity is a unique identifier for a device which is connected to a mobile network (i.e. any device that has a SIM). The IMEI is unique to and can be seen as part of the device – not the the SIM.

MSISDN

The Mobile Station International Subscriber Directory Number is used for routing calls to the subscriber. The IMSI is often used as a key in the home location register (“subscriber database”) and the MSISDN is the number normally dialed to connect a call to the mobile phone. A SIM has a unique IMSI that does not change, while the MSISDN can change in time, i.e. different MSISDNs can be associated with the SIM.

eSIM/eUICC Subscription Management Platforms

eSIM management can be provided by the Connectivity Management Platforms described above, but are often not provided by the same enterprise – most MVNO’s and many MVNO’s don’t have their own eSIM management platform.

As described above, a key characteristic of eUICC devices is that the operator profiles on the devices can be configured and changed over the air. To do this of course, there must be an initial operator connection – this is known as the bootstrap profile. Below is a description of both the switching process and the bootstrap mechanism.

https://uktelecomdistribution.co.uk/esim-platform.html

Click here for of GSMA approved subscription management platforms.

Switching Profiles & Network Operators with eUICC

The diagram below shows an M2M device which initially has a single profile – MNO A (bottom left of diagram). The M2M device is then sent a new profile – MNO B (botton middle), and finally instructed to switch from MNO A to MNO B (bottom roght).

This ability to switch is controlled by a central subscription manager which is generally provided by the eSIM supplier.

eUICC Bootstrap profiles & Bootstrapping

An eUICC/eSIM must have an initial default method of talking to the outside world. The solution to this in the case of an M2M eSIM is to use a bootstrap profile. Rather than being completely empty, an eSIM chip in an M2M device has a bootstrap profile that allows it to connect to a server that controls the subscription on the device. The bootstrap profile is simply a connection to an MNO or one of it’s ‘allowed networks’ – as it’s only used for initial configuration, it can be a very expensive connection without it causing too many issues.

Bootstrap profile connections have very extensive global coverage. Devices often have several bootstrap profiles to ensure that a connection is possible pretty much anywhere that has cellular coverage provided by any operator.

Two servers are required in the case of an M2M application. One is called an SM-DP and the other is called an SM-SR – as shown in the diagram below.

The SM-DP (Subscription Manager-Data Preparation) prepares the profile for download while the SM-SR (Subscription Manager-Secure Routing) routes the profile over the air into the eSIM chip.

At that point, an operational profile – with all the required features and functionality of network connectivity – can be provisioned, via the bootstrap.

A bootstrap profile is imperative as it means that an eSIM embedded within an M2M device – or fleet of devices – on the Internet of Things needs no human interaction or maintenance. It can be managed entirely remotely.

Source: https://cloud9mobile.co.uk/our-solutions/bootstrap-profiles/

Source: https://www.gsma.com/iot/wp-content/uploads/2015/02/CLP.05-v1.0-BPD.pdf

IP & Data Networks

APN’s & VPN’s

APN’s and VPN’s are often discussed together, but they are very different.

MNO’s and MVNO’s provide access to their data network via an Access Point. Devices/SIMs are configured to access these access points via Access Point Names (APN’s). For instance, the standard APN for EE SIM’s is ‘everywhere’. APN’s can be Public or Private:

  • Every network provider has a public APN. When the SIM card is enabled for data, the public APN is added by default. A Public APN is open for everyone to use.
  • A private APN routes mobile data traffic from mobile devices directly into organisations’ corporate data networks. As a result, the M2M devices using a private APN don’t share the public data pathways. Every M2M device that needs a data connection must be configured to the APN of its SIM card carrier. It provides an extra layer of security for your M2M device, which means devices are more secure and may not need to use VPN client software.

Virtual Private Network (VPN) is a technology that allows you to change your IP, bypass online censorship restrictions, and browse the Internet securely and anonymously. It works by creating a secure virtual tunnel for your online data. All the data that goes through this tunnel is encrypted, and therefore can’t be viewed by your ISP and other third parties.

Public & Private IP addresses

All IPv4 addresses can be divided into two major groups: global (or public, external) – this group can also be called ‘WAN addresses’ — those that are used on the Internet, and private (or local, internal) addresses — those that are used in the local network (LAN).

Public IP address

These are public (global) addresses that are used on the Internet. A public IP address is an IP address that is used to access the Internet. Public IP addresses can be routed on the Internet, unlike private addresses. 
All of the public IP-addresses on the Internet are unique to their host or server and must not be duplicated.

The NAT-enabled IPv4 router allows home network devices to use one public IP address that it has got from a provider on the WAN interface for the Internet connection. This external public IP address can be used to access home network devices from the Internet as well, but for this purpose, it is necessary to set up Port forwarding on your router.

Private IP address

Private (internal) addresses are not routed on the Internet and no traffic can be sent to them from the Internet, they only supposed to work within the local network.
Private addresses include IP addresses from the following subnets:

  • Range from 10.0.0.0 to 10.255.255.255 — a 10.0.0.0 network with a 255.0.0.0 or /8 (an 8-bit) mask
  • Range from 172.16.0.0 to 172.31.255.255 — a 172.16.0.0 network with a 255.240.0.0 or /12
  • A 192.168.0.0 to 192.168.255.255 range, which is a 192.168.0.0 network masked by 255.255.0.0 or /16
  • A special range 100.64.0.0 to 100.127.255.255 with a 255.192.0.0 or /10 network mask; this subnet is recommended according to rfc6598 for use as an address pool for CGN (Carrier-Grade NAT)

Those are reserved IP addresses. These addresses are intended for use in closed local area networks and the allocation of such addresses is not globally controlled by anyone.
Direct access to the Internet from a private IP address is not possible. In this case, the connection to the Internet must go through NAT (Network Address Translation replaces the private IP address with a public one). Private IP addresses within the same local network must be unique and cannot duplicate.

Source

Static IP address

Network Address Translation (NAT)

All IP packets have a source IP address and a destination IP address.

Typically packets passing from the private network to the public network will have their source address modified, while packets passing from the public network back to the private network will have their destination address modified.

To avoid ambiguity in how replies are translated, further modifications to the packets are required. The vast bulk of Internet traffic uses Transmission Control Protocol (TCP) or User Datagram Protocol (UDP). For these protocols the port numbers are changed so that the combination of IP address (within the IP header) and port number (within the Transport Layer header) on the returned packet can be unambiguously mapped to the corresponding private network destination.

LPWAN Connectivity

LPWAN connectivity does not require a SIM. It does however require connection to a network, and this can be provisioned over the air or manually programmed during the manufacturing/production process.

References & Further Reading