The Secure Route to an Interoperable M2M Future

And that’s because, in an internet world of things, almost anything can be connected to everything else – whether that’s domestic electricity meters to billing systems, fleets of trucks to logistics databases or contactless cards to NFC payment terminals.

But before we get too carried away on a tide of M2M enthusiasm, there are problems with this level of universal connectivity.

Intelligence and interoperability

And the first, according to Orange Group’s Geoffrey Zbinden, is in the definition of M2M. In this month’s Interview with the SIMalliance, Zbinden defines M2M communications as intelligent interactions between devices and between SIM cards.

In this scenario, Orange’s conservative estimate of 100 million connections by the end of 2015 – based on an installed base of 20 million SIM cards today - appears sensibly pragmatic.

Moving from the rather philosophical discussions of definition and addressable markets, the very real issues of interoperability present themselves, suggesting that universal M2M connectivity isn’t quite that – at least not today.

Zbinden points to the huge diversity of potential use cases as a major challenge here. As the market seeks to realise the benefits of M2M, new modules, applications and indeed new eco-system players are beginning to emerge across the telecoms, utilities, fleet management, automotive and health sectors (to name just a few of the hottest M2M verticals).

While standardising around the SIM (or Universal Integrated Circuit Card as it is today) provides a platform for authentication and application delivery, Zbinden believes work is needed in interoperability testing between device and module manufacturers, application providers and network operators.

The need for regulation

He is also at pains to stress the critical role of regulators - telco, vertical and government – in defining cross network and cross border service certifications. And he’s not alone. The GSMA is likewise calling (and working towards) ‘an open ecosystem that can deliver scalable and interoperable products and services’.

But, of course, there’s no simple answer. For example, one hugely successful service in France is giving advance warning of speed cameras to over 500,000 drivers. French regulators, however, took a rather dim view of the application and were seeking a nationwide ban. Similarly fleet management services must be able to handoff to new networks as trucks move across borders; here technical and regulatory issues abound if companies are to avoid falling foul of individual country data protection laws.

Other cross-border initiatives such as the European Commission’s eCall project – intended to bring rapid assistance to motorists involved in accidents anywhere in the European Union – must also combine seamless device and network interoperability with the very highest levels of data protection. And critically, such moves must be supported by clear, unambiguous regulation.  

Importance of information assurance

According to SIMalliance’s Benoit Jouffrey, the issues of data integrity and privacy protection are increasingly critical in the M2M world. While French motorway users are happy to trade their location data to avoid a speeding ticket, the same cannot be said for consumers of hundreds other potential M2M applications – most obviously in the utilities and health sectors. The need for regulators to come together on this issue is paramount.

But it’s also rather irrelevant without the availability of the right solution.

Here Jouffrey points to the inherent security of the UICC as one option to assure data protection and privacy enforcement. In this way, the application leverages the UICC’s secure hardware characteristics to authenticate communication between operator, application and device/module.

Without this level of security the device (and what it is connected to) faces the very real threat of attack from cyberspace. Should control of the application be granted to a nefarious source, it’s not only data that will be under threat. Consider the opportunity for chaos should a virus knock out a smart grid, or perhaps take control of the engine control system in a moving car.

Managing service scale

Discussing mass market solutions such as engine diagnostics, fleet control and utility smart grids highlights yet another issue – that of managing scale. And as the device estate grows – potentially into the millions of modules needed to manage a national smart grid programme for example – so do the problems of remote and secure management. With potentially several billion connected devices, the network or back-end infrastructure will need to be upgraded. Here the UICC plays another key role. With its Over-the-Air (OTA) management and processing capabilities, the SIM can become a thin client, balancing back-end investments to ensure the seamless deployment of M2M services.

UICC on good form

As use cases proliferate, we are seeing different UICC form factors appear to suit the differing modules and devices. The conventional plug-in format for cards was too large for many applications so work had to be done to change the shape and size of the chip to best suit the host. This led to a new ETSI standard in 2010.

Equally, embedding a chip into an engine management system could expose it to incredibly high temperatures, while a host of outdoor modules (from CCTV and remote surveillance through to test and measurement devices) will be subject to extremes at the other end of the temperature spectrum.  Work, according to Zbinden, is already being done to address these issues in operator, module and SIM manufacturing organisations. Both on format and features the SIM is able to adapt to match the specific requirements of the M2M world.

Partnering to succeed

But whatever the challenges, the key to unlocking the potential of machine to machine communications for network operators, device manufactures, application developers and end-user brands is their collective ability to work together to create an environment that is both interoperable, open and fully secure.

Orange Group and Deutsche Telekom have recently taken a huge step forward in creating a partnership to deliver network interoperability across Europe to do just that. And, according to Zbinden, the partners are keen to extend this initiative throughout the operator community.

The SIMalliance, for its part, is working to increase interoperability and openness at network and application level through its workgroups, while helping to drive standardisation and new secure form factors to support continued innovation, market acceptance and information assurance.