Smart Card in IoT
iSIM, M2M provisioning, and embedded secure elements.
Smart Cards in IoT
The Internet of Things demands that billions of constrained devices authenticate, communicate securely, and resist physical tampering — often in hostile environments without human oversight. Smart card technology, in its evolved forms as discrete secure elements and integrated eSIMs, provides the hardware-anchored identity and cryptographic capability that pure software security cannot match.
Secure Elements in IoT Devices
A Secure Element (SE) is a tamper-resistant microcontroller that stores sensitive assets (private keys, certificates, symmetric keys) and executes security-critical operations in an isolated environment. In IoT, SEs come in three form factors:
| Form Factor | Description | Typical Use Case |
|---|---|---|
| Discrete SE (chip) | Separate IC soldered to PCB | Industrial gateways, payment terminals |
| Integrated SE | SE IP block inside application SoC | Consumer wearables, smart home |
| iSIMiSIMApplicationSIMSIMApplicationSmart card for mobile network authentication.Click to view → integrated into device SoC.Click to view → | SE + modem in single package | Miniaturised IoT, wearables |
| eUICCeUICCProvisioningReprogrammable SIM chip supporting remote profile switching.Click to view → (eSIMeSIMApplicationProgrammable embedded SIM chip.Click to view →) | Reprogrammable SE for cellular | M2M, connected vehicles, meters |
The TEE (Trusted Execution Environment) is a complementary technology that runs inside the main application processor — it is faster and more flexible than a discrete SE but provides weaker physical tamper resistance. In high-security IoT applications (payment, automotive, industrial control), a discrete SE or eUICC is preferred.
JavaCard OS runs on many IoT SEs, enabling applet-based security applications that can be updated after deployment. GlobalPlatform defines the secure channel protocols (SCP03) and card management interfaces used to install, update, and delete applets over the air.
eSIM for M2M and IoT Connectivity
The GSMA SGP.02 M2M eSIM specification was designed specifically for unattended IoT devices. Unlike consumer eSIM (SGP.22), M2M eSIM uses a push model: the operator's SM-SRSM-SRProvisioningSecure routing entity for M2M eSIM profile management.Click to view → pushes profile updates to the device without any user interaction.
| Feature | M2M eSIM (SGP.02) | Consumer eSIM (SGP.22) |
|---|---|---|
| Profile switch trigger | Operator / SM-SR | End user / LPALPAProvisioningDevice-side app for managing eSIM profile operations.Click to view → |
| Device types | Meters, vehicles, industrial | Phones, tablets, wearables |
| Offline profile change | Not supported | Not supported |
| Physical removal risk | None (soldered) | None (soldered) |
| Form factor | MFF2 (soldered) | Standard or MFF2 |
The SIM card has historically provided cellular authentication for IoT devices. The evolution to eSIM removes the mechanical SIM socket — a major reliability improvement for devices operating in vibration, moisture, or extreme temperature environments.
Use the esim-checker to determine whether a target IoT module supports SGP.02, SGP.22, or both.
Device Attestation and Secure Boot
In IoT security architectures, the SE provides the root of trust for device attestation — proving to a cloud service that the device firmware is genuine and unmodified:
- Unique Device Identity: A private key generated inside the SE at manufacture (never exported).
- Certificate Chain: Factory-issued device certificate signed by the manufacturer's CA.
- Attestation Report: The SE signs a digest of the current firmware, bootloader, and configuration.
- Mutual TLS: Device presents its SE-backed certificate; the cloud verifies the chain.
GlobalPlatform SEMS (Secure ElementSecure ElementSecurityTamper-resistant hardware for secure operations.Click to view → Management Service) and DICE (Device Identifier Composition Engine) are competing standards for this attestation chain. FIDO's FIDO2 specification extends device attestation to user-facing authentication, anchoring WebAuthn credentials in a hardware SE.
IoT Threat Model and SE Mitigations
| Threat | Severity | SE Mitigation |
|---|---|---|
| Key extraction from flash | Critical | Keys stored in SE, never exposed |
| Firmware tampering | High | Secure boot verified against SE root |
| Network impersonation | High | Mutual TLS with SE-backed cert |
| Physical probe attack | High | SE tamper mesh / active shield |
| Supply chain compromise | Medium | Factory attestation at provisioning |
| SIM swapping | High | eUICC eliminates physical SIM |
For constrained devices where a full SE is too expensive, the TEE running inside the application processor provides a lower-cost alternative — see the Smart Card Cryptography Guide for trade-offs. Related reading: eSIM Remote Provisioning and Smart Card Fundamentals.
자주 묻는 질문
Our guides cover a range of experience levels. Getting Started guides introduce smart card fundamentals. Security guides address Common Criteria certification and key management. Programming guides target developers working with APDU commands, JavaCard applets, and GlobalPlatform card management.