UL's Webinar on 'Testing M2M and Consumer RSP beyond the specifications'

November 13, 2017 - Find the answers to all the questions that were asked during the webinar which was hosted on 7 November 2017.

GSMA has worked hard alongside the test tool vendors to create test specifications to test and certify all components in the M2M and the Consumer RSP ecosystem.

During the hour-long webinar, Iain Maxwell addressed key questions such as:

  • What will be the approach to test each of the components in the M2M and Consumer RSP ecosystems?
  • Who is responsible for the testing? 
  • How do we test the eUICC, the device and the servers and how is it possible to spy on the interfaces between each of these components?

Not only that, it is becoming common practice to test beyond the scope of these test specifications. The need to perform interoperability testing to verify that any M2M eUICC really works with any SM-SR or any Consumer eUICC works with any SM-DP+ is a key driver. But an interesting addition is ensuring that the modem and eUICC performance delivers the required customer experience in the M2M and Consumer RSP domains.

Iain also presented an analysis on why this trend has arisen, shared common issues and lessons learned during UL's experience of this type of testing.

The webinar was recorded and is available here.

Here's a list of all the questions asked during the webinar, and the answers.

  1. When will the LPAs be tested in SGP.23?
    It may well never be tested as only a few MNOs have expressed any interest. In addition to that, SGP.23 is now a voluntary contribution driven test specification and although GSMA put LPAe back in scope earlier this year, no one contributed any test cases to test this feature of Consumer RSP. So it isn't covered in the SGP.23 v1.1 or v1.2 maintenance releases. Therefore that means if RSP-TEST did receive any future contributions for LPAe test cases then these would at best be added in SGP.23 v2.0, but the timeline for SGP.23 v2.0 is still unclear. But the feeling in the industry in general is that this Consumer RSP feature might never be implemented in any eUICC products so defining test cases for it are therefore low priority. 

  2. I heard that ES2+ is actually being added to SGP.23. Your slides say that it isn't?
    ES2+ was originally set as out of scope for SGP.23 v1.0 due to many MNOs having different backend implementations, but it was added back in scope for the next version by GSMA. However, later versions had to be hurriedly released to facilitate device certification by GCF/PTCRB and eUICC functional qualification by GlobalPlatform and therefore ES2+ will not be tested in SGP.23 until version 2.0 is completed. The timeline for SGP.23 v2.0 is still unclear.

  3. Does UL offer GSMA SAS-SM?
    No unfortunately UL cannot offer this audit as currently GSMA are not opening up future auditors for tender until 2020. But when they do UL hope to offer this audit to provide a ‘one-stop-shop’ or ‘turn-key’ testing solution for our customers.

  4. You say that we have to test beyond the specifications for the device, but how do we actually do that? Do I need a network simulator?
    After official GCF certification has been achieved the OEM will arrange for field trials to be completed by a GCF approved third party on an MNO network that is filed trial ready. So in M2M, or soon to be Consumer RSP, the real handset is tested with a real eUICC on an MNOs real network to prove that the device is compliant. In this instance additional interoperability testing should be performed here to determine if the device is functioning as expected. In the case of Consumer RSP devices are tested via Wi-Fi, but because these devices will spend a large part of their lifespan connected OTA to the MNOs network it makes sense to repeat a subset of the testing performed in SGP.23 where possible to deliver a degree of confidence checking.

  5. When do you expect there to be a certification body for the servers?
    The timeline is unknown. GSMA have offered the Server certification process to both GlobalPlatform and GCF. GlobalPlatform processes require that the full entity under test is in the test lab during qualification, but Server vendors have not been able to comply with this requirement, so unfortunately GlobalPlatform are not looking like a viable option here. GCF have requested more time to consider the scope and implications associated to this task. So there still might not be a viable certification body responsible for server testing by the end of the year. But even if there was, it is not predicted that activation of any potential processes would be possible until late 2018.

  6. How can the UL spy tool decrypt all the data?
    The UL Mobile Spy tool dynamically decrypts Secure Channel Protocols; SCP02, SCP03, SCP03t, SCP80 & SCP81 as long as it has the PSKs for M2M eUICCs or the Consumer RSP secret key and certificates.

 

For any questions on the webinar, or to discuss M2M and Consumer RSP testing, please email us at TransactionSecurity@ul.com.