Across multiple personal devices

From eSIM to Digital Persona

+ show more

A Strategy Analytics white paper sponsored by Hewlett Packard Enterprise

Report snapshot

As eSIM and non-SIM devices proliferate, they require seamless access to mobile services based on the subscriber’s federated digital identity (ID) that is anchored by a primary smartphone subscription.


This report describes the three functions service providers need:


  • Authentication to validate devices and subscribers
  • Entitlement to ensure that devices are associated with the right rate plans
  • Orchestration to deliver seamless access and delivery across multiple diverse devices and services
  • Introduction: Evolution to SIM and now eSIM

    When cell phones first arrived in the early 1980s, the equipment identifier was part of the device hardware.

    It was associated with a mobile number and the subscriber’s rate plan through a physical in-store provisioning process by the service provider. A major breakthrough came with Universal Mobile Telecommunications Service (UMTS) and 3G (GSM) in the early 1990s when the SIM card—a universal integrated circuit card (UICC) was introduced to hold network-specific information that identifies and authenticates subscribers on the provider’s network. The UICC/GSM SIM could contain several applications that provided access to both GSM and UMTS networks. In addition, the SIM card could store a small personal phone book and other applications.

As SIM cards became removable, users found they could switch to new devices simply by swapping the SIM card. It was also possible to switch service providers and keep the same phone number by swapping the SIM card. Or users—with the right radio standard on their device, for example, GSM—could roam internationally and pay local rates simply by buying a separate SIM card for the countries they were traveling to.


But many users found swapping SIM cards difficult to do without help.


The idea of an eSIM or electronic/embedded SIM identifier stored in firmware instead of on a physical card began to be explored as early as 2010. But it was not standardized until late 2016, in part because service providers feared that it would be too easy to swap constantly between providers to get the best current service discount.


Most recently, new devices have emerged that only have an eSIM identifier instead of a physical SIM card. This is especially useful for devices with a limited user interface such as a smartwatch or fitness tracker.


However, even eSIM devices have to be authenticated and validated for rate plans and service access—typically through a smartphone app or even a web portal. This makes the process seamless not just for devices but also for roaming between phone and cloud, and even private corporate services—the subject of this report.


Proliferation of diverse device types

Last year, Strategy Analytics looked at all its device forecasts to create Figure 1. The figure shows that by 2025, the installed base of connected and Internet of Things (IoT) devices is expected to reach nearly 40 billion worldwide.


Figure 1. The proliferation of diverse device types <note>Global Connected and IoT Device Forecast, Strategy Analytics, May 2019 </note>

Many of these devices do not have a programmable user interface and, in most cases, users will want to add them as additional devices on their current communications rate plan rather than buy a separate plan. And most of them will require internet, as well as phone access, so that by 2022, we estimate there will be four devices per person on a global basis. In North America and Western Europe, we project over 10 devices per person.


Mobile handsets will continue to be anchor for multi-device subscriptions

In an analysis of subscriptions by device type, it is clear that handsets will continue to be the anchor, as shown in Figure 2.


Figure 2. Subscriptions by device type <note>Worldwide Cellular User Forecast 2019-2024, Strategy Analytics, May 2019 </note>

Handsets will still account for 91% of user-linked subscriptions (excluding M2M) by 2024, even as PC/modem connections are projected to grow at a compound annual growth rate (CAGR) of 2.7% through 2023. Tablet subscriptions will grow steadily at a CAGR of 4.3% through 2024 and subscriptions for other connected devices will grow at a CAGR of 26% through 2024, driven in part by connected cars and wearables.


eSIM-Based devices will grow exponentially

eSIM-only smartphones such as Apple and Google™ will play an increasingly important role over the next few years, as they grow from over 75 million per year in 2019 to nearly 300 million in 2024. Even more importantly eSIM-based devices are projected to reach nearly 2 billion units by 2025, as shown in Figure 3.  1


Figure 3. Shipments of eSIM-based devices forecast to reach nearly 2 billion units by 2025

  • Rapid proliferation of devices and diverse connectivity demand digital ID

    In parallel with the proliferation of devices, we have already seen a dramatic evolution in connectivity since 2010, as shown in Figure 4.


    Independent, often unconnected devices evolve to connected, cloud synchronized devices and services.


Figure 4. Connection evolution from 2010 to 2020

In 2010, the iPad, Instagram for images, and Spotify for streaming music were brand new. In the middle of the decade along came the Apple watch and smart speakers such as Amazon Echo. By 2017–2018, we had eSIM devices and media was moving to the cloud with Disney+ and 5G arriving at the end of the decade.


These use cases and new devices have changed the nature of connectivity from one-to-one device to network connectivity, in 2010, to multiple devices connected to each other and to multiple networks, in 2020. Today, smartphones share a federated digital ID with eSIM wearables or tablets via a cloud account or connected services; and multiple cloud services are accessed across multiple devices from smartphones, PCs, or tablets. The identity associated with a phone number now connects to any device with that digital ID.


Everyone loves (inter)connected devices

Devices that connect to a network plus also interconnect and synchronize with one another along with common service access, as shown in Figure 5, are highly desired.


Figure 5. Seamless interconnection makes multiple devices easier to manage

When devices are quick and easy to onboard and seamlessly interconnected over Ethernet, Wi-Fi, 4G, and soon 5G, so that they appear to work as one, they will significantly enhance the customer’s experience.


For service providers, supporting clusters of diverse devices makes it quicker to launch common services and add personalization features that persist across all of them. Digital ID should significantly accelerate the speed, with which new services are launched, and enhance the stickiness of the service providers who offer.


For device manufacturers, digital ID that is integrated with device management, for example, in an enterprise environment, can make it much easier to deploy software upgrades or download new software features. It may even help sell additional devices.


New digital ID landscape

Digital ID is, therefore, not only a necessity to support the exploding number of eSIM devices, but it is also a burgeoning opportunity in its own right. GSMA has endorsed estimates that by 2024, the opportunity for mobile operators to enable digital ID for over 3 billion subscribers is worth $7 billion.


Therefore, service providers must meet the needs of subscribers who want to:


  • Have multiple connected and interconnected devices
  • Access multiple platforms and services on those multiple devices
  • Get secure, consistent access to their services and information across their connected devices


To deliver this, the service providers need:


  • Tools to connect their subscribers’ devices and platforms
  • Identity federation to manage digital ID


Specifically, there are three capabilities required to meet those requirements. They are:


  • Authentication
  • Entitlement
  • Orchestration


We describe each of these below. The related white paper Digital ID—Functions and Building Blocks describes the technical implementation.


Authentication—Definition and typical use cases

There are two types of authentication.


The first is for SIM- and eSIM-enabled devices, which leverages the embedded EAP-AKA capability. The EAP-AKA protocol was developed by 3GPP for authentication and session key distribution, and uses the AKA mechanism. The mechanism is based on symmetric keys and runs in SIM or eSIM module. EAP-AKA includes optional identity privacy support, optional result indications, and an optional fast re-authentication procedure.


The second approach is for non-SIM clients that cannot access AKA functionality on the device and can use network access with:


  • OAuth 2.0: an authorization framework that enables a third-party application to obtain limited access to an HTTP service
  • OpenID Connect: an identity layer on top of the OAuth 2.0 protocol that allows clients to request and receive information about authenticated sessions and end-users


Typical use cases that require authentication are:


  • Companion device activation
  • On-device plan purchase
  • Account takeover protection (prevent bank fraud due to SIM cloning)

Entitlement—Definition and typical use cases

Based on GSMA TS.43, entitlement is defined as the applicability, availability, and status of a service, needed by the client before offering that service to end-users.


Typical entitlement functions are to:


  • Provide overall status of the service to the client
  • Offer status of activation procedure of the service to the device
  • Manage web views presented to users by the client during activation and management of the service


Typical use cases that require these entitlement functions are:


  • VoLTE calling
  • VoWiFi calling
  • SMSoIP (SMS Over IP)
  • On-device subscription activation (ODSA)


Orchestration—Definition and typical use cases

Orchestration simplifies and streamlines the processes required for subscription activation and post-activation; and enables intelligent user transparent management of connected devices such as smartphones, wearables, and tablets.


From the user perspective, orchestration provides a single-entry point for all on-device administrative procedures and makes interactions with different independent systems at the operator or service provider level fully transparent to the subscriber. This is essential for seamless enablement of the subscriber’s federated identity that needs to:


  • Link multiple devices with device-specific authentication
  • Use the device associated with the primary identity to trigger each additional device-specific authentication
  • Link each device to the primary digital ID


Key use cases for orchestration are:


  • ODSA
  • Temporary eSIM subscription activation
  • Other use cases beyond consumer eSIM


Here we describe each of these orchestration use cases.


On-device subscription activation

This is the use case for straightforward on-device activation, where there is no need for QR codes, customer service calls, or visits to the service provider’s point-of-sale.


Orchestration makes any new subscription activation dramatically simpler for both the carrier and the consumer. Most importantly, it makes eSIM activation easy by creating one nearly continuous flow and helping eliminate the need for the subscriber to perform double logins, use QR codes, open a new browser on a PC, or follow complicated instructions on the phone with customer service. The whole process is performed with an app on the device—typically, a smartphone—that is easy to use and that can be carrier-branded to reinforce a long-term sticky relationship across all of a subscriber’s devices.


And the app is extensible to support additional use cases.


eSIM subscription activation

On-device eSIM subscription activation is useful in several situations, but one of the most common is setting up a new device. That device may need a new subscription or may get a subscription transferred from an old device. In both cases, the subscriber can activate the eSIM on the device using an on-device app, avoiding trips to a shop or calls to customer service. The entire process is facilitated on the device thanks to a carrier’s orchestration platform.


The on-device app provides a carrier-branded experience right on the device thus allowing the carrier to maintain brand presence even though the consumer has not gone into a shop.


Consumers benefit from ODSA by

  • Having the ability to set up a new device right out of the box at home
  • Being able to transfer an old subscription and profile or set up a new one easily


By making the process user-friendly, the carrier’s app can increase subscriber satisfaction and reduce costly churn.

Other cases beyond consumer eSIM

Increasingly digital identity business models are emerging that go far beyond consumer eSIM. Additional use cases that extend the services of the primary phone via a federated digital identity are proliferating everywhere including:


  • Non-SIM devices, for example, smart speakers.
  • New kinds of SIM/eSIM devices such as connected cars.
  • Enterprise domains, where employee bring your own devices (BYOD) or eSIM devices are subject to mobile device management (MDM) and need to have a digital identity that can be associated not only with a primary device but also with other devices and security parameters, available services, and so on.
  • Simpler activation and secure access authorization are essential

    As eSIM devices proliferate with clusters anchored to every mobile handset or smartphone subscription, the need for simple activation will become overwhelming.

    In parallel, there will be increased awareness of the need to secure every personal subscriber ID and control every associated application access. eSIM offers robust on-device security since the eSIM can be used as a root of trust that is automatically authenticated and authorized for valid applications.


    Authentication, entitlement, and orchestration for every device type is needed not only for subscriber ID authentication and rate plan authorization but also for secure access to the relevant device associated applications—wherever they are on the internet, in the cloud, or on a private portal. And subscribers will soon demand to be able to independently:


    • Provision new devices and applications through a smartphone app or client that interfaces to complex device APIs
    • Set up every device-type both locally and when roaming globally via Telco cloud
    • Activate (or cancel) services anywhere on-demand


    Digital ID delivers these capabilities

    Communications service providers (CSPs) need to see digital ID as the key to turning eSIM from a threat to an opportunity.


    Figure 6 indicates how digital ID allows CSPs to address each eSIM threat and turn it into an opportunity.


Figure 6. eSIM threats become digital ID opportunities

Specific opportunities created by the adoption of digital ID process are summarized in the right column of Figure 6. Not only does digital ID enhance customer loyalty through its simplicity, thereby creating a sticky service for multidevice subscribers, but it also discourages the cloud hyperscalers from going over the top (OTT) by resolving regulatory and privacy issues. And it reinforces the customer relationship with responsive service upgrades and application synchronization that simultaneously reinforce CSP brand awareness.


CSPs are uniquely positioned to deliver digital ID

As eSIM devices proliferate and OTT cloud competition heats up, CSPs should consider early adoption of digital ID solutions to enhance customer loyalty, reduce potential churn, and ensure they capture the types of on-device promotions that allow them to maintain close customer relationships with minimal churn.


If implemented well, digital ID can allow CSPs to be viewed as fully trusted neutral third parties that comply automatically with regulatory and privacy controls on the user’s behalf, while the cloud hyperscalers continue to evade regulation and leverage private consumer data as an inherent part of their business model.


CSP digital ID software platforms must also meet zero-trust requirements to protect every item of user data and applications throughput with:



  • Authenticated user device and service access
  • Entitlement validation of subscription and rate plan
  • Seamless, user-transparent orchestration of complex administrative processes



Any digital ID solution needs to be built on those three essential building blocks—authentication, entitlement, and orchestration.


The next white paper Digital ID: Functions and Building Blocks describes how these can be implemented.

  • About communications and media solutions, Hewlett Packard Enterprise

    HPE has over 30 years of experience in the telecom industry, with more than 300 telco customers across 160 countries. In the core, more than 700 million subscribers across more than 80 carriers depend on HPE Mobile Core software.

    HPE’s open telco solutions help operators evolve their networks and services to a 5G-ready, cloud native, service-based architecture. As the edge-to-cloud platform-as-a-service company, our experience in hybrid cloud allows us to bring the cloud transformation and secure, carrier-grade, standards-based infrastructure to telecommunications networks. HPE was recognized by Frost & Sullivan with the 2019 Leadership award for Global 5G Infrastructure Enabling Technology.


    Hewlett Packard Enterprise is the global edge-to-cloud platform-as-a-service company that helps organizations accelerate outcomes by unlocking value from all of their data, everywhere. Built on decades of reimagining the future and innovating to advance the way people live and work, HPE delivers unique, open, and intelligent technology solutions, with a consistent experience across all clouds and edges, to help customers develop new business models, engage in new ways, and increase operational performance.

  • About Strategy Analytics

    Analytics provides strategic and tactical support to global clients across the market and product lifecycle including consulting projects and white papers.

    Feel free to contact the author with any questions on this report or for further details on how we can assist you.

Learn more at

Our solution partner

Download the PDF

Google is a trademark of Google LLC. All third-party marks are property of their respective owners.