 Hello. I'm Pablo Repolo, the founder of HCloud Technologies, a consulting agency focused on IoT and edge computing. Over the last year, we have tested a couple of edge gateways and come to the conclusion that it's really possible to bring high security capabilities even to low-end edge hardware with the help of SIM cards. We also take in an assumption that during the next 10 years, a significant percentage of small edge gateways will have a 5G onboard. So in some way, they need to be equipped with a certain type of SIM. So what's actually a SIM card? Besides the well-known plastic in various form factors, there is also eSIM, the same type of SIM but in embedded format, which needs to be soldered on board during the device production. There is also a new way called iSIM, which is similar to SIMOS running in TE, a trusted execution environment, and the main core chip. Despite the form factor, today, all of these we are calling SIM, subscriber identification module, which is used for authentication users in 3G, 4G, and 5G networks. Let's take a look even deeper what's inside the modern SIM card and how it could help us to secure edge applications. So inside, we have an operating system, which is usually Java card, and the number of supplementary functions and security domains. One stands for root security domain and call it ISDR, and the number of ISDPs, which is security domains for profiles, which could be created, updated, or deleted. The key purpose of ISDPs is to delegate a secure space to the mobile operator or some other mobile subscription owners in order to be able to execute remote SIM provisioning over the year. There are two ways to manage profiles. So call it M2M model and consumer model. The key difference between them is how we are initiating profile manipulations. In M2M model, it's done from the back end side towards to the EUACC. While in consumer model, it's initiated from the device side, whether it's a smartphone or even IoT device, and towards to the back end. All these things are well described in GSM aspect. Few extra words about back end RSP infrastructure. In M2M scenario, shown on the left side, M&O loading subscriptions in SMDP, subscription manager, data preparation, which is usually belongs to M&O, and then via SMSR, which is secure router, usually belongs to ECM owner, downloading profiles from different SMDPs. In case of consumer scenario, on the right side, profile loading initiated via LPA, which is local profile administration, triggered by human or some programmable logic on device side, with further usage of SMDS, which is discovery service, and SMDP plus, which is combined profile data preparation and secure routing for downloading it into EUACC. Both schemas operated and secured by global CI and CA, controlled by GSMA, whose correspondence certification process called GSMA SAS. There is also a new spec, has been issued in December 2019 by GSMA and call it IoT safe. IoT seem uplift for secure and to end communication. This spec done specifically to secure IoT data and provide a root of trust for a security less connectivity for device apps. In the moment, there are five reference scenarios in this spec, but I'm pretty sure it could be extended more later on the way, how it could be used. Here, I'm showing ultra simplified diagram with a purpose not fall into complex and detailed message flows, but rather highlight the overall use case. This is theoretical, but still quite close to the reality of one of our latest projects. Example of HGitWay, which is handling two main function. One is to provide a telemetry and controls from the power transformer to local DSO in order to maintain a functioning and energy balancing services. The second function is to send energy metering and they had prognosis to another organization called here energy supplier. In this scenario, HGitWay infrastructure provider ordering a SIM cards from a factory with initial mobile profiles, soldering them on the gateway near to NBIOT modem, then provision a specific root secure domain with the keys for application security, then ships to clients in order to be mounted in the fields. Once device appear on the air, we can optionally load another mobile subscription, tailored for the specific region or specific country, thanks to our remote supervision. Then for each application, we could create a dedicated secure domains, issuing and signing corresponding certificates with the CI, which is behind the scene. Once preparation is done, we could have a secured management communication with a solution provider. For instance, based on pressure with keys, sign the metering data for energy company with a specific certificate what they will trust in their region and secure communication channel with the maintenance and control guys who want to minimize the risk of hacking power equipment under their responsibility. Let's see how it could look under the hood if he would use Ajax Foundry in order to expand this approach for a wider range of cases. SIM card, playing a role of secret storage and talking to a security proxy microservice. On management services, we could place a microservice for LPA service, local profile administration, to deal with remote supervision infrastructure which could be also extended with a logic of profile switchover for a non-connectivity purpose. So to summarize, it could be a good and cost efficient way to reuse a SIM card as a root of trust for highly integrated gateways. Also, this could be a subject to extend IOT safe spec for multi application purpose and also the couple secure uploads functions from a mobile operator profiles in order to allow service providers to manage secure domains for application security independently. I would be happy to discuss this approach with the community here before falling to coding and debugging. Feel free to contact me here or LinkedIn or email and enjoy the rest of ONS. Thank you again. Hi Pablo, thank you so much. We have you now live on the phone bridge. I don't see any Q and A questions. So we can wait for a few minutes for Q and A or feel free if you have any final words that you wanted to give. Yeah, so while we are waiting for any kind of questions, I could add a few words that for now we are actually assessing the possible integration of this kind of solution to Azure Foundry or we are also considering Project Eve in this direction. And probably we, for the next integration projects, we will introduce this kind of solution as integrated part of LF Edge projects. And later on, we'll be happy to share more experience regarding the kind of practical integration of Azure Foundry to the real projects. For the moment, it's operates without this kind of component because we have just only two data streams and the local virtualization is done just in the manner of barometal Linux on the edge gateway and just independent processes. All of them we are controlling. So please express your questions or any kind of ideas around this area. So would be really happy to hear any kind of critics or real ideas how to draw it because not all of the edge gateways has TPMs. So the email platforms have these embedded. This kind of issue is not really related to Intel platforms but rather to low-end edge gateways based on ARM which is quite popular and for massive adoption for massive purpose. We can push out pure IoT approach and introducing the edge gateways means bit of virtualization near to IoT. All right, Pablo, thank you so much for all of our listeners out there. If you click on the chat box on the top left, you will see where the Slack channel is where we can continue the conversation with Pablo. So thank you, Pablo. I'm gonna go ahead and end this and I will make sure that this is on demand for any future listeners. Okay, thanks everybody for listening and happy to talk to you later. Thanks Pablo. Thank you both.