A story of secret clubhouses, contact cards, and the chicken-and-egg problem
Phones don't remember who managed them. But IoT devices are deployed on remote mountains and ocean turbines: they need to know instantly if a command is from a trusted source. So they store a contact list right on the chip: only trusted managers can give orders!
Each trusted manager gets a digital contact card stored right on the chip. It includes their name, public key (for signature verification), a counter (against replay attacks), their language (HTTPS, CoAPS, etc.), and a trust anchor for encrypting the connection.
Four operations: addEim (add a new friend), updateEim (change their details), deleteEim (remove a friend), and listEim (who's on my list?). The very first manager solves a chicken-and-egg problem: it's added at the factory with a special bootstrap command!
Every command includes a ticket number that only goes up. The chip remembers the last number seen. Old numbers get rejected: "sorry, already saw that one!" When the counter nears its max of 8,388,607, the manager is removed and re-added with a fresh counter. Simple and bulletproof!
A single eSIM chip can trust multiple managers at once: so the company that made the device and the customer who bought it can both manage it, each with their own trusted spot on the contact list!
Discover how devices send report cards and undo mistakes!