EUICC

Last updated February 28, 2024

eUICC (embedded UICC ^[1]) refers to the architectural standards published by the GSM Association (GSMA)^[2]^[3] or implementations of those standard for eSIM, a device used to securely store one or more SIM card profiles, which are the unique identifiers and cryptographic keys used by cellular network service providers to uniquely identify and securely connect to mobile network devices. Applications of eUICC are found in mobile network devices (cell phones, tablets, portable computers, security controllers, medical devices, etc.) that use GSM cellular network eSIM technology.

Standards

The core standards that define eUICC are published by the GSM Association in two topical areas.

Consumer and IOT

Core standards for implementing eSIM on mobile devices include the following articles:^[2]

Machine to Machine (M2M)

GSMA publishes standards for machine-to-machine (M2M) third-party provisioning of eSIM which includes the following articles:^[3]

SGP.01 M2M eSIM Architecture v4.2
SGP.02 eSIM Technical Specifications V4.2.1

Implementation

eUICC can refer to any implementation or application of the eUICC standards in an eSIM device. Each implementation of eUICC includes software code, a processor to emulate the software, non-volatile memory used to store the unique identifiers and cryptographic keys that are part of a SIM profile, and a bus interface to communicate the SIM profile to the mobile device. eUICC standards specify that only one eUICC security controller (ECASD) may be implemented in an eSIM, but the eSIM may store multiple SIM profiles.^[5]

EID

GSMA standards define EID as "eUICC Identifier".^[4]^[6] Some developers / implementers have referred to this using the descriptive term "eSIM identifier", which summarizes the function of an eUICC Identifier.^[7]^[8] Some third parties have joined this acronym with the term "electronic identity document", which is a general concept of any identifier stored or presented in electronic format.^[9]^[10]

Related Research Articles

<span class="mw-page-title-main">GSM</span> Cellular telephone network standard

The Global System for Mobile Communications (GSM) is a standard developed by the European Telecommunications Standards Institute (ETSI) to describe the protocols for second-generation (2G) digital cellular networks used by mobile devices such as mobile phones and tablets. GSM is also a trade mark owned by the GSM Association. GSM may also refer to the Full Rate voice codec.

Short Message/Messaging Service, commonly abbreviated as SMS, is a text messaging service component of most telephone, Internet and mobile device systems. It uses standardized communication protocols that let mobile devices exchange short text messages. An intermediary service can facilitate a text-to-voice conversion to be sent to landlines.

The international mobile subscriber identity is a number that uniquely identifies every user of a cellular network. It is stored as a 64-bit field and is sent by the mobile device to the network. It is also used for acquiring other details of the mobile in the home location register (HLR) or as locally copied in the visitor location register. To prevent eavesdroppers from identifying and tracking the subscriber on the radio interface, the IMSI is sent as rarely as possible and a randomly-generated TMSI is sent instead.

A SIM card is an integrated circuit (IC) intended to securely store an international mobile subscriber identity (IMSI) number and its related key, which are used to identify and authenticate subscribers on mobile telephone devices. Technically the actual physical card is known as a universal integrated circuit card (UICC); this smart card is usually made of PVC with embedded contacts and semiconductors, with the SIM as its primary component. In practice the term "SIM card" is still used to refer to the entire unit and not simply the IC.

Near-field communication (NFC) is a set of communication protocols that enables communication between two electronic devices over a distance of 4 centimetres (1.6 in) or less. NFC offers a low-speed connection through a simple setup that can be used for the bootstrapping of capable wireless connections. Like other proximity card technologies, NFC is based on inductive coupling between two electromagnetic coils present on a NFC-enabled device such as a smartphone. NFC communicating in one or both directions uses a frequency of 13.56 MHz in the globally available unlicensed radio frequency ISM band, compliant with the ISO/IEC 18000-3 air interface standard at data rates ranging from 106 to 848 kbit/s.

The International Mobile Equipment Identity (IMEI) is a numeric identifier, usually unique, for 3GPP and iDEN mobile phones, as well as some satellite phones. It is usually found printed inside the battery compartment of the phone but can also be displayed on-screen on most phones by entering the MMI Supplementary Service code *#06# on the dialpad, or alongside other system information in the settings menu on smartphone operating systems.

MSISDN is a number uniquely identifying a subscription in a Global System for Mobile communications or a Universal Mobile Telecommunications System mobile network. It is the mapping of the telephone number to the subscriber identity module in a mobile or cellular phone. This abbreviation has several interpretations, the most common one being "Mobile Station International Subscriber Directory Number".

The universal integrated circuit card (UICC) is the smart card used in mobile terminals in 2G (GSM), 3G (UMTS), 4G (LTE), and 5G networks. The UICC ensures the integrity and security of all kinds of personal data, and it typically holds a few hundred kilobytes. The official definition for UICC is found in ETSI TR 102 216, where it is defined as a "smart card that conforms to the specifications written and maintained by the ETSI Smart Card Platform project". In addition, the definition has a note that states that "UICC is neither an abbreviation nor an acronym". NIST SP 800-101 Rev. 1 and NIST Computer Security Resource Center Glossary state that, "A UICC may be referred to as a SIM, USIM, RUIM or CSIM, and is used interchangeably with those terms", though this is an over-simplification. The primary component of a UICC is a SIM card.

The Open Mobile Terminal Platform (OMTP) was a forum created by mobile network operators to discuss standards with manufacturers of mobile phones and other mobile devices. During its lifetime, the OMTP included manufacturers such as Huawei, LG Electronics, Motorola, Nokia, Samsung and Sony Ericsson.

Machine to machine (M2M) is direct communication between devices using any communications channel, including wired and wireless. Machine to machine communication can include industrial instrumentation, enabling a sensor or meter to communicate the information it records to application software that can use it. Such communication was originally accomplished by having a remote network of machines relay information back to a central hub for analysis, which would then be rerouted into a system like a personal computer.

A mobile signature is a digital signature generated either on a mobile phone or on a SIM card on a mobile phone.

Truphone is a GSMA-accredited global mobile network that operates its service internationally. The company is headquartered in London and has offices in ten other countries, being spread across four continents.

SIM Application Toolkit (STK) is a standard of the GSM system which enables the subscriber identity module to initiate actions which can be used for various value-added services. Similar standards exist for other network and card systems, with the USIM Application Toolkit (USAT) for USIMs used by newer-generation networks being an example. A more general name for this class of Java Card-based applications running on UICC cards is the Card Application Toolkit (CAT).

A Central Equipment Identity Register (CEIR) is a database of mobile equipment identifiers. Such an identifier is assigned to each SIM slot of the mobile device.

Video Share is an IP Multimedia System (IMS) enabled service for mobile networks that allows users engaged in a circuit switch voice call to add a unidirectional video streaming session over the packet network during the voice call. Any of the parties on the voice call can initiate a video streaming session. There can be multiple video streaming sessions during a voice call, and each of these streaming sessions can be initiated by any of the parties on the voice call. The video source can either be the camera on the phone or a pre-recorded video clip.

The (U)SIM interface is the connecting point of the mobile phone and the UICC with its SIM or USIM application.

An eSIM (embedded-SIM) is a form of SIM card that is embedded directly into a device. Instead of an integrated circuit located on a removable SIM card, typically made of PVC, an eSIM consists of software installed onto an eUICC chip permanently attached to a device. If the eSIM is eUICC-compatible, it can be re-programmed with new SIM information. Otherwise, the eSIM is programmed with its ICCID/IMSI and other information at the time it is manufactured, and cannot be changed. Different mobile telephones may not support an eSIM, may have a permanently programmed, unchangeable one, or one that can be reprogrammed for any carrier that supports the technology. Phones may support physical SIMs only, eSIM only, or both.

Remote SIM provisioning is a specification realized by GSMA that allows consumers to remotely activate the subscriber identity module (SIM) embedded in a portable device such as a smart phone, smart watch, fitness band or tablet computer. The specification was originally part of the GSMA's work on eSIM and it is important to note that remote SIM provisioning is just one of the aspects that this eSIM specification includes. The other aspects being that the SIM is now structured into "domains" that separate the operator profile from the security and application "domains". In practise "eSIM upgrade" in the form of a normal SIM card is possible or eSIM can be included into an SOC. The requirement of GSMA certification is that personalisation packet is decoded inside the chip and so there is no way to dump Ki, OPc and 5G keys. Another important aspect is that the eSIM is owned by the enterprise, and this means that the enterprise now has full control of the security and applications in the eSIM, and which operators profiles are to be used.

Karsten Nohl is a German cryptography expert and hacker. His areas of research include Global System for Mobile Communications (GSM) security, radio-frequency identification (RFID) security, and privacy protection.

Simjacker is a cellular software exploit for SIM Cards discovered by AdaptiveMobile Security. 29 countries are vulnerable according to ZDNet. The vulnerability has been exploited primarily in Mexico, but also Colombia and Peru, according to the Wall Street Journal, where it was used to track the location of mobile phone users without their knowledge.

References

↑ Weber, Tobias. "What is an eUICC and Why Does It Matter?". EMnify. EMnify. Retrieved 17 September 2022.
1 2 "eSIM Consumer and IoT Specifications". gsma.com. GSM Association. Retrieved 14 September 2022.
1 2 "M2M Specifications". gsma.com. GSM Association. Retrieved 14 September 2022.
1 2 "SGP.21 eSIM Architecture Specification". GSM Association. 3 Aug 2021.
↑ "RSP Technical Specification Version 2.4" (PDF). gsma.com. GSM Association. 28 October 2021.
↑ "SGP.29 v1.0 EID Definition and Assignment Process". GSM Association. 31 Jul 2020.
↑ "Electronic subscriber identity module application identifier handling". Google Patents. Retrieved 16 September 2022.
↑ "United States Patent Application Publication US20150350879A1" (PDF). Google patents. United States Patent and Trademark Office. 3 December 2015.
↑ Sheridan, Anatoliy (18 August 2022). "What is an EID number in a phone?". Tab-TV.
↑ Sereda, Vladimir (22 November 2021). "What is a phone EID number explained". Splaitor.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[EMnify-1] Weber, Tobias. "What is an eUICC and Why Does It Matter?". EMnify. EMnify. Retrieved 17 September 2022.

[GSMA_eSIM_Standards-2] 1 2 "eSIM Consumer and IoT Specifications". gsma.com. GSM Association. Retrieved 14 September 2022.

[GSMA_eSIM_M2M_Standards-3] 1 2 "M2M Specifications". gsma.com. GSM Association. Retrieved 14 September 2022.

[SGP.21-4] 1 2 "SGP.21 eSIM Architecture Specification". GSM Association. 3 Aug 2021.

[5] "RSP Technical Specification Version 2.4" (PDF). gsma.com. GSM Association. 28 October 2021.

[SGP.29-6] "SGP.29 v1.0 EID Definition and Assignment Process". GSM Association. 31 Jul 2020.

[7] "Electronic subscriber identity module application identifier handling". Google Patents. Retrieved 16 September 2022.

[8] "United States Patent Application Publication US20150350879A1" (PDF). Google patents. United States Patent and Trademark Office. 3 December 2015.

[9] Sheridan, Anatoliy (18 August 2022). "What is an EID number in a phone?". Tab-TV.

[10] Sereda, Vladimir (22 November 2021). "What is a phone EID number explained". Splaitor.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]