Remote SIM provisioning

Last updated February 06, 2025

Remote SIM provisioning is a specification realized by GSMA that allows consumers to remotely activate the subscriber identity module (SIM) embedded in a portable device such as a smart phone, smart watch, fitness band or tablet computer.^[1]^[2] The specification was originally part of the GSMA's work on eSIM ^[3] and it is important to note that remote SIM provisioning is just one of the aspects that this eSIM specification includes. The other aspects being that the SIM is now structured into "domains" that separate the operator profile from the security and application "domains". In practise "eSIM upgrade" in the form of a normal SIM card^[4] is possible (using the Android 9 eSIM APIs) or eSIM can be included into an SOC.^[5] The requirement of GSMA certification is that personalisation packet is decoded inside the chip and so there is no way to dump Ki, OPc and 5G keys. Another important aspect is that the eSIM is owned by the enterprise^{[ clarification needed ]}, and this means that the enterprise now has full control of the security and applications in the eSIM, and which operators profiles are to be used.

Background to the specification

In the background of the technology looked to address the following issues:

The development of non-removable SIM technology - a new generation of SIM-cards like MFF which are soldered into the device.
The appearance and support by mobile operators of the concept of ABC (always best connected) – the opportunity get quality connections from any mobile operator at any point in time.
The explosive growth of the Internet of Things (IoT) - according to Gartner about 8.4 billion connections in 2017 (up 31% from 2016).^[6]
The cost and effort required to swap a SIM in a device that has been deployed in the field.

Origin

The GSM Association (GSMA) which brings together about 800 operators and 250 mobile ecosystem companies became the first to come up with the Consumer Remote SIM Provisioning initiative. The beginning of creation the technology was announced in the summer 2014. The complete version of the specification was realized in February, 2016. Initially, the specification was supposed to be used just by M2M devices, but since December, 2015 it has begun being spread over various custom wearable devices, and into enterprise applications like authentication and identity management.^[7]

"This new specification gives consumers the freedom to remotely connect devices, such as wearables, to a mobile network of their choice and continues to evolve the process of connecting new and innovative devices," Alex Sinclair, Chief Technology Officer, GSMA.^[8]

Besides, the right of independent service providers to transmit commands of loading profiles to SIM-cards in the device has been amended and the possibility to store arrays of profiles in independent certified data centers (Subscriptions manager) has appeared.^[9]

Functions and benefits

The specification that covers the carrier selection aspects aims to allow consumers to choose a mobile network operator from a wide range to activate the SIM embedded in a device via a subscription. It aims to simplify the users’ life by connecting their multiple devices through the same subscription. It should also motivate mobile device manufacturers to develop the next generation of the mobile-connected devices that will suit better the wearable technology applications. The specification that covers the carrier selection for M2M devices is simpler since typically there is no subscriber involved (e.g. changing the operator in an electricity meter).

The language that is used to describe these specification is a little confusing since eSIM is not a physical format (or "form factor" - the phrase that is used to describe the various SIM sizes). The eSIM describes the functionality in the SIM, not the physical size of the SIM - and there are eSIMs in many formats (2FF, 3FF, 4FF, MFF).

GSMA have also developed a compliance framework^[10] for eSIM devices, eUICCs, and subscription management products - to help with interoperability and security for products supporting eSIM. This is published by the GSMA as SGP.24,^[11] the eSIM compliance process describes common compliance requirements for:

Functional interoperability
eUICC security
eUICC production site security
Subscription Management site security

Operation

Remote provisioning on the host device is initiated by the Local Profile Assistant (LPA), a software package that follows the RSP specification.

When the LPA wants to retrieve a carrier profile it contacts a subscription manager (SM) service on the internet via HTTPS. The address of the SM can be defined:

in a QR code scanned by the user
by manually entering the SM's host name/Activation code on screen
hard coded by the host device manufacturer in firmware.
via a universal discovery service operated by the GSMA.

The LPA is responsible for validating the X.509 certificate of the SM is valid and issued by the GSMA certificate authority.^[12] Once validation is complete the LPA will coordinate a secure channel between the eUICC and the SM using challenge-response authentication to enter programming mode. The LPA will request carrier profiles available for download, either by submitting the activation code provided by the user or the eSIM ID (EID) of the eUICC. The SM will provide the requested profile encrypted in a way that only the eUICC can decrypt/install to ensure the network authentication key remains secure.

Related Research Articles

The international mobile subscriber identity is a number that uniquely identifies every user of a cellular network. It is stored as a 64-bit field and is sent by the mobile device to the network. It is also used for acquiring other details of the mobile in the home location register (HLR) or as locally copied in the visitor location register. To prevent eavesdroppers from identifying and tracking the subscriber on the radio interface, the IMSI is sent as rarely as possible and a randomly-generated TMSI is sent instead.

A SIM card or SIM is an integrated circuit (IC) intended to securely store an international mobile subscriber identity (IMSI) number and its related key, which are used to identify and authenticate subscribers on mobile telephone devices. SIMs are also able to store address book contacts information, and may be protected using a PIN code to prevent unauthorized use.

Near-field communication (NFC) is a set of communication protocols that enables communication between two electronic devices over a distance of 4 cm or less. NFC offers a low-speed connection through a simple setup that can be used for the bootstrapping of capable wireless connections. Like other proximity card technologies, NFC is based on inductive coupling between two electromagnetic coils present on a NFC-enabled device such as a smartphone. NFC communicating in one or both directions uses a frequency of 13.56 MHz in the globally available unlicensed radio frequency ISM band, compliant with the ISO/IEC 18000-3 air interface standard at data rates ranging from 106 to 848 kbit/s.

The International Mobile Equipment Identity (IMEI) is a numeric identifier, usually unique, for 3GPP and iDEN mobile phones, as well as some satellite phones. It is usually found printed inside the battery compartment of the phone but can also be displayed on-screen on most phones by entering the MMI Supplementary Service code *#06# on the dialpad, or alongside other system information in the settings menu on smartphone operating systems.

OMA SpecWorks, previously the Open Mobile Alliance (OMA), is a standards organization which develops open, international technical standards for the mobile phone industry. It is a nonprofit Non-governmental organization (NGO), not a formal government-sponsored standards organization as is the International Telecommunication Union (ITU): a forum for industry stakeholders to agree on common specifications for products and services.

The Open Mobile Terminal Platform (OMTP) was a forum created by mobile network operators to discuss standards with manufacturers of mobile phones and other mobile devices. During its lifetime, the OMTP included manufacturers such as Huawei, LG Electronics, Motorola, Nokia, Samsung and Sony Ericsson.

Telit Cinterion is an Internet of Things (IoT) Enabler company headquartered in Irvine, California, United States. It is a privately held company with key operations in the US, Brazil, Italy, Israel, and Korea.

Machine to machine (M2M) is direct communication between devices using any communications channel, including wired and wireless. Machine to machine communication can include industrial instrumentation, enabling a sensor or meter to communicate the information it records to application software that can use it. Such communication was originally accomplished by having a remote network of machines relay information back to a central hub for analysis, which would then be rerouted into a system like a personal computer.

<span class="mw-page-title-main">Gemalto</span> International digital security company

Gemalto was an international digital security company providing software applications, secure personal devices such as smart cards and tokens, e-wallets and managed services. It was formed in June 2006 by the merger of two companies, Axalto and Gemplus International. Gemalto N.V.'s revenue in 2018 was €2.969 billion.

Cloud9 is a mobile network operator focussed on providing mobile subscriptions over the air to programmable SIM cards, SoftSIMs and eSIMs. Their service is used in both smartphones and IoT devices. The company is privately held with headquarters in the United Kingdom.

Rich Communication Services (RCS) is a communication protocol standard for instant messaging, primarily for mobile phones, developed and defined by the GSM Association (GSMA). It aims to be a replacement of SMS and MMS on cellular networks with more modern features including high resolution image and video support, typing indicators, file sharing, and improved group chat functionality. As with MMS, mobile service must be activated. Development of RCS began in 2007 but early versions lacked features and interoperability; a new specification named Universal Profile was developed and has been continually rolled out since 2017.

MIFARE4Mobile is a technical specification published by NXP Semiconductors in December 2008 to manage MIFARE-based applications in mobile devices. The specification provides mobile network operators and service providers with a single, interoperable programming interface, easing the use of the contactless MIFARE technology in future mobile Near Field Communication (NFC) devices.

<span class="mw-page-title-main">Voice over LTE</span> High-speed wireless communication functionality

Voice over Long-Term Evolution is an LTE high-speed wireless communication standard for voice calls and SMS using mobile phones and data terminals. VoLTE has up to three times more voice and data capacity than older 3G UMTS and up to six times more than 2G GSM. It uses less bandwidth because VoLTE's packet headers are smaller than those of unoptimized VoIP/LTE. VoLTE calls are usually charged at the same rate as other calls.

The Apple SIM is a proprietary subscriber identity module (SIM) produced by Apple Inc. It is included in GPS + Cellular versions of the iPad Air 2 and later, iPad mini 3 and later, and iPad Pro.

An eSIM is a form of SIM card that is embedded directly into a device as software installed onto a eUICC chip. First released in March 2016, eSIM is a global specification by the GSMA that enables remote SIM provisioning; end-users can change mobile network operators without the need to physically swap a SIM from the device. eSIM technology has been referred to as a disruptive innovation for the mobile telephony industry. Most flagship devices manufactured since 2018 that are not SIM locked support eSIM technology; as of October 2023, there were 134 models of mobile phones that supported eSIMs. In addition to mobile phones, tablet computers, and smartwatches, eSIM technology is used for Internet of things applications such as connected cars, artificial intelligence translators, MiFi devices, smart earphones, smart metering, GPS tracking units, database transaction units, bicycle-sharing systems, advertising players, and closed-circuit television cameras. A report stated that by 2025, 98% of mobile network operators were expected to offer eSIMs.

oneM2M is a global partnership project founded in 2012 and constituted by 8 of the world's leading ICT standards development organizations, notably: ARIB (Japan), ATIS, CCSA (China), ETSI (Europe), TIA (USA), TSDSI (India), TTA (Korea) and TTC (Japan). The goal of the organization is to create a global technical standard for interoperability concerning the architecture, API specifications, security and enrolment solutions for Machine-to-Machine and IoT technologies based on requirements contributed by its members.

ASPIDER is the group name for a series of companies that are mostly based in Europe. The company name has evolved over the years as a result of acquisitions, mergers and restructuring. The company is an MVNE, providing mobile services to companies that want to control their own network. Clients include enterprises, manufacturers, integrators, and the mobile operators themselves.

mobi, Inc. is a wireless carrier founded in 2004 and based in Honolulu, Hawaiʻi. The company provides service on each of the major islands of Hawaiʻi, as well as on the mainland United States through roaming agreements with other carriers.

eUICC refers to the architectural standards published by the GSM Association (GSMA) or implementations of those standard for eSIM, a device used to securely store one or more SIM card profiles, which are the unique identifiers and cryptographic keys used by cellular network service providers to uniquely identify and securely connect to mobile network devices. Applications of eUICC are found in mobile network devices that use GSM cellular network eSIM technology.

Workz is a technology company specialized in eSIM and cloud-based services. The company is headquartered in Dubai, UAE, and operates worldwide.

References

↑ "eSIM — Что это и как подключить в России" (in Russian). Retrieved 2020-09-22.
↑ GSMA releases remote provisioning specification to help consumers connect mobile devices http://www.gsma.com/rsp/
↑ "The SIM for the next Generation of Connected Consumer Devices - eSIM". eSIM. Retrieved 2018-03-01.
↑ "eSIM.me Store". esim.me. Retrieved 2022-05-28.
↑ "Vodafone, Qualcomm Technologies, and Thales Deliver World-First Smartphone Demonstration of Integrated SIM (iSIM) Technology | Qualcomm". www.qualcomm.com. Retrieved 2022-05-28.
↑ "Gartner Says 8.4 Billion Connected" . Retrieved 2018-03-01.
↑ "BTG E-SIM project enters next phase - BTG". BTG (in Dutch). 2016-06-14. Retrieved 2018-03-01.
↑ "GSMA Remote Provisioning Release".
↑ Jhon, Jackson. "Esim Global" . Retrieved 25 February 2024.
↑ "GSMA eSIM Compliance Process".
↑ "GSMA SGP 24".
↑ "GSMA Certificate Issuer (CI)". eSIM. Retrieved 2022-01-22.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] "eSIM — Что это и как подключить в России" (in Russian). Retrieved 2020-09-22.

[2] GSMA releases remote provisioning specification to help consumers connect mobile devices http://www.gsma.com/rsp/

[3] "The SIM for the next Generation of Connected Consumer Devices - eSIM". eSIM. Retrieved 2018-03-01.

[4] "eSIM.me Store". esim.me. Retrieved 2022-05-28.

[5] "Vodafone, Qualcomm Technologies, and Thales Deliver World-First Smartphone Demonstration of Integrated SIM (iSIM) Technology | Qualcomm". www.qualcomm.com. Retrieved 2022-05-28.

[6] "Gartner Says 8.4 Billion Connected" . Retrieved 2018-03-01.

[7] "BTG E-SIM project enters next phase - BTG". BTG (in Dutch). 2016-06-14. Retrieved 2018-03-01.

[8] "GSMA Remote Provisioning Release".

[9] Jhon, Jackson. "Esim Global" . Retrieved 25 February 2024.

[10] "GSMA eSIM Compliance Process".

[11] "GSMA SGP 24".

[12] "GSMA Certificate Issuer (CI)". eSIM. Retrieved 2022-01-22.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]