Remote SIM provisioning

Last updated August 03, 2024

Remote SIM provisioning is a specification realized by GSMA that allows consumers to remotely activate the subscriber identity module (SIM) embedded in a portable device such as a smart phone, smart watch, fitness band or tablet computer.^[1]^[2] The specification was originally part of the GSMA's work on eSIM ^[3] and it is important to note that remote SIM provisioning is just one of the aspects that this eSIM specification includes. The other aspects being that the SIM is now structured into "domains" that separate the operator profile from the security and application "domains". In practise "eSIM upgrade" in the form of a normal SIM card^[4] is possible (using the Android 9 eSIM APIs) or eSIM can be included into an SOC.^[5] The requirement of GSMA certification is that personalisation packet is decoded inside the chip and so there is no way to dump Ki, OPc and 5G keys. Another important aspect is that the eSIM is owned by the enterprise^{[ clarification needed ]}, and this means that the enterprise now has full control of the security and applications in the eSIM, and which operators profiles are to be used.

Background to the specification

In the background of the technology looked to address the following issues:

The development of non-removable SIM technology - a new generation of SIM-cards like MFF which are soldered into the device.
The appearance and support by mobile operators of the concept of ABC (always best connected) – the opportunity get quality connections from any mobile operator at any point in time.
The explosive growth of the Internet of Things (IoT) - according to Gartner about 8.4 billion connections in 2017 (up 31% from 2016).^[6]
The cost and effort required to swap a SIM in a device that has been deployed in the field.

Origin

The GSM Association (GSMA) which brings together about 800 operators and 250 mobile ecosystem companies became the first to come up with the Consumer Remote SIM Provisioning initiative. The beginning of creation the technology was announced in the summer 2014. The complete version of the specification was realized in February, 2016. Initially, the specification was supposed to be used just by M2M devices, but since December, 2015 it has begun being spread over various custom wearable devices, and into enterprise applications like authentication and identity management.^[7]

"This new specification gives consumers the freedom to remotely connect devices, such as wearables, to a mobile network of their choice and continues to evolve the process of connecting new and innovative devices," Alex Sinclair, Chief Technology Officer, GSMA.^[8]

Besides, the right of independent service providers to transmit commands of loading profiles to SIM-cards in the device has been amended and the possibility to store arrays of profiles in independent certified data centers (Subscriptions manager) has appeared.

Functions and benefits

The specification that covers the carrier selection aspects aims to allow consumers to choose a mobile network operator from a wide range to activate the SIM embedded in a device via a subscription. It aims to simplify the users’ life by connecting their multiple devices through the same subscription. It should also motivate mobile device manufacturers to develop the next generation of the mobile-connected devices that will suit better the wearable technology applications. The specification that covers the carrier selection for M2M devices is simpler since typically there is no subscriber involved (e.g. changing the operator in an electricity meter).

The language that is used to describe these specification is a little confusing since eSIM is not a physical format (or "form factor" - the phrase that is used to describe the various SIM sizes). The eSIM describes the functionality in the SIM, not the physical size of the SIM - and there are eSIMs in many formats (2FF, 3FF, 4FF, MFF).

GSMA have also developed a compliance framework^[9] for eSIM devices, eUICCs, and subscription management products - to help with interoperability and security for products supporting eSIM. This is published by the GSMA as SGP.24,^[10] the eSIM compliance process describes common compliance requirements for:

Functional interoperability
eUICC security
eUICC production site security
Subscription Management site security

Operation

Remote provisioning on the host device is initiated by the Local Profile Assistant (LPA), a software package that follows the RSP specification.

When the LPA wants to retrieve a carrier profile it contacts a subscription manager (SM) service on the internet via HTTPS. The address of the SM can be defined:

in a QR code scanned by the user
by manually entering the SM's host name/Activation code on screen
hard coded by the host device manufacturer in firmware.
via a universal discovery service operated by the GSMA.

The LPA is responsible for validating the X.509 certificate of the SM is valid and issued by the GSMA certificate authority.^[11] Once validation is complete the LPA will coordinate a secure channel between the eUICC and the SM using challenge-response authentication to enter programming mode. The LPA will request carrier profiles available for download, either by submitting the activation code provided by the user or the eSIM ID (EID) of the eUICC. The SM will provide the requested profile encrypted in a way that only the eUICC can decrypt/install to ensure the network authentication key remains secure.

Related Research Articles

The international mobile subscriber identity is a number that uniquely identifies every user of a cellular network. It is stored as a 64-bit field and is sent by the mobile device to the network. It is also used for acquiring other details of the mobile in the home location register (HLR) or as locally copied in the visitor location register. To prevent eavesdroppers from identifying and tracking the subscriber on the radio interface, the IMSI is sent as rarely as possible and a randomly-generated TMSI is sent instead.

A SIMcard is an integrated circuit (IC) intended to securely store an international mobile subscriber identity (IMSI) number and its related key, which are used to identify and authenticate subscribers on mobile telephone devices. SIMs are also able to store address book contacts information, and may be protected using a PIN code to prevent unauthorized use.

A SIM lock, simlock, network lock, carrier lock or (master) subsidy lock is a technical restriction built into GSM and CDMA mobile phones by mobile phone manufacturers for use by service providers to restrict the use of these phones to specific countries and/or networks. This is in contrast to a phone that does not impose any SIM restrictions.

Near-field communication (NFC) is a set of communication protocols that enables communication between two electronic devices over a distance of 4 centimetres (1.6 in) or less. NFC offers a low-speed connection through a simple setup that can be used for the bootstrapping of capable wireless connections. Like other proximity card technologies, NFC is based on inductive coupling between two electromagnetic coils present on a NFC-enabled device such as a smartphone. NFC communicating in one or both directions uses a frequency of 13.56 MHz in the globally available unlicensed radio frequency ISM band, compliant with the ISO/IEC 18000-3 air interface standard at data rates ranging from 106 to 848 kbit/s.

The International Mobile Equipment Identity (IMEI) is a numeric identifier, usually unique, for 3GPP and iDEN mobile phones, as well as some satellite phones. It is usually found printed inside the battery compartment of the phone but can also be displayed on-screen on most phones by entering the MMI Supplementary Service code *#06# on the dialpad, or alongside other system information in the settings menu on smartphone operating systems.

OMA SpecWorks, previously the Open Mobile Alliance (OMA), is a standards organization which develops open, international technical standards for the mobile phone industry. It is a nonprofit Non-governmental organization (NGO), not a formal government-sponsored standards organization as is the International Telecommunication Union (ITU): a forum for industry stakeholders to agree on common specifications for products and services.

The Open Mobile Terminal Platform (OMTP) was a forum created by mobile network operators to discuss standards with manufacturers of mobile phones and other mobile devices. During its lifetime, the OMTP included manufacturers such as Huawei, LG Electronics, Motorola, Nokia, Samsung and Sony Ericsson.

Telit Cinterion is an Internet of Things (IoT) Enabler company headquartered in Irvine, California, United States. It is a privately held company with key operations in the US, Brazil, Italy, Israel, and Korea.

Machine to machine (M2M) is direct communication between devices using any communications channel, including wired and wireless. Machine to machine communication can include industrial instrumentation, enabling a sensor or meter to communicate the information it records to application software that can use it. Such communication was originally accomplished by having a remote network of machines relay information back to a central hub for analysis, which would then be rerouted into a system like a personal computer.

<span class="mw-page-title-main">Gemalto</span> International digital security company

Gemalto was an international digital security company providing software applications, secure personal devices such as smart cards and tokens, e-wallets and managed services. It was formed in June 2006 by the merger of two companies, Axalto and Gemplus International. Gemalto N.V.'s revenue in 2018 was €2.969 billion.

Cloud9 is a mobile network operator focussed on providing mobile subscriptions over the air to programmable SIM cards, SoftSIMs and eSIMs. Their service is used in both smartphones and IoT devices. The company is privately held with headquarters in the United Kingdom.

Rich Communication Services (RCS) is a communication protocol standard between mobile telephone carriers for the purpose of instant messaging, developed and defined by the GSM Association (GSMA). It aims to be a replacement of SMS and MMS with a text message system that is richer and modern. Development of RCS began in 2007 but early versions lacked features and interoperability; a new specification named Universal Profile was developed and has been continually rolled out since 2017.

MIFARE4Mobile is a technical specification published by NXP Semiconductors in December 2008 to manage MIFARE-based applications in mobile devices. The specification provides mobile network operators and service providers with a single, interoperable programming interface, easing the use of the contactless MIFARE technology in future mobile Near Field Communication (NFC) devices.

The Apple SIM is a proprietary subscriber identity module (SIM) produced by Apple Inc. It is included in GPS + Cellular versions of the iPad Air 2 and later, iPad mini 3 and later, and iPad Pro.

An eSIM is a form of SIM card that is embedded directly into a device. Instead of an integrated circuit located on a removable SIM card, typically made of PVC, an eSIM consists of software installed onto an eUICC chip permanently attached to a device. If the eSIM is eUICC-compatible, it can be re-programmed with new SIM information. Otherwise, the eSIM is programmed with its ICCID/IMSI and other information at the time it is manufactured, and cannot be changed. Different mobile telephones may not support an eSIM, may have a permanently programmed, unchangeable one, or one that can be reprogrammed for any carrier that supports the technology. Phones may support physical SIMs only, eSIM only, or both.

oneM2M is a global partnership project founded in 2012 and constituted by 8 of the world's leading ICT standards development organizations, notably: ARIB (Japan), ATIS, CCSA (China), ETSI (Europe), TIA (USA), TSDSI (India), TTA (Korea) and TTC (Japan). The goal of the organization is to create a global technical standard for interoperability concerning the architecture, API specifications, security and enrolment solutions for Machine-to-Machine and IoT technologies based on requirements contributed by its members.

ASPIDER is the group name for a series of companies that are mostly based in Europe. The company name has evolved over the years as a result of acquisitions, mergers and restructuring. The company is an MVNE, providing mobile services to companies that want to control their own network. Clients include enterprises, manufacturers, integrators, and the mobile operators themselves.

eUICC refers to the architectural standards published by the GSM Association (GSMA) or implementations of those standard for eSIM, a device used to securely store one or more SIM card profiles, which are the unique identifiers and cryptographic keys used by cellular network service providers to uniquely identify and securely connect to mobile network devices. Applications of eUICC are found in mobile network devices that use GSM cellular network eSIM technology.

Workz is a technology company specialized in eSIM and cloud-based services. The company is headquartered in Dubai, UAE and is a regional supplier in the Middle East and Africa.

Nomad is a digital telecommunications product that uses eSIM technology. It is a business line of LotusFlare Inc., a telecommunications-software development company.

References

↑ "eSIM — Что это и как подключить в России" (in Russian). Retrieved 2020-09-22.
↑ GSMA releases remote provisioning specification to help consumers connect mobile devices http://www.gsma.com/rsp/
↑ "The SIM for the next Generation of Connected Consumer Devices - eSIM". eSIM. Retrieved 2018-03-01.
↑ "eSIM.me Store". esim.me. Retrieved 2022-05-28.
↑ "Vodafone, Qualcomm Technologies, and Thales Deliver World-First Smartphone Demonstration of Integrated SIM (iSIM) Technology | Qualcomm". www.qualcomm.com. Retrieved 2022-05-28.
↑ "Gartner Says 8.4 Billion Connected" . Retrieved 2018-03-01.
↑ "BTG E-SIM project enters next phase - BTG". BTG (in Dutch). 2016-06-14. Retrieved 2018-03-01.
↑ "GSMA Remote Provisioning Release".
↑ "GSMA eSIM Compliance Process".
↑ "GSMA SGP 24".
↑ "GSMA Certificate Issuer (CI)". eSIM. Retrieved 2022-01-22.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] "eSIM — Что это и как подключить в России" (in Russian). Retrieved 2020-09-22.

[2] GSMA releases remote provisioning specification to help consumers connect mobile devices http://www.gsma.com/rsp/

[3] "The SIM for the next Generation of Connected Consumer Devices - eSIM". eSIM. Retrieved 2018-03-01.

[4] "eSIM.me Store". esim.me. Retrieved 2022-05-28.

[5] "Vodafone, Qualcomm Technologies, and Thales Deliver World-First Smartphone Demonstration of Integrated SIM (iSIM) Technology | Qualcomm". www.qualcomm.com. Retrieved 2022-05-28.

[6] "Gartner Says 8.4 Billion Connected" . Retrieved 2018-03-01.

[7] "BTG E-SIM project enters next phase - BTG". BTG (in Dutch). 2016-06-14. Retrieved 2018-03-01.

[8] "GSMA Remote Provisioning Release".

[9] "GSMA eSIM Compliance Process".

[10] "GSMA SGP 24".

[11] "GSMA Certificate Issuer (CI)". eSIM. Retrieved 2022-01-22.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]