Remote SIM provisioning: what is the GSMA specification?
The process of replacing traditional SIMs has already begun. Wearables were the first devices to include eSIMs, but that was only the beginning. Manufacturers such as Apple, Microsoft, Google, among others, have position eSIM as a standard feature in their new devices.
Among the novelties brought by the eSIM, users of consumer devices can choose their carrier. Hence, they want to decide, which profiles should be available and activated on the eUICC.
eSIM Remote Sim Provisioning (RSP), or eSIM Subscription Management, is a GSMA specification that defines how the process of remote SIM activation/programming should work. RSP, as defined by GSMA, offers two different architectures: one focuses on Consumer Devices, and the other focuses on M2M. The aim of the Consumer Device specification is to simplify the customer experience of connecting the consumer device to the mobile offer they want.
To fully understand the mechanisms behind the workings of subscription management in consumer devices, it is best to look into some of the architecture of the technology.
The user’s profile, containing data or contract information from a service provider or carrier, such as the number assigned to a SIM, was traditionally written into the SIM itself for physical SIM cards. An eSIM can download this information from the network using OTA (over-the-air) technology.
In the GSMA specification:
- The End User plays the role of a decision-maker who triggers the RSP procedure.
- The Local Profile Assistant (LPA) is a set of functionalities that provides local control of the eUICC to allow for downloading/removing profiles and switching between profiles. This works by connecting the LPA to the SM-DP+ to take the end users requests. Within the LPA, is the Local User Interface (LUI) and Local Profile Download (LPD) both of which assist in controlling those profile management actions.
- The job of the Subscription Manager Data Preparation (SM-DP+) is to securely package and encrypt profiles to the chosen device. The SM-DS guarantees that the SM-DP+ will reach the eUICC no matter what access network the device is connected to.
eSIM & Security on Consumer Devices
Because the eSIM is an incredibly vital element that controls communication, there are many cases where the information it contains about the contracting party can be used for various authorizations and could be exposed to potential cyberattacks or threats. Thus, ensuring end-to-end encryption and security of the data contained on the eSIM is essential. This explains why the GSMA developed a certification framework and why eSIM RSP providers must be certified to provide provisioning platforms with the highest level of interoperability but also security.
With its latest SAS-SM certification, Oasis Smart Sim extended its SM-DP+ certification and can provide eSIM Subscription Management Services to telecom operators, MVNOs or service providers in an interoperable and secure way. To know more about his certification, click here.