eSIM for consumer

standard
evolution

The need to develop a set of specifications for consumer devices became urgent with the arrival of size-critical companion devices, most prominently smart watches. In 2015, GSMA began work on the Subscription Management specifications for consumer devices, resulting in the release of the first version in December 2015, updated to v2.2 in 2017.

Figure 1: GSMA SGP.22 RSP (consumer eSIM)

The existing IoT architecture had to be adopted to cater for the specific usage scenarios of the consumer market. While the connectivity change for IoT devices is driven by automated business rules in the backend and happens transparently for the user of the application (if there is even a human user) the management of the consumer device occurs only with the consent of its user. The user makes the connectivity choice, just as with the exchange of physical SIM cards on traditional devices.

Before any service can be provided a contract must be established between the user and a service provider, which also involves a subscriber enrolment procedure. One of the central challenges for consumer devices remains to create a user-friendly experience without jeopardizing the security of the mobile ecosystem, ensuring compliancy with all legislative and regulatory requirements.

use case
QR code

The profile download process for a consumer device consists of the following steps:

(1) The user sets up a contract with a chosen mobile network operator, which provides instructions on how to connect the device to the operator’s Remote SIM Provisioning system, the SM-DP+. These instructions also contain a QR code with the address of the SM-DP+.

Figure 2: First profile installation via QR code

(2) This allows the device to connect to that system and the profile is securely downloaded to the eSIM. Once the profile is activated, the device is able to connect to the operator’s network.

Note: Contrary to the M2M profile download, the eSIM does not require a pre-installed profile to enable mobile data connectivity; the device can utilise its WIFI connection, or the connection of a paired device.

(3) When the user wants to change the service provider, they set up a contract with a new operator and in return receive a QR code. The user scans the code, allowing the device to locate the new operator’s SM-DP+.

Figure 3: Second profile installation via QR code

(4) The new profile is downloaded securely and the user is now able to switch between the two profiles installed on their device, connecting it to whichever MNO network they prefer. This selection is done through the LPA (Local Profile Assistant) of the mobile device.

use case
Discovery Service

To simplify the customer experience of connecting open-market consumer devices, the GSMA Root Discovery Service enables users with an established mobile subscription to download the profile without the need for a QR code.

(1) Once the user has signed a mobile subscription contract with an operator, a profile is allocated in the operator’s SM-DP+. The SM-DP+ informs the GSMA Root Discovery Service that it has a profile waiting for the user’s device.

Figure 4: Profile installation via GSMA root DS

(2) Through the device’s LPA the user requests a check for a new profile. The device contacts the GSMA Root Discovery Service, receiving the response that a profile is waiting for the device on the SM-DP+ of the user’s selected service provider.

(3) The device contacts this SM-DP+ and the profile is downloaded and installed on its eSIM. Following profile activation, the user has access to the subscribed services.

system
architecture

Contrary to the IoT solution’s server-centric push model, the GSMA consumer architecture follows a client-driven pull model that enables control over remote provisioning and local management of operator profiles by the end user of the device.

Figure 5: Remote Provisioning System for consumer eSIM

As in the IoT solution, the consumer solution requires a central system role, the SM‑DP+ (Subscription Manager Data Preparation plus) for the creation and protection of operator credentials, i.e. the MNO profile. However, as it encompasses the SM-SR functions for the physical transport link to the device it carries the “+” in its name, rendering the SM-SR obsolete in the consumer architecture.

The optional SM‑DS (Subscription Manager Discovery Server) is specific to the consumer solution. It enables automated profile discovery, depending on the activation procedure selected by the mobile network operator (please see the process diagram of the related use case example).

Another role specific to the consumer solution is the Local Profile Assistant (LPA). This element must be implemented on the device but can optionally also be available on the eSIM itself. Dedicated LPA components facilitate the interaction of the eSIM with these system roles:

  • End user through LUI (Local User Interface)
  • SM-DP+ through LPD (Local Profile Download)
  • SM-DS through LDS (Local Discovery Service)

download
procedure

The download of a profile to eSIM is processed in 4 stages, from generation to installation into eSIM and the profile package takes different formats during this procedure.

Figure 6: Profile provisioning functions

(1) Profile Package Generation: the SM-DP+ generates the Unprotected Profile Package (UPP) based on the operator defined profile structure and subscription data. The result is a block of data in SIMalliance defined format.

(2) Profile Package Protection: by encrypting the UPP in Global Platform secure channel SCP03t format the SM-DP+ generates the Protected Profile Package (PPP) using Profile Protection Keys (PPK) for confidentiality and integrity protection.

(3) Profile Package Binding: once the target eSIM is known the SM-DP+ can generate the Bound Profile Package (BPP) by prepending the PPP with eSIM specific information.

(4) Profile Package Delivery to eSIM: when the BPP has been delivered to the LPA of the device it generates the Segmented Bound Profile Package (SBPP), a sequence of APDUs for loading the profile into the eSIM.

interface
security

The functions of the ES8+ interface, responsible for profile delivery to eSIM, are addressed through a secure channel established between the SM-DP+ and the eSIM and is tunnelled over the interfaces ES9+ and ES10 as shown below:

Figure 7: ES8+ interface security

The interface ES6 between the operator and their enabled profile in the eSIM allows the MNO to modify the profile using legacy OTA mechanisms through secure channel protocol SCP80/81 in the same way as in the IoT solution.

Figure 8: ES6 interface security

The other system interfaces (ES2+, ES9+, ES11, ES12 and ES15) are secured by Transport Layer Security (TLS) based on system certificates and their related pairs of public and private keys shown in the following chapter.

system
PKI

The general security of the eSIM for consumer ecosystem is based on a Public Key Infrastructure (PKI). As with the IoT solution all certificates defined within the ecosystem have a validation chain whose root is a CI certificate from the Certificate Issuer that is acting as a trusted root for the purpose of authentication of the system entities.

Figure 9: Certificate chains for consumer eSIM

The CI is an entity selected by and acting on behalf of the GSMA. Only parties that have successfully completed the required GSMA security certification (SAS-SM for Subscription Management Service and SAS-UP for eSIM production) can receive the respective certificates from the CI and become part of the consumer ecosystem.