eSIM and Key Integration Point

Welcome to the eSIM wiki!
This wiki is documented with the motivation of breaking down eSIM technology and key integration point for building an eSIM wallet for everyone to easily understand.

An eSIM(embedded-SIM) is a form of programmable SIM card that is embedded directly into a device.

eSIM OTA(Over-The-Air) allows cellular operators to upload their SIM profile and to issue control commands to supporting devices and eSIMs embedded in smartphones and IoT devices. This enables remote life cycle management of the eSIM from its activation by a new user, through upgrades and updates, until the eSIM is canceled.

The eSIM standard was first released in 2016, since that point, eSIM has begun to replace physical SIM in domains including cellular telephony. Since 2010, the GSMA had been discussing the possibility of a software-based SIM.

The overall eSIM Service can be divided into three categories:

1. LPA (Local Profile Assistant),
2. RSP (Remote SIM Provisioning),
3. eUICC (Embedded Universal Integrated Circuit Card).

To avoid any confusion, suggesting the following way of looking at the definition,

eSIM, the whole service ecosystem:

1. SIM Profiles(access and managed in LPA)

2. RSP(creation, generation, management and the protection of resulting Profiles)

3. eUICC(used to store and manage sensitive data and allows RSP)

eUICC

The UICC Chip embedded onto device is called eUICC in the eSIM Technology and it’s components.

.

RSP

Creation, generation, management and the protection of resulting Profiles is accomplished within RSP layer ,
SM-DS and SM-DP+ are responsible for operations and
Secure handshakes are being made with multiple entities(depending on the architecture)for verification of generated certificate for different access purposes.

.

LPA

A functional element in the Device that provides the LPD, LDS and LUI features. Management of the profiles on the eSIM is generally done by the LPA, as it serves as a bridge between the SM-DP+ and the eUICC chip.
.

Besides the logic of calling EuiccCardManager and talking to eUICC, LPA apps must implement the following:

• SM-DP+ client talking to SM-DP+ server to authenticate and download profiles
• [Optional] SM-DS to get more potential downloadable profiles
• Notification handling to send notifications to the server to update the profile state
• [Optional] Slots management including switching between eSIM and pSIM logic. This is optional if the phone only has an eSIM chip.
• eSIM OTA

Although more than one LPA app can be present in an Android phone, only one LPA can be selected to be the actual working LPA based on the priority defined in the AndroidManifest.xml file of each app.

LPA Rules and Guidance

LPA Integrity:

Assurance that the LPA has not been compromised or affected. The assurance SHALL be provided to the various Remote SIM Provisioning entities to ensure that the LPA can be trusted to execute the actions requested.

Note: This process is linked with a certification process.

LPA Mode:

Defines the operational LPA Mode which is either LPA in the eUICC or in the Device.

💡 In our case we always rely on the device mode.

LPA Proxy:

A component of the Device used as a proxy between an Operator authorised platform and the corresponding Profile to manage the Profile’s content.

💡 The management of eSIM Profile's content w.r.t providers are managed off chain.

LPA Service :

The LPA services provide necessary access to the services and data required by the LPA functions for the following:

1. The Root SM-DS address.
2. The optionally stored default SM-DP+ address(es).
3. Facilitates the reception of the Bound Profile Package in transfer from the LPA.
4. Provides information regarding the installed Profiles and their Profile Metadata.
5. Provides Local Profile Management
6. Supports Remote Profile Management operations
7. Provides functions for the LPA to authenticate and interact with the SM-DS.
8. Ensures access to the EID is restricted to only the LPA.
9. Profile Package Delivery: Securely transmits and installs the Bound Profile Package to the eUICC

Key Integration Point for building an eSIM Wallet

We are interacting with the hardware layer of eSIM, the eUICC Chip where the EID, a unique identifier for the eUICC (embedded SIM card) hardware module in a device. “One Mobile Device Holds Only One EID”

• The EID is a 32-digit number that is encoded into the eSIM during manufacturing and globally unique identifier that is assigned by the eUICC manufacturer and cannot be modified.
• The EID can be used to identify and manage subscriptions on the eUICC, for example, to download or switch between subscriptions.

History of EID Issuance:

• The EID was developed to provide a unique identifier for eUICCs, not linked to service subscriptions.
• Originally, the format of EID was based on the Integrated Circuit Card Identifier (ICCID) structure.
• The ICCID, defined by the ITU-T recommendation E.118, serves as a Primary Account Number (PAN).
• However, the EID serves a different purpose than a PAN and thus has different administration rules.
• In 2019, the GSMA was tasked by industry stakeholders to oversee the administration of EID.

Why EID?

• It is unique, it is something you have and it's security is backed by hardware.
  It ties the user identity to the device hardware they own as an implicit two factor security.

Using EID, we will be creating smart contract wallet for end users' that can be easily managed in our LPA for better UX.

eSIM flow diagram with LPA, RSP and eUICC, without interface and later Application flow

• Access requests that is being made in the whole system
• Integration Point(Right behind AUTH LAYER(vertically))
• Key Functionality
• Integration flow chart of EID, LPA, and SM-DP+ credentials for cryptographic wallet creation.

References:

• GSMA eSIM Whitepaper
• Blockchain Powered eSIM First Draft
• Android Making an LPA App
• OpenEUICC
• EID Definition and Assignment Process Version 1.0
• GSMA eUICC PKI Certificate Policy Version 2.1
• Carrier privileges
• eSIM Remote Provisioning Architecture Version 1.1
• IMEI Database
• WHAT IS SM-DP+ ADDRESS? UNDERSTANDING ITS ROLE IN ESIM ACTIVATION
• Generic eUICC Test Profile for Device Testing Version 2.0
• SGP.26 RSP Test Certificates definitions Version 1.4
• RSP Architecture SGP.21 V3.1 1/Dec/23

💡 Our long term goal is to create an open source blockchain powered eSIM which provides an LPA and leverages an open source RSP(Remote SIM Provisioning) and relies only on eUICC manufacturers, resulting in accessibility of wide range of application and allowing more open ways to different parties to collaborate in the modern world and provides the users’ more services. And exceeds the number of services that are defined above.

Look forward for specific wiki if you are interested in learning more about any components.