{{Short description|Specification to obtain and activate eSIM}} {{more citations needed|date=June 2016}}

'''Remote SIM provisioning''' is a specification realized by GSMA that allows consumers to remotely activate the subscriber identity module (SIM) embedded in a portable device such as a smart phone, smart watch, fitness band or tablet computer.<ref>{{Cite web|last=|first=|date=|title=eSIM — Что это и как подключить в России|url=https://droidblog.org/help/esim-russia|access-date=2020-09-22|website=|language=ru-RU}}</ref><ref>GSMA releases remote provisioning specification to help consumers connect mobile devices http://www.gsma.com/rsp/</ref> The specification was originally part of the GSMA's work on eSIM<ref>{{Cite web|url=https://www.gsma.com/esim/|title=The SIM for the next Generation of Connected Consumer Devices - eSIM|website=eSIM|language=en-GB|access-date=2018-03-01}}</ref> and remote SIM provisioning is just one of the aspects that this eSIM specification includes. The other aspects being that the SIM is now structured into "domains" that separate the operator profile from the security and application "domains". In practice "eSIM upgrade" in the form of a normal SIM card<ref>{{Cite web |title=eSIM.me Store |url=https://esim.me/ |access-date=2022-05-28 |website=esim.me |language=en}}</ref> is possible (using the Android 9 eSIM APIs) or eSIM can be included into an SOC.<ref>{{Cite web |title=Vodafone, Qualcomm Technologies, and Thales Deliver World-First Smartphone Demonstration of Integrated SIM (iSIM) Technology {{!}} Qualcomm |url=https://www.qualcomm.com/news/releases/2022/01/vodafone-qualcomm-technologies-and-thales-deliver-world-first-smartphone |access-date=2022-05-28 |website=www.qualcomm.com |language=en}}</ref> The requirement of GSMA certification is that personalisation packet is decoded inside the chip and so there is no way to dump Ki, OPc and 5G keys. Another important aspect is that the eSIM is owned by the enterprise{{Clarification needed|reason=Not clear which "enterprise" is referenced here|date=February 2022}}, and this means that the enterprise now has full control of the security and applications in the eSIM, and which operators profiles are to be used.

== Background to the specification ==

In the background of the technology looked to address the following issues: * The development of non-removable SIM technology - a new generation of SIM-cards like MFF which are soldered into the device. * The appearance and support by mobile operators of the concept of ABC (always best connected) – the opportunity to get quality connections from any mobile operator at any point in time. * The explosive growth of the Internet of Things (IoT) - according to Gartner about 8.4 billion connections in 2017 (up 31% from 2016).<ref>{{Cite news|url=https://www.gartner.com/en/newsroom/press-releases/2017-02-07-gartner-says-8-billion-connected-things-will-be-in-use-in-2017-up-31-percent-from-2016|title=Gartner Says 8.4 Billion Connected|access-date=2018-03-01|language=en}}</ref> * The cost and effort required to swap a SIM in a device that has been deployed in the field.

== Origin ==

The GSM Association (GSMA) which brings together about 800 operators and 250 mobile ecosystem companies became the first to come up with the Consumer Remote SIM Provisioning initiative. The beginning of creation the technology was announced in the summer 2014. The complete version of the specification was realized in February, 2016. Initially, the specification was supposed to be used just by M2M devices, but since December, 2015 it has begun being spread over various custom wearable devices, and into enterprise applications like authentication and identity management.<ref>{{Cite news|url=https://www.btg.org/2016/06/14/btg-e-sim-project-next-phase/|title=BTG E-SIM project enters next phase - BTG|date=2016-06-14|work=BTG|access-date=2018-03-01|language=nl-NL}}</ref> <blockquote>"This new specification gives consumers the freedom to remotely connect devices, such as wearables, to a mobile network of their choice and continues to evolve the process of connecting new and innovative devices," ''Alex Sinclair, Chief Technology Officer, GSMA.''<ref>{{Cite web|url=https://www.gsma.com/newsroom/press-release/gsma-releases-remote-provisioning-specification/|title=GSMA Remote Provisioning Release|date=18 February 2016 }}</ref></blockquote> Besides, the right of independent service providers to transmit commands of loading profiles to SIM-cards in the device has been amended and the possibility to store arrays of profiles in independent certified data centers (Subscriptions manager) has appeared.<ref>{{cite news |last1=Jhon |first1=Jackson |title=Esim Global |url=https://esimplus.me/esim-global |access-date=25 February 2024}}</ref>

== Functions and benefits ==

The specification that covers the carrier selection aspects aims to allow consumers to choose a mobile network operator from a wide range to activate the SIM embedded in a device via a subscription. It aims to simplify the users’ life by connecting their multiple devices through the same subscription. It should also motivate mobile device manufacturers to develop the next generation of the mobile-connected devices that will suit better the wearable technology applications. The specification that covers the carrier selection for M2M devices is simpler since typically there is no subscriber involved (e.g. changing the operator in an electricity meter).

The language that is used to describe these specification is a little confusing since eSIM is not a physical format (or "form factor" - the phrase that is used to describe the various SIM sizes). The eSIM describes the functionality in the SIM, not the physical size of the SIM - and there are eSIMs in many formats (2FF, 3FF, 4FF, MFF)<ref>{{Cite web |date=2023-06-27 |title=What are eSIMs? And when to use them for IoT – Onomondo |url=https://onomondo.com/blog/what-is-an-esim/ |access-date=2026-04-13 |website=onomondo.com |language=en-US}}</ref>.

GSMA have also developed a compliance framework<ref>{{Cite web|url=https://www.gsma.com/esim/guide-rsp-compliance-process/|title=GSMA eSIM Compliance Process}}</ref> for eSIM devices, eUICCs, and subscription management products - to help with interoperability and security for products supporting eSIM. This is published by the GSMA as SGP.24,<ref>{{Cite web|url=https://www.gsma.com/newsroom/all-documents/sgp-24-rsp-compliance-process/|title=GSMA SGP 24}}</ref> the eSIM compliance process describes common compliance requirements for:

* Functional interoperability * eUICC security * eUICC production site security * Subscription Management site security

== Operation == For consumer devices, remote provisioning on the host device is initiated by the Local Profile Assistant (LPA), a software package that follows the consumer eSIM RSP specifications SGP.21/22 <ref>{{Cite web |title=SGP.22 V3.1 |url=https://www.gsma.com/solutions-and-impact/technologies/esim/gsma_resources/sgp-22-v3-1/ |access-date=2026-04-13 |website=eSIM |language=en-US}}</ref><ref>{{Cite web |date=2026-02-05 |title=SGP.02 vs SGP.22 vs SGP.32: eSIM IoT in dialogue with M2M and consumer eSIM - Onomondo |url=https://onomondo.com/blog/sgp-02-vs-sgp-22-vs-sgp-32/ |access-date=2026-04-13 |website=onomondo.com |language=en-US}}</ref>.

When the LPA wants to retrieve a carrier profile it contacts a subscription manager (SM) service on the internet via HTTPS. The address of the SM can be defined:

* in a QR code scanned by the user * by manually entering the SM's host name/Activation code on screen * hard coded by the host device manufacturer in firmware. * via a universal discovery service operated by the GSMA.

The LPA is responsible for validating the X.509 certificate of the SM is valid and issued by the GSMA certificate authority.<ref>{{Cite web|title=GSMA Certificate Issuer (CI)|url=https://www.gsma.com/esim/gsma-root-ci/|access-date=2022-01-22|website=eSIM|language=en-US}}</ref> Once validation is complete the LPA will coordinate a secure channel between the eUICC and the SM using challenge-response authentication to enter programming mode. The LPA will request carrier profiles available for download, either by submitting the activation code provided by the user or the eSIM ID (EID) of the eUICC. The SM will provide the requested profile encrypted in a way that only the eUICC can decrypt/install to ensure the network authentication key remains secure.

RSP works slightly differently for IoT devices, following GSMA's technical specifications as outlined in SGP.31/32 <ref>{{Cite web |title=SGP.32 v1.1 |url=https://www.gsma.com/solutions-and-impact/technologies/esim/gsma_resources/sgp-32-v1-1/ |access-date=2026-04-13 |website=eSIM |language=en-US}}</ref>. The eSIM IoT specification replaces the LPA with IPA (IoT Profile Assistant) that lives either in the eUICC (IPAe) or the device (IPAd). Remote SIM Provisioning in IoT is managed in a new technical component, the eIM (eSIM IoT Manager) – the software that sends the user commands to the IPA <ref>{{Cite web |date=2025-05-25 |title=What is GSMA SGP.32? Diving into the eSIM IoT standard - Onomondo |url=https://onomondo.com/blog/what-is-gsma-sgp-32-esim-iot-standard/ |access-date=2026-04-13 |website=onomondo.com |language=en-US}}</ref>.

== References == {{Reflist}}

Category:Mobile phone standards Category:Computer access control protocols