EUICC Architecture

 

There are some components involved  in Remote SIM Provisioning (RSP) in order to provide eSIM services. These components must be integrated with Mobile Network Operator (MNO) system and eUICC Manufacturer (EUM). Inside the eSIM, the eUICC holds some components contain values, keyset, and profile of eSIM. This is for both M2M and Consumer architecture.





According to Global Platform Certifitation (GPC), card architecture contain Security Domain (SD) and Application. Each can come from controlling authorities, application provider, and card issuer.

 


In eSIM / eUICC Security Domain plays significant roles. It contains connectivity and security variables of eSIM to run the services.  During the integration between the RSP and MNO system these components must be clearly defined. They are ISD-R, ISD-P, and ECASD.




1.       ISD-R (Issuer Security Domain- Root), representation of off-card entity SM-SR.

       Installed during the manufacturing process of eUICC.

       Only one ISD-R in eUICC.

       To perform Platform Management functions on ISD-P (creation, enablement, disablement, fallback attribute setting, transport, SCP03 establishment(ES8) and SCP80/81 (ES5) ).

2.       ISD-P(Issuer Security Domain- Profile), representation of off-card entity SM-DP.

       Host a unique profile.

       Installed by ISD-R and personalized by SM-DP.

     At least one ISD-P with one profile should be installed and personalized during the manufacturing process.

3.       ECASD (eUICC Controlling Authority Security Domain), representation of off-card entity CI.

       Installed and personalized during the eUICC manufacturing process.

  Personalized with EID (eUICC ID), security key, private key, and certification for authentication and key establishment.

       Hold the EID.

       Perform SM-DP keyset establishment during profile download and installation.

       Perform SM-SR keyset establishment for SM-SR change.

 



Profile Structure

As main part of eSIM, profile must be downloaded or exist in the eUICC so the mobile devices can get access to the MNO network.  Profile located inside the ISD-P, it contain unique values, keyset, and file system.

       SM-DP keyset.

       POL1 (Profile Policy).

       MNO-SD (MNO-Security Domain).

       File system.

       NAA (Network Access Authorization).

       SSD.

       Application.

       CASD (Controlling Authority SD).




Comments

Post a Comment

Popular posts from this blog

Proactive SIM

Image
  SIM card has the ability to interact with outside entities like device or network. With regards of SIM capability to initiate command to the device, it is conducted with proactive command. When the SIM initiate proactive command it means the SIM is in proactive mode. Some example of this proactive commands are DISPLAY TEXT, SETUP MENU, POWER ON CARD, POWER OFF CARD, etc. Some files will be required for SIM / UICC to handle the proactive command. •        EF SUME (Setup Menu Element). This file contains values related to menu title tobe used by SIM / UICC when execute Setup Menu command. •        EF RMA (Remote Management Action). This file contains record with values of proactive command used in remote management.
Read more

How SIM “talks” to external

Image
  Basically SIM card is one entity in cellular telecommunication system . Like any other smart card, it can be programmed, receive commands, and initiate commands to external system. The external system can be a SIM reader, mobile phone or any other mobile device which can has SIM / eSIM inside it. When SIM talks the command to the external and it will receive answer or response.     The language or the command which SIM talks to the external is APDU (Application Protocol Data Unit). APDU is a command response protocol for pushing functions executed on a smart card or similar device. The command consists of a 4 byte header followed by up to 255 bytes of data. The response contains a 2 byte header followed by up to 256 bytes of data. The headers and data are specified in a suite of standards from ISO and others. The structure of a Command APDU (C-APDU) includes a required header (CLA INS P1 P2) and an optional body ([Lc field] [Data field] [Le field]).   An APDU...
Read more