A wireless device can be provisioned with an eSIM. Various network entities participate in provisioning of an eSIM to a secure element (SE), where the SE is hosted by a wireless device. To establish trust between communicating entities, public key infrastructure (PKI) techniques can be used. Problems can arise if an eSIM is deployed to an SE and the eSIM is not compatible with the device and/or the SE.
Aspects of eSIM provisioning include the downloading, installing, enabling, disabling, switching and deleting of a profile on an embedded universal integrated circuit card (eUICC) or universal integrated circuit card (UICC). UICCs and eUICCs are SEs for hosting profiles. A profile is a combination of operator data and applications provisioned on an SE in a device for the purposes of providing services by a wireless operator. A profile can contain one or more secure data used to prove identity and thus verify contract rights to services. During assembly of a device, the eUICC can be inserted into the device.
An eSIM, also referred to herein as a profile, can be identified by a unique number called an ICCID (Integrated Circuit Card Identifier). A wireless operator is a company providing wireless cellular network services. A mobile network operator (MNO) is an entity providing access capability and communication services to its subscribers through a mobile network infrastructure. In some cases, the device is user equipment used in conjunction with an eUICC to connect to a mobile network (also referred to herein as a wireless network). An end user or customer is a person using a (consumer or enterprise) device. An enabled profile can include files and/or applications which are selectable over an eUICC-device interface. A profile is enabled by activating it. Activation includes a wireless operator or MNO recognizing the profile and providing services requested by a device associated with the profile. Whether a profile is suitable for a device and can be enabled may depend on subsidy lock. Subsidy lock is a contract arrangement whereby a wireless carrier sells a device to a user under a contract condition that the user only buys a carrier plan to provide wireless services from the wireless carrier that sold the device.
A digital signature is authentication data that binds the identity of the signer to a data part of a signed message. A certification issuer (CI) is a trusted third party whose signature on a certificate vouches for the authenticity of the public key of the associated user identity.
An architecture framework related to remote provisioning and management of eUICCs in devices is outlined in GSM Association document GSMA SGP.21: “RSP Architecture,” Version 1.0 Dec. 23, 2015 (hereinafter “SGP.21”).
Remote SIM provisioning of consumer devices is discussed in GSM Association document GSMA SGP.22: “RSP Technical Specification,” Version 1.0 Jan. 13, 2016 (hereinafter “SGP.22”).