Subscriber Identity Provisioning

CoreESIM: Carrier Profiles & IMSI Management

3 min read

CoreESIM serves as a critical component in the secure and compliant management of eSIM carrier profiles, adhering strictly to GSMA SGP.2x specifications for remote SIM provisioning (RSP). A carrier profile is a comprehensive data set provisioned onto an eUICC (embedded Universal Integrated Circuit Card) that enables a device to connect to a specific mobile network operator (MNO) and access subscribed services. This process mandates rigorous adherence to cryptographic standards and established protocols to ensure subscriber identity and network security.

Each carrier profile encapsulates parameters essential for network authentication and service access. Key components typically include:

  • IMSI (International Mobile Subscriber Identity): Primary identifier for the subscriber within a Public Land Mobile Network (PLMN).
  • Authentication Key (Ki or OPC/K): Cryptographic keys for mutual authentication with the network (e.g., Milenage algorithms).
  • Access Point Name (APN) Settings: Configuration details for data services.
  • PLMN Identifiers: Mobile Country Codes (MCC) and Mobile Network Codes (MNC) indicating authorized networks.
  • Security Algorithms: Specifications for encryption and integrity protection (e.g., f8/f9 for 3GPP networks).

These elements are securely packaged and signed by the MNO, ensuring their integrity during transfer and storage.

The IMSI is a globally unique 15-digit identifier that unambiguously identifies a subscriber within a cellular network. It comprises three main parts: the Mobile Country Code (MCC), a 3-digit country identifier; the Mobile Network Code (MNC), a 2 or 3-digit MNO identifier within the country; and the Mobile Subscriber Identification Number (MSIN), which identifies the subscriber within the MNO's network. The IMSI is fundamental for subscriber authentication, routing calls and messages, and managing mobility. Its secure storage is paramount to preventing unauthorized network access.

CoreESIM Profile Lifecycle Management

CoreESIM manages the symbiotic relationship between carrier profiles and their contained IMSIs. An eUICC can host multiple carrier profiles, each potentially with a distinct IMSI tied to a specific MNO or service plan. This multi-IMSI capability, enabled by the eSIM architecture, allows devices to seamlessly switch between networks or service providers by activating different profiles. CoreESIM facilitates the secure download, storage, and activation/deactivation of these profiles, ensuring the correct IMSI and associated credentials are used for network access as per the subscriber's selection or policy.

CoreESIM's architecture manages the entire lifecycle of an eSIM profile, from initial download to deletion. This involves orchestrating secure communication channels between the Subscription Manager - Data Preparation (SM-DP+) and the eUICC, leveraging the Subscription Manager - Secure Routing (SM-SR) for robust data transfer. The platform ensures that profile packages, including the IMSI and its cryptographic keys, are downloaded and stored securely on the eUICC, identified by its unique EID (eUICC ID) and individual ICCID (Integrated Circuit Card Identifier). Adherence to GSMA SGP.21 and SGP.22 guarantees cryptographic integrity and authenticity, protecting against unauthorized modification or spoofing. This rigorous approach maintains the trust model inherent in cellular communication security, aligning with 3GPP specifications.