M2M eSIM Protocols

CoreESIM: SGP.22 M2M Remote Provisioning Architecture

3 min read

The CoreESIM system serves as a foundational component within the mobile network operator (MNO) infrastructure, specifically engineered to manage the lifecycle of embedded Subscriber Identity Modules (eSIMs) for Machine-to-Machine (M2M) communication. Its primary function is to orchestrate the secure and remote provisioning of cellular connectivity profiles onto M2M devices, ensuring seamless deployment and management across diverse IoT ecosystems. This capability is critically dependent on compliance with industry standards, most notably the GSMA SGP.22 Technical Specification.

SGP.22 defines the architecture and protocols for remote SIM provisioning in the M2M environment, enabling the dynamic management of connectivity profiles on an eSIM (eUICC) over-the-air. Unlike consumer eSIM specifications (SGP.21), SGP.22 emphasizes a streamlined, automated process suitable for large-scale, often unattended, device deployments. CoreESIM acts as the central intelligence layer that interfaces with the various elements defined by SGP.22, ensuring robust profile management from initial activation to eventual decommissioning.

The SGP.22 Provisioning Workflow

The remote provisioning process orchestrated by CoreESIM involves several key entities as defined by SGP.22. The Subscription Manager – Data Preparation (SM-DP) is responsible for creating, encrypting, and securely storing MNO profiles. The Subscription Manager – Secure Routing (SM-SR) manages the secure routing of profiles to the eUICC, ensuring their integrity and confidentiality during transit. On the M2M device side, the eUICC (embedded Universal Integrated Circuit Card) securely stores the profiles, while the Local Profile Assistant (LPA) component, typically integrated into the device firmware or operating system, facilitates the communication with the SM-SR to download and activate profiles. CoreESIM interfaces directly with the SM-DP and SM-SR, serving as the MNO's control plane for initiating profile downloads, managing profile states, and handling authentication challenges.

  • eUICC (eSIM): Secure element on the device storing profiles.
  • SM-DP (Subscription Manager - Data Preparation): Prepares and stores MNO profiles.
  • SM-SR (Subscription Manager - Secure Routing): Manages secure delivery of profiles to eUICC.
  • LPA (Local Profile Assistant): Device-side component facilitating profile management.

The CoreESIM system manages the entire profile lifecycle, from requesting a profile download from the SM-DP/SM-SR based on MNO policies, to tracking its installation status on the eUICC, and enabling profile switching or deletion. All communications between CoreESIM and the SM-DP/SM-SR are secured using industry-standard cryptographic protocols, ensuring that sensitive profile data remains protected against unauthorized access or tampering. This adherence to secure channels and mutual authentication mechanisms is fundamental to the integrity and reliability of M2M connectivity.

By implementing and extending the SGP.22 protocols, CoreESIM provides MNOs with a scalable and compliant solution for managing vast fleets of M2M devices. It ensures interoperability with any GSMA SGP.22 compliant SM-DP and SM-SR, facilitating a multi-vendor ecosystem and preventing vendor lock-in. This robust architecture empowers MNOs to offer flexible, globally deployable M2M connectivity services with efficient remote management capabilities, vital for the expanding Internet of Things landscape.