M2M eUICCs are defined by GSMA documents SGP.01 and SGP.02. SGP.01 is a functional specification while SGP.02 defines the technical realisation of the functional spec. Within the GSMA SGP.01 is defined by the GSMA member operators ( MNO’s ), while the OEMs are tasked with producing SGP.02 which is the technical implementation specification.
Most M2M eUICC’s currently in the field comply with version 3.1 of SGP.02.
The figure below describes the basic architecture used for M2M eUICCs.
An SM-SR is responsible for establishing a secure programming channel to the eUICC while an SM-DP manipulates and personalises the Profile that is provided by the MNO into a suitable format for download. Certificates loaded into each component above and issued by a trusted Certificate Issuer ensures that the whole process is secure.
There are two distinct kinds of profile in the eUICC. The provisioning profile provides default connectivity so that the eUICC can be bootstrapped into full functionality by downloading an operational profile.
Further information about M2M eUICCs can be found on the GSMA web site.
In M2M eUICC applications it is the job of the SM-SR to establish a secure link with the eUICC.
This is normally triggered by an SMS being sent to the SM-SR containing the IP address/URL of the SM-SR associated with the fall-back profile programmed into the eUICC at the factory.
The SM-DP is used in an M2M RSP environment. It’s function is to take the raw profile information from an MNO, personalise it with the appropriate IMSI/Ki pair information and convert it into a form that is suitable for transmission by the SM-SR to the eUICC.
The process for a profile download in an M2M environment is as follows:
- SMS sent to eUICC by the SM-SR via the SMSC belonging to the provider of the provisioning profile to trigger a session
- eUICC requests that the device sets up a data session using BIP and the URL ( or IP address ) of the SM-SR ( contained in the SMS )
- CAT_TP or HTTPS transport link established between eUICC and SM-SR ( ES5 )
- A secure channel is established between the SM-DP and eUICC
- A profile download is initiated by the SM-DP
Remote Application Management ( RAM ) or Remote File Management ( RFM ) can be implemented between the SM and eUICC using the data connection as per above or simply using SMS.