Security and trust are an integral part of the GSMA’s eSIM specification for Remote SIM Provisioning connections. The ability to provision operator subscription data securely “over the air” requires secure connections, as well as data confidentiality and integrity, and system availability. eSIM achieves this using a Public Key Infrastructure (PKI) to authenticate the key system entities in consumer eSIM and M2M:
- the eUICC
- the SM-DP+, SM-DP and SM-SR
- the SM-DS (and alternative SM-DS)
In order to ensure interoperability within the eSIM ecosystem:
- Digital PKI certificates within eSIM are issued by a GSMA root Certificate Issuer (CI).
- Digital PKI certificates are only available for issue to eSIM product that has demonstrated and declared compliance to the GSMA specifications
- Refer to the compliance process in SGP.24 for eSIM (consumer) and SGP.16 (currently in draft) for M2M.
- For more information on GSMA compliance requirements for eSIM and M2M contact: RSPcompliance@gsma.com
The PKI for eSIM (consumer) and M2M product is different, reflecting the different ecosystems. PKIs from eSIM (consumer) and M2M are not interchangeable.
GSMA root CI
GSMA currently has the following security certification partners acting on its behalf as Root Certificate Issuers for eSIM (consumer) and M2M remote SIM provisioning schemes:
|eSIM Root CI||M2M Root CI|
|Specification release: SGP.21 v2.x||Specification release: M2M v3.1|
|Contact: Email||Contact: Email|
|Website: Visit||Website: Visit|
|GSMA Root CI Certificate: Download||GSMA Root CI Certificate: Download|
|CRL Distribution Point: Download||CRL Distribution Point: N/A|
For further information, or to register an interest in providing PKI infrastructure for Remote SIM Provisioning, please contact the GSMA by sending email to RootCAs@gsma.com.