Open in app

Sign in

Write

Sign in

Mastodon
Chris Mode51
3 min readOct 2, 2023

--

eSIM RSP SM-DP+ Understanding Profile Download and Installation Part 2: GetBoundProfilePackage

Following on from the PrepareDownload request between the LPAd and the eUICC, the LPAd subsequently sends the GetBoundProfilePackage request to the SM-DP+ to fetch the new SIM profile data:

This request is transported over ES9+:

GetBoundProfilePackage contains the TransactionID and the prepareDownloadResponse data:

{
  "transactionId":"0123456789ABCDEF8899aabbccddeeff",
  "prepareDownloadResponse":"vyGBnqCBmzBWgBABI0VniavN74iZqrvM3e7/X0lBBK8nhoZP9H6pk5Pk7rzY/7vNI+d/GB8ZCfuwDxODQsB5bFxFo264kQC+HEOiFD8idaiQLXsqjvS6dkAYEC6UstpfN0BvA0KBLWOQMCLo0LNubMfoov3OvAMzimDhaWNbzKq8ZPNHke2FttJW/uRkB5fJ+/KfQoyaB+OrcJ86b3YMM2HTkAA="
}

prepareDownloadResponse is the base64 representation of euiccSigned2 and euiccSignature2 that were previously sent back from the eUICC to the LPAd:

PrepareDownloadResponseOk ::= SEQUENCE {
  euiccSigned2 EUICCSigned2, -- Signed information
  euiccSignature2 [APPLICATION 55] OCTET STRING -- tag '5F37'
}

The SM-DP+ first base64 decodes prepareDownloadResponse and verifies euiccSignature2. Then if ccRequiredFlag was set to true in SmdpSigned2 a confirmation code flow is activated. This is not discussed in this set of articles.

The SM-DP+ then proceeds through a sequence that will transform Unprotected Profile Package data into a Protected Profile Package, and subsequently then into a Bound Profile Package for delivery to the LPAd. Finally the LPAd further segments the data into the Segmented Bound Profile Package for delivery via APDUs which loads the SIM profile into the eUICC:

Given a standard TCA 2.1 profile package, the SM-DP+ will assemble the GetBoundsProfilePackage response, consisting of:

  • InitialiseSecureChannel — signed plain text
  • Configure ISDP — encrypted and MACed
  • Store Metadata — MACed plain text
  • Optional Protected Profile Protection Keys — encrypted and MACed
  • Profile Segments — encrypted and MACed

These elements assembled together constitute the Bound Profile Package.

When the LPAd receives this payload there is a subsequent segmentation procedure that is used to transmit the APDUs into the eUICC. This is the Segmented Bound Profile Package:

This is the ASN.1 definition for BoundProfilePackage:

InitialiseSecureChannelRequest is the next step and this will be discussed in the next article.

Note that during this procedure the Operator can be notified of the order activity at various points using the ES2+ interface.

Esim
Remote Sim Provisioning
Euicc
Sgp22
Subscription Management

--

--

Chris Mode51

Written by Chris Mode51

29 Followers

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams