eSIM SAM.01 Secured Applications for Mobile

The GSMA requirements document Secured Applications for Mobile SAM.01 seeks to enable access to SIM applets independently of SIM profiles. The G&D webinar Virtualizing Secure Elements from 2021 provides some informative diagrams that have been reused in this article.

In the current model several SIM profiles can be installed into an eUICC, but:

• only one SIM profile can be active at the same time
• SIM applets are contained within operators’ own SIM profiles and are not accessible between profiles

Multiple Enabled Profiles (MEP)

The SGP.22 v3 spec released in October 2022 introduces optional support for Multiple Enabled Profiles in section 2.12, though each profile requires a dedicated baseband:

…several Profiles can be in Enabled state. This enables a Device with more than one baseband to use more than one Profile at the same time for providing connectivity to different networks.

The multiplexing of the APDU streams to those Profiles on a single physical interface is specified in ETSI TS 102 221 [6]. This specification uses the term “eSIM Port” for what ETSI TS 102 221 [6] calls a logical SE interface (LSI).

Each eSIM Port SHALL be assigned to at most one Enabled Profile at any point in time.
Each Profile SHALL be assigned to at most one eSIM Port at any point in time.

TS 102 221 states:

Starting from Release 17, the UICC may support Logical Secure Element interfaces, which allows it to host multiple logical secure elements. A special form of such a Logical Secure Element (LSE) is a logical UICC.

Secured Applications for Mobile (SAM)

The GSMA SAM.01 requirements spec defines a new security domain within the eUICC, the SAM SD, comprised of Application Service Provier (ASP) SDs and SAM Applets:

The new SAM Security Domain creates a space for applets that will be made accessible regardless of how many SIM profiles are active, and so is “always on”:

Presumably this SAM Security Domain will also feature access controls, so that the use of an applet could be restricted where needed.

A SIM profile doesn’t need to be present for a SAM applet to be installed.

A.3 Use Case 3 states:

An End User manages an identity SAM Applet without any Profiles installed.

- There are no Profiles installed on the eUICC.
- Using WiFi, the End User downloads an identity Device Application, which has an associated identity SAM Applet.
- After End User validation, both the identity Device Application and the identity
SAM Applet are installed in the Device and in the eUICC respectively.
- Once configured, the End User can use the Device application associated with the identity SAM Applet without any profiles installed on the eUICC

Therefore, it may be possible in the future to require the presence of a known and expected identity to eg. authorise the provisioning of SIM profiles, allow the use of a SAM applet. A call need not originate from a number, but rather an identity.

MEP + SAM

The combination of Multiple Enabled Profiles and Secure Applications on Mobile means that the end user can install eg. work and personal SIM profiles whilst sharing payment and transport applets.

Without these features the end user would either need the applets to be installed in both SIM profiles or the functionality would be unavailable when switching between eg. work and personal profiles.

The scope for eUICCs as a generalised secure root of trust supported by a well defined and robust provisioning mechanism is likely to facilitate an expanding set of use cases.

Potentially SAM-SD can enable App Stores for SAM Applets. Mode51 Software’s SM-DP+ will support any SAM-SD additions to the SGP.22 spec. Follow us here on Medium and on Twitter.

If Cloudflare’s Zero Trust eSIM features an applet similar to GSMA’s SAFE ( SIM Applet For Secure End-to-End Communication) use case (A.5 in the SAM.01 spec) then this will be an example of an application that can benefit from SAM-SD. Currently it may be a security layer that could be bundled with operators’ profiles, but ultimately the end user should be able to install the transport applet independently of operators. The transport security is equally useful for WiFi connections for example, as well as cellular.