Deutsche Telekom’s OneApp: eSIM Chapter
Before moving on to the part where eSIMs become relevant from OneApp’s perspective, let’s first understand what eSIMs are & how they work.
What is an eSIM?
An embedded-SIM (eSIM) or embedded universal integrated circuit card (eUICC) is a form of programmable SIM card that is embedded directly into a device. eSIMs were the offering of an initiative by GSMA to develop a new SIM standard that allows re-programmability and remote activation, giving customers the ability to switch carriers without getting a new physical SIM card each time.
In recent years many devices such as smartphones, smart watches and laptops have started being equipped with these embedded SIM cards, which have the possibility to be reprogrammed with new subscription data i.e. an eSIM profile. The eSIM profile is the collective name for all the data and applications that would normally have been put on the physical SIM card, and is simply downloaded and installed on the device over the network through a process called remote SIM provisioning.
So, the end user is able to compare and instantly switch between different mobile carriers and subscription plans, as opposed to longer wait times associated with the procurement of a new physical SIM card on each carrier switch.
How eSIMs work?
The end-to-end process for using a service via eSIM involves four entities; the mobile operator, a server controlled by the operator where the eSIM profiles are created and downloaded from (called an SM-DP+ server), a device with an eSIM, and the end user.
The process of ordering an eSIM is a 4-part process:
1. Contract Subscription:
For the end user, the contract subscription part works just as it does with physical SIM cards. The end user decides which operator to get the service from and gets in contact with the operator. Operator acquires all the information they need to proceed to the next step in the process, such as personal details and billing information. During this step, the operator may also optionally acquire information about the target device, such as EID (eUICC Identifier) and IMEI (International Mobile Equipment Identity). If they are acquired, the operator may at this point verify that the target device has eSIM support, and if not, this check will in any case always be performed again at a later stage before downloading the profile. Also, in most cases the end user is able to select what target device the profile is to be installed on by indicating the manufacturer and model of the device to the operator, which results in the operator selecting the appropriate eSIM profile for the device. If the contract subscription succeeds, then the download preparation is started.
2. Download Preparation:
From the operator’s perspective, this process is the same as with physical SIM cards but with the difference that the data produced is not put into a physical SIM card but are kept by the SM-DP+ server as an eSIM profile. Here’s how the process works:
§ The operator calls the SM-DP+ server with relevant input requesting it to prepare a new profile for download.
§ The SM-DP+ server now reserves an ICCID for the request either by picking one from its inventory or by being provided one from the operator. It also picks the protected profile package related to the selected ICCID from its inventory or creates a new protected profile package corresponding to the ICCID.
§ The SM-DP+ server responds with the selected ICCID to the operator, who now, since the ICCID is known, can perform other necessary back-end operations such as the provisioning of the HLR (Home Location Register).
§ A MatchingID is generated and associated with the ICCID for later identifying the profile in the download process.
§ If the operator requires the end user to enter a confirmation code to be able to download the profile, this code is also sent to the SM-DP+ server.
3. Contract Finalisation:
In the contract finalisation part, the operator provides the end user with all the necessary information needed for the download of the eSIM profile. An Activation Code is shared, which may be in the form of a QR code, containing the SM-DP+ server address and the MatchingID. If the operator requires the end user to enter the optional confirmation code, this is also provided but separate from the Activation Code.
4. Subscription Activation (Optional)
The subscription activation process is optional and only used when the operator could not perform all the necessary back-end operations during the Download Preparation phase. If this is the case the operator must notify the SM-DP+ when this is done so that the profile can be downloaded. If the end user tries to download the profile before this is done, an error will be returned.
Download Profile:
When all the steps in the previous section have been performed the profile is ready to be downloaded and installed. This is initiated by the end user by providing the activation code to the LPA (Local Profile Assistant) through the LUI (Local User Interface) either by manually typing the activation code or scanning it through a QR code. The LPA parses the activation code and retrieves the SM-DP+ address and the activation code token, which is the same as the MatchingID in the SM-DP+. If a confirmation code is required the user is requested to input the confirmation code provided by the operator. The LPA will now initiate the common mutual authentication procedure, which authenticates the eUICC to the SM-DP+ as well as the other way around. When authentication is done, the SM-DP+ finds the pending profile download order based on the MatchingID provided by the LPA and if the profile is already linked to an EID, verifies that it is the EID of the authenticated eUICC and checks that the profile is in such a state that it can be downloaded. It also performs an eligibility check making sure that the profile is compatible with the target eUICC based on the information sent by the device and that the eUICC is able to install one more profile. If this succeeds, the SM-DP+ might check if the confirmation code is correct (if applicable). If it is, the download can begin.
eSIM Flow on iOS:
There are 2 ways to activate an eSIM on iOS:
1. From OS Settings:
a. Go to Settings > Cellular, then tap ‘Add Cellular Plan’.
b. Position iPhone so that the QR code provided by the carrier appears in the frame, or enter the details manually. In case of manual setup, 3 fields need to be populated by the user:
1. SM-DP+ Address
2. Activation Code
3. Confirmation Code (optional, if provided by the carrier)
In the above flow, any app can behave as the eSIM App, as no special privileges or entitlements are needed.
2. Using a carrier app:
For an iOS app to qualify as a carrier app, an entitlement from Apple is required. To enable native installation support, the required entitlement can be requested from: esim-access-entitlement using the Apple developer account.
After approval by Apple, new Development & Distribution provisioning profiles can be generated with the eSIM entitlement added to them. The next step is to add the following key-value pair to the .entitlements file in your app:
Before accessing the CoreTelephony’s eSIM functions, the framework CoreTelephony needs to be imported to the app’s target under
‘General > Frameworks, Libraries, and Embedded Content’.
Also, for the eSIM functions to work as intended, note that an array with the key ‘CarrierDescriptors’ needs to be added as well to the app’s info.plist file.
With these steps performed, the app gets access to the CTCellularPlanProvisioning class.
This class has the following members:
1. func supportsCellularPlan() -> Bool
The Boolean value returned by this function is true if the device supports the eSIM functionality, else false.
The API exposed by Apple to activate & add an eSIM profile to the device.
CTCellularPlanProvisioningRequest needs to be passed as a parameter here, which has the following properties:
a. ‘address’: SM-DP+ address
b. ‘matchingID’: Matching ID (called Activation Code in the Settings flow above)
c. ‘confirmationCode’: Confirmation Code, if provided by the carrier
among other optional properties like eUICC Identifier (eid), ICCID (iccid) and Object Identifier (oid).
3. CTCellularPlanProvisioningAddPlanResult
This enumeration tells the app whether the eSIM was activated successfully or not.
In the above flow, on iOS, only apps with the eSIM entitlement can behave as the eSIM App.
OneApp + eSIM:
OneApp allows users to request & install eSIM profiles from within the app itself. Not only is this a big improvement in user experience, it is poised to deliver better business results, since it can be used to target new users, as well as existing ones, as illustrated by the following example use-cases:
§ For a new user roaming across European states, who requires a prepaid service, the convenient eSIM request & installation would save a lot of trouble & hassle.
§ For an existing user prolonging their contract, or a user with an eSIM capable service, their current physical SIM cards can be easily swapped with an eSIM as a part of the OneApp Selfcare offerings.
eSIM installation using OneApp:
Whenever an eSIM activation code is ready to be used for installation, the ‘supportsCellularPlan’ API mentioned above is used to determine if native installation is supported or not.
With native installation supported, tapping on the Install eSIM button opens up the iOS system wizard for adding an eSIM to the iPhone.
If native installation isn’t supported, the user can copy the SM-DP+ Address & the Activation Code separately to add the eSIM via the OS Settings flow as described above.
Alternatively, the QR code shown can be scanned to install on any eSIM-supported device.
