SM-DP+

SM-DP+ (Subscription Manager - Data Preparation Plus)

SM-DP+ is the server-side component in the GSMA consumer RSP architecture (SGP.22) responsible for securely preparing, storing, and delivering operator profiles to eUICC devices. It replaces the earlier SM-DP/SM-SR split used in M2M deployments with a unified, consumer-friendly server that communicates directly with the target eUICCeUICCProvisioningReprogrammable SIMSIMApplicationSmart card for mobile network authentication.Click to view → chip supporting remote profile switching.Click to view →.

How SM-DP+ Works

The profile delivery process follows a strict cryptographic protocol:

1. Profile ordering — The mobile operator submits a profile order to SM-DP+, including IMSI, Ki, OPc, and network access configuration
2. Profile packaging — SM-DP+ encrypts the profile data into a bound profile package (BPP) targeted at a specific eUICC EIDEIDIdentityNational ID with embedded chip.Click to view →
3. Secure channel — When the device's LPA initiates download, SM-DP+ and eUICC perform mutual authentication using ECC certificates
4. Key agreement — ECKA (Elliptic Curve Key Agreement) establishes session keys for profile encryption
5. Delivery — The encrypted profile segments are transmitted and installed into an ISD-P on the eUICC

Security Model

SM-DP+ maintains a certificate chain rooted at the GSMA CI (Certificate Issuer). Each SM-DP+ must be certified by the GSMA to operate in the global eSIM ecosystem. The server never transmits profile credentials (Ki, OPc) in plaintext — all sensitive data is encrypted end-to-end between SM-DP+ and the target eUICC's ECASD.

Architecture Comparison

Major SM-DP+ platform vendors include Thales, Idemia, Giesecke+Devrient, and Valid, each operating globally redundant infrastructure to support real-time profile delivery.