OTA

Over-the-Air -- Remote Smart Card Management

Over-the-Air (OTAOTAPersonalizationRemote card management via mobile network.Click to view →) is a remote management technology that enables mobile network operators to update SIM card content -- applets, file system data, security keys, and configuration parameters -- via SMS or data channel commands sent through the cellular network. OTA eliminates the need for physical card access, allowing operators to provision services, update security credentials, and deploy new applications to millions of SIMSIMApplicationSmart card for mobile network authentication.Click to view → cards simultaneously.

OTA Architecture

The OTA platform consists of a server-side Card Management System (CMS) that generates update commands, an OTA gateway that encapsulates commands into bearer-specific messages (typically SMS-PP), and the SIM card's OTA runtime environment that receives, authenticates, and executes the commands. The SIM verifies each incoming OTA command using cryptographic keys (either 3DES or AES based) pre-loaded during electrical personalization. This ensures that only authorized platform operators can modify the card content.

Security Framework

OTA security relies on the ETSI TS 102.225 Secure Packet Structure, which provides integrity protection (via cryptographic checksums), replay protection (via counters), and optional confidentiality (via encryption) for each message. The security level is configured per card during personalization and determines whether commands require only integrity verification or full encryption. Modern deployments use AESAESCryptographyNIST symmetric block cipher for smart card encryption.Click to view →-based OTA with 128-bit keys, replacing the legacy 3DES mechanism that earlier generations used.

OTA vs RSP

While OTA manages content on traditional SIM cards (updating applets, changing files), RSP (Remote SIM Provisioning) manages entire operator profiles on eSIM/eUICC devices. OTA operates within a single operator context, using the operators own keys and platform. RSPRSPApplicationOver-the-air SIM profile management.Click to view → operates across operators, enabling profile download from any SM-DP+ server. In modern eSIM deployments, both technologies coexist: RSP handles profile lifecycle (download, enable, disable, delete), while OTA handles post-installation updates within the active profile.