Subscription Profile
ProvisioningA downloadable software package containing all the data and applications needed to access a mobile network operator's services. A profile includes IMSI, Ki, OPc, network access applications, operator applets, and file system data -- essentially a complete virtual SIM card that can be remotely installed on an eUICC.
What Is a Subscription Profile?
A SIM package for eSIM devices." data-category="Provisioning">subscription profile is a downloadable software package that contains every credential and application needed for a device to connect to a mobile network operator's services. In practical terms, it is a virtual SIM card -- an IMSI, authentication keys (Ki, OPc), network access applications, operator-specific applets, and a complete file system -- bundled into a single encrypted container that can be remotely installed on an eUICC.
Profiles are generated by the SM-DP+ server and delivered over the air to consumer devices through the LPA or pushed to headless IoT modules via M2M provisioning infrastructure.
Profile Structure
Every subscription profile follows the GSMA SGP.22 specification and is organized into three layers:
- Telecom layer -- USIM, ISIM, and CSIM applications providing 3GPP/3GPP2 network authentication. This layer holds the IMSI, Ki, OPc, and SUPI values the network uses to authenticate the subscriber.
- Operator applet layer -- value-added service applets such as STK menus, OTA management applets, and carrier-branded applications that execute on the JavaCard runtime inside the eUICC.
- Policy rules -- Profile Policy Rules (PPR) and operator lock policies that govern whether the profile can be disabled, deleted, or transferred to another eSIM device.
Lifecycle Operations
A profile passes through clearly defined states managed by the eUICC operating system:
| State | Description |
|---|---|
| New | Downloaded but not yet installed |
| Installed-Disabled | Installed on eUICC, not active |
| Installed-Enabled | Active profile providing network service |
| Deleted | Permanently removed from eUICC storage |
Only one profile per eUICC can be in the Enabled state at a time on consumer devices, though M2M provisioning platforms support concurrent multi-profile operation for specialized IoT gateways.
Security Considerations
Profile data is encrypted end-to-end between SM-DP+ and the target eUICC using ECKA (Elliptic Curve Key Agreement). The transport key is unique per download session, and the profile package includes integrity checksums verified by the eUICC before installation. This ensures that neither the mobile network nor intermediate infrastructure can inspect or tamper with the profile contents.
Related Content
Secure Channel Protocols (SCP02/SCP03)
Standards & Protocols…see HSM Integration . For the SCP03 usage in eSIM profile packaging, see eSIM Remote Provisioning .
eSIM and Remote SIM Provisioning
Industry Applications…physical SIM card, an eSIM is a soldered chip whose operator profile can be loaded, swapped, or deleted entirely over the air —…
SIM to eSIM Migration Guide
Industry Applications…Microsoft Intune, VMware Workspace ONE) must support eSIM profile push for zero-touch provisioning. Roaming policy —…
Perguntas frequentes
The smart card glossary is a comprehensive reference of technical terms, acronyms, and concepts used in smart card technology. It covers protocols (APDU, T=0, T=1), security (Common Criteria, EAL, HSM), hardware (SE, EEPROM, contact pad), and applications (EMV, ePassport, eSIM). It serves developers, product managers, and engineers.
Yes. SmartCardFYI provides glossary definitions in 15 languages including English, Korean, Japanese, Chinese, Spanish, Portuguese, Hindi, Arabic, French, Russian, German, Turkish, Vietnamese, Indonesian, and Thai.