Subscription Profile
ProvisioningA downloadable software package containing all the data and applications needed to access a mobile network operator's services. A profile includes IMSI, Ki, OPc, network access applications, operator applets, and file system data -- essentially a complete virtual SIM card that can be remotely installed on an eUICC.
What Is a Subscription Profile?
A subscription profilesubscription profileProvisioningDownloadable virtual SIMSIMApplicationSmart card for mobile network authentication.Click to view → package for eSIMeSIMApplicationProgrammable embedded SIM chip.Click to view → devices.Click to view → is a downloadable software package that contains every credential and application needed for a device to connect to a mobile network operator's services. In practical terms, it is a virtual SIM card -- an IMSI, authentication keys (Ki, OPc), network access applications, operator-specific applets, and a complete file system -- bundled into a single encrypted container that can be remotely installed on an eUICC.
Profiles are generated by the SM-DP+ server and delivered over the air to consumer devices through the LPA or pushed to headless IoT modules via M2M provisioning infrastructure.
Profile Structure
Every subscription profile follows the GSMA SGP.22 specification and is organized into three layers:
- Telecom layer -- USIM, ISIMISIMApplicationSIM integrated into device SoC.Click to view →, and CSIM applications providing 3GPP/3GPP2 network authentication. This layer holds the IMSI, Ki, OPc, and SUPI values the network uses to authenticate the subscriber.
- Operator applet layer -- value-added service applets such as STK menus, OTAOTAPersonalizationRemote card management via mobile network.Click to view → management applets, and carrier-branded applications that execute on the JavaCard runtime inside the eUICCeUICCProvisioningReprogrammable SIM chip supporting remote profile switching.Click to view →.
- Policy rules -- Profile Policy Rules (PPR) and operator lock policies that govern whether the profile can be disabled, deleted, or transferred to another eSIM device.
Lifecycle Operations
A profile passes through clearly defined states managed by the eUICC operating system:
| State | Description |
|---|---|
| New | Downloaded but not yet installed |
| Installed-Disabled | Installed on eUICC, not active |
| Installed-Enabled | Active profile providing network service |
| Deleted | Permanently removed from eUICC storage |
Only one profile per eUICC can be in the Enabled state at a time on consumer devices, though M2M provisioning platforms support concurrent multi-profile operation for specialized IoT gateways.
Security Considerations
Profile data is encrypted end-to-end between SM-DP+ and the target eUICC using ECKA (Elliptic Curve Key Agreement). The transport key is unique per download session, and the profile package includes integrity checksums verified by the eUICC before installation. This ensures that neither the mobile network nor intermediate infrastructure can inspect or tamper with the profile contents.
Related Content
常见问题
The smart card glossary is a comprehensive reference of technical terms, acronyms, and concepts used in smart card technology. It covers protocols (APDU, T=0, T=1), security (Common Criteria, EAL, HSM), hardware (SE, EEPROM, contact pad), and applications (EMV, ePassport, eSIM). It serves developers, product managers, and engineers.
Yes. SmartCardFYI provides glossary definitions in 15 languages including English, Korean, Japanese, Chinese, Spanish, Portuguese, Hindi, Arabic, French, Russian, German, Turkish, Vietnamese, Indonesian, and Thai.