GSMA specs
The GSMA (GSM Association) defines the global technical and security standards that govern eSIM (embedded SIM) technology.
GeSIM aligns with these specifications to ensure carrier interoperability, device compatibility, and secure provisioning across all regions.
🔹 GSMA SGP.02 – Remote SIM Provisioning (RSP) for M2M Devices
Defines the original architecture for machine-to-machine (M2M) eSIM usage (IoT modules, connected cars, industrial sensors).
Introduces the SM-SR (Subscription Manager – Secure Routing) component.
Key features:
Profiles are downloaded and managed remotely without physical SIM swaps.
Designed for long lifecycle devices (cars, meters, industrial IoT).
While GeSIM is consumer-first, this spec matters for future IoT expansion (e.g., roaming smart devices).
🔹 GSMA SGP.22 – Consumer eSIM (SM-DP+)
The core standard for consumer eSIM provisioning (used in iPhones, Androids, wearables).
Introduces the SM-DP+ (Subscription Manager – Data Preparation) role.
Key elements:
SM-DP+ securely packages and encrypts the eSIM profile (ICCID + IMSI + keys).
Device initiates Download & Install request (via QR code or activation code).
Carrier credentials remain confidential & encrypted during delivery.
GeSIM integrates directly with EsimAccess SM-DP+ APIs, ensuring compliance with SGP.22.
🔹 GSMA SGP.32 – Discovery Service (SM-DS)
Introduces the SM-DS (Subscription Manager – Discovery Service), which helps devices discover available eSIM profiles automatically.
Enables zero-touch provisioning → user doesn’t need to scan QR codes.
Key benefits:
A device can query SM-DS at boot or SIM reset.
SM-DS responds with pointers to available SM-DP+ instances.
Simplifies multi-carrier support and improves user experience.
GeSIM will integrate SM-DS in later stages to support fully automated provisioning for partner carriers.
🔹 GSMA SGP.21 – Technical Specification for RSP Architecture
Provides detailed protocol-level specs for RSP system components (SM-DP+, SM-DS, devices).
Defines:
APDU (Application Protocol Data Unit) exchanges between device and SM-DP+.
Security frameworks (TLS, profile encryption, certificate-based authentication).
Error handling and fallback during profile installation.
GeSIM uses these standards to ensure that carrier onboarding → provisioning → activation follows strict GSMA security flows.
🔹 GSMA SGP.23 – Compliance & Security Accreditation (SAS-SM)
Defines the Security Accreditation Scheme for Subscription Managers (SAS-SM).
Any SM-DP+ or SM-DS operator must be audited and certified against SAS-SM.
Ensures:
Strong encryption (AES-256, ECC) for profile transfer.
Secure key management and hardware security modules (HSMs).
Independent audit of SM-DP+ operators.
GeSIM leverages certified SM-DP+ partners (EsimAccess) to remain compliant.
🔹 GSMA RSP v3 (Emerging)
The next-generation standard, still in evolution.
Introduces:
Multi-profile management → users can hold multiple operator profiles seamlessly.
Cross-device synchronization → same profile across phone + watch + tablet.
Cloud-first discovery → more advanced than SM-DS.
GeSIM’s AI-powered Smart Network Switch is designed with RSP v3 readiness in mind, ensuring future-proofing.
🔹 Why GSMA Specs Matter for GeSIM
Carrier Trust → Without compliance, MNOs will not integrate.
Device Compatibility → Apple, Samsung, Google, etc., require strict adherence to SGP.22+.
Security → Protects user identity (IMSI, keys) during provisioning.
Scalability → SM-DS and RSPv3 allow GeSIM to scale into IoT + consumer wearables beyond mobile phones.
✅ In short: By building on GSMA specs (SGP.02, SGP.22, SGP.32, SGP.21, SAS-SM, RSPv3), GeSIM ensures it is globally interoperable, secure, and future-ready, giving carriers and investors confidence that this is a standards-aligned project.
Last updated