SM-DP+, SM-DS, RSP explained

GSMA defines a family of components for remote provisioning. GeSIM integrates with these components to issue profiles and enable device downloads.

SM-DP+ (Subscription Manager — Data Preparation plus)

Role: prepares operator profile packages (encrypted per-device where applicable), signs and stores them, authorizes profile downloads and issues provisioning receipts.

What GeSIM expects from SM-DP+:

  • REST (or mutual-TLS) APIs to request profile creation, query profile status and revoke profiles.

  • Signed Provisioning Receipts for each profile creation (cryptographically signed by an operator/SM-DP+ key).

  • Secure storage of generated profile blobs and audit logs.

Typical SM-DP+ API calls (conceptual)

  • POST /profiles — create profile (request body includes: planId, deviceEID (or binding policy), profileType, validity).

  • GET /profiles/{id}/status — provisioning status.

  • POST /profiles/{id}/revoke — revoke profile.

Best practice: SM-DP+ must sign receipts with an operator key whose public key is recorded in an on-chain CarrierRegistry (fingerprint or public key), so GeSIM can verify provenance.

SM-DS (Subscription Manager — Discovery Server)

Role: acts as a directory/discovery layer enabling devices to locate the correct SM-DP+ that holds their profile or to initiate the right provisioning flow. SM-DS is particularly important in multi-SM-DP+ ecosystems. GeSIM responsibilities: ensure SM-DS entries map to the right SM-DP+ instances and that the discovery flow is tested across supported carriers/regions.

RSP (Remote SIM Provisioning — device flow)

Role: the device-side protocol used by the eUICC to fetch, install, and activate a profile from SM-DP+ (or discovered SM-DP+ via SM-DS). RSP handles download, integrity checks, and activation.

Device activation flow (conceptual):

  1. Device (eUICC) receives activation token/QR from GeSIM app.

  2. Device contacts SM-DP+ (or via SM-DS discovery) using RSP.

  3. SM-DP+ authenticates device and delivers the encrypted profile blob.

  4. Device installs profile, checks integrity, and activates.

Important device constraints: some devices restrict profile installation by EID, IMEI, or OS policy; GeSIM must verify device compatibility before purchase (server-side check) and present fallback flows.

PreviouseSIM BasicsNextPayment Rails (Stablecoin, Fiat On/Off Ramps)

Last updated