sim-cardtelecommunicationtelecomuicc

Does SM-DP+ has access to MNO specific keys in the eSIM realm?


As you know in the eSIM realm, for the customer model, SM-DP+ is responsible for loading the MNO provided profile into the eSIM chip; and, after loading such profile, the final end-user, can authenticate himself/herself to the MNO network in order to utilize operator services. Additionally, utilizing such profile in the eSIM, the MNO is provided with the capability to communicate securely with the eSIM, on a communication channel different from the one SM-DP+ utilized.

enter image description here

My question is about the separation of the accesses. More specifically, given that the profile is loaded by the SM-DP+, I am curios to know whether the SM-DP+ has access to the user's authentication keys for the MNO network authentication (such as Ki)? And whether the SM-DP+ has access to the MNO-SD OTA keys?

One may answer "No" to both questions I asked above; but, in that case, given that the profile is loaded by the SM-DP+, I can imagine only two scenarios to prevent such problem:

  1. MNO provides the profile containing network authentication keys and MNO-SD OTA keys in an encrypted format that the SM-DP+ is not able to decrypt.
  2. The profile MNO provides to the SM-DP+, does not have these field inside, but only some primary initial information that helps the user to load such parameters on a different channel.

For the first approach, the eSIM shall already contain a pre-shared key between the MNO and the eSIM, which is not the case; the manufacturer only loads the eSIM with SM-DP+ authentication keys in first step.

And for the second approach, the SM-DP+ still has access to the keys that can be misused by it to obtain MNO and user credentials that are not necessary for SM-DP+ functionalities.

So, can someone please clarify how the access to the MNO credentials are controlled in eSIM realm? Are SM-DP+ entities fully trusted by different MNOs to have all the keys in plaintext?


Solution

  • the IPP that is transferred through ES8+ to eSIM contains everything. and DP+ is the one encrypting it. so it is the trusted party in the ecosystem. in case other keys are generated/put through OTA in the enabled ISD-P (after installation), then with a proper implementation its not possible to extract them in a commercial eSIM, but it cannot include the Ki.