Comprehensive technical knowledge base covering 12 GSMA eSIM specifications. 84+ articles on Remote SIM Provisioning — SGP.02, SGP.22, SGP.32, SGP.41, SGP.29, SGP.23, SGP.25, SGP.26 and more.
You’re ordering the world’s most secure pizza. But this isn’t normal pizza: it’s a digital key for your phone. And to get it safely to you, an entire team of specialists has to work together. Nobody can do it alone. Let’s meet the crew!
This is the star of the show: a tiny, tamper-proof computer chip soldered inside your phone or smartwatch. It’s built in a super-secure factory and can never be opened. If a bad guy tries to poke it open, it self-destructs its secrets!
The Vault has special powers: it can hold multiple profiles (digital keys from different carriers), and it can check ID badges using math so hard that even the world’s fastest computer couldn’t crack it.
A powerful server somewhere on the internet. When your carrier says “make a key for this person,” the Key Maker builds one. But here’s the cool part: it locks the key so it only works in your specific Vault. Even if someone stole the key mid-delivery, it would be useless to them!
Think of this as a digital post office. When the Key Maker finishes your key, it leaves a note at the Notifier: “Hey, phone number XYZ has a package waiting!” Your phone checks this post office now and then, and when it finds a note, it knows exactly where to go pick up the key.
The Notifier never sees the actual key: just the note saying one exists!
This is the app running on your phone. It’s like a helpful messenger who runs between everyone else. When you scan a QR code, the Assistant springs into action. It talks to the Vault inside your phone, talks to the Key Maker on the internet, and carries messages back and forth.
Important: The Assistant is trusted to deliver messages, but it can NEVER see the secret codes inside them. It’s like a postal worker delivering a sealed, locked box.
Your mobile company: the one you pay for service. They tell the Key Maker what kind of profile to build for you.
Here’s the chain of trust:
In the Phone (LPAd): The Assistant app runs on your phone’s main processor. This is how smartphones and tablets do it.
In the Chip (LPAe): For tiny devices like smart sensors or car modules, the Assistant lives right inside the Vault chip itself! No phone needed.
There are thirteen different pathways (called interfaces) connecting these five helpers. Each one has a specific job: some are for ordering keys, some for delivering them, some for checking the post office. It’s like a carefully choreographed dance!
Kid-friendly version of GSMA SGP.22, Section 2: General Architecture