Comprehensive technical knowledge base covering 12 GSMA eSIM specifications. 84+ articles on Remote SIM Provisioning — SGP.02, SGP.22, SGP.32, SGP.41, SGP.29, SGP.23, SGP.25, SGP.26 and more.
Imagine… you’re at school and you need a permission slip to go on a field trip. You could get it two ways: your teacher hands it to you directly, or your parent picks it up from the office and brings it to you. IoT devices get their “permission slips” (called profiles) the exact same way: directly or indirectly!
In Direct Download, the device’s translator (IPA) talks straight to the profile factory (SM-DP+). The remote control centre just says “go get it!” and sends a secret code (Activation Code) to kick things off.
No QR codes, no cameras, no humans: the code arrives through the air. The translator does all the work, fetching the profile and installing it on the chip.
Sometimes the device can’t reach the profile factory: maybe it’s on a super-slow network, or it doesn’t have full internet access. In Indirect Download, the remote control centre (eIM) handles everything:
The device never talks to the factory at all! It’s like having a friend pick up your parcel because you can’t leave the house.
Here’s the cleverest part. Instead of sending commands one at a time (like “enable this profile,” “disable that one”), the control centre bundles everything into one signed digital envelope called an eIM Package.
The package contains:
When the chip receives the package, it:
Every package has a counter value (like a ticket number) that only goes up. The chip remembers the highest number it’s seen. If someone tries to replay an old package with a lower number, the chip says “Nope, I’ve already seen this!” and rejects it.
The counter can go all the way up to 8,388,607: that’s enough for 800 operations every single day for 28 years without running out!