A story of sticky notes, rule enforcers, and rules etched in stone that even factory reset can't erase
What if you accidentally deleted your work key? What if you disabled a key your carrier requires? That's why every vault has three pillars of protection: PPRs (sticky notes on individual keys), the RAT (the rulebook: who can use which rules), and the PPE (the bouncer that enforces everything).
PPR1 is the "always active" rule: the key must stay ON. This is critical for contract phones, work keys, or emergency profiles. The Profile Policy Enabler (PPE): the hardware bouncer inside the vault: blocks any attempt to disable it. No app, no operating system, no hacking can bypass this!
PPR2 is the "undeletable" rule: the key is glued into the vault. This is perfect for work profiles, contract keys, or any profile the carrier or employer needs to keep. Combine PPR1 and PPR2: the key can't be disabled and can't be deleted. Double protection!
The Rules Authorisation Table (RAT) is written when the vault is built: and it cannot be erased, even by a factory reset! It says which operators can use which rules, and whether you must consent. The PPE enforces everything in hardware. Both the Assistant and the Vault independently verify: double protection!
On MEP vaults (multiple enabled profiles), PPR1 ("can't disable") doesn't make sense: multiple keys can be active at once! So PPR1 is banned on MEP vaults. Smart exceptions exist too: test keys temporarily override PPR1, and provisioning profiles work during initial setup even with rules active.
The RAT is written into the vault at the factory and survives even a complete memory wipe. It's the one thing on your eSIM chip that can NEVER be changed by anyone: not by you, not by your carrier, not even by the phone manufacturer. It's the technological equivalent of "etched in stone"!
๐ข Next: Your Work Keycard โ