eUICC Internal Architecture

GSMA SGP.22 — Root of Trust, Profile Isolation, and Security Domains

eUICC — Java Card 3.0.4 Classic ECASD Root of Trust SK.EUICC.ECDSA — Private Key CERT.EUICC.ECDSA — Chip Identity PK.CI.ECDSA — GSMA CI Public Key CERT.EUM.ECDSA — Manufacturer Cert Installed at manufacture • Never modified ISD-R Profile Manager Creates ISD-P containers Enforces Profile Policy Rules Reads Profile Metadata One per eUICC • Cannot be deleted Sign + Verify ISD-P (Profile A) Enabled ✓ MNO-SD — OTA Keys NAA — USIM/ISIM File System — EF_ICCID Applets, SSDs, CASD Isolated — cannot see other ISD-Ps ISD-P (Profile B) Disabled MNO-SD — dormant NAA — not selectable File System — hidden One ISD-P per Profile Create/Manage Profile Policy Enabler (PPE) Enforces ppr1/ppr2/ppr3 rules Telecom Framework REFRESH, File Selection, NAA Profile Package Interp. Decodes BPP → installs Profile LPA Services ES10a/b/c interface endpoints eUICC Operating System Isolation: GlobalPlatform Security Domains • Certified GSMA SAS-UP manufacturing

Based on GSMA SGP.22 v2.2.2 — Sections 2.4.1–2.4.12