eSIM

To gain access to mobile networks, mobile network operators (MNOs) issue so-called SIM cards (Subscriber Identity Module Cards) to their customers. Each MNO issues its own SIM cards per customer. SIM cards consist of a plastic carrier and a security chip with security keys that grant access to the mobile network. If a customer wanted to change operators, the old SIM card had to be replaced with a new SIM card from the new MNO in the device. SIM cards are usually sent by the MNO via postal mail, which the customer receives a few days after signing the contract.

An eSIM is, simply put, the digital version of the classic SIM card. It consists of a chip (e.g., in the M2FF form factor) that is permanently installed in the mobile phone or router, and a solution for managing mobile profiles, referred to as eUICC (embedded Universal Integrated Circuit Card). eUICC functionality can be provided in different form factors. In the following, the terms eSIM and eUICC are used synonymously for simplicity.

Basically, three different types or solution architectures of eSIMs exist:

M2M eSIM: Machine-to-Machine (M2M) eSIMs are designed for machines and device types without a user interface or user interaction on the device. M2M eSIMs are centrally managed by a management portal or provisioning system and can be transferred to the end device over-the-air (OTA) via SMS. Typically, these are closed systems provided by solution vendors for customers with many end devices. M2M eSIMs are specified according to the SGP.02 standard.
Consumer eSIMs: Consumer eSIMs are issued by MNOs and are used in mobile phones, smartwatches, or routers. Typically, the MNO supplies a QR code or activation code that the customer can use to install the eSIM or profile on the device. Closed or proprietary provisioning systems also exist from certain smartphone manufacturers, enabling the MNO to notify the customer that the eSIM is ready for download. Unlike the M2M eSIM, the end customer must initiate the installation of the eSIM. End devices have software called the Local Profile Assistant (LPA), which establishes encrypted communication between the embedded eSIM/mobile chip and the MNO’s system. Downloading the eSIM profile always requires an existing internet connection, e.g., through the phone’s integrated WLAN. Consumer eSIMs are defined in the SGP.22 standard.
IoT eSIM: IoT eSIMs are designed for a large number of IoT devices and combine part of the LPA functionality on the device with a server for managing the eSIMs. IoT eSIMs are defined in the SGP.32 standard and are the newest of the solution architectures.

LANCOM routers include an eSIM chip in the M2FF form factor with eUICC functionality. This is a consumer eSIM according to the SGP.22 standard. This solution is compatible with common eSIMs issued by MNOs for mobile phones. The eSIM can be used with all mobile profiles for consumer eSIMs according to the SGP.22 standard and is not technically restricted. In principle, eSIMs must be supported by the MNO and must not be limited to specific devices or device types.

As of LCOS 10.94, LANCOM routers support, in addition to classic plastic SIM cards, an eSIM solution in cellular routers. Several prerequisites are required:

At least LCOS 10.94 firmware
Cellular router with integrated on-board eSIM chip
Possibly an update of the WWAN firmware to the minimum version supporting eSIM functionality

The general process of installing an eSIM on a LANCOM router is as follows:

Sign a mobile contract with an MNO.
The MNO supplies a QR code or activation code (both contain the same information, just in different formats) for the eSIM.
The activation code is entered via WEBconfig or the router’s command line. The router then downloads the corresponding profile from the MNO’s server via an existing internet connection (e.g., DSL or fiber) to the integrated chip. The profile is stored permanently in the chip. The activation code contains both the server URL and a code for retrieving the eSIM.
The successfully downloaded eSIM is configured in the router’s WWAN profile table for use.

Note: To download the eSIM, the router requires an existing internet connection, e.g., via DSL or fiber, similar to a mobile phone that requires a WLAN connection. It is technically not possible to download the eSIM via the same device’s WWAN modem, as the eSIM installation process is an exclusive, continuous operation in the mobile chip and the router must switch access from the physical SIM card to the eSIM during this process.

Note: Further notes on usage:

Up to eight eSIM profiles can be stored on the integrated eSIM
eSIMs can be installed and managed via WEBconfig or CLI commands
An optional GSMA test profile, if present on the eSIM, can be safely deleted and serves to simplify testing for MNOs, developers, or certification/test procedures
The eSIM is implemented as a "virtual SIM slot" that can hold up to eight profiles
Only the active eSIM profile is used when the eSIM is referenced as "eSIM-1" in the SIM slot configuration
If the internal cellular modem is unavailable, the eSIM management cannot be accessed
A device reset is not a secure method for deleting eSIM profiles, as it cannot be guaranteed that the modem has access to the eSIM at that moment
To securely delete eSIMs, the profiles must be manually removed via eSIM management. If this is not possible, the corresponding eSIM profile can, as a last resort, be disabled by the MNO, as is already the case with physical SIM cards
eSIMs can generally only be downloaded once and cannot be re-downloaded. eSIMs must explicitly be re-enabled by the MNO for download.
Downloaded eSIMs are permanently tied to the embedded chip and cannot be transferred between different devices.