eSIM technology essentially replaces the need for the distribution of physical SIM cards that allow devices to connect to mobile networks. Instead, the data stored on those SIM cards (represented by a coloured dot) is sent directly to the mobile device in a highly secure manner over the Internet.
Upon arrival into the device, this data profile is required to be stored securely, and for this purpose a secure chip, soldered into the device (called an eUICC) is used. This chip is able to store multiple profiles from different MNOs.
In order for the mobile network operator (MNO) to correctly bill a subscriber for mobile service use, they need to be sure that it is the subscriber using those services and not, say, a hacker. To do this, they share an identity (called the International Mobile Subscriber Identity or IMSI) and a cryptographic secret with the subscriber, both of which are later used to identity and authenticate that subscriber every time they use mobile services.
The SIM card is an ideal medium for sharing such information as it is portable and tamperproof, meaning the data stored on it cannot be read, which in turn, means the SIM card cannot be copied.
In addition, the SIM card is able to store other data and even applications. A SIM card from one MNO will have a different data profile to a SIM card from another MNO (signified by a different coloured dot).
Because the SIM card is also removeable, the subscriber can easily change from one device to another (subject to the new device having the same SIM form factor).
In order for a device to connected to a mobile network via eSIM, it needs to know the Internet address of the MNO’s subscription management platform (SM-DP+). The device also needs to have a unique reference to the eSIM Profile stored on that platform (Activation Code Token).
The most basic way is for these two items of information to be provided in the form of a QR code (Activation Code), which when scanned by the camera of the device, will cause it to reach out to the MNO and download the required eSIM profile.
For devices having no camera, this code can be manually copy pasted from an email or text message.
There is another activation method, called Discovery Service, where the MNO can target an eSIM profile to a particular device, which will automatically receive that profile a few seconds later, or as soon as it is next switched on.
For devices capable of running mobile apps, this looks to be a popular way for branded entities to activate devices – the app may also include plan selection and payment.