Guide

How Does eSIM Work? A Simple Explanation

Understand exactly how eSIM technology works — from QR code scanning to profile download to network authentication. Technical concepts explained with real-world analogies anyone can follow.

eSIM.school Team 2026-03-03

#esim-technology #how-esim-works #esim-architecture #esim-profiles #mobile-technology

TL;DR

An eSIM works like a tiny, reprogrammable computer chip inside your phone. When you scan a QR code, your phone contacts a secure cloud server (called SM-DP+), downloads an encrypted carrier profile, and installs it onto the chip — all in about 60 seconds. That profile contains everything your phone needs to authenticate with a mobile network: credentials, settings, and encryption keys. No physical card involved. The same chip can be reprogrammed with different carrier profiles over and over again, which is why you can switch carriers in seconds without opening your phone.

The Big Picture: What Happens When You Activate an eSIM?

Before we get into the technical details, here is the 30-second version of what happens every time you activate an eSIM:

You buy an eSIM plan — from a carrier, a travel eSIM provider, or an app
You receive a QR code (or activation link) — this is your “key” to download the profile
Your phone contacts a secure server — called SM-DP+, which stores your carrier profile
The profile downloads and installs — encrypted credentials, network settings, everything
Your phone connects to the network — authentication happens automatically, just like a physical SIM

The entire process takes 1-3 minutes. But behind those 1-3 minutes, there is an elegant system of encryption, authentication, and remote provisioning that keeps everything secure and seamless.

Let’s unpack each layer.

Step 1: The Hardware — What’s Actually Inside Your Phone

The eUICC Chip

The heart of eSIM is a tiny chip called the eUICC — that stands for embedded Universal Integrated Circuit Card. Don’t worry about the name. Think of it like this:

Analogy: A traditional SIM card is like a printed boarding pass — it has one set of information baked in. An eUICC chip is like a blank e-ink display — it can show any boarding pass you load onto it, and you can change it whenever you want.

The eUICC chip is about 5mm x 5mm (smaller than your pinky fingernail) and is soldered permanently onto your phone’s motherboard during manufacturing. It contains:

A secure processor — a small CPU that handles encryption and authentication
Secure storage — encrypted memory that holds carrier profiles (usually 8-20 profiles)
A crypto engine — hardware-level encryption that protects everything stored on the chip
A small operating system — called the ISD-R (Issuer Security Domain - Root), which manages profile installation and switching

The key difference from a traditional SIM card: a regular SIM comes from the factory with one carrier’s information permanently written on it. An eUICC ships blank and can be programmed, erased, and reprogrammed with different carrier profiles — remotely, over the internet.

What About iSIM?

You might hear about iSIM (integrated SIM) — this is the next evolution. Instead of a separate chip soldered onto the motherboard, iSIM bakes the SIM functionality directly into the phone’s main processor (SoC). Qualcomm’s Snapdragon 8 Gen 2 and later support iSIM. It works identically from a user perspective, just even smaller and more integrated.

Step 2: The QR Code — More Than Meets the Eye

When you buy an eSIM plan and receive a QR code, that QR code is not the eSIM profile itself. It is more like a set of instructions that tells your phone where to go to download the profile.

Here is what is actually encoded inside an eSIM QR code:

LPA:1$smdp.example.com$ACTIVATION-CODE-HERE

Breaking that down:

Component	What It Is	Analogy
`LPA:1`	Protocol identifier — tells your phone this is an eSIM activation code	Like “https://” tells your browser it is a web address
`smdp.example.com`	The SM-DP+ server address — where your profile is stored	Like a restaurant’s address on a delivery app
`ACTIVATION-CODE-HERE`	Your unique activation code — proves you paid for this profile	Like an order confirmation number

Some QR codes also include an optional confirmation code for extra security (like a PIN you must enter during setup).

Analogy: Think of the QR code as a movie ticket. The ticket itself is not the movie — it is proof that you bought a seat, and it tells you which theater (server) and which screen (activation code) to go to. The actual movie (carrier profile) streams when you arrive.

What If You Don’t Have a QR Code?

Not all eSIM activations require scanning a QR code. There are three activation methods:

QR code scan — the most common method for travel eSIMs
Manual activation code — you type in the SM-DP+ address and activation code manually (useful if you can’t scan)
Carrier app / push activation — the carrier’s app triggers the download directly (common with major carriers like T-Mobile, EE, Vodafone)

All three methods achieve the same thing: they tell your phone where to download the carrier profile from.

For step-by-step activation instructions on specific devices, see our iPhone eSIM Setup Guide or Samsung eSIM Setup Guide.

Step 3: The Brains of the Operation — SM-DP+ and SM-DS

This is where eSIM gets genuinely clever. Behind every eSIM activation, there are two critical servers working in the background.

SM-DP+ (Subscription Manager - Data Preparation)

The SM-DP+ is the star of the show. It is a secure cloud server that:

Stores carrier profiles — when a carrier creates an eSIM plan, the profile is uploaded to an SM-DP+ server
Encrypts and packages profiles — each profile is encrypted specifically for the target eUICC chip
Delivers profiles to your phone — when you scan the QR code, your phone contacts this server to download the profile

Analogy: The SM-DP+ is like a secure vault at a car dealership. When you buy a car (eSIM plan), the dealership doesn’t hand you a physical key. Instead, they program a digital key (carrier profile) in their secure vault, and when you show your purchase receipt (QR code), they beam the digital key to your car (phone) over a secure connection.

Here is the clever part: the SM-DP+ encrypts each profile specifically for your eUICC chip. Even if someone intercepted the data during download, they couldn’t install it on a different device. The profile and the chip are cryptographically bound.

SM-DS (Subscription Manager - Discovery Service)

The SM-DS is like a post office directory. It helps your phone find the right SM-DP+ server when the carrier uses push activation (instead of a QR code).

Here is how it works:

A carrier creates a profile for you on their SM-DP+ server
The SM-DP+ registers a notification with the SM-DS: “Hey, there’s a profile waiting for device #XYZ”
Your phone periodically checks the SM-DS: “Any profiles waiting for me?”
The SM-DS responds: “Yes, go to this SM-DP+ server to download it”

Most consumers never interact with or even know about the SM-DS. It works entirely in the background. You only encounter it when a carrier sends you an eSIM profile without a QR code — the “push” method.

The Full Download Sequence

Here is the complete technical flow when you scan a QR code:

You scan QR code
    ↓
Phone reads SM-DP+ address + activation code from QR
    ↓
Phone's LPA (Local Profile Assistant) contacts SM-DP+ server
    ↓
SM-DP+ verifies: "Is this activation code valid? Is this eUICC legitimate?"
    ↓
Mutual authentication (SM-DP+ and eUICC verify each other's identity)
    ↓
SM-DP+ encrypts the carrier profile specifically for your eUICC
    ↓
Profile downloads over HTTPS (TLS 1.2/1.3 encrypted)
    ↓
eUICC decrypts and installs the profile into secure storage
    ↓
Phone displays: "eSIM installed successfully" ✓

The whole process takes 30-90 seconds on a decent internet connection.

Step 4: The Carrier Profile — What’s Actually Downloaded?

When people say “download an eSIM,” what gets downloaded is a carrier profile (technically called an eSIM profile or operator profile). It is a small data package — typically 50-200 KB — that contains everything your phone needs to connect to a specific mobile network.

Here is what is inside:

Component	What It Does	Physical SIM Equivalent
IMSI (International Mobile Subscriber Identity)	Your unique subscriber ID on the carrier’s network	Printed on the SIM card chip
Ki (Authentication Key)	Secret key used to prove your identity to the network	Burned into the SIM card during manufacturing
OPc (Operator Variant Algorithm Configuration)	Carrier-specific authentication parameter	Burned into the SIM card
APN settings	Access Point Name — tells your phone how to connect to the internet	Configured on the SIM or manually entered
PLMN list	Preferred/allowed network list — which networks you can roam on	Stored on the SIM card
Carrier branding	Carrier name, logo, customer service numbers	Stored on the SIM card
Applets	Small programs (like carrier apps or STK menus)	SIM toolkit applications

Analogy: If connecting to a mobile network is like checking into a hotel, the carrier profile is your complete reservation package: your booking confirmation (IMSI), the room key code (Ki), the hotel’s access rules (APN), and a list of partner hotels you can use if this one is full (PLMN roaming list).

Profile Size and Storage

A single eSIM profile is tiny — about 50 to 200 KB. That is smaller than a single photo on your phone. Modern eUICC chips have enough secure storage for 8-20 profiles, though typically only 1-2 can be active simultaneously (the rest are stored but dormant).

Step 5: Network Authentication — Proving You Belong

Once the carrier profile is installed, your phone needs to prove to the network that it is a legitimate subscriber. This process is identical whether you use an eSIM or a physical SIM — the network cannot tell the difference.

Here is the authentication dance, simplified:

The Challenge-Response Handshake

Your phone says: “Hi, I’d like to connect. My subscriber ID is [IMSI].”
The network responds: “Prove it. Here’s a random number: 7392847561.” (This is the “challenge.”)
Your eSIM chip does math: Using the secret Ki key stored in the profile, the eUICC’s crypto engine encrypts the random number using the AES algorithm.
Your phone sends back: “Here’s my answer: A4F2C8E1B3.” (This is the “response.”)
The network checks: The carrier has a copy of your Ki key. It performs the same encryption on the same random number. If the answers match → you are authenticated. If not → access denied.

Analogy: It is like a secret handshake. Imagine you and your friend agreed on a special rule: “multiply any number by 7, then add 3.” Someone says “give me 5,” and you respond “38.” Only someone who knows the rule gets the right answer. The Ki key is that secret rule — and it never leaves the chip.

Why This Is Secure

The beauty of this system is that the Ki key never travels over the air. The network sends a random challenge, and the phone sends back only the encrypted result. Even if someone intercepts every single radio transmission, they cannot reverse-engineer the Ki key from the responses (AES encryption is mathematically infeasible to reverse without the key).

This is the same security model used by physical SIM cards since the 1990s — battle-tested and trusted by every carrier on Earth.

Step 6: Multiple Profiles — How Switching Works

One of eSIM’s most powerful features is storing multiple carrier profiles on a single device. Here is how profile management works:

Profile States

Each eSIM profile on your device is in one of three states:

State	What It Means	Network Access
Active (Enabled)	The profile is currently in use. Your phone is connected to this carrier’s network.	Yes — full connectivity
Inactive (Disabled)	The profile is installed and stored but not currently in use.	No — dormant, uses no battery or radio
Deleted	The profile has been removed from the eUICC. To use it again, you need to re-download.	No — gone from device

How Switching Happens

When you switch from Profile A to Profile B in your phone’s settings:

Profile A is disabled — the eUICC deactivates it (but keeps it stored)
Profile B is enabled — the eUICC loads its credentials into the active memory
Your phone disconnects from Carrier A’s network
Your phone runs the authentication handshake with Carrier B’s network (using Profile B’s Ki key)
Connected — you are now on Carrier B

This process takes about 5-15 seconds. On most phones, you do it through Settings > Cellular/Mobile Data > eSIM.

Dual SIM Dual Standby (DSDS)

Most modern phones support DSDS — meaning they can keep two profiles active simultaneously:

Profile 1 (e.g., your home carrier): Handles calls and texts
Profile 2 (e.g., a travel eSIM): Handles mobile data

This is the holy grail setup for travelers: keep your home number reachable while using cheap local data abroad. For more on this, see eSIM vs Physical SIM: The Complete Comparison.

eSIM vs Physical SIM: The Activation Process Compared

Let’s compare exactly what happens during activation for each technology:

Step	Physical SIM	eSIM
1. Purchase	Buy online or in-store, wait for shipping (1-7 days) or visit a store	Buy online, receive QR code via email instantly
2. Preparation	Find a SIM ejector tool (or paperclip)	Open phone Settings
3. Installation	Power off phone → eject tray → insert card → close tray → power on	Scan QR code with phone camera (phone stays on)
4. Profile loading	Phone reads the fixed profile from the physical card	Phone downloads profile from SM-DP+ server (30-90 seconds)
5. Authentication	SIM’s Ki key authenticates with carrier network	eUICC’s Ki key authenticates with carrier network (identical process)
6. Configuration	May need to manually set APN, enable roaming	Usually auto-configured; may need to enable data roaming
7. Ready to use	5-30 minutes (including physical handling)	1-3 minutes (entirely digital)
Switching carriers	Power off → swap cards → power on → reconfigure	Settings toggle → 10 seconds → done
Storage	1 profile per card	8-20 profiles per eUICC

The user experience of an eSIM activation is dramatically faster and simpler. But under the hood, steps 5 and 6 are technically identical — the network does not know (or care) whether you are using eSIM or a physical SIM.

The LPA: Your Phone’s eSIM Manager

There is one more important piece of the puzzle: the LPA — Local Profile Assistant. This is software built into your phone’s operating system that acts as the bridge between you (the user) and the eUICC chip.

The LPA handles:

Profile discovery — scanning QR codes and extracting SM-DP+ addresses
Profile download — communicating with the SM-DP+ server to fetch profiles
Profile management — the settings screen where you enable, disable, rename, or delete profiles
User consent — asking for your confirmation before installing or deleting profiles

When Apple shows you the “Add eSIM” screen, that is the LPA in action. When Samsung’s settings app shows your list of installed eSIM profiles, that is the LPA. It is the user-facing layer of the entire eSIM system.

Analogy: If the eUICC chip is a safe, and the carrier profiles are the valuables inside it, then the LPA is the safe’s combination lock interface — it is how you interact with what is inside without directly touching the secure hardware.

How eSIM Profiles Are Created (The Carrier Side)

Ever wondered what happens on the carrier’s end before you scan that QR code? Here is the behind-the-scenes workflow:

1. Carrier Creates the Profile

The mobile carrier (or travel eSIM provider) uses specialized software to create an eSIM profile. This profile is based on the GSMA RSP (Remote SIM Provisioning) specification and includes all the authentication credentials, network settings, and applets.

2. Profile Is Uploaded to SM-DP+

The finished profile is uploaded to an SM-DP+ server. Carriers can run their own SM-DP+ infrastructure or use a third-party service. Major SM-DP+ providers include Thales, IDEMIA, and G+D (Giesecke+Devrient) — the same companies that manufacture physical SIM cards.

3. Activation Code Is Generated

The SM-DP+ generates a unique activation code linked to that specific profile. This code, combined with the SM-DP+ server address, becomes the QR code you receive.

4. You Scan, Download, Connect

When you scan the QR code, the SM-DP+ verifies the activation code, confirms the profile has not already been downloaded, encrypts it for your specific eUICC, and sends it to your phone.

5. Profile Is “Consumed”

Most eSIM profiles are single-use — once downloaded to a device, the activation code is marked as used on the SM-DP+ server. This prevents the same profile from being installed on multiple devices simultaneously. (Some carriers support profile re-download or transfer, but this is carrier-specific.)

Security Deep Dive: Why eSIM Is Safe

If you are wondering whether downloading a SIM card “over the internet” is secure, the answer is: extremely. Here is why:

Layer 1: Mutual Authentication

When your phone contacts the SM-DP+ server, both sides verify each other’s identity using digital certificates issued by the GSMA. Your phone confirms the server is legitimate (not a phishing site). The server confirms your eUICC is a genuine, certified chip (not a counterfeit). Only after mutual verification does the profile transfer begin.

Layer 2: End-to-End Encryption

The carrier profile is encrypted using keys that only your specific eUICC can decrypt. Even if someone intercepted the data transfer, they would get nothing but meaningless encrypted bytes.

Layer 3: Secure Element Hardware

The eUICC chip is a secure element — a hardened piece of hardware designed to resist physical tampering. It is the same type of technology used in credit card chips, passports, and banking tokens. Extracting data from a secure element requires specialized equipment worth tens of thousands of dollars, and even then it is not guaranteed to succeed.

Layer 4: Ki Key Protection

The Ki authentication key is generated inside the secure element and never leaves it. Not during manufacturing, not during download, not during authentication. The key exists only inside the chip’s secure memory. This is fundamentally different from, say, a password stored in a database — the Ki is a hardware-protected secret.

eSIM vs Physical SIM Security

Security Aspect	Physical SIM	eSIM
Authentication protocol	AES-128/256	AES-128/256 (identical)
Key storage	Secure element on the card	Secure element in eUICC (identical)
Physical theft risk	Can be removed and used in another phone	Cannot be removed from device
SIM swap fraud	Vulnerable (criminal convinces carrier to transfer number)	Harder (but carrier-side social engineering still possible)
Remote wipe	Not possible if SIM is removed	Profile can be remotely deactivated
Interception risk	Same	Same (network authentication is identical)

Bottom line: eSIM is at least as secure as a physical SIM card, and arguably more secure due to the inability to physically remove it.

Real-World Example: What Happens When You Land in Tokyo

Let’s walk through a concrete scenario to tie everything together.

Before your flight (at home, on Wi-Fi):

You buy a 7-day Japan eSIM data plan from Airalo for $4.50
Airalo creates a carrier profile on their SM-DP+ server, linked to a Japanese carrier (like IIJmio or SoftBank MVNO)
You receive a QR code via email
You scan the QR code → your phone’s LPA contacts Airalo’s SM-DP+ server
Mutual authentication happens in milliseconds
The carrier profile downloads (about 100 KB, takes 30 seconds on Wi-Fi)
Your phone shows the new profile: “Airalo - Japan” — status: installed but inactive

When your plane lands in Tokyo:

You go to Settings > Cellular > select “Airalo - Japan” as your data line
You toggle on Data Roaming
Your phone’s eUICC activates the Airalo profile
The authentication handshake happens with the Japanese carrier’s network
Within 10-30 seconds, you see signal bars and “SoftBank” (or similar) in your status bar
You open Google Maps and navigate to your hotel — with local 4G/5G data, at 90% less than roaming costs

Your home SIM (physical or eSIM) stays active for calls and texts. The Japan eSIM handles data. Dual SIM, zero hassle.

For a complete pre-trip checklist, see our eSIM Pre-Departure Checklist.

The Future of eSIM Technology

eSIM-Only Devices Are Coming

Apple led the charge with the iPhone 14 (US, 2022) removing the physical SIM tray entirely. The iPhone Air (2025) went eSIM-only globally. Samsung and Google are expected to follow within 1-2 years. By 2030, industry analysts project the majority of smartphones sold will have no SIM card slot.

iSIM: The Next Step

As mentioned earlier, iSIM (integrated SIM) merges the SIM functionality directly into the phone’s main processor. This saves space, reduces cost, and improves security. Qualcomm, MediaTek, and Samsung are all developing iSIM solutions. For consumers, the experience will be identical to eSIM — the changes are entirely under the hood.

Multi-Device eSIM

Future eSIM standards will make it easier to share a single plan across multiple devices — your phone, tablet, watch, and laptop all on one subscription. Some carriers already offer this, but the experience is fragmented. Upcoming GSMA specifications aim to standardize it.

eSIM for IoT at Scale

The Internet of Things is the biggest growth area for eSIM. Connected cars, smart meters, industrial sensors, agricultural monitors — these devices need cellular connectivity but cannot have a human physically inserting SIM cards into millions of units. eSIM’s remote provisioning is the only practical solution.

Frequently Asked Questions (FAQ)

Does eSIM use a different network than a physical SIM?

No. eSIM connects to the exact same cell towers and networks as a physical SIM card. The carrier network cannot tell whether you are using eSIM or a physical card — the authentication protocol is identical. You get the same speeds, coverage, and call quality.

Can someone hack my eSIM?

eSIM uses hardware-grade security (secure element) and the same AES encryption as physical SIM cards. The profile download is protected by mutual authentication and end-to-end encryption. No known practical attack exists against properly implemented eSIM. The most realistic threat is still social engineering (convincing a carrier employee to transfer your number), which is a carrier-side issue, not an eSIM vulnerability.

What is the SM-DP+ server? Do I need to know about it?

SM-DP+ (Subscription Manager - Data Preparation) is the secure server that stores and delivers eSIM profiles. As a user, you never interact with it directly — your phone handles the connection automatically when you scan a QR code. Think of it like a web server: you don’t need to know how Apache or Nginx works to browse a website.

Why does my eSIM QR code only work once?

Most eSIM profiles are designed for single-use download. Once the profile is installed on a device, the activation code is marked as “consumed” on the SM-DP+ server. This prevents one plan from being installed on multiple devices simultaneously. If you need to move the profile to a new phone, you typically need to contact the carrier for a new QR code or use a transfer feature (if supported).

How much data does downloading an eSIM profile use?

Very little — typically 50 to 200 KB. That is less than loading a single web page. You can download an eSIM profile on any Wi-Fi connection, even a slow one, without issues.

Can my carrier see what I do online through eSIM?

eSIM does not change your privacy situation compared to a physical SIM. Your carrier can see the same metadata they always could (which cell towers you connect to, how much data you use, etc.). For privacy, use a VPN — that advice applies equally to eSIM and physical SIM users.

What happens if the SM-DP+ server goes down?

If the SM-DP+ server is temporarily unavailable, you cannot download new profiles. However, profiles already installed on your phone continue to work normally — they do not need to contact the SM-DP+ server after installation. This is similar to how you can still use a downloaded app even if the App Store goes down.

Is eSIM the same as a virtual phone number (VoIP)?

No. eSIM is a real mobile network connection — it connects to cell towers just like a physical SIM. VoIP services (like Google Voice, Skype, or WhatsApp calls) run over the internet. eSIM gives you a legitimate mobile number with full carrier capabilities including calls, SMS, and mobile data. VoIP only works when you already have an internet connection.

What’s Next?

Now that you understand how eSIM works under the hood, here are some logical next steps:

New to eSIM? Start with our guide on What is eSIM? for the basics
Ready to set up? Follow our iPhone eSIM Setup Guide or Samsung eSIM Setup Guide
Comparing eSIM to traditional SIM? Read eSIM vs Physical SIM: The Complete Comparison
Planning a trip? Use our eSIM comparison tool to find the best deal for your destination
Having issues? Check our eSIM Not Working? Troubleshooting Guide

eSIM工作原理详解（通俗易懂版）

太长不看

eSIM的本质就是手机里一颗可反复编程的微型芯片。当你扫描二维码时，手机会联系一个安全云端服务器（叫SM-DP+），下载一份加密的运营商配置文件，然后装到芯片里——全程大约60秒。这份配置文件包含了手机连接移动网络所需的一切：身份凭证、网络设置、加密密钥。不需要任何实体卡片。同一颗芯片可以反复写入不同运营商的配置文件，所以你不用拆机就能秒切运营商。

全景图：激活eSIM时到底发生了什么？

先给你30秒的快速版：

你购买eSIM方案 —— 找运营商、旅行eSIM提供商，或者在APP里买
你收到一个二维码（或激活链接）—— 这是你下载配置文件的”钥匙”
手机联系一个安全服务器 —— 叫SM-DP+，你的运营商配置文件就存在这里
配置文件下载并安装 —— 加密的身份凭证、网络设置，全部打包
手机连上网络 —— 认证过程自动完成，和实体SIM卡一模一样

全过程1-3分钟。但在这短短的1-3分钟背后，是一套精密的加密、认证和远程配置系统在默默运作。

我们一层一层拆开看。

第一步：硬件——手机里到底装了什么？

eUICC芯片

eSIM的核心是一颗叫eUICC的芯片——全名是”嵌入式通用集成电路卡”（embedded Universal Integrated Circuit Card）。名字不重要，记住这个类比就行：

打个比方： 传统SIM卡就像一张印好的纸质登机牌——上面的信息出厂就固定了。eUICC芯片就像一块电子墨水屏——你想显示哪个航班的登机牌，加载一下就行，随时能换。

这颗芯片大约5毫米见方（比你小拇指的指甲还小），在手机出厂时就永久焊在主板上了。它里面有：

安全处理器 —— 一颗专门处理加密和认证的小CPU
安全存储 —— 加密的内存空间，能存8-20个运营商配置文件
加密引擎 —— 硬件级别的加密模块，保护芯片上存储的一切数据
微型操作系统 —— 叫ISD-R，负责管理配置文件的安装和切换

和传统SIM卡最关键的区别是：普通SIM卡出厂时就写死了一家运营商的信息。而eUICC出厂时是空白的，可以通过网络远程写入、擦除、再写入不同运营商的配置文件。

什么是iSIM？

你可能会听到iSIM（集成式SIM）这个词——这是下一步进化。iSIM不再是单独焊在主板上的芯片，而是把SIM功能直接集成到手机主处理器（SoC）里。高通骁龙8 Gen 2及以后的处理器已经支持iSIM。从用户角度来看，体验完全一样，只是更小、更集成。

第二步：二维码——没你想的那么简单

当你买了一个eSIM方案收到二维码时，那个二维码本身不是eSIM配置文件。它更像是一张”取货通知单”，告诉你的手机去哪里下载真正的配置文件。

二维码里实际编码的内容是这样的：

LPA:1$smdp.example.com$ACTIVATION-CODE-HERE

拆开看：

组成部分	是什么	生活类比
`LPA:1`	协议标识——告诉手机”这是一个eSIM激活码”	就像网址前面的”https://“告诉浏览器”这是一个网页”
`smdp.example.com`	SM-DP+服务器地址——你的配置文件存在这里	就像外卖订单上的餐厅地址
`ACTIVATION-CODE-HERE`	你的唯一激活码——证明你已经付了钱	就像外卖订单的取餐号

打个比方： 二维码就像一张电影票。电影票本身不是电影——它是你付了钱的凭证，上面写着去哪个影院（服务器）、哪个厅（激活码）。真正的电影（运营商配置文件）要到了影院才开始播放。

不扫二维码行不行？

当然行。eSIM激活有三种方式：

扫二维码 —— 旅行eSIM最常见的方式
手动输入激活码 —— 手动填写SM-DP+地址和激活码（二维码扫不了的时候用）
运营商APP推送激活 —— 运营商的APP直接触发下载（T-Mobile、中国联通等大运营商常用）

三种方式的效果完全一样：都是告诉手机去哪里下载配置文件。

具体操作步骤请看我们的iPhone eSIM设置指南或三星eSIM设置指南。

第三步：幕后大脑——SM-DP+和SM-DS

这是eSIM技术最精妙的部分。每次eSIM激活的背后，都有两台关键服务器在默默工作。

SM-DP+（订阅管理-数据准备服务器）

SM-DP+是整个系统的核心。它是一台安全的云端服务器，负责：

存储运营商配置文件 —— 运营商创建的eSIM方案上传到这里
加密打包配置文件 —— 每份配置文件会针对目标eUICC芯片单独加密
把配置文件发送给你的手机 —— 当你扫二维码时，手机就是找这台服务器下载的

打个比方： SM-DP+就像一个安全的数字保险库。你在网上买了一个eSIM方案（相当于买了一把数字钥匙），这把钥匙存在保险库里。当你出示购买凭证（扫二维码），保险库通过加密通道把钥匙发到你的手机上。而且这把钥匙是专门为你的手机定制的，别的手机打不开。

最关键的一点：SM-DP+会专门为你的eUICC芯片加密每份配置文件。即使有人在传输过程中截获了数据，也无法在其他设备上安装——配置文件和芯片是通过密码学绑定的。

SM-DS（订阅管理-发现服务器）

SM-DS就像一个邮局的通讯录。当运营商用”推送”方式激活eSIM时（不用二维码），SM-DS帮你的手机找到正确的SM-DP+服务器。

工作流程是这样的：

运营商在SM-DP+上创建了一份给你的配置文件
SM-DP+在SM-DS上挂了一条通知：“嘿，有一份配置文件在等设备#XYZ来领”
你的手机定期查看SM-DS：“有等我的配置文件吗？”
SM-DS回复：“有，去这个SM-DP+服务器下载”

普通用户完全不需要知道SM-DS的存在，它完全在后台运作。

完整下载流程

当你扫描二维码时，完整的技术流程是这样的：

你扫描二维码
    ↓
手机从二维码中读取SM-DP+地址 + 激活码
    ↓
手机的LPA（本地配置助手）联系SM-DP+服务器
    ↓
SM-DP+验证："这个激活码有效吗？这个eUICC芯片是正品吗？"
    ↓
双向认证（SM-DP+和eUICC互相验证对方身份）
    ↓
SM-DP+专门为你的eUICC加密配置文件
    ↓
配置文件通过HTTPS（TLS 1.2/1.3加密）下载
    ↓
eUICC解密并安装配置文件到安全存储区
    ↓
手机显示："eSIM安装成功" ✓

整个过程在网络正常的情况下只需30-90秒。

第四步：配置文件——到底下载了什么？

人们说”下载eSIM”时，下载的东西叫运营商配置文件（也叫eSIM profile）。它是一个很小的数据包——通常只有50-200KB——包含手机连接移动网络所需的一切信息。

里面装了什么：

组件	干什么用的	大白话解释
IMSI（国际移动用户识别码）	你在运营商网络上的唯一身份证号	相当于你在这个运营商的”身份证”
Ki（认证密钥）	用来向网络证明”我是我”的秘密钥匙	相当于开门的密码，极度机密
OPc（运营商算法配置）	运营商专属的认证参数	相当于每家银行自己的加密规则
APN设置（接入点名称）	告诉手机怎么连上互联网	相当于Wi-Fi的连接配置
PLMN列表（网络列表）	你可以连接/漫游的网络清单	相当于你的月票能坐哪几条地铁线
运营商信息	运营商名称、logo、客服电话	状态栏上显示”中国联通”就靠它

打个比方： 如果连接移动网络是入住酒店，那运营商配置文件就是你的完整预订包：预订确认函（IMSI）、房间密码（Ki）、酒店的使用规则（APN）、以及你能用的联盟酒店名单（PLMN漫游列表）。

配置文件有多大？

一份eSIM配置文件非常小——大约50到200KB。这比你手机上一张照片还小得多。现代eUICC芯片的安全存储空间足够装8-20个配置文件，虽然同一时间通常只能激活1-2个（其余的存着但休眠）。

第五步：网络认证——证明你是合法用户

配置文件安装完成后，手机需要向网络证明自己是合法用户。这个过程无论你用eSIM还是实体SIM卡，都是完全一样的——网络根本分辨不出区别。

质询-响应握手（Challenge-Response）

用大白话解释一下这个过程：

手机说： “嗨，我想连网。我的用户编号是[IMSI]。”
基站回复： “证明一下你是谁。给你一个随机数：7392847561。“（这叫”质询”）
eSIM芯片做运算： 用存在配置文件里的秘密Ki密钥，通过AES加密算法对这个随机数进行加密。
手机发回结果： “我的答案是：A4F2C8E1B3。“（这叫”响应”）
基站验证： 运营商那边也有你的Ki密钥副本。他们用同样的密钥对同样的随机数做同样的运算。如果答案匹配→认证通过。不匹配→拒绝连接。

打个比方： 这就像一个暗号。假设你和朋友约好了一个秘密规则：“任何数字乘以7再加3”。有人说”给我5”，你回答”38”。只有知道规则的人才能答对。Ki密钥就是这个”秘密规则”——而且它永远不离开芯片。

为什么这很安全？

整个过程中，Ki密钥从来不会在空中传输。基站发送的是一个随机挑战数，手机发回的只是加密后的结果。即使有人截获了每一次无线通信，也无法从结果反推出Ki密钥（AES加密在数学上不可逆，除非你有密钥本身）。

这套安全机制和实体SIM卡从1990年代就开始使用的完全一致——经过了全球每一家运营商几十年的实战检验。

第六步：多配置文件管理——怎么切换的？

eSIM最强大的功能之一就是在一台设备上存储多个运营商配置文件。下面说说管理机制。

配置文件的三种状态

你手机上每个eSIM配置文件处于以下三种状态之一：

状态	什么意思	能联网吗
已激活（Enabled）	正在使用中，手机连接的就是这个运营商	能——完全连接
已安装但未激活（Disabled）	装好了存着，但目前没在用	不能——休眠状态，不耗电不占信号
已删除（Deleted）	配置文件已从芯片中移除，想再用需要重新下载	不能——已从设备上消失

切换是怎么发生的

当你在手机设置里从配置文件A切换到配置文件B：

配置文件A被停用 —— eUICC把它关掉（但保留在存储中）
配置文件B被激活 —— eUICC把它的认证信息加载到工作内存
手机断开与运营商A的网络连接
手机用配置文件B的Ki密钥与运营商B的网络进行认证握手
连接成功——你现在在运营商B的网络上了

整个过程大约5-15秒。在大多数手机上，操作路径是 设置 > 蜂窝网络 > eSIM。

双卡双待（DSDS）

大多数现代手机支持双卡双待——可以同时保持两个配置文件激活：

配置文件1（比如你的国内号码）：接打电话和短信
配置文件2（比如旅行eSIM）：负责上网流量

这是旅行者的黄金搭配：保持国内号码可达（接验证码、家人来电），同时用便宜的本地流量上网。详见eSIM vs 实体SIM卡全面对比。

eSIM vs 实体SIM卡：激活流程全面对比

让我们精确对比两种技术在激活过程中每一步的区别：

步骤	实体SIM卡	eSIM
1. 购买	网上或线下购买，等快递1-7天或去营业厅排队	在线购买，邮件秒收二维码
2. 准备	找取卡针（或者曲别针、缝衣针……）	打开手机设置
3. 安装	关机 → 弹出卡槽 → 插卡 → 关好卡槽 → 开机	扫一下二维码（手机不用关）
4. 加载配置	手机从实体卡片上读取固定的配置信息	手机从SM-DP+服务器下载配置文件（30-90秒）
5. 网络认证	实体SIM卡的Ki密钥与运营商网络认证	eUICC的Ki密钥与运营商网络认证（完全相同的过程）
6. 设置	可能需要手动设置APN、开启漫游	通常自动配置，可能需要开启数据漫游
7. 可以用了	5-30分钟（包含物理操作时间）	1-3分钟（全程数字化）
切换运营商	关机 → 换卡 → 开机 → 重新设置	设置里点一下 → 10秒 → 搞定
存储容量	每张卡只能存1个配置	每颗eUICC可存8-20个配置

从体验上看，eSIM快得多、简单得多。但在底层技术上，第5步和第6步的原理完全一样——网络并不知道（也不关心）你用的是eSIM还是实体卡。

LPA：手机里的eSIM管家

还有一个重要角色：LPA——本地配置助手（Local Profile Assistant）。这是手机操作系统里内置的软件，充当你（用户）和eUICC芯片之间的桥梁。

LPA负责：

发现配置文件 —— 扫描二维码并提取SM-DP+地址
下载配置文件 —— 与SM-DP+服务器通信获取配置文件
管理配置文件 —— 就是你在设置页面里看到的启用、禁用、重命名、删除eSIM的那些功能
用户确认 —— 安装或删除配置文件前征求你的同意

苹果手机上”添加eSIM”那个页面就是LPA在工作。三星手机设置里显示的eSIM配置文件列表也是LPA的界面。它是整个eSIM系统面向用户的交互层。

打个比方： 如果eUICC芯片是一个保险箱，运营商配置文件是里面的贵重物品，那LPA就是保险箱的触控密码面板——你通过它来操作里面的东西，而不需要直接接触安全硬件。

安全深度剖析：为什么”通过网络下载SIM卡”依然安全

你可能会想：通过互联网下载一张”SIM卡”，真的安全吗？答案是：非常安全。以下是四层安全防护：

第一层：双向认证

手机联系SM-DP+服务器时，双方会用GSMA颁发的数字证书互相验证身份。你的手机确认服务器是正规的（不是钓鱼网站），服务器确认你的eUICC是正品芯片（不是山寨的）。只有双方都验证通过，才开始传输配置文件。

第二层：端到端加密

运营商配置文件使用只有你的eUICC芯片才能解密的密钥进行加密。即使有人截获了传输中的数据，得到的也只是毫无意义的加密字节。

第三层：安全元件硬件

eUICC芯片是一个安全元件——一块经过加固设计的硬件，专门用来抵抗物理攻击。这和信用卡芯片、电子护照、银行U盾用的是同类技术。从安全元件中提取数据需要价值几十万元的专业设备，而且即便如此也不一定能成功。

第四层：Ki密钥保护

Ki认证密钥在安全元件内部生成，永远不会离开芯片。不管是出厂时、下载时还是认证时，这个密钥都只存在于芯片的安全内存中。这和存在数据库里的密码有本质区别——Ki是受硬件保护的秘密。

eSIM vs 实体SIM安全性对比

安全维度	实体SIM卡	eSIM
认证协议	AES-128/256	AES-128/256（完全一样）
密钥存储	卡上的安全元件	eUICC中的安全元件（一样）
物理被盗风险	可以被取出放到别的手机	无法从设备中取出
SIM卡调包诈骗	有风险（骗子骗运营商转号码）	更难（但运营商端的社会工程攻击仍可能）
远程擦除	SIM卡被取出就无法远程擦除	配置文件可以远程停用
窃听风险	相同	相同（网络认证过程一样）

结论：eSIM的安全性至少和实体SIM卡持平，在防物理盗取方面更胜一筹。

实际场景：你落地东京时发生了什么

用一个完整的真实场景把所有知识串起来。

出发前（家里，连着Wi-Fi）：

你在Airalo上买了一个7天日本eSIM流量方案，32元人民币
Airalo在他们的SM-DP+服务器上创建了一份运营商配置文件，关联日本本地运营商（如IIJmio或SoftBank MVNO）
你收到一个二维码邮件
你扫描二维码 → 手机的LPA联系Airalo的SM-DP+服务器
双向认证在毫秒内完成
运营商配置文件下载完成（约100KB，Wi-Fi下30秒）
手机上显示新的配置文件：“Airalo - Japan” —— 状态：已安装未激活

飞机落地东京：

打开设置 > 蜂窝网络 > 选择”Airalo - Japan”作为数据线路
开启数据漫游
手机的eUICC激活Airalo配置文件
与日本运营商的网络进行认证握手
10-30秒内，状态栏出现信号格和”SoftBank”（或类似字样）
打开地图导航去酒店——用的是本地4G/5G网络，费用只有运营商漫游的十分之一

你的国内SIM卡（实体或eSIM）继续保持接电话和短信。日本eSIM专门负责上网。双卡各司其职，零折腾。

完整的出行准备清单请看我们的eSIM出发前检查清单。

eSIM技术的未来

纯eSIM设备已经来了

苹果在2022年用iPhone 14美版打响了取消SIM卡槽的第一枪。2025年的iPhone Air在全球范围内跟进。三星和谷歌预计1-2年内跟上。到2030年，行业分析师预测全球销售的大多数智能手机将不再有SIM卡槽。

iSIM：下一步进化

前面提到过，iSIM把SIM功能直接集成到手机主处理器里。更小、更省成本、更安全。高通、联发科、三星都在开发iSIM方案。对消费者来说，体验和eSIM完全一样——变化全在底层。

多设备共享eSIM

未来的eSIM标准将让一个套餐在多设备之间共享变得更简单——手机、平板、手表、笔记本都用同一个方案。一些运营商已经提供类似服务，但体验还很碎片化。GSMA正在推进标准化。

物联网的eSIM规模化

物联网是eSIM最大的增长领域。智能汽车、智能电表、工业传感器、农业监控设备——这些东西需要蜂窝连接，但不可能让人去几百万台设备上一个一个插SIM卡。eSIM的远程配置是唯一可行的方案。

常见问题（FAQ）

eSIM用的网络和实体SIM卡不一样吗？

一样。eSIM连接的是完全相同的基站和网络。运营商的网络根本分辨不出你用的是eSIM还是实体卡——认证协议完全一致。速度、覆盖、通话质量都一模一样。

eSIM会被黑客攻击吗？

eSIM使用硬件级安全元件和与实体SIM卡相同的AES加密。配置文件下载受双向认证和端到端加密保护。目前没有已知的针对正确实施的eSIM的实际攻击手段。最现实的威胁仍然是社会工程（骗运营商客服转移你的号码），这是运营商端的问题，不是eSIM本身的漏洞。

SM-DP+服务器是什么？我需要了解吗？

SM-DP+是存储和分发eSIM配置文件的安全服务器。作为普通用户，你完全不需要直接跟它打交道——手机在你扫码的时候自动处理一切。就像你浏览网页不需要了解Apache或Nginx怎么工作一样。

为什么eSIM二维码只能用一次？

大多数eSIM配置文件设计为一次性下载。配置文件安装到设备后，对应的激活码在SM-DP+服务器上会被标记为”已使用”。这是为了防止一个方案被同时安装在多台设备上。如果你换手机了，通常需要联系提供商获取新的二维码，或者使用转移功能（如果支持的话）。

下载eSIM配置文件耗多少流量？

非常少——通常50到200KB。这比打开一个网页还少。任何Wi-Fi连接都能轻松搞定，哪怕网速很慢。

运营商能通过eSIM看到我的上网内容吗？

eSIM不会改变你的隐私状况——和用实体SIM卡时完全一样。运营商能看到的元数据（你连了哪个基站、用了多少流量等）跟以前一样。如果你注重隐私，请使用VPN——这个建议不管用eSIM还是实体卡都适用。

如果SM-DP+服务器挂了怎么办？

如果SM-DP+服务器临时不可用，你无法下载新的配置文件。但已经安装在手机上的配置文件完全不受影响——它们安装后就不需要再联系SM-DP+服务器了。就像App Store挂了你照样能用已下载的APP。

eSIM和虚拟号码（VoIP）是一回事吗？

完全不是。eSIM是真正的移动网络连接——它连接的是运营商的基站，和实体SIM卡完全一样。VoIP服务（如微信电话、Skype、WhatsApp通话）是跑在互联网上的。eSIM给你的是一个正儿八经的手机号码，能打电话、收短信、用移动数据。VoIP只有在你已经有网络连接的情况下才能用。

下一步

现在你已经深入理解了eSIM的工作原理，以下是建议的下一步：

eSIM新手？ 先看我们的eSIM是什么？完全指南了解基础
准备动手设置？ 跟着iPhone eSIM设置指南或三星eSIM设置指南操作
想对比eSIM和实体SIM？ 阅读eSIM vs 实体SIM卡全面对比
正在计划旅行？ 使用我们的eSIM比价工具找到最适合你目的地的方案
遇到问题了？ 查看eSIM不能用？故障排除指南

Last updated: March 2026. eSIM technology, carrier support, and device compatibility are evolving rapidly. We update this article regularly to reflect the latest developments. If you notice anything outdated, let us know.

最后更新：2026年3月。eSIM技术、运营商支持和设备兼容性在快速发展中。我们会定期更新本文以反映最新进展。如果你发现任何过时的信息，请告诉我们。

Learn