Start Conditions:
• The Service Provider has provided to the SM-DP+ the relevant information and configuration for the Device Change (see Annex O).
• The End User has an old Device containing a Profile.
• The eUICC and the LPAd of the old Device support Device Change.
• The Profile on the old Device contains a Device Change Configuration with the information as provided by the Service Provider.
• None of the Profile Policy Rules is set for the Profile with a Device Change Configuration.
• The End User gets a new Device
• User Intent is acquired as defined in SGP.21 [4] in the old Device.Procedure:1. The End User initiates the Device Change operation from the LPAd of the old Device and selects the Profile to be installed in their new Device.
2. The LPAd of the old Device retrieves the DeviceChangeConfiguration from the Profile Metadata of the selected Profile. The LPAd of the old Device SHALL check the
retrieved DeviceChangeConfiguration and proceed based upon its value as follows:• If the DeviceChangeConfiguration indicates requestToDp, the procedure continues with step (3).• If the DeviceChangeConfiguration indicates usingStoredAc, the procedure continues with step (17).3. The LPAd of the old Device SHALL determine the SM-DP+ address from smdpAddressForDc in DeviceChangeConfiguration of the Profile.
4. If the DeviceChangeConfiguration indicates any of the EID and/or TAC of the new Device is required, the LPAd of the old Device SHALL retrieve the required information from the new Device. The detailed interface and mechanism to retrieve the required information is out of scope of the specification.If the DeviceChangeConfiguration indicates that any of the EID and/or TAC of the new Device is required but the LPAd of the old Device cannot retrieve the required information, the LPAd SHALL display an appropriate error state to the End User and stop the procedure.NOTE: For instance, the LPAd of the old Device can guide the End User to use "Show EID" menu of the LPAd of the new Device, and then provide a means to scan/input the EID in a QR code format or human-readable text format.5. The LPAd of the old Device initiates the Common Mutual Authentication procedure defined in section 3.0.1 to the retrieved SM-DP+ address. During the Common Mutual
Authentication procedure, if the DeviceChangeConfiguration includes an allowed eSIM CA RootCA public key identifier, the LPAd SHALL restrict the allowed eSIM CA RootCA public key identifiers to that value.
During the Common Mutual Authentication procedure at step (10), the LPAd SHALL build the ctxParams1 data object with ctxParamsForDeviceChange comprising
the ICCID of the selected Profile and, if indicated as required in DeviceChangeConfiguration, any of the EID and/or TAC of the new Device.6. If configured by the Service Provider, the SM-DP+ SHALL call ES2+.HandleDeviceChangeRequest function comprising the ICCID and, if present in the ctxParamsForDeviceChange data object, the EID and/or TAC of the new Device. The Service Provider SHALL provide isNewProfileRequired and optionally
a Service Provider Message for Device Change in the response of ES2+.HandleDeviceChangeRequest function.
If it is required for the End User to enter a Confirmation Code in order to proceed with the Device Change of the Profile, the Service Provider SHALL provide the value of the Confirmation Code in the response of ES2+.HandleDeviceChangeRequest function.7. If the SM-DP+ does not support Device Change, the SM-DP+ SHALL return an error status "Device Change – Unsupported" and the procedure SHALL stop. If the Device Change is not allowed for the Profile identified by the ICCID, the SM-DP+ SHALL return an error status "Device Change – Not Allowed" and the procedure SHALL stop.If the LPAd of the old Device receives any error status, the LPAd of the old Device MAY display an appropriate error state to the End User and SHALL stop the procedure.NOTE: This provides compatibility with SM-DP+ that does not understand or cannot appropriately process the Device Change request (e.g., v3 SMDP+ not supporting the Device Change feature or v2 SM-DP+).
NOTE: If the procedure stopped due to an error, the LPAd MAY send "ES10b.CancelSession" to the eUICC with a reason sessionAborted8. If configured by the Service Provider, the SM-DP+ SHALL notify the Service Provider of the Device Change request by calling ES2+.HandleNotification function.
9. If the Device Change is allowed for the Profile identified by the ICCID, the SM-DP+ returns ES9+.AuthenticateClient response comprising transactionId, smdpSigned4, smdpSignature4 and optionally Service Provider Message for Device Change.
10. If isNewProfileRequired was set to TRUE in the response to ES2+.HandleDeviceChangeRequest function and/or if there is an agreed behaviour between the Service Provider and the SM-DP+ on the Profile identified by the ICCID, the Service Provider SHALL run the Download Preparation Process, as defined in 3.1.1.2 and optionally the Subscription Activation Process, as defined in 3.1.1.4.NOTE: This process can be performed in parallel to steps 6 to 19. The Profile identified by the ICCID has to be in 'Released' state before step 20.11. The LPAd of the old Device SHALL ask for the Strong Confirmation on the Device Change. If Service Provider Message for Device Change was provided in the ES9+.AuthenticateClient response, it SHOULD be presented to the End User.If ccRequiredFlag is set to TRUE in smdpSigned4, the LPAd of the old Device SHALL ask for the End User to enter the Confirmation Code which was provided by the Operator that MAY be considered as a Strong Confirmation. The Confirmation Requests described above MAY:• display profileName or any relevant information contained in the Profile Metadata and smdpSigned4 to the End User.• be combined, if prompted, into a single prompt with the highest Confirmation Level therefore requiring a single confirmation by the End User.If the End User does not confirm the Device Change of the Profile, the LPAd SHALL continue with the Common Cancel Session procedure with reason code 'endUserRejection'. If the End User does not respond to the LPAd prompt within an implementation-dependent timeout interval, the LPAd SHALL cancel the Profile download by performing the Common Cancel Session procedure with the reason 'timeout'. For both cases, the notificationEvent SHALL be set to 'Device Change confirmation failure' if a notification is sent to the Service Provider.12. The LPA of the old Device SHALL call the "ES10b.PrepareDeviceChange" function including the smdpSigned4, smdpSignature4 and optionally the Hashed Confirmation Code. The Hashed Confirmation Code SHALL be calculated with the UTF-8-encoded representation of the Confirmation Code as follows:Hashed Confirmation Code = SHA256 (SHA256(Confirmation Code) | TransactionID), where '|' means concatenation of data13. The LPAd of the old Device SHALL call ES9+.ConfirmDeviceChange function comprising transactionId, prepareDeviceChangeResponse.
14. If configured by the Service Provider or if isNewProfileRequired was set to TRUE in the response to ES2+.HandleDeviceChangeRequest function, the SM-DP+ SHALL notify the Service Provider of the End User's confirmation result by calling ES2+.HandleNotification function. If the End User accepted the Device Change, the procedure continues with the next step. Otherwise, the procedure continues with step (16). 15. If isNewProfileRequired was set to FALSE in the response to ES2+.HandleDeviceChangeRequest function or if configured by the Service Provider, the SM-DP+ SHALL prepare a Profile for download and the associated MatchingID. If an EID was provided in the Device Change Request in the step 5, the SM-DP+ SHALL link the prepared Profile download with the EID. The SM-DP+ SHALL determine the deletion of the Profile on the old Device as per Service Provider's configuration and SHALL generate the associated Activation Code. If the Activation Code is to be encrypted as per section 5.6.6, the SM-DP+ SHALL use a MatchingID that has not previously been used in the Activation Code. The SM-DP+ SHALL notify the Service Provider of the Profile preparation result by calling ES2+.HandleNotification function if configured by the Service Provider. 16. If the End User accepted the Device Change, the SM-DP+ SHALL return the ES9+.ConfirmDeviceChange response comprising the Device Change response. Upon receiving the response, the LPAd of the old Device SHOULD disable the installed Profile if the response contains encryptedDeviceChangeData, and SHALL call "ES10b.VerifyDeviceChange" function comprising deviceChangeConfirmation to verify the SM-DP+ signature and optionally decrypt the Device Change Response via eUICC as described in section 5.7.27. If the eUICC returns a profileNotInDisabledState error, the LPA MAY disable the installed Profile and retry the "ES10b.VerifyDeviceChange" function call. If the eUICC returns any other error or the LPA does not retry the "ES10b.VerifyDeviceChange" function call, the procedure SHALL stop. If the End User rejected the Device Change, the SM-DP+ SHALL return the ES9+.ConfirmDeviceChange response without the Device Change response, and the procedure SHALL stop. NOTE 1: The use of an SM-DS in the context of Device Change is FFS.NOTE 2: If the LPA does not retry the "ES10b.VerifyDeviceChange" function call, the LPA can terminate the RSP session by calling "ES10b.CancelSession" with the reason sessionAborted. 17. If the LPAd of the old Device has been instructed in the Device Change Response to delete the installed Profile or the DeviceChangeConfiguration indicates that the deletion of the installed profile is required, the LPAd of the old Device SHALL delete the installed Profile from the eUICC using ES10c.DeleteProfile and retrieve the corresponding Delete Notification from the eUICC. Additionally, if the DeviceChangeConfiguration indicates requestToDp and the SM-DP+ has indicated in the Device Change Response that it supports the recovery of the deleted Profile, the LPAd of the old Device SHOULD store the following values of the deleted Profile: • ICCID, and• from DeviceChangeConfiguration: the smdpAddressForDc and, if present, the allowedCiPKId.If the deletion of the installed Profile is not required, the procedure continues with step (19).
NOTE: The LPA of the old Device should store the Profile Recovery Information until the expiration of time indicated in profileRecoveryValidityPeriod in the deviceChangeResponse or successful Profile Recovery, whichever comes first. 18. The LPAd of the old Device SHALL send the Delete Notification of the deleted Profile to the corresponding Recipient Address. For that, the LPAd MAY perform one of the following: • The LPAd MAY call ES9+.HandleNotification function (as defined in section 3.5) and receive the acknowledgement of the Delete Notification.• The LPAd MAY send the Delete Notification to the LPAd of the new Device via implementation-specific channel. In this case the LPAd of the new Device SHALL relay the Delete Notification by calling ES9+.HandleNotification function (as defined in section 3.5) before executing step (20).• If the SM-DP+ has indicated that it supports the Delete Notification for Device Change of the deleted Profile in the Device Change Response, the LPAd MAY embed the Delete Notification for Device Change corresponding to the notificationAddress in the Device Change Response in an Activation Code (as defined in section 4.1 and 4.1.3).The procedure SHALL stop if the LPAd of the old Device cannot send the Delete Notification. NOTE1: The Recipient Address may not be the FQDN of the SM-DP+ in figure 21b. In such a case, it is out of scope of this document how the Notification receiver delivers the Delete Notification to the SM-DP+ in figure 21b.
NOTE2: The LPAd of the old Device MAY send additional Notifications to the SMDP+(s) other than the SM-DP+ in figure 21b.
NOTE3: Execution of this step MAY require an extended period of time. For instance, if the LPAd does not presently have network connectivity, it can wait until connectivity is available in order to deliver the notification. 19. The LPAd of the old Device provides the Activation Code to the LPAd of the new Device.• If the DeviceChangeConfiguration indicates requestToDp, the LPAd SHALL use the Activation Code in the ES9+.ConfirmDeviceChange response or the Activation Code at step (18), if generated.• If the DeviceChangeConfiguration indicates usingStoredAc, the LPAd SHALL use the Activation Code from the activationCodeForDc. The LPAd of the old Device SHOULD provide to the new Device the state of the Profile during the procedure in order to allow the LPAd of the new Device to restore the state of the Profile of the old Device.The LPAd of the old Device MAY present the information via the LUI. Additional means to provide the information to the LPAd of the new Device is out of scope of this specification. 20. The Profile is downloaded from the SM-DP+ to the new Device via the Profile download and installation procedure as defined in section 3.1.3, based upon the Activation Code.• If the Activation Code, provided at step (19), contains the Delete Notification for Device Change, the LPAd of the new Device SHALL provide the Delete Notification for Device Change by calling ES9+.AuthenticateClient function comprising a deleteNotificationForDc.• If the Activation Code, provided at step (19), indicates Confirmation Code Required Flag, the Confirmation Code that was used in this procedure has to be used at step (8) of the Profile download and installation procedure defined in section 3.1.3. End Conditions: The Profile and its associated Profile Metadata have been installed on the End User’s eUICC of the new Device.

这是一段关于远程SIM配置（RSP）技术规范中设备变更（Device Change）流程的描述。该流程允许用户将旧设备中的SIM配置文件迁移到新设备中。以下是该流程的核心内容概述：

**启动条件：**
- 服务提供商已向SM-DP+提供了进行设备变更所需的相关信息和配置。
- 用户拥有一个含有配置文件的旧设备。
- 旧设备的eUICC和LPAd支持设备变更。
- 旧设备中的配置文件包含服务提供商提供的信息的设备变更配置。
- 配置文件没有设置任何与设备变更配置相关的配置文件策略规则。
- 用户获得了一个新设备。
- 在旧设备中根据SGP.21 [4]获取了用户意图。

**步骤：**
1. 用户从旧设备的LPAd发起设备变更操作，并选择要安装到新设备的配置文件。
2. 旧设备的LPAd从所选配置文件的配置文件元数据中检索设备变更配置。根据检索到的设备变更配置的值，旧设备的LPAd将按照以下方式进行操作：
   - 如果设备变更配置指示为requestToDp，程序继续执行步骤3。
   - 如果设备变更配置指示为usingStoredAc，程序继续执行步骤17。

3. 旧设备的LPAd将从配置文件的设备变更配置中的smdpAddressForDc确定SM-DP+地址。
4. 如果设备变更配置指示新设备需要EID和/或TAC，旧设备的LPAd将从新设备中检索所需信息。
5. 旧设备的LPAd对检索到的SM-DP+地址启动共同相互认证程序。如果设备变更配置包括允许的eSIM CA RootCA公钥标识符，LPAd将限制允许的eSIM CA RootCA公钥标识符为该值。
6. 如果服务提供商配置了，SM-DP+将调用ES2+.HandleDeviceChangeRequest函数，包括ICCID和新设备的EID和/或TAC。
7. 如果SM-DP+不支持设备变更，将返回错误状态"设备变更 - 不支持"，程序将停止。
8. 如果服务提供商配置了，SM-DP+将通过调用ES2+.HandleNotification函数通知服务提供商设备变更请求。
9. 如果设备变更对于ICCID识别的配置文件是允许的，SM-DP+将返回包含事务ID、smdpSigned4、smdpSignature4的ES9+.AuthenticateClient响应。
10. 如果isNewProfileRequired在ES2+.HandleDeviceChangeRequest函数的响应中被设置为TRUE，或者服务提供商和SM-DP+对于ICCID识别的配置文件有一致的行为，服务提供商将运行下载准备过程。
11. 旧设备的LPAd将要求对设备变更进行强确认。如果ES9+.AuthenticateClient响应中提供了服务提供商消息用于设备变更，应向用户展示。
12. 旧设备的LPAd将调用"ES10b.PrepareDeviceChange"函数，包括smdpSigned4、smdpSignature4和可选的哈希确认代码。
13. 旧设备的LPAd将调用ES9+.ConfirmDeviceChange函数，包括事务ID和prepareDeviceChangeResponse。
14. 如果服务提供商配置了或isNewProfileRequired在ES2+.HandleDeviceChangeRequest函数的响应中被设置为TRUE，SM-DP+将通过调用ES2+.HandleNotification函数通知服务提供商用户确认结果。
15. 如果isNewProfileRequired在ES2+.HandleDeviceChangeRequest函数的响应中被设置为FALSE，或者服务提供商配置了，SM-DP+将准备一个配置文件用于下载并生成相关的匹配ID。
16. 如果用户接受了设备变更，SM-DP+将返回包含设备变更响应的ES9+.ConfirmDeviceChange响应。
17. 如果旧设备的LPAd在设备变更响应中被指示删除已安装的配置文件，或者设备变更配置指示需要删除已安装的配置文件，旧设备的LPAd将使用ES10c.DeleteProfile从eUICC中删除已安装的配置文件，并检索相应的删除通知。
18. 旧设备的LPAd将删除通知发送给相应的接收地址。
19. 旧设备的LPAd将向新设备的LPAd提供激活代码。
20. 配置文件从SM-DP+下载到新设备，基于激活代码。

**结束条件：**配置文件及其相关的配置文件元数据已安装在用户新的eUICC上。