Local Profile Management Guide

Local Profile Management (LPM) is a feature of OmniSIM that extends the M2M Profile management to allow a device to manage resilient connectivity.

This documentation applies to the following products:

  • OmniSIM

For all other products, please review their respective documentation

Local Profile Management (LPM) for eSIM on IoT Devices

The Local Profile Management (LPM) applet revolutionizes eSIM profile management on IoT devices, enabling more dynamic and efficient connectivity management directly on the device. This approach leverages the device's intrinsic understanding of its environment, allowing for automatic profile switching based on predefined logic and scenarios. Below, we outline the core functionalities offered by the LPM applet.

Enhancing Device Resilience

The LPM (Local Profile Manager) applet significantly enhances the resilience of devices in mobile networks. It enables devices to not only detect a complete loss of connectivity but also to identify Quality of Service (QoS) issues affecting network bearers. Upon detecting such issues, the device can proactively switch to an alternative Mobile Network Operator (MNO) profile, ensuring uninterrupted service and optimal connectivity performance.

Example

MNO Profile’s A, B and C have an active subscription.

  1. Profile A is Enabled and used by the device for connectivity.

  2. IoT Client detects that it has limited service, drops 5G for example. IoT Client triggers the LPM applet to enable another Profile.

  3. Profile B is Enabled and A is disabled, Profile B then provides connectivity for the device.

Local Device can Manage Profile Resilience

Key Features of LPM Applet:

  • Get EID (eUICC Identifier): Allows retrieval of the eSIM's unique identifier.

  • Get eSIM Profiles: Lists all available eSIM profiles stored on the card.

  • Enable Profile: Enables a selected profile based on its ICCID, making it the current active profile.

Activation Methods:

The LPM applet supports activation through two primary methods:

  • AT Commands (AT-CMD): Traditional AT command interface for profile management.

  • Local Profile Assistant Daemon (LPAd): A more intuitive method for triggering profile management actions.

Considerations:

  • The LPM applet is strictly for profile management, not allowing for modification or deletion of eSIM profiles.

  • Devices equipped with the LPM applet can be fully managed by an SM-SR platform, despite the LPM's use the RSP is still in control of the profiles on the card.

  • Responsibility for profile switching in the absence of connectivity from the current MNO profile resides with the device, further emphasizing its autonomous role in connectivity management.

  • LPM is a KORE proprietary feature, it extends the GSMA standards that includes emergency profile fallback to allow a device to decide when and what profile should be enabled to manage connectivity.

This refined approach to eSIM management via the LPM applet grants devices a higher degree of control and adaptability, aligning with the needs of modern IoT ecosystems.

Pre-requisites

To enhance your IoT device's connectivity, ensure you have the following components:

  • OmniSIM 1.3 eSIM from KORE: This eSIM supports Local Profile Management (LPM).

  • KORE’s ConnectivityPro Portal: Provides the capability to download multiple profiles, enabling seamless connectivity management.

  • Compatible IoT Device: Your IoT device should be capable of sending AT Commands to a modem or possess an LPAd (Local Profile Assistant) configurable for changing the ISD-R's Application Identifier (AID) to the LPM AID.

How to Identify eSIM supports LPM?

To determine if a KORE eSIM supports Local Profile Management (LPM), you can check either:

  • The SKU printed on the SIM card.

  • The Profile Code within the eSIM's EID, accessible through a device's GetEID command. The profile code is located in digits 11-13 of the EID.

  • AT Command to query the card to get a profile id. Full details in the OmniSIM how to identify section

LPM Command Interface

The LPM applet will be triggered and managed by APDU commands that are either sent directly from the device OS if capable or via the modem by using AT+CSIM commands, this later option will be more common and is how the Kore Device Steering SDK uses.

Usage Flow

Here is a typical usage flow where the Device Client or Steering SDK uses AT Commands.

  1. Open a Channel to the SIM.

  2. Select the LPM applet so the following commands will be directed to the applet.

  3. Get Profiles – Get a list of profiles and their state to decide which profile to enable.

  4. Enable Profile – Request to Enable a profile, the referenced profile will be enabled and the existing disabled by the ISD-R.

  5. Close the Channel to the SIM, this will trigger the device to refresh and the device will resume connectivity with the new profile.

Example sequence flow for LPM commands

LPM AT Commands

Prerequisites

To be able to send the AT commands to the LPM applet there needs to be a channel open to the SIM and select the LPM applet so that the AT Command can send the APDU commands to the LPM applet.

Open Channel

The Open Channel command will create a new channel to the SIM, the modem will return the next available channel that can be referenced to send further commands to the SIM.

Where X is the channel number to be used in the commands below.

Select the LPM Applet

The following command will select the LPM applet using it’s AID so that further APDU are sent to the applet.

The LPM Applet has an AID (Application IDentifier): A000000815030040030902231003

  • Where X is the channel returned by the Open Channel

  • The AID of the LPM applet: A000000815030040030902231003

LPM - Get EID

This command is used to return the EID of the eSIM. Could be used to identify the type of card for example.

Here is the format of the APDU that is sent to the LPM applet to request the EID.

Field
Value (hex)
Comments

CLA

0x8X

8 stands for proprietary command

X stands for logical channel that is open to the SIM

INS

0x16

16 defines the Get EID command

P1

0x00

P2

0x00

Lc

0x12

Length of the EID to be returned, KORE's EID is 32 digits so 16 bytes + EID TAG and Length is 18 bytes (0x12)

Get EID Command

  • Where X is the channel returned by the Open Channel

  • Returns the EID: 89001039450410141400000000001580

Example - LPM Get EID

LPM - Get eSIM Profile

This command is used to a list of the available downloaded Profiles on the eSIM and the Status. This would provide an IoT application the current status and information on the profiles to allow the device to decide to select an available profile.

Here is the format of the APDU that is sent to the LPM applet to request the eSIM Profiles.

Field
Value (hex)
Comments

CLA

0x8X

8 stands for proprietary command

X stands for logical channel that is open to the SIM

INS

0x18

18 defines the Get eSIM Profiles command

P1

0x00

P2

0x00

Lc

0xFF

No Data

Get eSIM Profiles Command

  • Where X is the channel returned by the Open Channel

Returns E3 Tag for each Profile on the OmniSIM

Field
Length (hex)
Value (hex)
Comments

4F

0x05-16

Profile AID

ISDP-AID of the Profile on the eSIM, this will be used in the Enable Profile command

9F70

0x01

3F = Enabled

1F = Disabled

State of the Profile

53

0x01

00 = Fallback not set

01 = Fallback set

ISD-P attribute - fallback state of the profile

5A

0x0A (10)

ICCID

ICCD of the profile nibble swapped

Nibble Swapping

The SIM stores some data in Nibble Swapped format to save space for example.

ICCID = 89123108001757010071

If this was covereted to Hex as numbers it would be 0x38 39 20 31 32 20 33 31 20 20 30 38 20 30 30 20 31 37 20 35 37 20 30 31 20 30 30 20 37 31 (20 bytes)

Swapped takes 2 digits and swaps them and stores as a byte for example 89 = 0x98

so the ICCID is stores as a hex string: 0x98211380007175100017 (10 bytes)

Example - LPM eSIM Profiles

To decode the response into a more readable structured format then recommend using ASN1 decoder. (https://asn1.io/asn1playground)

LPM - Enable Profile

This command is used to Enable a specified profile that is already downloaded and installed. If the profile is installed the profile is Enabled and the previous active profile is disabled. Once the new profile is enabled, the applet sends the REFRESH command that will be sent to the terminal to force the switch then the Channel to the SIM is closed. If the profile enabling procedure is done against the POL1, the eUICC will send an error SW (69 E1). There will be no Rollback Mechanism in LM Profile Enable process. A notification to the SM-SR to update its database (notification sequence number value =’0000’).

Field
Value (hex)
Comments

CLA

0x8X

8 stands for proprietary command

X stands for logical channel that is open to the SIM

INS

0x01

01 defines the Enable Profile command

P1

0x00

P2

0x00

Lc

0x10

Length of the Profile AID (data)

Data

0xXX..XX

ISD-P AID (Profile AID) to be enabled example A0000005591010FFFFFFFF8900001100

Enable Profile Command

  • Where X is the channel returned by the Open Channel

  • AID of the profile that is to be enabled is: A0000005591010FFFFFFFF8900001100

  • 9000 is the command succeeded.

  • Then Close the channel to the SIM and this will trigger the SIM to issue a Refresh to the devivce and the new profile will connect.

Example - LPM Enable Profile

ES10 LPM Command Interface

The LPM applet will be triggered and managed a LPAd on the IoT device that is sending ES10c APDU commands to the LPM applet. ES10c commands are

The applet manages a subset of the ES10c commands to allow the switching of the local profiles only and any other ES10c commands are ignored. ES10c can be used with AID or ICCID to reference a profile. This means OmniSIM can be used by a device that would have normally required a Consumer eSIM and allows the switching of profiles. These commands also work with any device that suports AT commands so as a developer you have a choice of LPM/ES10c commands.

Usage Flow

Here is a typical usage flow where the IoT Client uses a LPAd to switch profiles.

  1. Get Profiles – Get a list of profiles and their state to decide which profile to enable.

  2. Enable Profile – Request to Enable a profile, the referenced profile will be enabled and the existing disabled by the ISD-R.

Example sequence flow for ES10c commands

LPM ES10c AT Commands

Prerequisites

Using LPAd

To be able to send the commands to the LPM applet from a LPAd, then the LPAd normally sends the ES10c APDU to the ISD-R of the eSIM. The M2M card does not have this interface so these APDU will be ignored by the M2M eSIM. The LPAd needs to be configured to use the AID of the LPM Applet to route the ES10c commands to the LPM applet. This could be a config change or this might mean updating the code of the LPAd.

LPM AID: A000000815030040030902231003

Using APDU

The LPM applet can be used without a LPAd but the IoT Application can use AT Commands to send the ES10c APDU to the LPM applet. This requires a channel open to the SIM and the LPM applet selected so that the AT Command can send the APDU commands to the LPM applet.

Open Channel

The Open Channel command will create a new channel to the SIM, the modem will return the next available channel that can be referenced to send further commands to the SIM.

Where X is the channel number to be used in the commands below.

Select the LPM Applet

The following command will select the LPM applet using it’s AID so that further APDU are sent to the applet.

The LPM Applet has an AID (Application IDentifier): A000000815030040030902231003

  • Where X is the channel returned by the Open Channel

  • The AID of the LPM applet: A000000815030040030902231003

LPM - ES10c - Get EID

Gets the EID from the eUICC, returns the EID that could be used if the IoT application wants to know the eUICC being used.

Full details of the APDU can be found in SGP.22 – Section 5.7.20 - ES10c – GetEID

Field
Value (hex)
Comments

CLA

0x8X

8 stands for proprietary command

X stands for logical channel that is open to the SIM

INS

0xE2

16 defines the Get EID command

P1

0x91

P2

0x00

Lc

0x02

Length of the EID to be returned, KORE's EID is 32 digits so 16 bytes + EID TAG and Length is 18 bytes (0x12)

Data

0xBF3E

Le

0x03

TAGS

0x5c 01 5A

Get EID Command

  • Where X is the channel returned by the Open Channel

Where EID = 89001054010210036600000000023780

Example APDU - Get EID The LPAd send a GetEuiccDataRequest:

The ISD-R returns a GetEuiccDataResponse:

LPM - ES10c Get Profiles

This command is used to a list of the downloaded Profiles on the eUICC and their Status. This would provide an IoT application the current status and information on the profiles to allow the decision to be able to select an available profile.

Full details of the APDU can be found in SGP.22 – Section 5.7.15 - ES10 – GetProfilesInfo

Field
Value (hex)
Comments

CLA

0x8X

8 stands for proprietary command

X stands for logical channel that is open to the SIM

INS

0xE2

P1

0x91

P2

0x00

Lc

0x02

Length of the GetProfilesInfo

Data

0xBF2D

Le

0x06

TAGS

0x5C 04 5A 4F 9F 70

See table below for the definition

This retrieves the following data for the Profile on the eUICC. Not all tags are available from the OS for an M2M card so these TAGs will be ignored.

(Bold) = Mandatory as would be used in EnableProfile and state could be useful also.

Name
TAG
Example
Value/Notes

ICCID*

5A

980193000050577617F1

ICCId of the profile (Swapped)

ISD-P AID*

4F

A0000005591010FFFFFFFF8900001000

AID of the Profile

State*

9F70

01

01 = Enabled

00 = Disabled

Profile Nickname*

90

4f6D6E6953494D (OmniSIM)

N/A for M2M

Service provider*

91

4B4F5245 (KORE)

N/A for M2M

Profile name*

92

52757368 (Rush)

N/A for M2M

Icon type*

93

-

N/A for M2M

Icon*

94

-

N/A for M2M

Profile Class*

95

-

N/A for M2M

Notification Configuration Info

B6

-

N/A for M2M

Profile Owner

B7

-

N/A for M2M

SM-DP+ proprietary data

B8

-

N/A for M2M

Profile Policy Rules

99

-

N/A for M2M

If no tag list is present, the eUICC SHALL return the default ProfileInfo: the ProfileInfo data objects marked with (*) for each Profile matching the selection criterion. The TAGs in Bold are those supported by the M2M card OS, other TAGs will return no data.

Get eSIM Profiles Command

This eSIM contains two profiles, 8910390000057567711F and 8910390000057276776F, and here’s some additional information about them.

To decode the response into a more readable structured format then recommend using ASN1 decoder. (https://asn1.io/asn1playground)

Example APDU - Get Profile Information

The LPAd send a ProfileInfoListRequest:

The ISD-R returns a ProfileInfoListRequest:

Using an ASN1 decoder to parse the returned data formats into a more readable format:

LPM - ES10c Enable Profile

This command is used to Enable a specified profile that is already downloaded and installed. If the profile is installed, the profile is Enabled and the previous active profile is disabled. The device will then reconnect with the new profile. If the new profile does not have connectivity then it will not roll back to the previous profile. This needs to be managed by the local IoT Application.

Full details of the APDU can be found in SGP.22 – Section 5.7.16 - ES10 – EnableProfile

Field
Value (hex)
Comments

CLA

0x8X

8 stands for proprietary command

X stands for logical channel that is open to the SIM

INS

0xE2

P1

0x91

P2

0x00

Lc

0x02

Length of the EnableProfile command

Data

0xBF31

Le

0x06

TAGS

0x4F<AID>

0x5A<ICCID>

A profile can be referenced either by Profile AID or ICCID.

Command from LPAd - ICCID

Command from LPAd - AID

Response to LPAd

Status: OK (00) UndefinedError (0x7F or 127)

Example APDU – Enable Profile

PreviousOmniSIM Troubleshooting TipsNextOmniSIM - GSMA Test Profile (TS.48)

Last updated

Was this helpful?