Local Profile Management Guide
Local Profile Management (LPM) is a feature of OmniSIM that extends the M2M Profile management to allow a device to manage resilient connectivity.
Last updated
Local Profile Management (LPM) is a feature of OmniSIM that extends the M2M Profile management to allow a device to manage resilient connectivity.
Last updated
This documentation applies to the following products:
OmniSIM
For all other products, please review their respective documentation
The Local Profile Management (LPM) applet revolutionizes eSIM profile management on IoT devices, enabling more dynamic and efficient connectivity management directly on the device. This approach leverages the device's intrinsic understanding of its environment, allowing for automatic profile switching based on predefined logic and scenarios. Below, we outline the core functionalities offered by the LPM applet.
The LPM (Local Profile Manager) applet significantly enhances the resilience of devices in mobile networks. It enables devices to not only detect a complete loss of connectivity but also to identify Quality of Service (QoS) issues affecting network bearers. Upon detecting such issues, the device can proactively switch to an alternative Mobile Network Operator (MNO) profile, ensuring uninterrupted service and optimal connectivity performance.
MNO Profile’s A, B and C have an active subscription.
Profile A is Enabled and used by the device for connectivity.
IoT Client detects that it has limited service, drops 5G for example. IoT Client triggers the LPM applet to enable another Profile.
Profile B is Enabled and A is disabled, Profile B then provides connectivity for the device.
Get EID (eUICC Identifier): Allows retrieval of the eSIM's unique identifier.
Get eSIM Profiles: Lists all available eSIM profiles stored on the card.
Enable Profile: Enables a selected profile based on its ICCID, making it the current active profile.
The LPM applet supports activation through two primary methods:
AT Commands (AT-CMD): Traditional AT command interface for profile management.
Local Profile Assistant Daemon (LPAd): A more intuitive method for triggering profile management actions.
The LPM applet is strictly for profile management, not allowing for modification or deletion of eSIM profiles.
Devices equipped with the LPM applet can be fully managed by an SM-SR platform, despite the LPM's use the RSP is still in control of the profiles on the card.
Responsibility for profile switching in the absence of connectivity from the current MNO profile resides with the device, further emphasizing its autonomous role in connectivity management.
LPM is a KORE proprietary feature, it extends the GSMA standards that includes emergency profile fallback to allow a device to decide when and what profile should be enabled to manage connectivity.
This refined approach to eSIM management via the LPM applet grants devices a higher degree of control and adaptability, aligning with the needs of modern IoT ecosystems.
To enhance your IoT device's connectivity, ensure you have the following components:
OmniSIM 1.3 eSIM from KORE: This eSIM supports Local Profile Management (LPM).
KORE’s ConnectivityPro Portal: Provides the capability to download multiple profiles, enabling seamless connectivity management.
Compatible IoT Device: Your IoT device should be capable of sending AT Commands to a modem or possess an LPAd (Local Profile Assistant) configurable for changing the ISD-R's Application Identifier (AID) to the LPM AID.
To determine if a KORE eSIM supports Local Profile Management (LPM), you can check either:
The SKU printed on the SIM card.
The Profile Code within the eSIM's EID, accessible through a device's GetEID command. The profile code is located in digits 11-13 of the EID.
AT Command to query the card to get a profile id. Full details in the OmniSIM how to identify section
The LPM applet will be triggered and managed by APDU commands that are either sent directly from the device OS if capable or via the modem by using AT+CSIM commands, this later option will be more common and is how the Kore Device Steering SDK uses.
Here is a typical usage flow where the Device Client or Steering SDK uses AT Commands.
Open a Channel to the SIM.
Select the LPM applet so the following commands will be directed to the applet.
Get Profiles – Get a list of profiles and their state to decide which profile to enable.
Enable Profile – Request to Enable a profile, the referenced profile will be enabled and the existing disabled by the ISD-R.
Close the Channel to the SIM, this will trigger the device to refresh and the device will resume connectivity with the new profile.
To be able to send the AT commands to the LPM applet there needs to be a channel open to the SIM and select the LPM applet so that the AT Command can send the APDU commands to the LPM applet.
The Open Channel command will create a new channel to the SIM, the modem will return the next available channel that can be referenced to send further commands to the SIM.
Where X is the channel number to be used in the commands below.
The following command will select the LPM applet using it’s AID so that further APDU are sent to the applet.
The LPM Applet has an AID (Application IDentifier): A000000815030040030902231003
Where X is the channel returned by the Open Channel
The AID of the LPM applet: A000000815030040030902231003
This command is used to return the EID of the eSIM. Could be used to identify the type of card for example.
Here is the format of the APDU that is sent to the LPM applet to request the EID.
CLA
0x8X
8 stands for proprietary command
X stands for logical channel that is open to the SIM
INS
0x16
16 defines the Get EID command
P1
0x00
P2
0x00
Lc
0x12
Length of the EID to be returned, KORE's EID is 32 digits so 16 bytes + EID TAG and Length is 18 bytes (0x12)
Where X is the channel returned by the Open Channel
Returns the EID: 89001039450410141400000000001580
This command is used to a list of the available downloaded Profiles on the eSIM and the Status. This would provide an IoT application the current status and information on the profiles to allow the device to decide to select an available profile.
Here is the format of the APDU that is sent to the LPM applet to request the eSIM Profiles.
CLA
0x8X
8 stands for proprietary command
X stands for logical channel that is open to the SIM
INS
0x18
18 defines the Get eSIM Profiles command
P1
0x00
P2
0x00
Lc
0xFF
No Data
Where X is the channel returned by the Open Channel
4F
0x05-16
Profile AID
ISDP-AID of the Profile on the eSIM, this will be used in the Enable Profile command
9F70
0x01
3F = Enabled
1F = Disabled
State of the Profile
53
0x01
00 = Fallback not set
01 = Fallback set
ISD-P attribute - fallback state of the profile
5A
0x0A (10)
ICCID
ICCD of the profile nibble swapped
Nibble Swapping
The SIM stores some data in Nibble Swapped format to save space for example.
ICCID = 89123108001757010071
If this was covereted to Hex as numbers it would be 0x38 39 20 31 32 20 33 31 20 20 30 38 20 30 30 20 31 37 20 35 37 20 30 31 20 30 30 20 37 31 (20 bytes)
Swapped takes 2 digits and swaps them and stores as a byte for example 89 = 0x98
so the ICCID is stores as a hex string: 0x98211380007175100017 (10 bytes)
To decode the response into a more readable structured format then recommend using ASN1 decoder. (https://asn1.io/asn1playground)
This command is used to Enable a specified profile that is already downloaded and installed. If the profile is installed the profile is Enabled and the previous active profile is disabled. Once the new profile is enabled, the applet sends the REFRESH command that will be sent to the terminal to force the switch then the Channel to the SIM is closed. If the profile enabling procedure is done against the POL1, the eUICC will send an error SW (69 E1). There will be no Rollback Mechanism in LM Profile Enable process. A notification to the SM-SR to update its database (notification sequence number value =’0000’).
CLA
0x8X
8 stands for proprietary command
X stands for logical channel that is open to the SIM
INS
0x01
01 defines the Enable Profile command
P1
0x00
P2
0x00
Lc
0x10
Length of the Profile AID (data)
Data
0xXX..XX
ISD-P AID (Profile AID) to be enabled example A0000005591010FFFFFFFF8900001100
Where X is the channel returned by the Open Channel
AID of the profile that is to be enabled is: A0000005591010FFFFFFFF8900001100
9000 is the command succeeded.
Then Close the channel to the SIM and this will trigger the SIM to issue a Refresh to the devivce and the new profile will connect.
The LPM applet will be triggered and managed a LPAd on the IoT device that is sending ES10c APDU commands to the LPM applet. ES10c commands are
The applet manages a subset of the ES10c commands to allow the switching of the local profiles only and any other ES10c commands are ignored. ES10c can be used with AID or ICCID to reference a profile. This means OmniSIM can be used by a device that would have normally required a Consumer eSIM and allows the switching of profiles. These commands also work with any device that suports AT commands so as a developer you have a choice of LPM/ES10c commands.
Here is a typical usage flow where the IoT Client uses a LPAd to switch profiles.
Get Profiles – Get a list of profiles and their state to decide which profile to enable.
Enable Profile – Request to Enable a profile, the referenced profile will be enabled and the existing disabled by the ISD-R.
To be able to send the commands to the LPM applet from a LPAd, then the LPAd normally sends the ES10c APDU to the ISD-R of the eSIM. The M2M card does not have this interface so these APDU will be ignored by the M2M eSIM. The LPAd needs to be configured to use the AID of the LPM Applet to route the ES10c commands to the LPM applet. This could be a config change or this might mean updating the code of the LPAd.
LPM AID: A000000815030040030902231003
The LPM applet can be used without a LPAd but the IoT Application can use AT Commands to send the ES10c APDU to the LPM applet. This requires a channel open to the SIM and the LPM applet selected so that the AT Command can send the APDU commands to the LPM applet.
The Open Channel command will create a new channel to the SIM, the modem will return the next available channel that can be referenced to send further commands to the SIM.
Where X is the channel number to be used in the commands below.
The following command will select the LPM applet using it’s AID so that further APDU are sent to the applet.
The LPM Applet has an AID (Application IDentifier): A000000815030040030902231003
Where X is the channel returned by the Open Channel
The AID of the LPM applet: A000000815030040030902231003
Gets the EID from the eUICC, returns the EID that could be used if the IoT application wants to know the eUICC being used.
Full details of the APDU can be found in SGP.22 – Section 5.7.20 - ES10c – GetEID
CLA
0x8X
8 stands for proprietary command
X stands for logical channel that is open to the SIM
INS
0xE2
16 defines the Get EID command
P1
0x91
P2
0x00
Lc
0x02
Length of the EID to be returned, KORE's EID is 32 digits so 16 bytes + EID TAG and Length is 18 bytes (0x12)
Data
0xBF3E
Le
0x03
TAGS
0x5c 01 5A
Where X is the channel returned by the Open Channel
Where EID = 89001054010210036600000000023780
Example APDU - Get EID The LPAd send a GetEuiccDataRequest:
The ISD-R returns a GetEuiccDataResponse:
This command is used to a list of the downloaded Profiles on the eUICC and their Status. This would provide an IoT application the current status and information on the profiles to allow the decision to be able to select an available profile.
Full details of the APDU can be found in SGP.22 – Section 5.7.15 - ES10 – GetProfilesInfo
CLA
0x8X
8 stands for proprietary command
X stands for logical channel that is open to the SIM
INS
0xE2
P1
0x91
P2
0x00
Lc
0x02
Length of the GetProfilesInfo
Data
0xBF2D
Le
0x06
TAGS
0x5C 04 5A 4F 9F 70
See table below for the definition
This retrieves the following data for the Profile on the eUICC. Not all tags are available from the OS for an M2M card so these TAGs will be ignored.
(Bold) = Mandatory as would be used in EnableProfile and state could be useful also.
ICCID*
5A
980193000050577617F1
ICCId of the profile (Swapped)
ISD-P AID*
4F
A0000005591010FFFFFFFF8900001000
AID of the Profile
State*
9F70
01
01 = Enabled
00 = Disabled
Profile Nickname*
90
4f6D6E6953494D (OmniSIM)
N/A for M2M
Service provider*
91
4B4F5245 (KORE)
N/A for M2M
Profile name*
92
52757368 (Rush)
N/A for M2M
Icon type*
93
-
N/A for M2M
Icon*
94
-
N/A for M2M
Profile Class*
95
-
N/A for M2M
Notification Configuration Info
B6
-
N/A for M2M
Profile Owner
B7
-
N/A for M2M
SM-DP+ proprietary data
B8
-
N/A for M2M
Profile Policy Rules
99
-
N/A for M2M
If no tag list is present, the eUICC SHALL return the default ProfileInfo: the ProfileInfo data objects marked with (*) for each Profile matching the selection criterion. The TAGs in Bold are those supported by the M2M card OS, other TAGs will return no data.
This eSIM contains two profiles, 8910390000057567711F and 8910390000057276776F, and here’s some additional information about them.
To decode the response into a more readable structured format then recommend using ASN1 decoder. (https://asn1.io/asn1playground)
The LPAd send a ProfileInfoListRequest:
The ISD-R returns a ProfileInfoListRequest:
Using an ASN1 decoder to parse the returned data formats into a more readable format:
This command is used to Enable a specified profile that is already downloaded and installed. If the profile is installed, the profile is Enabled and the previous active profile is disabled. The device will then reconnect with the new profile. If the new profile does not have connectivity then it will not roll back to the previous profile. This needs to be managed by the local IoT Application.
Full details of the APDU can be found in SGP.22 – Section 5.7.16 - ES10 – EnableProfile
CLA
0x8X
8 stands for proprietary command
X stands for logical channel that is open to the SIM
INS
0xE2
P1
0x91
P2
0x00
Lc
0x02
Length of the EnableProfile command
Data
0xBF31
Le
0x06
TAGS
0x4F<AID>
0x5A<ICCID>
A profile can be referenced either by Profile AID or ICCID.
Status: OK (00) UndefinedError (0x7F or 127)
