Local Profile Management Guide

Local Profile Management (LPM) is a feature of OmniSIM that extends the M2M Profile management to allow a device to manage resilient connectivity.

This documentation applies to the following products:

  • OmniSIM

For all other products, please review their respective documentation

Local Profile Management (LPM) for eSIM on IoT Devices

The Local Profile Management (LPM) applet revolutionizes eSIM profile management on IoT devices, enabling more dynamic and efficient connectivity management directly on the device. This approach leverages the device's intrinsic understanding of its environment, allowing for automatic profile switching based on predefined logic and scenarios. Below, we outline the core functionalities offered by the LPM applet.

Enhancing Device Resilience

The LPM (Local Profile Manager) applet significantly enhances the resilience of devices in mobile networks. It enables devices to not only detect a complete loss of connectivity but also to identify Quality of Service (QoS) issues affecting network bearers. Upon detecting such issues, the device can proactively switch to an alternative Mobile Network Operator (MNO) profile, ensuring uninterrupted service and optimal connectivity performance.

Example

MNO Profile’s A, B and C have an active subscription.

  1. Profile A is Enabled and used by the device for connectivity.

  2. IoT Client detects that it has limited service, drops 5G for example. IoT Client triggers the LPM applet to enable another Profile.

  3. Profile B is Enabled and A is disabled, Profile B then provides connectivity for the device.

Local Device can Manage Profile Resilience

Key Features of LPM Applet:

  • Get EID (eUICC Identifier): Allows retrieval of the eSIM's unique identifier.

  • Get eSIM Profiles: Lists all available eSIM profiles stored on the card.

  • Enable Profile: Enables a selected profile based on its ICCID, making it the current active profile.

Activation Methods:

The LPM applet supports activation through two primary methods:

  • AT Commands (AT-CMD): Traditional AT command interface for profile management.

  • Local Profile Assistant Daemon (LPAd): A more intuitive method for triggering profile management actions.

Considerations:

  • The LPM applet is strictly for profile management, not allowing for modification or deletion of eSIM profiles.

  • Devices equipped with the LPM applet can be fully managed by an SM-SR platform, despite the LPM's use the RSP is still in control of the profiles on the card.

  • Responsibility for profile switching in the absence of connectivity from the current MNO profile resides with the device, further emphasizing its autonomous role in connectivity management.

  • LPM is a KORE proprietary feature, it extends the GSMA standards that includes emergency profile fallback to allow a device to decide when and what profile should be enabled to manage connectivity.

This refined approach to eSIM management via the LPM applet grants devices a higher degree of control and adaptability, aligning with the needs of modern IoT ecosystems.

Pre-requisites

To enhance your IoT device's connectivity, ensure you have the following components:

  • OmniSIM 1.3 eSIM from KORE: This eSIM supports Local Profile Management (LPM).

  • KORE’s ConnectivityPro Portal: Provides the capability to download multiple profiles, enabling seamless connectivity management.

  • Compatible IoT Device: Your IoT device should be capable of sending AT Commands to a modem or possess an LPAd (Local Profile Assistant) configurable for changing the ISD-R's Application Identifier (AID) to the LPM AID.

How to Identify eSIM supports LPM?

To determine if a KORE eSIM supports Local Profile Management (LPM), you can check either:

  • The SKU printed on the SIM card.

  • The Profile Code within the eSIM's EID, accessible through a device's GetEID command. The profile code is located in digits 11-13 of the EID.

  • AT Command to query the card to get a profile id. Full details in the OmniSIM how to identify section

LPM Command Interface

The LPM applet will be triggered and managed by APDU commands that are either sent directly from the device OS if capable or via the modem by using AT+CSIM commands, this later option will be more common and is how the Kore Device Steering SDK uses.

Usage Flow

Here is a typical usage flow where the Device Client or Steering SDK uses AT Commands.

  1. Open a Channel to the SIM.

  2. Select the LPM applet so the following commands will be directed to the applet.

  3. Get Profiles – Get a list of profiles and their state to decide which profile to enable.

  4. Enable Profile – Request to Enable a profile, the referenced profile will be enabled and the existing disabled by the ISD-R.

  5. Close the Channel to the SIM, this will trigger the device to refresh and the device will resume connectivity with the new profile.

Example sequence flow for LPM commands

LPM AT Commands

Prerequisites

To be able to send the AT commands to the LPM applet there needs to be a channel open to the SIM and select the LPM applet so that the AT Command can send the APDU commands to the LPM applet.

Open Channel

The Open Channel command will create a new channel to the SIM, the modem will return the next available channel that can be referenced to send further commands to the SIM.

Open Channel command
AT+CSIM=10,"0070000001"
Response
+CSIM: 6,"0X9000"

Where X is the channel number to be used in the commands below.

Select the LPM Applet

The following command will select the LPM applet using it’s AID so that further APDU are sent to the applet.

The LPM Applet has an AID (Application IDentifier): A000000815030040030902231003

Select the LPM applet
AT+CSIM=38,"0A404000EA000000815030040030902231003"

  • Where X is the channel returned by the Open Channel

  • The AID of the LPM applet: A000000815030040030902231003

Response
+CSIM: 4,"9000" // command executed successfully

LPM - Get EID

This command is used to return the EID of the eSIM. Could be used to identify the type of card for example.

Here is the format of the APDU that is sent to the LPM applet to request the EID.

Field
Value (hex)
Comments

CLA

0x8X

8 stands for proprietary command

X stands for logical channel that is open to the SIM

INS

0x16

16 defines the Get EID command

P1

0x00

P2

0x00

Lc

0x12

Length of the EID to be returned, KORE's EID is 32 digits so 16 bytes + EID TAG and Length is 18 bytes (0x12)

Get EID Command

LPM Get EID
AT+CSIM=10,"816000012"

  • Where X is the channel returned by the Open Channel

Response
+CSIM: 40,"4C109000"

  • Returns the EID: 89001039450410141400000000001580

Example - LPM Get EID

Tx AT+CSIM=10,"0070000001"    // open channel
Rx +CSIM: 6,"0X9000"          // channel X selected

Tx AT+CSIM=38,"0X A4 04 00 0E A000000815030040030902231003" // select LPM AID
Rx +CSIM: 4,"9000"

Tx AT+CSIM=10,"8X16000012"    // Get EID
Rx +CSIM: 40,"4C10890010394504101414000000000015809000" // 4C EID tag, 10 length

Tx AT+CSIM=10,"0070800100"    // close channel
Rx +CSIM: 4,"9000

LPM - Get eSIM Profile

This command is used to a list of the available downloaded Profiles on the eSIM and the Status. This would provide an IoT application the current status and information on the profiles to allow the device to decide to select an available profile.

Here is the format of the APDU that is sent to the LPM applet to request the eSIM Profiles.

Field
Value (hex)
Comments

CLA

0x8X

8 stands for proprietary command

X stands for logical channel that is open to the SIM

INS

0x18

18 defines the Get eSIM Profiles command

P1

0x00

P2

0x00

Lc

0xFF

No Data

Get eSIM Profiles Command

LPM Get EID
AT+CSIM=10,"8180000FF"

  • Where X is the channel returned by the Open Channel

Response
+CSIM: 82,"9000"

Returns E3 Tag for each Profile on the OmniSIM

Field
Length (hex)
Value (hex)
Comments

4F

0x05-16

Profile AID

ISDP-AID of the Profile on the eSIM, this will be used in the Enable Profile command

9F70

0x01

3F = Enabled

1F = Disabled

State of the Profile

53

0x01

00 = Fallback not set

01 = Fallback set

ISD-P attribute - fallback state of the profile

5A

0x0A (10)

ICCID

ICCD of the profile nibble swapped

Nibble Swapping

The SIM stores some data in Nibble Swapped format to save space for example.

ICCID = 89123108001757010071

If this was covereted to Hex as numbers it would be 0x38 39 20 31 32 20 33 31 20 20 30 38 20 30 30 20 31 37 20 35 37 20 30 31 20 30 30 20 37 31 (20 bytes)

Swapped takes 2 digits and swaps them and stores as a byte for example 89 = 0x98

so the ICCID is stores as a hex string: 0x98211380007175100017 (10 bytes)

Example - LPM eSIM Profiles

AT+CSIM=10,"0070000001" // open channel
Rx +CSIM: 6,"0X9000" // channel X selected

Tx AT+CSIM=38,"0XA404000EA000000815030040030902231003" // select LPM AID
Rx +CSIM: 4,"9000"

Tx AT+CSIM=10,"8X180000FF" // Get eSIM Profile
Rx +CSIM: 238,"
Rx E3 25                                      // E3 tag and length
Rx 4F 10 A0000005591010FFFFFFFF8900001100     // Profile AID
Rx 9F70 01 3F                                 // Enabled
Rx 53 01 01                                   // Fallback attribute set
Rx 5A 0A 98211380007175100017                 // ICCID (Swaped)
Rx E3 25
Rx 4F 10 A0000005591010FFFFFFFF8900001000     // Profile AID
Rx 9F70 01 1F                                 // Disabled
Rx 53 01 00                                   // Fallback attribute NOT set
Rx 5A 0A 989400312171001689F8                 // ICCID
Rx E3254F10A0000005591010FFFFFFFF8900001200 // Profile AID
Rx 9F70011F                                 // Disabled
Rx 530100                                   // Fallback attribute NOT set
Rx 5A0A98211380007175100027                 // ICCID
Rx 9000"

Tx AT+CSIM=10,"0070800100" // close channel
Rx +CSIM: 4,"9000

To decode the response into a more readable structured format then recommend using ASN1 decoder. (https://asn1.io/asn1playground)

LPM - Enable Profile

This command is used to Enable a specified profile that is already downloaded and installed. If the profile is installed the profile is Enabled and the previous active profile is disabled. Once the new profile is enabled, the applet sends the REFRESH command that will be sent to the terminal to force the switch then the Channel to the SIM is closed. If the profile enabling procedure is done against the POL1, the eUICC will send an error SW (69 E1). There will be no Rollback Mechanism in LM Profile Enable process. A notification to the SM-SR to update its database (notification sequence number value =’0000’).

Field
Value (hex)
Comments

CLA

0x8X

8 stands for proprietary command

X stands for logical channel that is open to the SIM

INS

0x01

01 defines the Enable Profile command

P1

0x00

P2

0x00

Lc

0x10

Length of the Profile AID (data)

Data

0xXX..XX

ISD-P AID (Profile AID) to be enabled example A0000005591010FFFFFFFF8900001100

Enable Profile Command

LPM Enable Profile
AT+CSIM=42,"8X01000010"

  • Where X is the channel returned by the Open Channel

  • AID of the profile that is to be enabled is: A0000005591010FFFFFFFF8900001100

Response
+CSIM: 4,"9000"

  • 9000 is the command succeeded.

  • Then Close the channel to the SIM and this will trigger the SIM to issue a Refresh to the devivce and the new profile will connect.

Example - LPM Enable Profile

Tx AT+CSIM=10,"0070000001" // open channel
Rx +CSIM: 6,"0X9000"       // channel X selected

Tx AT+CSIM=38,"0X A4 04 00 0E A000000815030040030902231003" // select LPM AID
Rx +CSIM: 4,"9000"

Tx AT+CSIM=42,"8X010000 10 A0000005591010FFFFFFFF8900001100" // enable profile
Rx +CSIM: 4,"9000"

Tx AT+CSIM=10,"0070800X00" // close channel to trigger REFRESH
Rx +CSIM: 4,"9000

ES10 LPM Command Interface

The LPM applet will be triggered and managed a LPAd on the IoT device that is sending ES10c APDU commands to the LPM applet. ES10c commands are

The applet manages a subset of the ES10c commands to allow the switching of the local profiles only and any other ES10c commands are ignored. ES10c can be used with AID or ICCID to reference a profile. This means OmniSIM can be used by a device that would have normally required a Consumer eSIM and allows the switching of profiles. These commands also work with any device that suports AT commands so as a developer you have a choice of LPM/ES10c commands.

Usage Flow

Here is a typical usage flow where the IoT Client uses a LPAd to switch profiles.

  1. Get Profiles – Get a list of profiles and their state to decide which profile to enable.

  2. Enable Profile – Request to Enable a profile, the referenced profile will be enabled and the existing disabled by the ISD-R.

Example sequence flow for ES10c commands

LPM ES10c AT Commands

Prerequisites

Using LPAd

To be able to send the commands to the LPM applet from a LPAd, then the LPAd normally sends the ES10c APDU to the ISD-R of the eSIM. The M2M card does not have this interface so these APDU will be ignored by the M2M eSIM. The LPAd needs to be configured to use the AID of the LPM Applet to route the ES10c commands to the LPM applet. This could be a config change or this might mean updating the code of the LPAd.

LPM AID: A000000815030040030902231003

Using APDU

The LPM applet can be used without a LPAd but the IoT Application can use AT Commands to send the ES10c APDU to the LPM applet. This requires a channel open to the SIM and the LPM applet selected so that the AT Command can send the APDU commands to the LPM applet.

Open Channel

The Open Channel command will create a new channel to the SIM, the modem will return the next available channel that can be referenced to send further commands to the SIM.

Open Channel command
AT+CSIM=10,"0070000001"
Response
+CSIM: 6,"0X9000"

Where X is the channel number to be used in the commands below.

Select the LPM Applet

The following command will select the LPM applet using it’s AID so that further APDU are sent to the applet.

The LPM Applet has an AID (Application IDentifier): A000000815030040030902231003

Select the LPM applet
AT+CSIM=38,"0A404000EA000000815030040030902231003"

  • Where X is the channel returned by the Open Channel

  • The AID of the LPM applet: A000000815030040030902231003

Response
+CSIM: 4,"9000" // command executed successfully

LPM - ES10c - Get EID

Gets the EID from the eUICC, returns the EID that could be used if the IoT application wants to know the eUICC being used.

Full details of the APDU can be found in SGP.22 – Section 5.7.20 - ES10c – GetEID

Field
Value (hex)
Comments

CLA

0x8X

8 stands for proprietary command

X stands for logical channel that is open to the SIM

INS

0xE2

16 defines the Get EID command

P1

0x91

P2

0x00

Lc

0x02

Length of the EID to be returned, KORE's EID is 32 digits so 16 bytes + EID TAG and Length is 18 bytes (0x12)

Data

0xBF3E

Le

0x03

TAGS

0x5c 01 5A

Get EID Command

ES10c Get EID
82E2910002BF3E035C015A

  • Where X is the channel returned by the Open Channel

Response
BF3E125A109000

Where EID = 89001054010210036600000000023780

Example APDU - Get EID The LPAd send a GetEuiccDataRequest:

AT+CSIM=24,"83E2910006BF3E035C015A00"
+CSIM: 4,"6115" // Response has returned 15 bytes of data
OK

The ISD-R returns a GetEuiccDataResponse:

AT+CSIM=10,"83C0000015" // Retrieve the 15 bytes of data
+CSIM: 46,"BF3E125A109000"
OK

LPM - ES10c Get Profiles

This command is used to a list of the downloaded Profiles on the eUICC and their Status. This would provide an IoT application the current status and information on the profiles to allow the decision to be able to select an available profile.

Full details of the APDU can be found in SGP.22 – Section 5.7.15 - ES10 – GetProfilesInfo

Field
Value (hex)
Comments

CLA

0x8X

8 stands for proprietary command

X stands for logical channel that is open to the SIM

INS

0xE2

P1

0x91

P2

0x00

Lc

0x02

Length of the GetProfilesInfo

Data

0xBF2D

Le

0x06

TAGS

0x5C 04 5A 4F 9F 70

See table below for the definition

This retrieves the following data for the Profile on the eUICC. Not all tags are available from the OS for an M2M card so these TAGs will be ignored.

(Bold) = Mandatory as would be used in EnableProfile and state could be useful also.

Name
TAG
Example
Value/Notes

ICCID*

5A

980193000050577617F1

ICCId of the profile (Swapped)

ISD-P AID*

4F

A0000005591010FFFFFFFF8900001000

AID of the Profile

State*

9F70

01

01 = Enabled

00 = Disabled

Profile Nickname*

90

4f6D6E6953494D (OmniSIM)

N/A for M2M

Service provider*

91

4B4F5245 (KORE)

N/A for M2M

Profile name*

92

52757368 (Rush)

N/A for M2M

Icon type*

93

-

N/A for M2M

Icon*

94

-

N/A for M2M

Profile Class*

95

-

N/A for M2M

Notification Configuration Info

B6

-

N/A for M2M

Profile Owner

B7

-

N/A for M2M

SM-DP+ proprietary data

B8

-

N/A for M2M

Profile Policy Rules

99

-

N/A for M2M

If no tag list is present, the eUICC SHALL return the default ProfileInfo: the ProfileInfo data objects marked with (*) for each Profile matching the selection criterion. The TAGs in Bold are those supported by the M2M card OS, other TAGs will return no data.

Get eSIM Profiles Command

ES10c Get Profiles
82E2910009065C045A4F9F70
Response
BF2D6EA06CE3375A0A980193000050577617F14F10A0000005591010FFFFFFFF89000010009F7
0010090044B4F524591044B4F524592044B4F5245950102E3315A0A980193000050276777F64F
10A0000005591010FFFFFFFF89000011009F70010191044B4F524592044B4F52459501029000

This eSIM contains two profiles, 8910390000057567711F and 8910390000057276776F, and here’s some additional information about them.

To decode the response into a more readable structured format then recommend using ASN1 decoder. (https://asn1.io/asn1playground)

ANS1 Formatted
E3 37
5A 0A 980193000050577617F1 (ICCID)
4F 10 A0000005591010FFFFFFFF8900001000 (AID)
9F70 01 00 (Status Disabled)
90 04 4B4F5245 (KORE)
91 04 4B4F5245 (KORE)
92 04 4B4F5245 (KORE)
95 01 02
E3 31
5A 0A 980193000050276777F6 (ICCID)
4F 10 A0000005591010FFFFFFFF8900001100 (EID)
9F70 01 01 (Status Enabled)
91 04 4B4F5245 (KORE)
92 04 4B4F5245 (KORE)
95 01 02

Example APDU - Get Profile Information

The LPAd send a ProfileInfoListRequest:

AT+CSIM=28,"82E2910009BF2D065C045A4F9F70"
+CSIM: 4,"6197" // The command returns 97 bytes of data
OK

The ISD-R returns a ProfileInfoListRequest:

AT+CSIM=10,"02C0000097" // Retrieve the 97 bytes of data
+CSIM:
230,"BF2D6EA06CE3225A0A980193000060983055F84F10A0000005591010FFFFFFFF89000010
009F700101E3225A0A980010325476981032144F10A0000005591010FFFFFFFF89000019009F7
00100E3225A0A980193000060809794F14F10A0000005591010FFFFFFFF89000011009F700100
9000"
OK

Using an ASN1 decoder to parse the returned data formats into a more readable format:

BF2D 6E
A0 6C
E3 22
5A 0A 980193000060983055F8 // ICCID
4F 10 A0000005591010FFFFFFFF8900001000 // EID
9F70 01 01 // Enabled
E3 22
5A 0A 98001032547698103214 // ICCID
4F 10 A0000005591010FFFFFFFF8900001900 // EID
9F70 01 00 // Disabled
E3 22
5A 0A 980193000060809794F1 // ICCID
4F 10 A0000005591010FFFFFFFF8900001100 // EID
9F70 01 00 // Disabled

LPM - ES10c Enable Profile

This command is used to Enable a specified profile that is already downloaded and installed. If the profile is installed, the profile is Enabled and the previous active profile is disabled. The device will then reconnect with the new profile. If the new profile does not have connectivity then it will not roll back to the previous profile. This needs to be managed by the local IoT Application.

Full details of the APDU can be found in SGP.22 – Section 5.7.16 - ES10 – EnableProfile

Field
Value (hex)
Comments

CLA

0x8X

8 stands for proprietary command

X stands for logical channel that is open to the SIM

INS

0xE2

P1

0x91

P2

0x00

Lc

0x02

Length of the EnableProfile command

Data

0xBF31

Le

0x06

TAGS

0x4F<AID>

0x5A<ICCID>

A profile can be referenced either by Profile AID or ICCID.

Command from LPAd - ICCID

8XE2910003BF31D0C5A0A

Command from LPAd - AID

8XE2910003BF31D504F10

Response to LPAd

BF310000 9000

Status: OK (00) UndefinedError (0x7F or 127)

Example APDU – Enable Profile

[AT+CSIM=52,"83E2910014BF3111A00C5A0A981088020087059780F281010000"
+CSIM: 4,"6A88"
OK
PreviousOmniSIM Troubleshooting TipsNextOmniSIM - GSMA Test Profile (TS.48)

Last updated

Was this helpful?