Skip to content

Home

Jump to bottom
dungexn edited this page Apr 22, 2024 · 9 revisions

Welcome to the LPA wiki!

This wiki is documented with the motivation of breaking down LPA(Location Profile Assistant) for everyone to understand.

Before getting into it, make sure to cover breakdown of eSIM Technology and Key Integration Point for building an eSIM wallet to understand traditional LPA.

LPA

Blockchain Powered eSIM LPA App is an open source project which provides simple UX for managing eSIM profiles and blockchain wallets to the end users. The below operations are work in progress to achieve EID access for to identity end user uniquely for Smart Contract Wallet creation.

  • Access to the EID requires carrier privilege or the READ_PRIVILEGED_PHONE_STATE permission in Android as we are interacting with eUICC module.
    • EUICC Manager API
      • Fetch EID

EID AND ICCID ARE STORED ON EUICC SECURE ELEMENT, REQUIRES ACESS FROM CARRIER APPLICATIONS AND/OR SYSTEM APPLICATION .

Testing Methodologies

Motivation

Successfully fetch EID and show it on the App UI.

The reason is the identify users’ uniquely.

💡 EID access requires CARRIER PRIVILEGES or Privilege Phone State Permission

Mitigation

To mitigate this issue for the MVP we are creating a custom fingerprint that act as unique identifier for now.

💡 This is a temporary solution until we get privileges.

APK Testing

The app in detail in explained in the last section as LPA(APP)

Clone the repo and follow the readme to test the apk, the below results are acquired:

Without CARRIER PRIVILEGES (Current)

  • The App creates a custom device fingerprint to uniquely identify the users
  • App bridge to android services and react native.

With CARRIER PRIVILEGES

How to get CARRIER PRIVILEGES?

Method 1: Using Downloadable Test Profile

Using eSIM Test Profiles which requires a test certificate issued by a GSMA CI.

This is the guide provided to create test certificate and how to get issued by GSMA CI.

The device downloading the test profiles must have a test certificate issued by a GSMA CI.

  • eSIM profile download and SM-DP+ handshake
  • eUICC secure element (access and security)
  • LPA app bridge to android services and react native frontend
  • Wallet creation and Smart contract deployment
  • Blockchain transactions through LPA/LUI
  • Unit tests

Method 2: Alternative Private Vendors

eSIM-as-a-service Solution Providers are alternates since some of them are providing eSIM bundles with flexible subscription plans, SDKs for development and testing.

💡 In this scenario we will share an apk signature (SHA-1 or SHA-256) to include in our APK!

App (LPA)

The mobile application is being built using react native and eSIM android APIs. Within this app the users’ are identified uniquely based on a custom fingerprint and with a user identifier we create a smart contract wallet.

💡 Our current LPA is an react native mobile apk that allows users to manage their eSIM wallets. .

LPA Rules and Guidance

LPA Integrity:

Assurance that the LPA has not been compromised or affected. The assurance SHALL be provided to the various Remote SIM Provisioning entities to ensure that the LPA can be trusted to execute the actions requested.

Note: This could be linked with a certification process

LPA Mode:

Defines the operational LPA Mode which is either LPA in the eUICC or in the Device.

💡 In our case we always rely on the device mode.

LPA Proxy:

A component of the Device used as a proxy between an Operator authorised platform and the corresponding Profile to manage the Profile’s content.

💡 We are not managing eSIM Profiles at this moment.

LPA Service :

The LPA services provide necessary access to the services and data required by the LPA functions for the following:

  1. The Root SM-DS address.
  2. The optionally stored default SM-DP+ address(es).
  3. Facilitates the reception of the Bound Profile Package in transfer from the LPA.
  4. Provides information regarding the installed Profiles and their Profile Metadata.
  5. Provides Local Profile Management
  6. Supports Remote Profile Management operations
  7. Provides functions for the LPA to authenticate and interact with the SM-DS.
  8. Ensures access to the EID is restricted to only the LPA.
  9. Profile Package Delivery: Securely transmits and installs the Bound Profile Package to the eUICC

Features

  • Identify end users' uniquely
  • Generate a keystore for end users'
  • Authenticate eSIM and deploy smart contract wallet for end users'
  • Simple UI to manage eSIM profiles and wallets.

This is work in progress and we the documentation will be updated as the applications are being build.

Clone this wiki locally