Izuma Device Management glossary
A
Account
Your Device Management account lets you access your information, manage devices and interact with Device Management Portal.
Account management service
The service managing users, access keys and other entities.
Aggregator account
An account that can have multiple child accounts, known as sub-tenant accounts.
API
Application Programming Interface.
Access key
A long string of characters that serves to identify an application m2m transaction to the system. The access key often acts as both a unique identifier and a secret token for authentication. The access key is not stored in Device Management Portal, and is displayed only once - when it is generated.
Application
A program running outside of Device Management, but that connects to Device Management and consumes resources. The connection uses an access key.
Asymmetric cryptography
Also known as public key cryptography. Uses two different but mathematically linked keys. The complexity and length of the private key determine how feasible it is for an interloper to carry out a brute force attack and try out different keys until the right one is found. The challenge for this system is that significant computing resources are required to create long, strong private keys.
B
BLE
Bluetooth Low Energy.
Bring your own certificate
See Third party certificate.
C
CA
Certificate Authority.
Certificate
See Developer certificate, Server certificate or Third party certificate.
Connection ID (CID)
The Connection ID (CID) eliminates unnecessary DTLS handshake traffic between Device Management Client and the Izuma Device Management during reconnection. To have the Device Management Client persist the CID during reboot, the application can call an API before shutting down the application to stores the CID context in persistent memory for use after reboot. Device Management Client then uses the CID to establish a secure connection to the cloud without requiring a DTLS handshake.
CLI
Command-line interface.
Cloud
Servers containing data, which you can access over the Internet.
CoAP
Constrained Application Protocol. Enables communication between small, resource-constrained devices. CoAP is specified in IETF's RFC 7252.
ConfigMaps
In Kubernetes, plaintext key-value pairs of nonconfidential information.
CSR
Certificate Signing Request.
D
DaemonSet
In Kubernetes, automates running a Pod on multiple Nodes.
Developer certificate
A certificate developers and testers can add to their device firmware to allow it to connect to their Device Management account. This certificate is not secure enough for deployment purposes; it was designed to ease the development process.
Device
Technical physical component (hardware) with communication capabilities. Sometimes called endpoints. It is usually addressed through its endpoint client name or internal endpoint name.
Device assets
Signing keys, encryption keys and configurations stored on the device. Usually inserted at provisioning. This term is no longer used in our documentation. See Device keys.
Device class
A device class describes a type of device, like an audio or network device.
Device directory
Stores information about devices in the cloud.
Device identifier (ID)
A globally unique ID generated by Device Management. This is the only way to refer to a device when using the APIs. This ID is automatically generated by Device Management services when a device first connects.
Device keys
Security keys stored on the device. Previously known as "assets".
Device management
Device management is the generic term used for technology that allows third parties to carry out the difficult procedures of configuring devices on behalf of the end user (customer). Third parties would typically be operators, service providers or corporate information management departments. Through device management, an external party can remotely set parameters, conduct troubleshooting servicing of terminals, install or upgrade software.
Device Management Client
Device software for connecting devices to Device Management, consisting of three components: Device Management Connect client, Device Management Update client and Mbed factory configurator client.
Device Management Connect
An IoT connectivity solution for devices, enabling unified connectivity from cloud applications.
Device Management PAL
Platform Abstraction Layer infrastructure used by Device Management Client components, allowing code portability and platform independence by full separation of the services from underlying specific hardware and OS.
Device Management Portal
Graphical interface for interactions with Device Management - an alternative to using the APIs.
Device Management Provision
Device provision gives your devices permission to access cloud services after their deployment. Device Management Provision is done with the factory configurator utility, which integrates with your factory tool.
Device Management Update
A service that provides a secure and robust platform for firmware updates.
Device Management Update client
The component of the update service that sits on the device (client).
Device owner
Usually the physical possessor of the device - the end user.
Device resources
Information on the device. Resources can be readable, writable or executable. They conform to the LwM2M specification.
Deployment
See Update campaign.
DHCP
Dynamic Host Configuration Protocol.
DNS
Domain Name System.
DTLS
Datagram Transport Layer Security.
E
ECC
Elliptic Curve Cryptography.
ECDSA
Elliptic Curve Digital Signature Algorithm.
Embedded software
Specialized programming in a chip or on firmware in an embedded device to control its functions.
End user
The person that a software program or hardware device is designed for. The term is based on the idea that the "end goal" of a software or hardware product is to be useful to the consumer.
Endpoint
See Device.
Endpoint client name
Refers to a connected device. Identifies the LwM2M client on one LwM2M server (including LwM2M bootstrap server). Provided to the LwM2M server during the device's registration process, and to the bootstrap server during device bootstrap. See also Internal endpoint name.
Enrollment state
Means that the device is being issued an identity by the Device Management services.
EUI-48/64
Extended Unique Identifier is used to generate unique 48/64-bit interface ID, defined in RFC 7217.
F
FAN
Field Area Network. This term is often used in conjunction with Wi-SUN.
FAT
File Allocation Table.
FCC - Factory Configurator Client
Device Management device side code that provides an API for provisioning devices at the factory line. Devices that were provisioned successfully through FCC have all the keys, certificates and parameters that are required for proper connection to Device Management.
FCU - Factory Configurator Utility
A utility (running on a factory computer) that together with Factory Configuration Client (FCC - running on a device in the factory) allow provisioning devices with all the parameters, keys and certificates they need to connect to Device Management when they leave the factory. The utility can also act as a certificate authority.
Firmware
Code written to the read-only memory (ROM) of a device. It is added at the time of manufacturing, and runs user programs on the device.
Firmware image
The software that will be flashed onto the device.
G
GAP
Generic Access Profile. It controls connections and advertising in Bluetooth. GAP is what makes your device visible to the outside world, and determines how two devices can (or can't) interact with each other.
Gateway
A bridge that lets deployed devices of different types communicate with the cloud and one another by providing translation protocol and secure connectivity capabilities.
GATT
Generic Attribute Profile.
GCC
GNU Compiler Collection.
GNU
GNU's Not Unix.
H
HMAC
Hash-based Message Authentication Code.
HSM
Hardware Security Module.
I
IDE
Integrated Development Environment.
IPv6
IP addresses identifying devices on the internet. IPv6 is the newest internet protocol, providing more addresses than the older IPv4 protocol.
J
JTAG
Joint Test Action Group.
K
KCM
Key and Configuration Manager.
L
LFN
Long File Name.
LTE
Long-term Evolution, a fourth-generation mobile communications standard.
LWIP
Lightweight IP.
LwM2M
Light Weight Machine to Machine. Combined with CoAP to allow all Device Management connectivity. LwM2M is specified by Open Mobile Alliance, hence OMA LwM2M is often used as an acronym.
M
Manifest
A set of rules and instructions that is delivered to a device as part of an attempt to update the firmware on the device. The device uses the manifest, together with its own set of rules, to decide whether to accept the new firmware image. See also Update campaign.
MD
Message Digest.
MSP
Main Stack Pointer.
N
NAT
Network Address Translation.
NIST
National Institute of Standards and Technology.
O
OEM
Original Equipment Manufacturer.
OMA
Open Mobile Alliance.
P
PAL
Platform Abstraction Layer.
PAM
Pluggable Authentication Modules.
Izuma Device Management
Product with which you can deploy and manage IoT devices.
Izuma Edge
A product that enables you to connect devices behind a gateway to Device Management.
Persistent Volume
In Kubernetes, storage that remains beyond the life of a Pod.
Persistent Volume Claim
In Kubernetes, a resource set aside for persistent storage.
PIC
Position-Independent Code.
Pod
In Kubernetes, groups of containers with the instructions needed to run them and any shared resources.
Device Management Portal
A web application with which you can view and manage your account devices.
Private key
A data owner uses it to sign the data, ensuring to anyone inspecting it later that it is the owner's.
PSA
Platform Security Architecture. For more details, see Arm's PSA page.
Public key
A cryptographic key that can be obtained and used by anyone to encrypt or verify messages. Deciphering or signing the message requires a matching private key, which only the proper recipient or signer of the message should have.
R
Resources
See Device resources.
ROT - Root of trust
A trusted set of keys that are found on a device, and are used as basis for cryptographic operations it performs. Must be kept confidential and tamper proof.
RTOS
Real-Time Operating System.
S
SDA
Secure Device Access.
SDK
Software Development Kit.
Secret
In Kubernetes, confidential information, such as tokens or login details, stored in encrypted key-value pairs.
Security group
A set of IP filter rules that define how to handle incoming (ingress) and outgoing (egress) traffic to both the public and private interfaces of a virtual server instance. The rules that you add to a security group are known as security group rules.
Server certificate
In TLS (formerly known as SSL), a server is required to present a certificate as part of the initial connection setup. A client connecting to that server will perform the certification path validation algorithm.
SLAAC
Stateless address auto configuration. A method of giving IPv6 addresses to devices in an IPv6 network in which the router interface is assigned a 64-bit prefix, and the router derives the last 48/64 bits of its address using EUI-48/64 or hashed interface identifier generation. This is an alternative to stateful autoconfiguration, which uses DHCP.
SOTP
Software One Time Programming.
SPI
Serial Peripheral Interface.
SSH
Secure Socket Shell.
SSL
Secure Sockets Layer.
Sub-tenant
A special type of account that has an Aggregator account as its parent.
T
TCP
Transmission Control Protocol.
Thick gateway
A device that can connect non-IP and LwM2M devices into Device Management. In order to host LwM2M devices the Gateway must have LwM2M server functionality. Thick Gateways have off-line functionality and local control. Off-line functionality means in this context capability to buffer the events while off-line and sending them to Device Management once connectivity is back. Local control means an application programming interface (API) that can be used for controlling the connected devices while off-line, for example running business logic to control lights, ventilation or heating on sensor data.
Thin gateway
A device that can connect non-IP devices to Device Management using a protocol translator that maps the non-IP devices resources into LwM2M compliant resources. Thin Gateways do not have off-line functionality (or very limited off-line functionality) nor local control. See also Thick Gateway.
Third party certificate
You can use your own certificate authority to give your Device Management devices access to your account.
TLS
Transport Layer Security.
TLV
Type-Length-Value.
Token
See access key.
TOTP
Time-based One-Time Password Algorithm.
TRNG
True Random Number Generator.
TTL
Time To Live.
U
UDP
User Datagram Protocol.
Update campaign
Sends manifests and firmware images to selected devices, at a specified time, to initiate a firmware update on those devices.
Update client
Short-form version of Device Management Update client.
Update manifest
See Manifest.
Update service
Short-form version of Device Management Update service.
UUID
Universally Unique Identifier.
V
VTOR
Vector Table Offset Register.
W
Wi-SUN
A secure, wireless mesh network protocol targeting large-scale IoT networks. Please see the Wi-SUN Alliance website for more details.
X
XiP
eXecute-in-Place, executing code directly from flash memory.