Mistake on this page? Email us

Pelion Device Management glossary

A

Account

Your Device Management account lets you access your information, manage devices and interact with Device Management Portal.

Account management service

The service managing users, access keys and other entities.

Aggregator account

An account that can have multiple child accounts, known as sub-tenant accounts.

API

Application Programming Interface.

Access key

A long string of characters that serves to identify an application m2m transaction to the system. The access key often acts as both a unique identifier and a secret token for authentication. The access key is not stored in Device Management Portal, and is displayed only once - when it is generated.

Application

A program running outside of Device Management, but that connects to Device Management and consumes resources. The connection uses an access key.

Asymmetric cryptography

Also known as public key cryptography. Uses two different but mathematically linked keys. The complexity and length of the private key determine how feasible it is for an interloper to carry out a brute force attack and try out different keys until the right one is found. The challenge for this system is that significant computing resources are required to create long, strong private keys.

B

BLE

Bluetooth Low Energy.

Bring your own certificate

See Third party certificate.

C

CA

Certificate Authority.

Certificate

See Developer certificate, Server certificate or Third party certificate.

Connection ID (CID)

The Connection ID (CID) eliminates unnecessary DTLS handshake traffic between Device Management Client and the Pelion Device Management during reconnection. To have the Device Management Client persist the CID during reboot, the application can call an API before shutting down the application to stores the CID context in persistent memory for use after reboot. Device Management Client then uses the CID to establish a secure connection to the cloud without requiring a DTLS handshake.

CLI

Command-line interface.

Cloud

Servers containing data, which you can access over the Internet.

CoAP

Constrained Application Protocol. Enables communication between small, resource-constrained devices. CoAP is specified in IETF's RFC 7252.

ConfigMaps

In Kubernetes, plaintext key-value pairs of nonconfidential information.

CSR

Certificate Signing Request.

D

DaemonSet

In Kubernetes, automates running a Pod on multiple Nodes.

Developer certificate

A certificate developers and testers can add to their device firmware to allow it to connect to their Device Management account. This certificate is not secure enough for deployment purposes; it was designed to ease the development process.

Device

Technical physical component (hardware) with communication capabilities. Sometimes called endpoints. It is usually addressed through its endpoint client name or internal endpoint name.

Device assets

Signing keys, encryption keys and configurations stored on the device. Usually inserted at provisioning. This term is no longer used in our documentation. See Device keys.

Device class

A device class describes a type of device, like an audio or network device.

Device directory

Stores information about devices in the cloud.

Device identifier (ID)

A globally unique ID generated by Device Management. This is the only way to refer to a device when using the APIs. This ID is automatically generated by Device Management services when a device first connects.

Device keys

Security keys stored on the device. Previously known as "assets".

Device management

Device management is the generic term used for technology that allows third parties to carry out the difficult procedures of configuring devices on behalf of the end user (customer). Third parties would typically be operators, service providers or corporate information management departments. Through device management, an external party can remotely set parameters, conduct troubleshooting servicing of terminals, install or upgrade software.

Device Management Client

Device software for connecting devices to Device Management, consisting of three components: Device Management Connect client, Device Management Update client and Mbed factory configurator client.

Device Management Connect

An IoT connectivity solution for devices, enabling unified connectivity from cloud applications.

Device Management PAL

Platform Abstraction Layer infrastructure used by Device Management Client components, allowing code portability and platform independence by full separation of the services from underlying specific hardware and OS.

Device Management Portal

Graphical interface for interactions with Device Management - an alternative to using the APIs.

Device Management Provision

Device provision gives your devices permission to access cloud services after their deployment. Device Management Provision is done with the factory configurator utility, which integrates with your factory tool.

Device Management Update

A service that provides a secure and robust platform for firmware updates.

Device Management Update client

The component of the update service that sits on the device (client).

Device owner

Usually the physical possessor of the device - the end user.

Device resources

Information on the device. Resources can be readable, writable or executable. They conform to the LwM2M specification.

Deployment

See Update campaign.

DHCP

Dynamic Host Configuration Protocol.

DNS

Domain Name System.

DTLS

Datagram Transport Layer Security.

E

ECC

Elliptic Curve Cryptography.

ECDSA

Elliptic Curve Digital Signature Algorithm.

Embedded software

Specialized programming in a chip or on firmware in an embedded device to control its functions.

End user

The person that a software program or hardware device is designed for. The term is based on the idea that the "end goal" of a software or hardware product is to be useful to the consumer.

Endpoint

See Device.

Endpoint client name

Refers to a connected device. Identifies the LwM2M client on one LwM2M server (including LwM2M bootstrap server). Provided to the LwM2M server during the device's registration process, and to the bootstrap server during device bootstrap. See also Internal endpoint name.

Enrollment state

Means that the device is being issued an identity by the Device Management services.

EUI-48/64

Extended Unique Identifier is used to generate unique 48/64-bit interface ID, defined in RFC 7217.

F

FAN

Field Area Network. This term is often used in conjunction with Wi-SUN.

FAT

File Allocation Table.

FCC - Factory Configurator Client

Device Management device side code that provides an API for provisioning devices at the factory line. Devices that were provisioned successfully through FCC have all the keys, certificates and parameters that are required for proper connection to Device Management.

FCU - Factory Configurator Utility

A utility (running on a factory computer) that together with Factory Configuration Client (FCC - running on a device in the factory) allow provisioning devices with all the parameters, keys and certificates they need to connect to Device Management when they leave the factory. The utility can also act as a certificate authority.

Firmware

Code written to the read-only memory (ROM) of a device. It is added at the time of manufacturing, and runs user programs on the device.

Firmware image

The software that will be flashed onto the device.

G

GAP

Generic Access Profile. It controls connections and advertising in Bluetooth. GAP is what makes your device visible to the outside world, and determines how two devices can (or can't) interact with each other.

Gateway

A bridge that lets deployed devices of different types communicate with the cloud and one another by providing translation protocol and secure connectivity capabilities.

GATT

Generic Attribute Profile.

GCC

GNU Compiler Collection.

GNU

GNU's Not Unix.

H

HMAC

Hash-based Message Authentication Code.

HSM

Hardware Security Module.

I

IDE

Integrated Development Environment.

IPv6

IP addresses identifying devices on the internet. IPv6 is the newest internet protocol, providing more addresses than the older IPv4 protocol.

J

JTAG

Joint Test Action Group.

K

KCM

Key and Configuration Manager.

L

LFN

Long File Name.

LTE

Long-term Evolution, a fourth-generation mobile communications standard.

LWIP

Lightweight IP.

LwM2M

Light Weight Machine to Machine. Combined with CoAP to allow all Device Management connectivity. LwM2M is specified by Open Mobile Alliance, hence OMA LwM2M is often used as an acronym.

M

Manifest

A set of rules and instructions that is delivered to a device as part of an attempt to update the firmware on the device. The device uses the manifest, together with its own set of rules, to decide whether to accept the new firmware image. See also Update campaign.

MD

Message Digest.

MSP

Main Stack Pointer.

N

NAT

Network Address Translation.

NIST

National Institute of Standards and Technology.

O

OEM

Original Equipment Manufacturer.

OMA

Open Mobile Alliance.

P

PAL

Platform Abstraction Layer.

PAM

Pluggable Authentication Modules.

Pelion Device Management

Product with which you can deploy and manage IoT devices.

Pelion Edge

A product that enables you to connect devices behind a gateway to Device Management.

Persistent Volume

In Kubernetes, storage that remains beyond the life of a Pod.

Persistent Volume Claim

In Kubernetes, a resource set aside for persistent storage.

PIC

Position-Independent Code.

Pod

In Kubernetes, groups of containers with the instructions needed to run them and any shared resources.

Device Management Portal

A web application with which you can view and manage your account devices.

Private key

A data owner uses it to sign the data, ensuring to anyone inspecting it later that it is the owner's.

PSA

Platform Security Architecture. For more details, see Arm's PSA page.

Public key

A cryptographic key that can be obtained and used by anyone to encrypt or verify messages. Deciphering or signing the message requires a matching private key, which only the proper recipient or signer of the message should have.

R

Resources

See Device resources.

ROT - Root of trust

A trusted set of keys that are found on a device, and are used as basis for cryptographic operations it performs. Must be kept confidential and tamper proof.

RTOS

Real-Time Operating System.

S

SDA

Secure Device Access.

SDK

Software Development Kit.

Secret

In Kubernetes, confidential information, such as tokens or login details, stored in encrypted key-value pairs.

Security group

A set of IP filter rules that define how to handle incoming (ingress) and outgoing (egress) traffic to both the public and private interfaces of a virtual server instance. The rules that you add to a security group are known as security group rules.

Server certificate

In TLS (formerly known as SSL), a server is required to present a certificate as part of the initial connection setup. A client connecting to that server will perform the certification path validation algorithm.

SLAAC

Stateless address auto configuration. A method of giving IPv6 addresses to devices in an IPv6 network in which the router interface is assigned a 64-bit prefix, and the router derives the last 48/64 bits of its address using EUI-48/64 or hashed interface identifier generation. This is an alternative to stateful autoconfiguration, which uses DHCP.

SOTP

Software One Time Programming.

SPI

Serial Peripheral Interface.

SSH

Secure Socket Shell.

SSL

Secure Sockets Layer.

Sub-tenant

A special type of account that has an Aggregator account as its parent.

T

TCP

Transmission Control Protocol.

Thick gateway

A device that can connect non-IP and LwM2M devices into Device Management. In order to host LwM2M devices the Gateway must have LwM2M server functionality. Thick Gateways have off-line functionality and local control. Off-line functionality means in this context capability to buffer the events while off-line and sending them to Device Management once connectivity is back. Local control means an application programming interface (API) that can be used for controlling the connected devices while off-line, for example running business logic to control lights, ventilation or heating on sensor data.

Thin gateway

A device that can connect non-IP devices to Device Management using a protocol translator that maps the non-IP devices resources into LwM2M compliant resources. Thin Gateways do not have off-line functionality (or very limited off-line functionality) nor local control. See also Thick Gateway.

Third party certificate

You can use your own certificate authority to give your Device Management devices access to your account.

TLS

Transport Layer Security.

TLV

Type-Length-Value.

Token

See access key.

TOTP

Time-based One-Time Password Algorithm.

TRNG

True Random Number Generator.

TTL

Time To Live.

U

UDP

User Datagram Protocol.

Update campaign

Sends manifests and firmware images to selected devices, at a specified time, to initiate a firmware update on those devices.

Update client

Short-form version of Device Management Update client.

Update manifest

See Manifest.

Update service

Short-form version of Device Management Update service.

UUID

Universally Unique Identifier.

V

VTOR

Vector Table Offset Register.

W

Wi-SUN

A secure, wireless mesh network protocol targeting large-scale IoT networks. Please see the Wi-SUN Alliance website for more details.

X

XiP

eXecute-in-Place, executing code directly from flash memory.