Mistake on this page? Email us

Izuma Device Management glossary



Your Device Management account lets you access your information, manage devices and interact with Device Management Portal.

Account management service

The service managing users, access keys and other entities.

Aggregator account

An account that can have multiple child accounts, known as sub-tenant accounts.


Application Programming Interface.

Access key

A long string of characters that serves to identify an application m2m transaction to the system. The access key often acts as both a unique identifier and a secret token for authentication. The access key is not stored in Device Management Portal, and is displayed only once - when it is generated.


A program running outside of Device Management, but that connects to Device Management and consumes resources. The connection uses an access key.

Asymmetric cryptography

Also known as public key cryptography. Uses two different but mathematically linked keys. The complexity and length of the private key determine how feasible it is for an interloper to carry out a brute force attack and try out different keys until the right one is found. The challenge for this system is that significant computing resources are required to create long, strong private keys.



Bluetooth Low Energy.

Bring your own certificate

See Third party certificate.



Certificate Authority.


See Developer certificate, Server certificate or Third party certificate.

Connection ID (CID)

The Connection ID (CID) eliminates unnecessary DTLS handshake traffic between Device Management Client and the Izuma Device Management during reconnection. To have the Device Management Client persist the CID during reboot, the application can call an API before shutting down the application to stores the CID context in persistent memory for use after reboot. Device Management Client then uses the CID to establish a secure connection to the cloud without requiring a DTLS handshake.


Command-line interface.


Servers containing data, which you can access over the Internet.


Constrained Application Protocol. Enables communication between small, resource-constrained devices. CoAP is specified in IETF's RFC 7252.


In Kubernetes, plaintext key-value pairs of nonconfidential information.


Certificate Signing Request.



In Kubernetes, automates running a Pod on multiple Nodes.

Developer certificate

A certificate developers and testers can add to their device firmware to allow it to connect to their Device Management account. This certificate is not secure enough for deployment purposes; it was designed to ease the development process.


Technical physical component (hardware) with communication capabilities. Sometimes called endpoints. It is usually addressed through its endpoint client name or internal endpoint name.

Device assets

Signing keys, encryption keys and configurations stored on the device. Usually inserted at provisioning. This term is no longer used in our documentation. See Device keys.

Device class

A device class describes a type of device, like an audio or network device.

Device directory

Stores information about devices in the cloud.

Device identifier (ID)

A globally unique ID generated by Device Management. This is the only way to refer to a device when using the APIs. This ID is automatically generated by Device Management services when a device first connects.

Device keys

Security keys stored on the device. Previously known as "assets".

Device management

Device management is the generic term used for technology that allows third parties to carry out the difficult procedures of configuring devices on behalf of the end user (customer). Third parties would typically be operators, service providers or corporate information management departments. Through device management, an external party can remotely set parameters, conduct troubleshooting servicing of terminals, install or upgrade software.

Device Management Client

Device software for connecting devices to Device Management, consisting of three components: Device Management Connect client, Device Management Update client and Mbed factory configurator client.

Device Management Connect

An IoT connectivity solution for devices, enabling unified connectivity from cloud applications.

Device Management PAL

Platform Abstraction Layer infrastructure used by Device Management Client components, allowing code portability and platform independence by full separation of the services from underlying specific hardware and OS.

Device Management Portal

Graphical interface for interactions with Device Management - an alternative to using the APIs.

Device Management Provision

Device provision gives your devices permission to access cloud services after their deployment. Device Management Provision is done with the factory configurator utility, which integrates with your factory tool.

Device Management Update

A service that provides a secure and robust platform for firmware updates.

Device Management Update client

The component of the update service that sits on the device (client).

Device owner

Usually the physical possessor of the device - the end user.

Device resources

Information on the device. Resources can be readable, writable or executable. They conform to the LwM2M specification.


See Update campaign.


Dynamic Host Configuration Protocol.


Domain Name System.


Datagram Transport Layer Security.



Elliptic Curve Cryptography.


Elliptic Curve Digital Signature Algorithm.

Embedded software

Specialized programming in a chip or on firmware in an embedded device to control its functions.

End user

The person that a software program or hardware device is designed for. The term is based on the idea that the "end goal" of a software or hardware product is to be useful to the consumer.


See Device.

Endpoint client name

Refers to a connected device. Identifies the LwM2M client on one LwM2M server (including LwM2M bootstrap server). Provided to the LwM2M server during the device's registration process, and to the bootstrap server during device bootstrap. See also Internal endpoint name.

Enrollment state

Means that the device is being issued an identity by the Device Management services.


Extended Unique Identifier is used to generate unique 48/64-bit interface ID, defined in RFC 7217.



Field Area Network. This term is often used in conjunction with Wi-SUN.


File Allocation Table.

FCC - Factory Configurator Client

Device Management device side code that provides an API for provisioning devices at the factory line. Devices that were provisioned successfully through FCC have all the keys, certificates and parameters that are required for proper connection to Device Management.

FCU - Factory Configurator Utility

A utility (running on a factory computer) that together with Factory Configuration Client (FCC - running on a device in the factory) allow provisioning devices with all the parameters, keys and certificates they need to connect to Device Management when they leave the factory. The utility can also act as a certificate authority.


Code written to the read-only memory (ROM) of a device. It is added at the time of manufacturing, and runs user programs on the device.

Firmware image

The software that will be flashed onto the device.



Generic Access Profile. It controls connections and advertising in Bluetooth. GAP is what makes your device visible to the outside world, and determines how two devices can (or can't) interact with each other.


A bridge that lets deployed devices of different types communicate with the cloud and one another by providing translation protocol and secure connectivity capabilities.


Generic Attribute Profile.


GNU Compiler Collection.


GNU's Not Unix.



Hash-based Message Authentication Code.


Hardware Security Module.



Integrated Development Environment.


IP addresses identifying devices on the internet. IPv6 is the newest internet protocol, providing more addresses than the older IPv4 protocol.



Joint Test Action Group.



Key and Configuration Manager.



Long File Name.


Long-term Evolution, a fourth-generation mobile communications standard.


Lightweight IP.


Light Weight Machine to Machine. Combined with CoAP to allow all Device Management connectivity. LwM2M is specified by Open Mobile Alliance, hence OMA LwM2M is often used as an acronym.



A set of rules and instructions that is delivered to a device as part of an attempt to update the firmware on the device. The device uses the manifest, together with its own set of rules, to decide whether to accept the new firmware image. See also Update campaign.


Message Digest.


Main Stack Pointer.



Network Address Translation.


National Institute of Standards and Technology.



Original Equipment Manufacturer.


Open Mobile Alliance.



Platform Abstraction Layer.


Pluggable Authentication Modules.

Izuma Device Management

Product with which you can deploy and manage IoT devices.

Izuma Edge

A product that enables you to connect devices behind a gateway to Device Management.

Persistent Volume

In Kubernetes, storage that remains beyond the life of a Pod.

Persistent Volume Claim

In Kubernetes, a resource set aside for persistent storage.


Position-Independent Code.


In Kubernetes, groups of containers with the instructions needed to run them and any shared resources.

Device Management Portal

A web application with which you can view and manage your account devices.

Private key

A data owner uses it to sign the data, ensuring to anyone inspecting it later that it is the owner's.


Platform Security Architecture. For more details, see Arm's PSA page.

Public key

A cryptographic key that can be obtained and used by anyone to encrypt or verify messages. Deciphering or signing the message requires a matching private key, which only the proper recipient or signer of the message should have.



See Device resources.

ROT - Root of trust

A trusted set of keys that are found on a device, and are used as basis for cryptographic operations it performs. Must be kept confidential and tamper proof.


Real-Time Operating System.



Secure Device Access.


Software Development Kit.


In Kubernetes, confidential information, such as tokens or login details, stored in encrypted key-value pairs.

Security group

A set of IP filter rules that define how to handle incoming (ingress) and outgoing (egress) traffic to both the public and private interfaces of a virtual server instance. The rules that you add to a security group are known as security group rules.

Server certificate

In TLS (formerly known as SSL), a server is required to present a certificate as part of the initial connection setup. A client connecting to that server will perform the certification path validation algorithm.


Stateless address auto configuration. A method of giving IPv6 addresses to devices in an IPv6 network in which the router interface is assigned a 64-bit prefix, and the router derives the last 48/64 bits of its address using EUI-48/64 or hashed interface identifier generation. This is an alternative to stateful autoconfiguration, which uses DHCP.


Software One Time Programming.


Serial Peripheral Interface.


Secure Socket Shell.


Secure Sockets Layer.


A special type of account that has an Aggregator account as its parent.



Transmission Control Protocol.

Thick gateway

A device that can connect non-IP and LwM2M devices into Device Management. In order to host LwM2M devices the Gateway must have LwM2M server functionality. Thick Gateways have off-line functionality and local control. Off-line functionality means in this context capability to buffer the events while off-line and sending them to Device Management once connectivity is back. Local control means an application programming interface (API) that can be used for controlling the connected devices while off-line, for example running business logic to control lights, ventilation or heating on sensor data.

Thin gateway

A device that can connect non-IP devices to Device Management using a protocol translator that maps the non-IP devices resources into LwM2M compliant resources. Thin Gateways do not have off-line functionality (or very limited off-line functionality) nor local control. See also Thick Gateway.

Third party certificate

You can use your own certificate authority to give your Device Management devices access to your account.


Transport Layer Security.




See access key.


Time-based One-Time Password Algorithm.


True Random Number Generator.


Time To Live.



User Datagram Protocol.

Update campaign

Sends manifests and firmware images to selected devices, at a specified time, to initiate a firmware update on those devices.

Update client

Short-form version of Device Management Update client.

Update manifest

See Manifest.

Update service

Short-form version of Device Management Update service.


Universally Unique Identifier.



Vector Table Offset Register.



A secure, wireless mesh network protocol targeting large-scale IoT networks. Please see the Wi-SUN Alliance website for more details.



eXecute-in-Place, executing code directly from flash memory.