This glossary is meant to provide a fast way to get used to common terms adopted throughout the documentation. More details and a deeper background are provided in the specific sections.


Advanced Encryption Standard is a block cipher using a symmetric key. In AES encryption and decryption are done using the same key. 256 is an encryption block size defined in bits. This is better explained in the Cryptography documentation. Therefore, output data is always 16 bytes long. The CBC means that it uses the CBC mode. You can read more about it here.

Amazon S3

Amazon Simply Storage Service is a data storage object that allows to keep data and manage them very efficiently. It is integrated with other services, and hence its usage is very flexible across them. It is introduced in the AWS documentation.

AWS IoT Core

AWS (Amazon Web Services) service allows connecting IoT devices to the cloud. AWS IoT Core is the main service that makes it easier to use other services like AWS Lambda, Amazon S3, or Analytics. All these services are explained in the AWS documentation.


A Binary Large Object (BLOB) is the sum of the Encrypted data + Initialization Vector. Entities not performing decryption operations treat the BLOB as senseless, random data with a fixed size - 32 bytes. It is the core of IoT Block, which is further decrypted by a dedicated AWS service.

Vitro Crystal

Vitro product designed to work as a gateway. In addition to the native Ethernet connection, Vitro Crystal supports multiple network interfaces, such as Wi-Fi and GSM, via the embedded mPCIe connector. A network connection is mandatory to communicate with AWS. Also, it is equipped with a CAN interface to communicate with Nodes. Thanks to this, it is a full-fledged gateway device compliant with the Internet of Things requirements. The project collects IoT blocks from attached Nodes, checks data integrity, and forms MQTT messages with IoT Block as payload. Such a message is then sent to AWS, where it is further processed. Please, check the Hardware Guide.

Data store

It's a database storing IoT blocks received from connected Crystals. Thanks to the given API and, measurement data can easily be retrieved and easily passed for processing.


It is a result of any hash function. This value is always fixed-length and depends on the algorithm which has been used. Refer to the Cryptography documentation for more details.

ECC module

Crypto element that integrates basic cryptographic operations. It allows the generation and storage of private/public keys, certificates, and other sensitive data. Moreover, it enables many cryptographic operations, e.g. SHA-256 computing or ECDSA. The module is present on Vitro Shard and Vitro Crystal. Vitro Crystal embeds a Microchip ATECC508A (more here), while Vitro Shard an ATECC608A (more here).

ECDSA signature

Elliptic Curve Digital Signature Algorithm is an algorithm used to create a digital signature of input data. It is used to verify the Node which is sending the data. The operation is based on asymmetric cryptography. The private key is stored internally in Shard's ECC module and can't be retrieved at all. A related public key is given directly to the AWS service. The private key is used to create a signature ('encrypt'), and the public key is used to verify it ('decrypt'). Only SHA-256 digest is signed. The final signature is always 64-bytes size and is included in IoT Block. For more information, please check the Cryptography documentation.


Network device connected to the Internet. Local devices are connected to a particular gateway and communicate with it. Hence, it is an intermediary device between local devices and the Internet. Besides simple data forwarding, it can perform tasks such as data buffering, data validation, or update handling.

Hash function

It is a function that maps input data from any given length to a fixed-size value output. Output size is usually defined by the algorithm which is used. The hash function gives a unique output for a given input. If any bit is changed from the input sequence, the obtained result is an entirely new and unrelated output value. It is used in signature creation and allows to verify that hashed content has not been changed. Check here for more information.

Initialization Vector

16 bytes input used along with a secrete, private key for data encryption. It is randomly generated when an encryption operation is called, and hence it increases cipher security.

IoT Block

An IoT Block is a special data structure created by Nodes when meaningful information needs to be sent to the Vitro Cloud (sensor's data, device HeartBeat, etc.). One IoT Block is created as a result of performing strictly defined steps in a strictly defined sequence. You can check more here.


It is a service storing symmetric and asymmetric keys. When IoT Block is verified and decrypted, correct keys are obtained from Key-store. Access to it is possible only after obtaining the appropriate token.


In terms of the Vitro product, it is set consisting of a Vitro Shard attached to Vitro Shard Edge. The node has full operational capabilities. From a hardware perspective, it allows connecting any supported sensor and Vitro Crystal communication bus. From a firmware perspective, it runs a dedicated application, which collects data from sensors, encrypt, sign it and form IoT Block. The IoT Block is then passed to Vitro Crystal via CAN bus.

In terms of the Internet of Things, the node is the end device placed at the beginning of the data chain. It is the unit mainly responsible for collecting measurement data and optionally performs pre-processing on this data (e.g. encryption). If the entire system is represented by a tree structure, the node is a leaf. It means that it has no children. It is connected to one gateway (Vitro Crystal).

Node ID

A 9-bytes value that uniquely defines the Node. It is taken from the ECC module present on a particular Shard module. The manufacturer ensures that it is unique and non-changeable. Node ID can't be set by the application developer, but must be read from ECC. It allows AWS services to distinguish specific Node from the others.

Parameter ID

The 2-bytes value uniquely defines the type of measured and encrypted data. Usually represented in the hexadecimal form (i.e., from 0x0000 to 0xFFFF). Application developers must ensure that Parameter IDs are not repeated. Moreover, Crystal only handles data frames with parameter ID greater than 0x100 since lower values are used internally on Vitro Crystal and for Vitro Node communication.

Private asymmetric key

Key used for performing ECDSA operation. It is stored internally in the ECC module and can't be read in any way. A signature that is created with a given private key can be verified only with the related public key. Go to our Cryptography documentation for more details.

Private symmetric key

Key used for performing AES-256-CBC symmetric encryption. It is stored in the ECC module and read when encryption operations are being called. The same key is passed to AWS, so the given service can decrypt received data. A popular symmetric-key algorithm is AES.

Public asymmetric key

Key used for ECDSA signature verification. It is publicly given as it doesn't need to be securely kept. For more details, check here.

Secure Element

Please check the ECC module definition.


Secure Hash Algorithm (SHA) which output value is always 32 bytes (256 bits) size. It is used in IoT Block creation to hash encrypted data, parameter ID, node ID, and timestamp. You can read this section for more details.

SHA-256 digest

It can be called digest also. It is a result of the SHA-256 hash function. It is 32 bytes value included in IoT Block. Please refer to the digest definition.

Vitro Shard

mPCIe module equipped with STM32L486RG microcontroller and Microchip ATECC608A ECC module. It is attached to Vitro Shard Edge and together they form a node. Vitro Shard is responsible for running the node's firmware. The device collects data from multiple sensors, performs cryptography operations, forms IoT Block, and communicates with Vitro Crystal. An individual Vitro Shard can't operate without a dedicated Carrier Board, i.e., Vitro Shard Edge.

Vitro Shard Edge

It is a carrier board equipped with multiple industry interfaces (e.g. RS232, RS485, ADC, Current Loop, CAN) and low-level embedded interfaces (e.g. GPIO, UART, SPI, I2C). It also has a mPCIe slot designed for Vitro Shard. Therefore, Vitro Shard Edge extends the operation of the Vitro Shard device and easily provides the previously mentioned interfaces to the user. It allows attaching sensors and communication channels to Vitro Shard. And like the Vitro Shard, individual Vitro Shard Edge is just an expansion board without the capability to operate independently.


Digital record of the date and time taken from Vitro Crystal. It always has 4-bytes and meets the Unix Time Stamp format. The timestamp is received by the node whenever a new IoT Block is created.

Yocto-based OS

Custom, Yocto-based operating system running on Crystal. It allows communication with nodes connected via the CAN bus and the Vitro Cloud. Therefore, it is the recommended OS if the user wants to have a fully operational Vitro Crystal, Vitro Shard, and AWS setup. Please, check this section for more information.