# Terminology ## Identity & configuration terms **Component handle:** A specific device or piece of a system. In the Guardian ecosystem, a component is defined by a human-readable name, the certificates and keys it provides, and the operations it can perform. **Hardware ID:** A unique identifier to the specific instance of a component, commonly set to the device's serial number. The same hardware ID is used throughout the lifetime of the component, including through any reprovision operations. **System:** A grouping of components, also known as a system definition. All provisioning requests for components in this system will either go through a manual or automatic approval, depending on your system setting. ## **Process terms:** ### **Approval workflows** * **Automatic approval:** System setting where provisioning requests are processed automatically without human intervention. * **Manual approval:** System setting where provisioning requests require human review and approval before processing. ### **Device provisioning** **Provisioning:** The process of securely establishing device identity and configuring cryptographic credentials for secure communication. **Reprovisioning:** Updating an already-provisioned device with new certificates or configuration while maintaining the same hardware identity. **Provisioning methods** * **Connected provisioning:** Provisioning workflow for devices with network connectivity that can communicate directly with Guardian Cloud. * **Disconnected provisioning:** Provisioning workflow for devices without network connectivity where provisioning requests must be manually transferred via files. * **Proxy provisioning:** Using a connected device to handle provisioning requests for disconnected devices that cannot communicate directly with Guardian Cloud. ## **Cryptography & security terms** **Certificate Authority (CA):** The trusted entity that issues digital certificates. In Guardian deployments, Guardian Cloud can serve as a CA, though Guardian also works with other certificate authorities. **Certificate Revocation List (CRL):** A list of certificates that have been revoked before their expiration date and should no longer be trusted. **Certificate Signing Request (CSR):** A standardized message containing a device's public key and identity information, sent to Guardian Cloud to request a digital certificate. **PKI (Public Key Infrastructure):** The cryptographic framework that Guardian uses to establish and maintain secure digital identities through certificates and keys. **Trust anchor:** The foundational certificates used to validate other certificates in the system. Stored in the `TrustStore` file. ## Guardian Platform terms **Platform components:** * **Guardian Cloud:** Cloud-based platform that processes certificate requests, enrolls devices into trust hierarchies, and generates certificates. * **Guardian Library:** Software library that runs on your devices to parse configuration profiles, request certificates from Guardian Cloud, and enable cryptographic functions. ### Guardian file types and extensions Guardian uses several file types with specific extensions during the provisioning process: **Provision Request:** File used for transmitting information including public keys to the Guardian Cloud backend. This contains the Certificate Signing Requests (CSRs) sent to Guardian Cloud. Extension: `.mcpr` **TrustStore:** Trust anchors for the Guardian platform. Extension: `.mcts` **Profile files:** 1. **Certified Profile to be Provisioned:** Signed instructions and configuration for the Guardian library and provisioning operations. This is the initial profile template for this device type created during the provisioning process. Extension: `.mcpp` 2. **Certified Profile:** Signed instructions and configuration for the Guardian library run and reprovisioning operations. This is the final device profile created during the provisioning process. Extension: `.mcp` **Identity files:** 1. **Private Identity to be Provisioned:** Key material for initial provisioning operations and connections. This is the initial private identity template. Extension: `.mcpip` 2. **Private Identity:** Key material for reprovisioning and run operations and connections. This is the final private identity file, which contains the private keys that stay on the device. Extension: `.mcpi` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.medcrypt.com/get-started/terminology.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.