Articles in this section

Data Security, Privacy, & Technical Requirements

Avatar
Aleksey Samusenko
  • Updated
Follow

Welcome to Ignite Prism

Prism transforms any video camera into a visual merchandising, auditing, and business intelligence tool by generating aggregate data from video and securely transmitting this data to our cloud-based platform. Users can view and analyze the data to better understand, manage, and optimize their real-world stores.

Prism uses an encrypted, low-bandwidth connection to continuously transmit real-time data where it’s securely stored in the Prism cloud. Customers have full access to and control over their data including privacy configuration and permissions for an unlimited number of users in their account.

  

DataSecurityTechnicalOverview_060916__dragged_.png

 

Prism Video Processing

Prism processes video locally by extracting layers of images and metadata to create visualizations and analytic outputs. At each instance, (i.e., at each store/camera) a low-bandwidth, real-time stream of images and data is securely pushed to the Prism cloud.

An unlimited number of approved users can log in to the Prism application in a single account to access and customize in-store visualizations, create data trend reports, and view analytics for each connection.

  • These visualizations and reports can include images of stores and merchandise, occupancy data, pathmaps and heatmaps indicating activity hotspots while removing people from the foreground.
  • Unlimited approved users can simultaneously access insights from their mobile devices or laptop without requiring individual connections to the local store’s network.
  • Unlimited end-user access is included in Prism’s standard service.
Deploying Prism in-store is accomplished by on-camera connection to the video. When running on a camera, Prism collects and processes video frames as a separate function without disrupting the normal operation of the camera. Prism runs as embedded software in enabled cameras using internal APIs to collect and process video frames. The only requirement: the enabled camera must be connected to a local network that enables an outbound internet connection.

Prism_In-Store_Setup.png

Set-up Operations and Requirements

The Prism platform collects and processes video sources and securely sends data to the cloud. Each installation of the application establishes an authenticated, encrypted connection with the Prism cloud service that is uniquely associated with the customer’s account. During the installation process, the user is asked to provide administrator-level credentials in the form of user login or a token. This enables proper authentication of any instance to the customer account.

To connect a Prism-enabled device:

  • The store must have a local Internet connection
  • The Prism-enabled device must have access to the store’s local Internet in order to establish an outbound connection to the Prism cloud

During the initial system connection, Prism sends a single image from each video source to the cloud application. The users can then identify and label the source. Once it’s identified, the video source can be enabled. Prism can be configured to scan the network continuously for changes to available video sources or to the only scan upon request.

Once a connection to the Prism platform is established, the administrator account credentials are exchanged for a temporary install-specific unique token. For security reasons, the user credentials are temporary and used only for the initial verification.  

Cloud Connection: Bandwidth, Ports & Data Transmission

  • Prism uses HTTPS protocols to establish a connection to the Prism platform 
  • Prism uses port 443 to establish an encrypted outbound connection to iapi.prismsl.net
  • If no connection can be made, Prism will attempt a re-connection every minute (images and data will continue to buffer until a connection is successful to avoid any data loss)
  • Prism’s average upload bandwidth requirement ranges between 50 - 120 kbps per camera, which is dependent on the data and image outputs configured

Authentication

Access to Prism data is authenticated using strict security at each step of the service:

  • User passwords are sent encrypted and stored indirectly, using PBKDF2 hash
  • Cross-site scripting (XSS) and request forgery (CSRF) are handled at the application level using standard libraries
  • All access is continually logged and audited on a per-request basis

Data Storage

Prism uses Amazon Web Services to handle data storage with Identify and Access Management (IAM), industry-leading secure cloud storage:

  • The IAM system manages what Prism does in the cloud (using EC2) and how we store our data (S3)
  • IAM uses multi-factor authentication and limits network access by port and IP address on a per-machine-type basis

User Access Controls and Data Ownership

Prism customers own all data they provide for processing by Prism and all data generated by the processing. The customer remains in control of the information sent to the cloud and what data is available to the end-users. Specifically, the customer has ultimate control over: 

  • What data (video, cameras) is processed locally by Prism
  • What data (privacy or non-privacy enabled) leaves the store
  • Who has access to certain data

Additionally:

  • No customer data is public 
  • Customer-created user accounts and access privileges can be adjusted and controlled for specific sites, cameras and data types
  • Data anonymity is user controlled and all aggregate analytics are anonymous
  • Prism users control what data is outbound (sent to the cloud)
  • All user logins and passwords are protected

Prism on Privacy

Privacy is a core pillar of Ignite Prism’s corporate policy and services. Prism uses video cameras as visual sensors to collect data - not as video cameras in the traditional sense, where they stream, monitor, and store full frame rate video. 

In order to protect the privacy of individuals, regional and national governments are putting into place laws, requirements, and audits to regulate video surveillance systems. While these regulations do not apply to Prism, as our solution is not a CCTV or video surveillance system, Prism understands and respects the value of data privacy that these regulations are made to protect. 

Prism was designed with privacy protection as a foundational feature of the overall technology since its inception. Therefore:

  • Prism can be configured to refrain from storing video data. 
    • Our platform processes camera output in real-time to generate aggregate, de-identified data. None of the raw video input is stored, ensuring that it is impossible to save, monitor or retrieve people or faces.
  • Prism masks identifiable information from the output imagery.
    • Prism’s visual output is privacy-protected and contains no identifiable information.
    • Prism can be configured to remove foreground images (people, faces, and other identifiers) and generate aggregate data models of activity over background images.
  • No images are capable of being reconstructed to create identifiable data. This functionality ensures that Prism data is not “privacy data” as defined by various regional and country regulations.
  • Simply put, Prism can eliminate the monitoring and surveillance of people in every way.

To understand more about Prism’s position on privacy, see our full Privacy Policy at www.prism.com/privacy

Frequently asked questions

What cameras are currently configured to support Prism internally? Does this remove the need for a server in my store? 

  • Currently, Prism is enabled on-camera for certain models from Axis and FLIR. Visit our website for the latest list of manufacturers. 
  • With Prism running on camera, there is no need for any additional hardware or server in your store.

Does Prism resell customer data?

  • Privacy is a core pillar of Prism’s service policy. We do not re-sell customer data at anytime.

Does Prism store data locally?

  • With the exception of temporary buffers to ensure data is transmitted to the cloud, Prism can be configured to not store data, including video, locally.

What data can Prism see?

  • Authorized employees can view customer data in order to understand how users are interacting with the platform and to troubleshoot customer issues. This access can be restricted by the customer at any time.

What ports does Prism use?

  • Prism uses port 443 for secure, SSL encrypted transmission of data between all instances of communication between the platform and the Prism cloud service. 

Can I export the data?

  • Yes. The application provides tools for downloading specific data sets as a CSV formatted file. Prism also provides a REST API for secure programmatic access to your data.

Who owns the data?

  • The customer owns all data entered and generated through Prism.

 

Related articles

Comments

0 comments

Please sign in to leave a comment.