2. 2
Table of Contents
Introduction……………………………………………………..………………….........……....Page
Operational Overview
Prism Video Processing…………………………………………………………..Page
On-camera connection…………………………………………………………...Page
Server-based connection……………………………………………………….Page
Set up Operations and Requirements………………………………..Page
Cloud Connection
Bandwidth, Ports & Data Transmission…………………………......Page
Authentication………………………………………………………………….......….Page
Data Storage & Security..………..……………………………………….........Page
User Access and Data Ownership…………………………………….…Page
Prism on Privacy…………………………………………….....………………………..........Page
Frequently Asked Questions………………………………………………….……...Page
3
4
4
4
4
5
5
6
6
6
7
3. Welcome to Prism
Prism transforms any video camera into a visual merchandising, auditing,
and business intelligence tool by generating aggregate data from video and
securely transmitting this data to our cloud-based platform. Users can view and
analyze the data to better understand, manage, and optimize their real-world
stores.
Prism uses an encrypted, low-bandwidth connection to continuously transmit
real-time data where it’s securely stored in the Prism cloud. Customers have
full access to and control over their data including privacy configuration and
permissions for an unlimited number of users in their account.
Data Security &
Technical Overview
Scalable Video
Processing
Video is processed on Prism enabled
cameras or local server.
Layers of images and metadata are
extracted and pushed to the Prism
cloud through an encrypted,
low-bandwidth, real-time stream.
Secure Cloud
Storage
All data and visualizations are securely
stored in the Prism cloud.
Prism uses Amazon Web Services to
handle data storage with Identify
and Access Management (IAM).
Unlimited User
Access
Insights generated by Prism can be
accessed by an unlimited number of
approved users in a single account.
Customers own all of the data
provided to and generated from
Prism.
4. 4
Prism Video Processing
Prism processes video locally by extracting layers of images and metadata to
create visualizations and analytic outputs. At each instance, (i.e., at each store/
camera) a low-bandwidth, real-time stream of images and data is securely
pushed to the Prism Cloud.
An unlimited number of approved users can log in to the Prism application in
a single account to access and customize in-store visualizations, create data
trend reports, and view analytics for each connection.
—— These visualizations and reports can include images of stores and
merchandise, occupancy data, pathmaps and heatmaps indicating
activity hotspots while removing people from the foreground
—— Unlimited approved users can simultaneously access insights from
their mobile device or laptop without requiring individual connections
to the local store’s network.
—— Unlimited end-user access is included in Prism’s standard service.
—— Prism also works with analog cameras, with the addition of an IP video
encoder from which Prism can extract video
Deploying Prism in-store is accomplished by:
1. On-camera connection to video
When running on a camera, Prism
collects and processes video frames as
a separate function without disrupting
the normal operation of the camera.
Prism runs as an embedded software
in enabled cameras using internal APIs
to collect and process video frames.
The only requirement: the enabled
camera must be connected to a local
network that enables an outbound
internet connection.
2. Server-based connection to video
Prism can be installed in an existing
camera using a local server to
collect a separate video feed from
the camera or VMS system. Prism
layers on to existing (or new) in-store
video infrastructure to process visual
data jointly without disrupting the
camera’s normal operation.
Set-up Operations and Requirements
The Prism platform collects and processes video sources and securely sends
data to the cloud. Each installation of the application (either in camera or
on a server) establishes an authenticated, encrypted connection with the
Prism cloud service that is uniquely associated with the customer’s account.
During the installation process, the user is asked to provide administrator
level credentials in the form of a user login or a token. This enables proper
authentication of any instance to the customer account.
5. 5
To connect a Prism-enabled device,
—— The store must have local Internet connection
—— The Prism-enabled device must have access to the store’s local
Internet in order to establish an outbound connection to the Prism
cloud
For server-based connection,
—— The server running Prism must be on the same subnet as the video
sources in order to discover cameras and establish a connection
—— Prism’s platform can interface with IP cameras and analogue cameras
connected to encoders
—— IP cameras can be communicated with directly (i.e., no requirement to
connect to video via an installed VMS)
During the initial system connection, Prism sends a single image from each
video source to the cloud application. The users can then identify and label
the source. Once it’s identified, the video source can be enabled. Prism can be
configured to scan the network continuously for changes to available video
sources or to only scan upon request.
Once a connection to the Prism platform is established, the administrator
account credentials are exchanged for a temporary install-specific unique
token. For security reasons, the user credentials are temporary, and used only
for the initial verification.
Cloud Connection: Bandwidth, Ports & Data Transmission
—— Prism uses HTTPS protocols to establish a connection to the Prism
platform
—— Prism uses port 443 to establish an encrypted outbound connection
to iapi.prismsl.net
—— If no connection can be made, Prism will attempt a re-connection
every minute (images and data will continue to buffer until connection
is successful to avoid any data loss).
—— Prism’s average upload bandwidth requirement ranges between 20
- 50 kbps per camera, which is dependent on the data and image
outputs configured
Authentication
Access to Prism data is authenticated using strict security at each step of the
service.
—— User passwords are sent encrypted and stored indirectly, using
PBKDF2 hash
6. 6
—— Cross-site scripting (XSS) and request forgery (CSRF) are handled at
the application level using standard libraries
—— All access is continually logged and audited on a per-request basis
Data Storage
Prism uses Amazon Web Services to handle data storage with Identify and
Access Management (IAM), an industry-leading secure cloud storage.
—— The IAM system manages what Prism does in the cloud (using EC2)
and how we store our data (S3)
—— IAM uses multi-factor authentication and limits network access by
port and IP address on a per-machine-type basis
User Access Controls and Data Ownership
Prism customers own all data they provide for processing by Prism and all
data generated by the processing. The customer remains in control of the
information sent to the cloud and what data is available to the end users.
Specifically, the customer has ultimate control over:
—— What data (video, cameras) is processed locally by Prism
—— What data (privacy or non-privacy enabled) leaves the store
—— Who has access to certain data
Additionally:
—— No customer data is public
—— Customer created user accounts and access privileges can be
adjusted and controlled for specific sites, cameras and data types
—— Data anonymity is user controlled and all aggregate analytics are
anonymous
—— Prism users control what data is outbound (sent to the cloud)
—— All user logins and passwords are protected
Prism on Privacy
Privacy is a core pillar of Prism’s corporate policy and services. Prism uses
video cameras as visual sensors to collect data - not as video cameras in the
traditional sense, where they stream, monitor, and store full frame rate video.
In order to protect the privacy of individuals, regional and national
governments are putting into place laws, requirements, and audits to regulate
video surveillance systems. While these regulations do not apply to Prism, as
7. 7
our solution is not a CCTV or video surveillance system, Prism understands and
respects the value of data privacy that these regulations are made to protect.
Prism was designed with privacy protection as a foundational feature of the
overall technology since its inception. Therefore:
—— Prism can be configured to refrain from storing video data
— Our platform processes camera output in real-time to generate
aggregate, de-identified data. None of the raw video input
is stored, ensuring that it is impossible to save, monitor or
retrieve people or faces
—— Prism masks identifiable information from the output imagery
— Prism’s visual output is privacy protected and contains no
identifiable information.
— Prism can be configured to remove foreground images (people,
faces, and other identifiers and generate aggregate data models
of activity over background images.
—— No images are capable of being reconstructed to create identifiable
data. This functionality ensures that Prism data is not “privacy data” as
defined by various regional and country regulations
—— Simply put, Prism can eliminate the monitoring and surveillance of
people in every way.
To understand more about Prism’s position on privacy, see our full Privacy
Policy at www.prism.com/privacy.
Frequently asked questions
What cameras are currently configured to support Prism internally? Does this
remove the need for a server in my store?
—— Currently Prism is enabled on-camera for certain models from Axis
and ISD. Visit our website for the latest list of manufacturers.
—— With Prism running on camera, there is no need for any additional
hardware or server in your store.
For server-based solutions, how does Prism connect to video?
—— Prism uses RTSP and HTTP protocols to collect a secondary stream
of video without disrupting your existing VMS or normal camera
operation.
Does Prism resell customer data?
—— Privacy is a core pillar of Prism’s service policy. We do not re-sell
customer data at anytime.
8. 8
Does Prism store data locally?
—— With the exception of temporary buffers to ensure data is transmitted
to the cloud, Prism can be configured to not store data, including
video, locally.
What data can Prism see?
—— Authorized employees can view customer data in order to understand
how users are interacting with the platform and to troubleshoot
customer issues. This access can be restricted by the customer at
anytime.
What cameras are compatible with Prism’s server-based solution?
—— Prism works with a variety of cameras - see the full list in Appendix B
or refer to our website for hardware specifications. We recommend
customers use cameras with a minimum resolution of 720p.
What bandwidth does Prism use?
—— Prism’s average upload bandwidth ranges between ~ 20 to 50 kbps
per camera.
What ports do Prism use?
—— Prism uses port 443 for secure, SSL encrypted transmission of data
between all instances of communication between the platform and
the Prism cloud service.
How long is data stored?
—— Prism stores imagery and analytic data for one year as part of our
standard service.
Can I export the data?
—— Yes. The application provides tools for downloading specific data sets
as a CSV formatted file. Prism also provides a REST API for secure
programmatic access to your data. Reach out to support@prism.com
for more information on the API.
Who owns the data?
—— The customer owns all data entered and generated through Prism.