Real-time imagery. Real-world insight.

Data Security, Privacy, &

Technical Requirements

Contents

Operational Overview

Section Page

Introduction ……………………………………………………………… 3 Operational Overview

Scalable, Cloud-Based Video Processing ……………………………………………………………… 4

Network Overview (Diagram) ……………………………………………………………… 5

Technical Components Connecting to Video ……………………………………………………………… 6

Prism Connect ……………………………………………………………… 6 Bandwidth & Ports ……………………………………………………………… 7

Prism on Privacy Privacy Policy ……………………………………………………………… 8

Data Ownership and Security

Prism Network: Security at 9 9 9

10

Every Step (Diagram) ……………………………………………………………… Data Ownership ………………………………………………………………

Authentication ……………………………………………………………… Data Transmission ………………………………………………………………

Data Storage ………………………………………………………………User Access Controls ………………………………………………………………

10

FAQ ……………………………………………………………… 11 Appendix A: Hardware

Requirements ……………………………………………………………… 13 Appendix B: Supported

Cameras & VMS Systems ……………………………………………………………… 14

10

Introduction

Welcome to Prism

Prism’s unique cloud service transforms any video camera into a visual merchandising, auditing, and business intelligence tool that can be accessed from any device. Prism enables retailers and other businesses to better understand, manage, and optimize their real-world stores.

This document: • Answers common questions about how Prism uses cameras to

collect data, how Prism handles the data within its cloud service, and how Prism’s software operates.

• Lists requirements for cameras, hardware, and networkconfiguration

• Provides technical details on the data security and privacymeasures that are built into the Prism architecture

If you have any questions that this document does not cover, please reach out to the Prism team at support@prism.com.

Operational Overview

Scalable, Cloud-Based Video Processing

Prism connects to supported IP cameras or Video Management Software (VMS) system via a store’s local network.

• Appendix A includes a list of IP cameras and VMS systemscurrently supported.

• Prism also works with analog cameras, with the addition of an IPvideo encoder from which Prism can extract video.

Prism’s on-site software, Prism Connect, runs on a local server and processes all of the connected video inputs.

• Prism Connect establishes a separate video stream running fromthe cameras or VMS to process visual data. This enables PrismConnect to run parallel (and with no disruption) to any existingvideo system operations.

All video processing takes place on the local Prism server. • Prism’s processing extracts layers of metadata and images to

create a variety of visualizations and analytic data.• At each instance (i.e., at each store) where Prism Connect is

configured with Prism’s cloud service, a low-bandwidth, real-timestream of images and data — not video — is securely pushed toour cloud-based application.

• Prism does not stream video to the cloud.

Approved users can then log in to the Prism app to access and customize in-store visualizations, data trend reports, and analytics for each location that is connected to Prism.

• These visualizations and reports can include, for example, imagesof stores and merchandise without people, occupancy data, andheatmaps of store activity hot spots.

Multiple stores can be connected to our cloud service for a single account, enabling a very scalable way to connect and gain insightful data from hundreds or thousands of stores in real-time.

Because all of this data resides in Prism’s cloud application, any number of approved users can simultaneously access these insights from their mobile device, tablet, or laptop without requiring individual connections to the local store systems or network. Most importantly, throughout this entire process, the Prism customer controls:

1. What cameras are connected to the Prism services 2. What output is created from each camera processed 3. What data each user on the customer account can access

 System Overview: Network Diagram  

Technical Components

As the Network Overview graph demonstrates, Prism’s operation is straightforward. Service setup and operation consists of the following steps:

Connecting to Video

Prism layers on to existing in-store video infrastructure by connecting to the local video cameras. All that’s needed is a local network connection, the Connect software, and an outbound Internet connection.

• The server running Connect must be on the same subnet as thevideo sources in order to discover cameras and establish aconnection.

• The Connect software can interface with IP cameras and analogcameras connected to encoders.

• IP cameras can be communicated with directly.

• Prism uses RTSP and HTTP protocols to establish videoconnections.

Prism Connect: Operation and Requirements

The Prism Connect software is installed on a local server in order to connect to and process multiple video sources, and securely send data to the Prism cloud.

• The hardware requirements for the local server can be found inAppendix A.

• Each installation of the Connect software (i.e., each store)establishes an authenticated, encrypted connection with the Prismcloud service that is uniquely associated with the Prism customer’saccount.

• Prism Connect runs on Windows, Linux, and Mac OS X.

• During the software installation process, the user is asked toprovide administrator level credentials. This enables properauthentication of this Connect instance.

• Prism Connect requires an Internet connection for outboundcommunication to the Prism cloud service.

• Once an outbound connection is established, the administrator

account credentials are exchanged for a temporary install-specific unique token.

o For security reasons, the user credentials are temporary, and used only for the initial verification.

• Users can add cameras to the system from the web app.

• While scanning, Prism Connect sends a single image from each

video source to the web app. There, the user can identify and label the source. Identified video sources can then be enabled.

o Prism Connect can be configured to continue rescanning the network for changes to available cameras, or to only scan upon request.

• Once a camera is enabled, the Connect software continuously processes the video, modeling and identifying activity in the form of various data layers.

Cloud Connection: Bandwidth & Ports

• Prism Connect uses the standard web port of 443 to establish the required outbound Internet connection.

• Prism Connect creates a secure connection to the Prism cloud service at iapi.prismsl.net.

o If no connection can initially be made, Prism Connect will re-check the connection every minute.

• Prism’s bandwidth requirement is only ~25-40 kbps per camera, minimizing network/bandwidth impact.

• All transmission of data to Prism’s cloud service is TLS encrypted over HTTPS.

               

Prism on Privacy

Privacy Policy

Privacy is a core pillar of Prism’s corporate policy and services. Prism uses video cameras as visual sensors that collect data — not as video cameras in the traditional security sense, wherein they stream, monitor, store and retrieve full frame rate video.

In order to protect the privacy of individuals, regional and national governments are putting into place laws, registration requirements, and audits to regulate video surveillance systems. While these regulations do not apply to Prism, as our solution is not a CCTV or video surveillance system, Prism understands and respects the spirit of data privacy that these regulations represent.

Prism has been designed with privacy protection as a foundational feature of the overall technology since its inception. Therefore:

• Prism does not store video data.o Our in-store software processes camera output in real-time

to generate anonymous, privacy protected data. None of theraw video input is stored, ensuring that it’s impossible tosave, monitor, or later retrieve people or faces.

• Prism does not output privacy data.o Prism’s visual output is privacy protected in that it contains

no identifiable information.o Prism is configured to remove people from visual imagery —

we deliver “background only” images and aggregate datamodels of activity.

• No identifiable data is output or stored and nothing can bereconstructed to create identifiable data. This is what ensures thatPrism data is not “privacy data” as defined by various regional andcountry regulations.

• Simply put, Prism can eliminate the monitoring and surveillance ofpeople in every way.

To understand more about Prism’s position on privacy, see our full Privacy Policy at www.prism.com/privacy.

Data Ownership and Security

Prism Network: Security At Every Step

*AWS: Amazon Web Services**IAM: Identity and Access Management

Data Ownership

Prism customers own all data they provide for processing by Prism, and all data generated by the processing. Throughout this entire process the customer remains in control of what gets sent to the cloud service and what data is available to end users. Specifically, the customer has ultimate control over:

• What data (video, cameras) is processed locally by Prism• What data (privacy or non-privacy enabled) leaves the store• Who has access to what data

Authentication

Access to Prism data is authenticated using strict security at each step of the service.

• User passwords are sent encrypted and stored indirectly, using aPBKDF2 hash

• Cross-site scripting (XSS) and request forgery (CSRF) are handledat the application level using standard libraries

• All data access is continually logged, and audited on a per-requestbasis.

Data Transmission

All communication and data transfers using port 443 are SSL encrypted and certified.

• Additionally, end-customer data delivery is SSL encrypted andcertified.

• Prism’s web app uses full-time HTTPS transfer over TLS, withauthorized certificates

Data Storage

Prism uses Amazon Web Services to handle data storage, using Identity and Access Management (IAM) an industry-leading secure cloud storage.

• The IAM system manages what Prism does in the cloud (usingEC2) and how we store our data (S3)

• IAM uses multi-factor authentication and limits network access byport and IP address on a per-machine-type basis

User Access Controls

Prism customers own and control all of their data and in-store analytics. • No customer data is public.• Customer created and managed user accounts and user access

privileges can be set to control user access to specific sites,cameras, and data types.

• Data anonymity is user-controlled, and all aggregate analytics areanonymous.

• Prism users control what data is outbound (sent to the cloud).• All user logins are password protected.

Frequently Asked Questions    

How does Prism get a second stream of video?

We use RTSP and HTTP protocols to get a second stream of data

without affecting your VMS or how you access your camera.

Does Prism resell customer data?

No.

Does Prism store data locally?

No – local storage can be configured by the customer, but Prism does

not store locally.

What data can Prism see?

Authorized employees can see customer data in order to deliver the full

span of Prism services and troubleshoot customer issues. This access

can be restricted by the customer.

What cameras can Prism use?

Prism works with a variety of cameras — see the full list in Appendix B.

We recommend customers use cameras with a minimum resolution of

720p.

What bandwidth does Prism use?

Prism’s nominal bandwidth requires only ~25 kbps per camera.

What ports does Prism use?

Prism uses port 443, which is SSL encrypted, for secure transmission

between all instances of Prism Connect and the Prism cloud service. If

port 443 cannot be used, Prism uses port 80 as a backup.

How long is data stored for?

Prism does not store data locally. For cloud storage, as part of our

standard service, Prism stored image data for 90 days and all other data

(counts, activity, metadata) for one year.

Can I export the data?

Yes. Tools are provided in the application for downloaded specified

data sets in a CSV formatted file. Prism also provides a REST API for

secure programmatic access to your data. Reach out to

support@prism.com for more information on the APIs.

Who owns the data?

The customer owns the data.

Appendix A: Hardware Requirements    

Server Requirements

The server must be configured for continuous operation; it cannot go

into sleep/hibernation mode.

Operating System Requirements

Use any of the following:

• Windows: Windows 7 and 8

• Mac OS X: Mac OS X 10.7.0

• Linux: Ubuntu 12.04 LTS 32 bit

Processing Power and Memory Suggestions

We recommend the Intel Core i-series Processors.

• Prism Connect uses an estimated 0.25 cores per Camera, with an

additional 0.25 cores for each camera with Advanced Analytics.

• General processer guidelines:

o Intel Core i3: Max of 4 cameras

o Intel Core i5: Max of 8 cameras

o Intel Core i7: Max of 12 cameras

• Minimum Storage: 1 GB

• RAM: ~500 MB per Camera

Appendix B: Supported Cameras and VMS    

Compatible Cameras

Prism supports a wide variety of IP cameras, and we are continually

adding support for new and existing manufacturers. Please contact us if

your brand is not listed here.

ACTi* Brickcom* ISD Samsung

Arecont Canon Mobotix Sony

Avigilon Cisco* Panasonic Vivotek

Axis Hikvision Pelco* ONVIF

Bosch IQinVision Prime * Limited configurations may apply

The recommended camera resolution is 720p (1280x720). VMS Integration Compatibility Prism works alongside your VMS systems to process and upload data. For some systems, Prism software can run directly on your VMS device. We have VMS integrations with the following manufacturers:

Exacq Genetech Milestone Systems

3VR Cisco