Patent Grant
8793302
The present invention relates generally to computerized monitoring systems, and specifically to prevention of unauthorized access to such systems.
Network cameras (also known as IP cameras) are becoming increasingly popular in surveillance applications. The term “network camera” is used in the context of the present patent application and in the claims to refer to a self-contained video device that outputs a sequence of data packets containing digitized image data. Such cameras contain not only a video sensor and associated video electronics, but also digital processing circuitry and a packet network interface with the necessary hardware and software to plug in directly to a packet communication network, such as an Ethernet local area network (LAN). Network cameras are particularly convenient for security applications, because they can be deployed freely in and around a facility using the existing LAN infrastructure, rather than requiring dedicated cabling to be run to each camera as in traditional video security systems.
A growing number of manufacturers supply network cameras. Axis Communications (Lund, Sweden), for example, sells a line of network cameras that may be used in embodiments of the present invention that are described hereinbelow.
In a computer network handling sensitive data, such as data in military or financial environments, portions of the network may be connected by one-way links. The term “one-way link” is used in the context of the present patent application and in the claims to refer to a communication link that is physically configured to carry signals in one direction and to be incapable of carrying signals in the opposite direction. For example, confidential data that must not be accessed from external sites may be stored on a computer that is configured to receive data over a one-way link and has no physical outgoing link over which data might be transmitted to the external site.
One-way links may be implemented, for example, using Waterfall™ systems, which are manufactured by Gita Technologies, Ltd. (Rosh HaAyin, Israel). The Waterfall system provides a physical one-way connection based on fiberoptic communication, using an underlying proprietary transfer protocol. When a transmitting computer is connected by a Waterfall system (or other one-way link) to a receiving computer, the receiving computer can receive data from the transmitting computer but has no physical means of sending any return communications to the transmitting computer.
Despite the convenience of network cameras (and other sorts of network sensors) for security applications, deployment of such cameras on a LAN creates a new security risk: Malicious parties may attempt to gain access to the LAN via the point of connection of the camera to the LAN. This risk is particularly acute when cameras are deployed on the outside of a secured facility, such as on the outer wall of a building or a perimeter fence, or in sparsely attended locations within the premises, such as washrooms, corridors and basements.
Embodiments of the present invention that are described hereinbelow use one-way links in order to mitigate this risk. By connecting a network camera to the network only via a one-way link, for example, the opportunity for a malicious party to access resources on the network via the point of connection of the camera is curtailed or eliminated entirely. This use of a one-way link thus protects both the surveillance network and components on the surveillance network, including other cameras, as well as protecting any other networks that are linked to the surveillance network. In some embodiments, when it is necessary to convey commands to the camera, a separate one-way link may be provided for this purpose.
Although the embodiments described herein refer mainly to network cameras, the principles of the present invention may be used in preventing malicious access via substantially any sort of network-enabled sensor.
There is therefore provided, in accordance with an embodiment of the present invention, sensing apparatus, including:
a network camera, which is configured to capture images of a scene and to output a sequence of data packets containing digitized video data responsively to the images; and
a one-way link, which is coupled to the network camera so as to transmit the data packets from the network camera to a packet communication network.
In a disclosed embodiment, the network camera is deployed outside a facility, and the packet communication network is a local area network (LAN) that is deployed inside the facility.
In some embodiments, the one-way link includes a first one-way link, and the apparatus includes a second one-way link coupled to convey commands to the network camera. The apparatus may include a switch, which is configured to be actuated in response to a predetermined condition for transmission of the commands to the network camera and to prevent transmission over the second one-way link when the predetermined condition is not satisfied. In one embodiment, the switch is configured to permit the transmission of a message to the network camera only at one or more specified times of day. Alternatively or additionally, the switch is configured to permit the transmission of a message to the network camera only upon ascertaining that the message is valid. Further alternatively or additionally, the switch is configured to permit the transmission of a message to the network camera only when the first one-way link is inactive.
In another embodiment, the one-way link includes a controller, which is coupled to submit instructions to the network camera on a predetermined schedule and to receive and convey the data packets from the network camera over the one-way link to the packet communication network.
There is also provided, in accordance with an embodiment of the present invention, sensing apparatus, including:
a network sensor, which is configured to sense a characteristic of an environment outside a facility and to output a sequence of data packets containing digitized sensor data responsively to the sensed characteristic; and
a one-way link, which is coupled to the network sensor so as to transmit the data packets from the network sensor to a packet communication network inside the facility.
The network sensor may include a network camera.
There is additionally provided, in accordance with an embodiment of the present invention, a method for sensing, including:
deploying a network sensor to sense a characteristic of an environment outside a facility and to output a sequence of data packets containing digitized sensor data responsively to the sensed characteristic; and
coupling a one-way link to the network sensor so as to transmit the data packets from the network sensor to a packet communication network inside the facility.
The present invention will be more fully understood from the following detailed description of the embodiments thereof, taken together with the drawings in which:
Camera 22 is mounted outside facility 20, as shown in
In the present embodiment, however, link 24 is a one-way link, which conveys packets containing video data from camera 22 to the LAN in facility 20, but is physically incapable of supporting outward communication from the facility. Link 24 may comprise a unidirectional fiberoptic link, for example, as in the Waterfall device mentioned above. Alternatively, link 24 may comprise any other suitable sort of one-way link, such as the types of links that are described in PCT Patent Application PCT/IL2006/001499, filed Dec. 28, 2006, which is assigned to the assignee of the present patent application and whose disclosure is incorporated herein by reference.
As a result of using the one-way link, computer 26 will not receive any return messages or data from within facility 20. Consequently, the hacker will not be able to gain access to data that are stored in the facility, and the hacker's ability to access and reprogram computers in the facility will be very limited in the absence of any sort of feedback.
Although the present embodiment relates to the use of one-way links in protecting connection points of network cameras, the principles of the present invention may similarly be applied to other sorts of network sensors. A “network sensor” in this case means a self-contained sensing device that senses a characteristic of an environment and outputs a sequence of data packets containing digitized sensor data. In the case of the network camera, the characteristic of the environment is an image of a scene in the environment. Other than cameras, a network sensor may comprise any suitable type of sensor, such as an audio sensor, an infrared or ultrasonic motion sensor, a smoke detector or a pressure sensor.
In some cases, it may be desirable to control one or more of the cameras in system 30 so as to cause the camera to change its image capture parameters. For example, operator 44 may wish to pan, tilt or zoom a camera in order to get a better view of a point of interest, or may wish to toggle the operational mode of a camera, such as switching between day and night modes, or to request that the camera provide log or status information. Alternatively or additionally, console 42 may automatically change certain image capture parameters based on scene conditions or pre-programmed rules. Such changes may be invoked from console 42 by sending suitable commands to cameras 34, for example, via LAN 40 and links 36. Camera 22, however, cannot be controlled in this manner, since there is no outgoing link from LAN 40 to the camera.
Alternatively, a second, outgoing one-way link may be used to control network cameras that are deployed outside perimeter 32, as well as any other cameras that are vulnerable to tampering. For example, as shown in
Switch 48 may be actuated in a number of possible ways, in response to certain predetermined conditions:
Although one-way links 24 and 46 are shown in
Other alternative configurations may also be used to control the operation of cameras that output data via one-way links. For example, as shown in
As another example, a dedicated, automatic controller 56 may be coupled between a camera, such as camera 22 in
The method of
Switch 48 checks the electronic signature of the message, at a signature validation step 66. If the signature does not match a preconfigured, authorized value, the message is discarded at step 64. The switch may also check whether the message is well-formed, at a form checking step 68. For example, the switch may check the structure and data values in the message to ensure that the message has the form of a proper command to camera 38. Again, ill-formed messages are discarded at step 64.
Assuming the message passed the tests of steps 62, and 68, switch 48 may optionally shut off downlink communications over link 24, at a link shutoff step 70. Switch 48 then transmits the message over link 46 to camera 38. Once the message has been sent, switch 48 opens, preventing further outgoing transmission, and incoming transmission of video data packets resumes. Alternatively, switch 48 may be configured to allow simultaneous communication over both of links 24 and 48, at least during certain limited time periods.
It will be appreciated that the embodiments described above are cited by way of example, and that the present invention is not limited to what has been particularly shown and described hereinabove. Rather, the scope of the present invention includes both combinations and subcombinations of the various features described hereinabove, as well as variations and modifications thereof which would occur to persons skilled in the art upon reading the foregoing description and which are not disclosed in the prior art.
This application is a continuation of U.S. patent application Ser. No. 11/977,391, filed Oct. 24, 2007 now U.S. Pat. No. 8,223,205.
| Number | Name | Date | Kind |
|---|---|---|---|
| 4985919 | Naruse et al. | Jan 1991 | A |
| 4987595 | Marino, Jr. et al. | Jan 1991 | A |
| 5530758 | Marino, Jr. et al. | Jun 1996 | A |
| 5548646 | Aziz et al. | Aug 1996 | A |
| 5677952 | Blakley et al. | Oct 1997 | A |
| 5696822 | Nachenberg | Dec 1997 | A |
| 5732278 | Furber et al. | Mar 1998 | A |
| 5835726 | Shwed et al. | Nov 1998 | A |
| 5940507 | Cane et al. | Aug 1999 | A |
| 5946399 | Kitaj et al. | Aug 1999 | A |
| 5995628 | Kitaj et al. | Nov 1999 | A |
| 6023570 | Tang et al. | Feb 2000 | A |
| 6026502 | Wakayama | Feb 2000 | A |
| 6240514 | Inoue et al. | May 2001 | B1 |
| 6289377 | Lalwaney et al. | Sep 2001 | B1 |
| 6317831 | King | Nov 2001 | B1 |
| 6470449 | Blandford | Oct 2002 | B1 |
| 6574640 | Stahl | Jun 2003 | B1 |
| 6601126 | Zaidi et al. | Jul 2003 | B1 |
| 6615244 | Singhal | Sep 2003 | B1 |
| 6643701 | Aziz et al. | Nov 2003 | B1 |
| 6738388 | Stevenson et al. | May 2004 | B1 |
| 6915435 | Merriam | Jul 2005 | B1 |
| 6931549 | Ananda | Aug 2005 | B1 |
| 6957330 | Hughes | Oct 2005 | B1 |
| 6963817 | Ito et al. | Nov 2005 | B2 |
| 6966001 | Obara et al. | Nov 2005 | B2 |
| 6970183 | Monroe | Nov 2005 | B1 |
| 6986061 | Kunzinger | Jan 2006 | B1 |
| 7031322 | Matsuo | Apr 2006 | B1 |
| 7062587 | Zaidi et al. | Jun 2006 | B2 |
| 7143289 | Denning et al. | Nov 2006 | B2 |
| 7171566 | Durrant | Jan 2007 | B2 |
| 7200693 | Jeddeloh | Apr 2007 | B2 |
| 7254663 | Bartley et al. | Aug 2007 | B2 |
| 7260833 | Schaeffer | Aug 2007 | B1 |
| 7324515 | Chapman | Jan 2008 | B1 |
| 7366894 | Kalimuthu et al. | Apr 2008 | B1 |
| 7631189 | Ichinose et al. | Dec 2009 | B2 |
| 7649452 | Zilberstein et al. | Jan 2010 | B2 |
| 7660959 | Asher et al. | Feb 2010 | B2 |
| 7675867 | Mraz et al. | Mar 2010 | B1 |
| 7685636 | Leake et al. | Mar 2010 | B2 |
| 7698470 | Ruckerbauer et al. | Apr 2010 | B2 |
| 7716467 | Deffet et al. | May 2010 | B1 |
| 7757074 | Sundarrajan et al. | Jul 2010 | B2 |
| 7761704 | Ho et al. | Jul 2010 | B2 |
| 7814316 | Hughes et al. | Oct 2010 | B1 |
| 7815548 | Barre et al. | Oct 2010 | B2 |
| 7845011 | Hirai | Nov 2010 | B2 |
| 7849330 | Osaki | Dec 2010 | B2 |
| 7992209 | Menoher et al. | Aug 2011 | B1 |
| 8041832 | Hughes et al. | Oct 2011 | B2 |
| 8046443 | Parker et al. | Oct 2011 | B2 |
| 8223205 | Frenkel et al. | Jul 2012 | B2 |
| 20010033332 | Kato et al. | Oct 2001 | A1 |
| 20020065775 | Monaghan | May 2002 | A1 |
| 20020066018 | Linnartz | May 2002 | A1 |
| 20020114453 | Bartholet et al. | Aug 2002 | A1 |
| 20020178370 | Gurevich et al. | Nov 2002 | A1 |
| 20020191866 | Tanabe | Dec 2002 | A1 |
| 20020199181 | Allen | Dec 2002 | A1 |
| 20030037247 | Obara et al. | Feb 2003 | A1 |
| 20030055792 | Kinoshita et al. | Mar 2003 | A1 |
| 20030061505 | Sperry et al. | Mar 2003 | A1 |
| 20030114204 | Allen et al. | Jun 2003 | A1 |
| 20030140090 | Rezvani et al. | Jul 2003 | A1 |
| 20030140239 | Kuroiwa et al. | Jul 2003 | A1 |
| 20030159029 | Brown et al. | Aug 2003 | A1 |
| 20030188102 | Nagasoe et al. | Oct 2003 | A1 |
| 20030217262 | Kawai et al. | Nov 2003 | A1 |
| 20040022107 | Zaidi et al. | Feb 2004 | A1 |
| 20040070620 | Fujisawa | Apr 2004 | A1 |
| 20040071311 | Choi et al. | Apr 2004 | A1 |
| 20040080615 | Klein et al. | Apr 2004 | A1 |
| 20040217890 | Woodward et al. | Nov 2004 | A1 |
| 20050015624 | Ginter et al. | Jan 2005 | A1 |
| 20050033990 | Harvey et al. | Feb 2005 | A1 |
| 20050085964 | Knapp et al. | Apr 2005 | A1 |
| 20050091173 | Alve | Apr 2005 | A1 |
| 20050119967 | Ishiguro et al. | Jun 2005 | A1 |
| 20050120251 | Fukumori et al. | Jun 2005 | A1 |
| 20050122930 | Zhao et al. | Jun 2005 | A1 |
| 20050138369 | Lebovitz et al. | Jun 2005 | A1 |
| 20050165939 | Nikunen et al. | Jul 2005 | A1 |
| 20050264415 | Katz | Dec 2005 | A1 |
| 20060026292 | Namioka et al. | Feb 2006 | A1 |
| 20060047887 | Jeddeloh | Mar 2006 | A1 |
| 20060064550 | Katsuragi et al. | Mar 2006 | A1 |
| 20060085354 | Hirai | Apr 2006 | A1 |
| 20060085534 | Ralston et al. | Apr 2006 | A1 |
| 20060095629 | Gower et al. | May 2006 | A1 |
| 20060136724 | Takeshima et al. | Jun 2006 | A1 |
| 20060165347 | Mita | Jul 2006 | A1 |
| 20060179208 | Jeddeloh | Aug 2006 | A1 |
| 20060248582 | Panjwani et al. | Nov 2006 | A1 |
| 20060259431 | Poisner | Nov 2006 | A1 |
| 20060271617 | Hughes et al. | Nov 2006 | A1 |
| 20070028027 | Janzen et al. | Feb 2007 | A1 |
| 20070028134 | Gammel et al. | Feb 2007 | A1 |
| 20070043769 | Kasahara et al. | Feb 2007 | A1 |
| 20070055814 | Jeddeloh | Mar 2007 | A1 |
| 20070063866 | Webb | Mar 2007 | A1 |
| 20070112863 | Niwata et al. | May 2007 | A1 |
| 20070203970 | Nguyen | Aug 2007 | A1 |
| 20070283297 | Hein et al. | Dec 2007 | A1 |
| 20080005325 | Wynn et al. | Jan 2008 | A1 |
| 20080008207 | Kellum | Jan 2008 | A1 |
| 20080066192 | Greco et al. | Mar 2008 | A1 |
| 20080082835 | Asher et al. | Apr 2008 | A1 |
| 20080155273 | Conti | Jun 2008 | A1 |
| 20080244743 | Largman et al. | Oct 2008 | A1 |
| 20090019325 | Miyamoto et al. | Jan 2009 | A1 |
| 20090319773 | Frenkel et al. | Dec 2009 | A1 |
| 20090328183 | Frenkel et al. | Dec 2009 | A1 |
| 20100275039 | Frenkel et al. | Oct 2010 | A1 |
| 20110213990 | Poisner | Sep 2011 | A1 |
| Number | Date | Country |
|---|---|---|
| 1632833 | Mar 2006 | EP |
| 2371125 | Jul 2002 | GB |
| 0163879 | Aug 2001 | WO |
| Entry |
|---|
| EP Patent Application # 08702651.4 Search report dated May 11, 2012. |
| Frenkel, L., “Unidirectional Information Transfer”, Web issue, Jun. 2005. |
| U.S. Appl. No. 12/447,470 Official Action dated Sep. 14, 2011. |
| U.S. Appl. No. 12/447,470 Official Action dated Feb. 9, 2012. |
| U.S. Appl. No. 12/438,548 Official Action dated Mar. 6, 2012. |
| U.S. Appl. No. 12/306,692 Official Action dated Feb. 13, 2012. |
| European Patent Application # 07805530.8 Search report dated Mar. 6, 2012. |
| IL Patent Application # 177,756 Official Action dated Aug. 17, 2010. |
| IL Patent Application # 180,748 Official Action dated Oct. 25, 2010. |
| IL Patent Application # 201473 Official Action dated May 8, 2011. |
| U.S. Appl. No. 12/447,470 Official Action dated Mar. 25, 2011. |
| U.S. Appl. No. 11/823,950 Official Action dated Jun. 22, 2009. |
| U.S. Appl. No. 12/306,692 Official Action dated Sep. 28, 2011. |
| International Application PCT/IL2008/000886 Search Report dated Nov. 13, 2008. |
| International Application PCT/IL2008/000070 Search Report dated Jun. 16, 2008. |
| International Application PCT/IL2007/001070 Search Report dated Jul. 25, 2008. |
| International Application PCT/IL2006/001499 Search Report dated Apr. 8, 2008. |
| International Application PCT/IIL2008/001513 Search Report dated Mar. 10, 2009. |
| Waterfall Security Solutions Ltd., “Waterfall One Way Link Technology”, 2008 ( http://www.waterfall-solutions.com/home/Waterfall.sub.--Technology.a- spx). |
| Msisac, “Cyber Security Procurement Language for Control Systems”, version 1.8, revision 3, Feb. 2008 (http://www.msisac.org/scada/documents/4march08scadaprocure.pdf). |
| Axis Communications, “Axis Network Cameras”, 2008 (http://www.axis.com/products/video/camera/index.htm). |
| Check Point Software Technologies Ltd., “Extended Unified Threat Management capabilities with new multi-layer messaging security deliver best all-inclusive security solution”, USA, Nov. 18, 2008 (http://www.checkpoint.com/press/2008/utm-1-edge-upgrade-111808.html). |
| Einey, D., “Waterfall IP Surveillance Enabler”, Jul. 2007. |
| U.S. Appl. No. 11/977,391 Official Action dated Jun. 14, 2011. |
| U.S. Appl. No. 12/447,470 Official Action dated Aug. 30, 2012. |
| Schneier, B., “Applied Cryptography”, Chapter 15, pp. 357-358, published by John Wiley & Sons, Inc, year 1996. |
| U.S. Appl. No. 12/438,548 Official Action dated Feb. 22, 2013. |
| U.S. Appl. No. 12/438,548 Office Action dated Jul. 11, 2013. |
| EP Application # 06832267.6 Search report dated Jun. 3, 2014. |
| Number | Date | Country | |
|---|---|---|---|
| 20120268596 A1 | Oct 2012 | US |
| Number | Date | Country | |
|---|---|---|---|
| Parent | 11977391 | Oct 2007 | US |
| Child | 13487265 | US |
