The present invention relates to a system for site management, and more specifically, for disaster site management. The system incorporates a network backbone for communication in a flexibly-deployable scheme for monitoring and maintaining access to site perimeters, and providing access to personnel arriving at the site, while maintaining accountability and security in all operational procedures of the system.
Roles and responsibilities of today's emergency response personnel have become vastly more complicated in the last ten to fifteen years. Terrorism, on both a micro- and macro-level, has changed the landscape for emergency responders forever, as have natural disasters, like Hurricane Katrina. The availability of unconventional weapons, the public accountability associated with ground water contamination, and the containment of leaks in nuclear power plants are all phenomena that have contributed to making the world of the emergency response manager and field officer one in which well-coordinated and accountable responses to incidents, as well as disasters, are key to performing the job. The job today goes far beyond simple response, and requires the utmost in preparedness, planning, and accountability.
The events that occurred on what has become ominously referred to simply as “9/11” sharpened the focus on these requirements, and in many ways, has encouraged city, county, regional, state, and federal personnel to come together to the planning table for collaboration on common and coordinated procedures, techniques, and technologies in responding to incidents and disasters. Indeed, the Department of Homeland Security was developed in response to this need, as were the President's Directives on the Management of Domestic Incidents and National Preparedness, which ultimately became what is now known as National Incident Management System (NIMS) requirements. NIMS now provides a venue for a consistent nationwide approach for Federal, State, and local governments to work effectively and efficiently together.
Primary among these best practices is the ability to coordinate and integrate resources and personnel among all jurisdictions and agencies. Full implementation of NIMS requires complete coordination and integration of resources and personnel, which span across a host of organizations and agencies (e.g. E911, emergency operations centers, firefighters, police and sheriff's departments, etc.), to multiple jurisdictions (i.e. local, regional, state, and federal), and to different communities of interest (e.g. anti-terrorism taskforces, hazardous materials-handling taskforces, bomb- and explosives-handling groups, etc.). Indeed, multi-agency and jurisdictional coordination and consistency of best practice procedures is at the heart of the NIMS requirements.
The first step taken by many organizations is compliance with a consistent ICS (Incident Command System) approach. The very next challenge then becomes an accountability system, which provides a fast and accurate authorization of personnel from many agencies and jurisdictions, in an effective, consistent, secure, accurate, and on-site manner.
However, good accountability systems nowadays must provide more than on-site authorization of a credential. Public safety officials are responsible for the incident scene, and must protect it from further damage, danger, or contamination. Both public safety and liability are at risk. High impact incidents have become like crime scenes in that the integrity of the scene must be ensured and protected, with detailed records securely kept and archived.
Containing and controlling an incident site is a basic obligation of today's first responder, in a time when yellow crime scene tape and manual inspection of identification badges are not enough. NIMS guidelines provide oversight, but technology is required to support the efforts of local first responders.
All emergency managers need to adhere to best practices in responding to incidents, but first must address a variety of challenges. When multiple agency personnel arrive on a scene, they appear with a variety of identification sources and badges. They require immediate authorization, using a system that authenticates them on-site, regardless of their agency or jurisdictional affiliation. A uniform standard for personnel authentication is currently lacking in most emergency management organizations.
Furthermore, tracking of personnel including first responders, as well as the public, entering, leaving, and within the perimeter of a scene is almost impossible. Documenting that tracking is largely a manual operation at the present time, if performed at all.
In addition, securing the disaster site is also largely manual, and a function of manpower, electrical power, and communications. Power sources and communications infrastructure are often knocked out by the disaster itself, making “lockdown” of the site very difficult. Weather, hazards, and geographic barriers are inherent problems with high-impact incidents. These natural, geographic, physical, and urban impediments many times make a site almost impossible to secure and monitor.
Another factor to be dealt with is that remote organizations, like Emergency Operations Centers (EOCs), often have responsibility for deploying personnel and tracking events on-site, but they have little or no visibility to the situation on-site, and in some cases, little or no communications with local site personnel.
It would be desirable to have a suitable technology that would be weather- and disaster-proof, capable of securing multiple perimeters, and able to authorize personnel credentials for site entry and exit. Such a technology must be feature-rich, but designed for field-disaster use and require no external sources of power or communication.
Examples of prior art systems are disclosed in U.S. Pat. No. 5,596,652, 5,793,882, 6,761,312. These patents teach a system which uses a network to assign emergency personnel to designated sectors of a site. Sector designation and personnel assignment are determined by protocols based on site-specific information acquired by the system. The system further incorporates a triage priority capability into its design.
The prior art system only allows or denies access to the site based on comparison of information carried by the person with information stored in a database. It does not acquire credentials on-site, verify credentials with biometric information, or allow for on-site enrollment of personnel. These deficiencies are significant since accountability is a high priority. Furthermore, system operation design must not impede disaster relief efforts.
Another example of a prior art system is disclosed in U.S. Patent Publication No. 2004/0066276. This prior art system uses PDA (Personal Digital Assistant) devices that are wirelessly connected as a school hall-monitoring system. The capabilities of such as a design would not meet the integrity and accountability required for a system meant to securely manage access to a disaster site.
Another example of a prior art system is disclosed in U.S. Patent Publication No. 2004/0251304. This prior art system uses a site-management network with flexible deployability. This prior art system does not feature capabilities to integrate external networks into the system. This factor limits the utility of the prior art system because various agencies will invariably be operating on numerous existing systems. The advantage of the present invention is the ability to incorporate external systems into a whole network platform, while maintaining access accountability.
Another example of a prior art system is disclosed in U.S. Pat. No. 6,819,219. This patent teaches a biometric identification system coupled to a wireless network. This prior art device does not include means for rapidly and flexibly deploying the network at a site, nor does it include means for incorporating external networks, while maintaining access accountability.
Another example of a prior art system is the Motobridge system (available from Motorola Inc., 1301 E. Algonquin Rd., Schaumberg, Ill. 60196). This prior art system features a network design which allows for interoperability of external systems. However, it does not offer the integrity and accountability of “airspace access management” of the present invention. The term “airspace access management” is used here to mean a “channeled access” to the network by external requesters (i.e. systems) that is authorized according to personnel credential protocols (or in some cases, agency credential protocols). The term “channeled access” is used here to mean that access to the other parts (i.e. channels) of the network is limited by credential protocols.
While present technologies offer some of the elements of what has been described above, there is presently a need for a complete solution that offers a real-time, on-site, personnel database-management system coupled with a wide-area network for communication, and which also features capabilities for producing badges containing personnel credentials, and obtaining, assessing, and authenticating personnel credentials, while further providing capabilities for CCTV, video motion detection, virtual fencing, interoperability between radios and computers, external communication links, and central alarm management for all the sub-systems mentioned above.
For the purpose of clarity, several terms are specifically defined for use within the context of this application. The term “badging” is used in this application to refer to the procedure of producing a badge containing a user's credentials. The terms LAN, PAN, WAN, and MAN stand for Local-Area Network, Proximity-Area Network, Wide-Area Network, and Metro-Area Network, respectively.
Several aspects of a Smart Disaster Site-Management System (hereinafter SmartDSMS), and more generally, a Smart Site-Management System (hereinafter SmartSMS), are described below.
It is therefore the objective of the present invention to disclose a system for site-perimeter management, authorization, and accountability for emergency personnel.
It is further the objective of the present invention to disclose a system with on-site enrollment capabilities for biometric authentication and instant production of smart card credentials.
It is still further the objective of the present invention to disclose a self-contained wireless network, which tracks ingress and egress of credentialed personnel, operating at 900 MHz, at the frequency of the emergency agency's choice, or at frequencies of any other network backbone technology (licensed or non-licensed frequencies).
It is still further the objective of the present invention to disclose system featuring a zone authorization capability, which selectively allows or denies entrance to specified zones within the incident site.
It is still further the objective of the present invention to disclose a database-management system that contains, displays, and records various events regarding movement of credentialed personnel.
It is still further the objective of the present invention to disclose a system featuring a remote view of command-center transactions via network-connected clients (such as EOC staff, or Federal or State officials).
It is still further the objective of the present invention to disclose a rugged, weather-proof system platform that provides its own power and communications in “blackout” conditions.
It is still further the objective of the present invention to disclose a system featuring a uniquely-flexible repeater-based topology that overcomes physical and geographic barriers, which otherwise limit most wireless communication systems.
It is still further the objective of the present invention to disclose a SmartDSMS that combines wireless communications, authentication, badging, and database management for a best-of-breed accountability solution featuring: portable, contactless card and biometric readers; a modular system of tripod-mounted wireless antennas; a portable enrollment station; smart card badges; and a database-management system with real-time operations both on-line and off-line.
Therefore, according to the present invention, there is provided for the first time a system for monitoring and controlling access of an individual to a site perimeter, the system including: (a) an identification card for the individual, the identification card having: (i) at least one printed display credential of the individual; and (ii) a unique set of encoded credentials for identifying the individual exclusively; (b) a data interface mechanism for obtaining the unique set of encoded credentials from the identification card, the data interface mechanism configured to obtain at least one verification credential from the individual; (c) a host computer for storing a plurality of the unique set of encoded credentials in a database, the host computer configured to verify a match between at least one verification credential and at least one encoded credential of the unique set of encoded credentials; and (d) at least one base transmission mechanism for transmitting the unique set of encoded credentials from the data interface mechanism to the host computer and to at least one remote transmission mechanism, whereby the system is mobile, rugged, weather-resistant, and quickly-deployable.
Preferably, the identification card includes at least one item selected from the group consisting of a contact chip, a contactless chip, an RFID tag and a magnetic stripe.
Preferably, at least one printed display credential includes at least one item selected from the group consisting of: a barcode, a unique card serial number, a photograph, personal credentials, and a signature.
Preferably, the unique set of encoded credentials is encoded in at least one device selected from the group consisting of: a contact chip, a contactless chip, an RFID tag, a magnetic stripe, and a barcode.
Preferably, the unique set of encoded credentials includes at least one item selected from the group consisting of: a fingerprint biometric marker, hand-dimension biometric marker, a retinal biometric marker, a voiceprint biometric marker, a facial biometric marker, a unique card serial number, a photograph, personal credentials, a PIN, and a signature.
Preferably, the data interface mechanism includes at least one item selected from the group consisting of: a printer, an optical scanner, a magnetic stripe scanner, a magnetic stripe encoder, a barcode scanner, a biometric marker reader, a fingerprint scanner, an RFID tag reader, an RFID tag encoder, a display unit, an interface keypad, a microprocessor, a memory, a database, a communication interface, a buzzer, a fan, a power source, and indicator lights.
Preferably, the data interface mechanism is configured to verify a match between at least one verification credential and at least one encoded credential when the host computer is off-line.
Preferably, at least one verification credential is at least one item selected from the group consisting of: a fingerprint biometric marker, hand-dimension biometric marker, a retinal biometric marker, a voiceprint biometric marker, a facial biometric marker, a unique card serial number, a photograph, personal credentials, and a signature.
Preferably, the host computer is located remotely from the data interface mechanism.
Preferably, the host computer is configured to be accessed only by an authorized individual.
Preferably, the host computer is configured to authorize communicational access with the system to the individual only upon positive verification of the match between at least one verification credential and at least one encoded credential of the unique set of encoded credentials.
Preferably, the host computer is configured to maintain a record of transaction details of each the identification card that is read by the data interface mechanism.
Preferably, the host computer includes an alarm management system for monitoring alarms from at least one monitoring sub-system.
Most preferably, at least one monitoring sub-system is at least one system selected from the group consisting of: the data interface mechanism, a closed-circuit television (CCTV) system, a video motion-detection system, and a virtual fence system.
Preferably, the plurality of the unique set of encoded credentials is configured to be accessed only by an authorized individual.
Preferably, a copy of the database is located on the data interface mechanism, the copy periodically updated from the host computer when the host computer is on-line.
Most preferably, the copy is configured to periodically update the database on the host computer when the host computer is on-line.
Preferably, at least one encoded credential of the unique set of encoded credentials includes at least one item selected from the group consisting of: a fingerprint biometric marker, hand-dimension biometric marker, a retinal biometric marker, a voiceprint biometric marker, a facial biometric marker, a unique card serial number, a photograph, personal credentials, and a signature.
Preferably, at least one base transmission mechanism is configured to transmit at least one item selected from the group consisting of: a data transmission, a voice transmission, an audio transmission, and a video transmission.
Preferably, at least one base transmission mechanism is configured to operate using at least one selected from the group consisting of: telephone modem protocols, 802.11a LAN protocols, 802.11b LAN protocols, 802.11g LAN protocols, 802.15 PAN protocols, 802.16 WAN protocols, 802.16 MAN protocols, GPRS protocols, satellite protocols, cable protocols, two-way radio protocols, and direct cable protocols.
Preferably, at least one base transmission mechanism includes at least one external network transmission mechanism.
Most preferably, at least one external network transmission mechanism includes at least one device selected from the group consisting of: a network connection, a radio transceiver, and a computer.
Most preferably, the external network transmission mechanism is located remotely to at least one base transmission mechanism.
Preferably, at least one remote transmission mechanism is configured to operate using at least one selected from the group consisting of: telephone modem protocols, 802.11a LAN protocols, 802.11b LAN protocols, 802.11g LAN protocols, 802.15 PAN protocols, 802.16 WAN protocols, 802.16 MAN protocols, GPRS protocols, satellite protocols, cable protocols, two-way radio protocols, and direct cable protocols.
Preferably, at least one remote transmission mechanism includes at least one external network transmission mechanism.
Most preferably, at least one external network transmission mechanism includes at least one device selected from the group consisting of: a network connection, a two-ray radio transceiver, and a computer.
Most preferably, the external network transmission mechanism is located remotely to at least one remote transmission mechanism.
Preferably, the system also includes: (e) at least one power generation area for providing power to the host computer, and for recharging batteries and mobile devices.
Preferably, the system also includes: (e) at least one virtual fence system for detecting physical breeches of the site perimeter.
Preferably, the system also includes: (e) at least one virtual curtain system for detecting physical breeches of the site perimeter.
Preferably, the system also includes: (e) at least one virtual dome system for detecting physical breeches of the site perimeter.
Preferably, the system also includes: (e) at least one closed-circuit television (CCTV) system for detecting physical breeches and environmental conditions of the site perimeter.
Most preferably, at least one CCTV system includes a video motion-detection system.
Preferably, the system also includes: (e) at least one enrollment area for enrolling the individual into the database of the host computer and issuing the identification card, at least one enrollment area located remotely from the host computer, at least one enrollment area communicationally connected to at least one remote transmission mechanism.
These and further embodiments will be apparent from the detailed description and examples that follow.
The invention is herein described, by way of example only, with reference to the accompanying drawings, wherein:
The present invention relates to systems for SmartDSMS and SmartSMS. The principles and operation of a SmartDSMS and SmartSMS, according to the present invention, may be better understood with reference to the drawings and the accompanying description.
Referring now to the drawings,
Site management of a disaster site 22 is established and maintained by an inner perimeter 24, an intermediate perimeter 26, and an outer perimeter 28, which can be scaled to meet site needs by adding repeater stands 16. A restricted zone or communication-blocked area 30 can be circumvented by the addition of repeater stands 16. Additional security zones (not shown) may be established within outside perimeter 28 by adding more DynaGate stands 14. DynaGate stands 14 may be configured as either dedicated entrance or exit stations, or can be configured as both a combined entrance and exit station.
A site survey must be conducted prior to the installation of the system in order to define the various security perimeters (i.e. inner perimeter 24, intermediate perimeter 26, and outer perimeter 28) and thus, the location of the equipment. The survey should determine optimum placement of the SmartDSMS equipment from a security perspective, as well as network topology functionality.
The number of security perimeters and the number of entrances and/or exits will determine how many DynaGates Stands 14 need to be installed. The size and the topographical structure of disaster site 22, as well as obstacles within the security perimeters, will determine how many repeater stations 16 need to be installed to ensure connectivity of network backbone 10 at the locations required throughout disaster site 22. When conducting the site survey, obstacles (such as buildings, trees, fences, electrical wires, and hills) that could block the line-of-sight between the communication devices must be noted.
The stands (i.e. command center stand 12, DynaGate stands 14, and repeater stands 16) should be strategically placed while ensuring optimized line-of-sight between the communication devices in order to achieve reliable network communication between the stands and command center 18 where host computer 20 is located.
Once the installation locations are defined, marked, and registered, the equipment for command center 18, enrollment area 36, command center stand 12, DynaGate stands 14, and repeater stands 16 can be safely transported, unpacked, assembled, and powered at their designated locations.
The communication devices need to be positioned in such a way that BSR 52 on command center stand 12 or repeater stand 16 should always face SPR 60 on repeater stand 16 or DynaGate stand 14, since BSR 52 and SPR 60 are configured to operate directionally in order to reduce power consumption, extend range, and/or reduce reflection from objects. It is noted that, in preferred embodiments, omni-directional radios can be used as well.
It is noted that in preferred embodiments of the present invention, Smart card 96 contains a contact chip 97 and/or a contactless chip 98 (e.g. FIPS201 PIV-I/II compatible) to allow for multi-platform operability. Contact chip 97 and contactless chip 98 are electronic memory chips with or without CPU. Smart card 96 also contains multiple encoded regions 99 that can be read by a scanner on its surface (not shown) for retrieval of various data (e.g. “serial number” data, etc.). Among other things, encoded regions 99 can be barcodes, RFID tags, or magnetic stripes. Reader assembly 90 features the ability to write and read data to contact chip 97 and contactless chip 98, and scan encoded regions 99 of smart card 96. Smart card 96 serves as the individual's badge within the various perimeters, contains the individual's credential, and thus, limits the individual to only access areas and/or information which he has been authorized to access.
During enrollment, the individual must present valid authoritative identification to the operator (Block 104). The operator then does the following:
It is noted that at the initial stage of the enrollment process (Block 102), if the individual does not have his smart card 96, but was enrolled during a bulk enrollment period (Block 136), then the operator simply retrieves the individual's smart card from the bulk cards (Block 138). The operator then opens the individual's database record in enrollment computer 94 (Block 140), and continues with the enrollment process by capturing the serial number of the smart card (Block 120). Alternatively, if the individual has his smart card 96 upon arrival, the enrollment process terminates (Block 142). It is also noted that in preferred embodiments, the individual's credentials include a PIN (i.e. Personal Identification Number) which is chosen by the individual during the enrollment process (not shown).
During off-line authentication, when an individual places his smart card 96 in card placement area 78 of DynaGate suitcase 62 and DynaGate stand 14 is off-line, no communication occurs between host computer 20 and DynaGate stand 14. Authentication is performed as follows:
It is noted that in preferred embodiments of the present invention, “virtual fences” can be incorporated into the perimeter monitoring system, which can have their own communication link to network backbone 10, and can be self-powered. When these systems have their “fence” path interrupted, they automatically turn on video cameras which send data over IP to the command center. These components can utilize a laser-tracking system, for example. This feature adds the ability to track physical breeches of the perimeters in approximately 200 meter increments. Similarly, “virtual curtains” can be deployed with operating areas of approximately 200 meters by 5 meters. Finally, “virtual domes”, utilizing a rotating laser-tracking system (for example), can be deployed with operating volumes having a ground radius of approximately 200 meters and a dome height of 3 meters.
It is further noted that in preferred embodiments of the present invention, CCTV (closed-circuit television) systems can be incorporated into the perimeter monitoring system. This feature adds the ability to monitor physical breeches and environmental conditions of the perimeters. The CCTV system can be coupled with a video motion-detection system so as to allow it to work independently, and generate an alarm at the command center only when motion is detected in a predefined restricted zone. In this case, network backbone 10 will transmit the video signal as IP data to command center 18.
It is further noted that in preferred embodiments of the present invention, external networks, that can be allowed to access the system network, can be incorporated into the perimeter monitoring system, providing “airspace access management” (as defined above).
Client servers 185 convert voice and data transmissions to IP data, and vice versa. An interoperability bridge 186 communicationally connects one-to-many or many-to-many transceivers 184. A bridge computer 187 handles the routing of transmissions to and from external networks 182. It should be clarified that bridge 186 and transceivers 184 are located on each stand 180, according to preferred embodiments. It is noted that transceivers 184 can have messaging capabilities or can F be computers, in preferred embodiments. It is further noted that bridge 186 and transceivers 184 can be additionally mounted on suitable environmental landmarks (e.g. water towers, electrical towers, telephone poles, building rooftops, etc.), in preferred embodiments.
It is noted that in order for each external network 182 to communicate throughout the system, it is necessary for each stand 180 to have an additional transceiver for each external network 182. This enables extended network 188 to carry transmission from external networks 182 to various site perimeters (22, 24, 26, and 28). Extended network 188 is network backbone 10 with connectivity to external networks 182. Thus, agency coverages 190 are operative on-site with minimal activity required to configure the system. This also allows for inter-agency communications 192. As noted above, it is appreciated that agency coverages 190 can include voice and data communication.
It is noted that agency coverages 190 and inter-agency communications 192 are subject to the same authorization access protocols described above. Thus, the system provides “channeled access” (as defined above) to external networks 182, allowing agency personnel access only to the channels of the system that they have been authorized to access.
It is noted that the interoperability bridging described above can be performed in-band (i.e. a set of channels around a given transmission frequency), channel-to-channel, band-to-band in order to transmit data-to-voice and/or data-to-data. All transmissions (both data and voice) are converted to IP-based data streams, routed according to the protocol of client servers 185, and managed by several dispatch computers (not shown).
It is further noted that in preferred embodiments of the present invention, satellite network systems can be incorporated into the perimeter monitoring system, using a scheme similar to the one shown in
Finally, it is further noted that while the description above refers to a SmartDSMS, a similar system and protocol can be deployed for a general SmartSMS, where the utility of the system is not exclusively disaster site management.
While the invention has been described with respect to a limited number of embodiments, it will be appreciated that many variations, modifications, and other applications of the invention may be made.