Sicore II Operation Handbook

Sicore II
Sicore II Operation Handbook
Jan 18
Unrestricted
Issue 2
667/HB/52600/001
Contents
Contents
Contents
2
List of Figures
5
List of Tables
7
Change History
8
Health and Safety Protection
9
1.
Introduction
11
1.1.
Purpose
11
1.2.
Contact Us
11
1.3.
Document References
11
1.4.
Abbreviations
11
1.5.
Third Party Information
12
1.6.
Trademarks
13
1.7.
Static IP Address
13
1.8.
Secure Disposal Instructions
13
1.9.
Recycling and Disposal
14
2.
Security Recommendations
15
2.1.
Password Security
15
2.2.
VPN
15
2.3.
FTP
15
2.4.
NTP
15
3.
General
16
3.1.
Product Overview
16
3.1.1.
Image Sensors
16
3.1.2.
Flash
16
3.1.3.
External I/O
16
3.1.4.
Comms
16
3.1.5.
Security
17
3.1.6.
Time
17
3.2.
Basic Data Flow
17
3.2.1.
Image Capture
17
3.2.2.
Vision Processing
18
3.2.3.
Result Filtering
18
Sicore II Operation Handbook
667/HB/52600/001Issue 2
Unrestricted
2
Contents
3.2.4.
Result Creation
18
3.2.5.
Result Storage
18
4.
Web User Interface
19
4.1.
Connecting
19
4.2.
General
19
4.3.
Home Page
20
4.4.
Status and Configuration
20
4.5.
Terminal
21
4.6.
Site Log
22
4.7.
Fault Table
23
4.8.
System Log
23
4.9.
System Information, Reboot and Wipe
24
4.10.
Live View
26
4.10.1.
Region of Interest
26
4.10.2.
Baseline
27
4.10.3.
Field of View Calibration
28
5.
Product Functional Description
30
5.1.
Communications
30
5.1.1.
Basic Network Configuration
30
5.1.2.
4G/GPRS
31
5.1.3.
Open VPN
32
5.1.4.
Wi-Fi Hotspot
32
5.1.5.
Stratos
33
5.2.
Clocks, Date and Time
34
5.2.1.
System Time
34
5.2.2.
GPS
35
5.2.3.
NTP
36
5.2.4.
Secondary Time
39
5.3.
Licences
40
5.4.
Security
41
5.4.1.
Secure Web Server
41
5.4.2.
Certificate Management
41
5.4.3.
Key Sizes And Hash Functions
42
5.4.4.
Certificate Attributes
43
Sicore II Operation Handbook
667/HB/52600/001Issue 2
Unrestricted
3
Contents
5.5.
Language
43
5.6.
Web Interface
43
5.7.
Conditioning
44
5.8.
Configuration Import / Export
45
5.9.
Real Time View
46
5.10.
Inventory
47
5.11.
Health
48
5.12.
Firmware Upgrade
48
5.13.
Camera and Flash
49
5.14.
Vision
51
5.14.1.
Camera Calibration
51
5.14.2.
Region of Interest
53
5.14.3.
Visual Triggering
54
5.14.4.
External Triggering
54
5.15.
Fitness for Purpose
56
5.16.
Result Filtering
57
5.16.1.
Pass Filter
58
5.16.2.
Black/White List Filter
59
5.17.
Result Creation
59
5.18.
Testdeck
62
5.18.1.
Controls
62
5.18.2.
Local Capture
63
5.18.3.
Remote Capture
63
5.19.
Simple Uploader
63
5.20.
Remote File System
64
5.21.
Results Database
65
5.22.
Backup Battery
66
5.23.
Case Tamper
66
Sicore II Operation Handbook
667/HB/52600/001Issue 2
Unrestricted
4
Contents
List of Figures
Figure 1 – Third party software information available via web interface
13
Figure 2 – External Interfaces
16
Figure 3 – Main Data Flow
17
Figure 4 – Web Interface – Home Page
20
Figure 5 – Web Interface – Status and Configuration
21
Figure 6 – Web Interface – Terminal
21
Figure 7 – Web Interface – Site Log
22
Figure 8 – Web Interface – Fault Table
23
Figure 9 – Web Interface – System Log
24
Figure 10 – Web Interface – System
25
Figure 11 – Web Interface – Live View
26
Figure 12 – Web Interface – Live View - Calibration
28
Figure 12 – Web Interface – Basic Network Configuration
30
Figure 13 – Web Interface – 4G/GPRS
31
Figure 14 – Web Interface – Open VPN
32
Figure 15 – Web Interface – Wifi Hotspot
33
Figure 16 – Web Interface – Wifi Hotspot Status
33
Figure 18 – Web Interface – System Time
34
Figure 19 – Web Interface – System Time Zone
35
Figure 20 – Web Interface – GPS
36
Figure 21 – Web Interface – GPS Status
36
Figure 22 – Web Interface – NTP
37
Figure 23 – Web Interface – NTP Sensors
38
Figure 24 – Web Interface – NTP Monitor
38
Figure 17 – Web Interface – Secondary Time
39
Figure 25 – Web Interface – Licence System
41
Figure 26 – Web Interface – Security
41
Figure 27 – Web Interface – Certificate Manager
42
Figure 28 – Web Interface – Language
43
Figure 29 – Web Interface – Web Interface
44
Figure 30 – Web Interface – Conditioning
45
Figure 31 – Web Interface – Configuration Import/Export
46
Sicore II Operation Handbook
667/HB/52600/001Issue 2
Unrestricted
5
Contents
Figure 32 – Web Interface – Real Time View
47
Figure 33 – Web Interface – Inventory
48
Figure 34 – Web Interface – Health
48
Figure 35 – Web Interface – Firmware Upgrade
49
Figure 36 – Web Interface – Camera
50
Figure 37 – Web Interface – Flash
51
Figure 38 – Camera Calibration – Positive Skew
52
Figure 39 – Camera Calibration – Negative Skew
53
Figure 41 – Web Interface – ROI ID
53
Figure 42 – Web Interface – ROI Coordinates
54
Figure 43 – Web Interface – Visual Triggering
54
Figure 44 – Web Interface – External Triggering
56
Figure 45 – Web Interface – Fitness for Purpose
57
Figure 46 – Web Interface – Fitness for Purpose Run Control
57
Figure 47 – Web Interface – Result Filtering
57
Figure 48 – Web Interface – Result Creation Options
60
Figure 49 – Web Interface – Result Creation – Image Scaling
61
Figure 50 – Web Interface – Result Creation – Plate Hashing
61
Figure 51 – Web Interface – Result Creation – Encryption
62
Figure 52 – Web Interface – Testdeck
62
Figure 53 – Web Interface – Simple Uploader
64
Figure 54 – Web Interface – Remote File System
64
Figure 55 – Web Interface – Results Database
65
Figure 56 – Web Interface – Case Tamper Reset
66
Sicore II Operation Handbook
667/HB/52600/001Issue 2
Unrestricted
6
Contents
List of Tables
Table 1 – Change History
8
Table 2 – External Document References
11
Table 3 – Abbreviations
12
Table 4 – Optional Software Feature Licences
40
Table 5 – Fitness-For-Purpose Criteria
56
Table 6 – Result Filtering
58
Table 7 – Result Creation Options
60
Table 8 – Plate Hashing Substitutions
61
Sicore II Operation Handbook
667/HB/52600/001Issue 2
Unrestricted
7
Change History
Change History
Change History
Issue
Change Reference
Date
1
Formal Issue
Nov 2017
2
Added Security Recommendations (Section 2)
Jan 2018
Table 1 – Change History
Sicore II Operation Handbook
667/HB/52600/001Issue 2
Unrestricted
8
Health and Safety Protection
Health and Safety Protection
Safety IR IR Safety Warning
OPTICAL EMISSIONS OF THE SICORE II IR FLASH ARE IN EXCESS OF THE EXEMPT
GROUP, VIEWER-RELATED RISKS ARE DEPENDANT UPON HOW THE PRODUCT IS
INSTALLED AND USED
THIS PRODUCT IS CLASSIFIED AS RISK GROUP 1 AT A DISTANCE OF 298 mm
Safety of Installation and Maintenance Personnel
IT IS RECOMMENDED THAT DUE TO THE HAZARDS PRESENT WITHIN THE SICORE II CAMERA
THAT ALL POWER TO THE UNIT IS DISCONNECTED BEFORE WORKING ON THE UNIT. WHERE
A RISK ASSESSMENT AND METHOD STATEMENT FOR THE WORKS TO BE COMPLETED AND /
OR THE INSTRUCTIONS FOR THE OEM EQUIPMENT BEING INSTALLED OR REMOVED ALLOWS,
LIVE WORKING MAY BE CONSIDERED.
Safety of Maintenance Personnel
In the interests of health and safety, when using or servicing this equipment the following
instructions must be noted and adhered to:
Only skilled or instructed personnel with relevant technical knowledge and experience,
who are also familiar with the safety procedures required when dealing with modern
electrical/electronic equipment are to be allowed to use and/or work on the equipment.
All work shall be performed in accordance with the Electricity at Work Regulations 1989
or the relevant local, state and government regulations.
Such personnel must take heed of all relevant notes, cautions and warnings in this
Handbook and any other Document or Handbook associated with the equipment
including, but not restricted to, the following:
The equipment must be correctly connected to the specified incoming power supply.
The equipment must be disconnected / isolated from the incoming power supply before
removing any protective covers or working on any part from which the protective covers
have been removed.
Any power tools must be regularly inspected and tested.
Any ladders used must be inspected before use to ensure they are sound and not damaged.
Sicore II Operation Handbook
667/HB/52600/001Issue 2
Unrestricted
9
Health and Safety Protection
When using a ladder, before climbing it, ensure that it is erected properly and is not liable to
collapse or move. If using a ladder near a carriageway, ensure that the area is properly
coned and signed.
Any personnel working on site must wear the appropriate protective clothing, e.g. reflective
vests, etc.
The configuration process should only be carried out by persons who are adequately trained,
have a full understanding of the needs of the county or region were the unit is to be used
and are experienced in the tasks to be undertaken.
Safety of Road Users
It is important that all personnel are aware of the dangers to road users that could arise
during repair and maintenance of traffic control equipment.
Ensure that the working area is coned and signed as necessary to warn motorists and
pedestrians of any dangers and to help protect the personnel working on the site.
Safety Warning – Lithium Battery
This equipment contains a rechargeable Lithium Coin Cell.
This cell will last the lifetime of the equipment and is not designed to be changed.
Keep the unit between 0°C and 35°C for prolonged storage.
Sicore II Operation Handbook
667/HB/52600/001Issue 2
Unrestricted
10
Introduction
1. Introduction
1.1.
Purpose
This handbook gives details of the facilities available in the Sicore II ANPR Camera and
describes the procedures for the configuration and monitoring of the camera operation.
1.2.
Contact Us
If you have any comments on this handbook or need any further information our contact
details are as follows:
Service Operations Centre
contacteng.stc@siemens.com
+44 845 1930004
1.3.
Document References
External Document References
667/HB/56200/000
Sicore II Installation and Commissioning Handbook
667/HB/56200/002
Sicore II Interface Specification
Table 2 – External Document References
1.4.
Abbreviations
Abbreviations
AC
Alternating Current
ANPR
Automatic Number Plate Recognition
CA
Certificate Authority
CIFS
Common Internet File System
CPU
Central Processing Unit
DC
Direct Current
FOV
Field of View
DHCP
Dynamic Host Configuration Protocol
FTP
File Transfer Protocol
GPS
Global Positioning System
I/O
Input / Output
IR
Infrared
JPEG
Joint Photographic Experts Group
LED
Light Emitting Diode
mA
milliamps
ms
milliseconds
NTP
Network Time Protocol
Sicore II Operation Handbook
667/HB/52600/001Issue 2
Unrestricted
11
Introduction
OCR
Optical Character Recognition
OEM
Original Equipment Manufacturer
PPM
Parts Per Million
PPS
Pulse Per Second
PSU
Power Supply Unit
ROI
Region of Interest
SSD
Solid State Drive
TCXO
Temperature Compensated Crystal Oscillator
TLS
Transport Layer Security
VRM
Vehicle Registration Mark
Table 3 – Abbreviations
1.5.
Third Party Information
Embedded in this product are free software files that you may copy, distribute and/or modify
under the terms of their respective licences, such as the GNU General Public Licence, the GNU
Lesser General Public Licence, the modified BSD licence and the MIT licence. In the event of
conflicts between Siemens licence conditions and the Open Source Software licence
conditions, the Open Source Software conditions shall prevail with respect to the Open
Source Software portions of the software.
On written request within three years from the date of product purchase and against
payment of our expenses we will supply source code in line with the terms of the applicable
licence. For this, please contact us at:
Open Source Clearing
Product Development
Engineering Department
Siemens Olc
Sopers Lane
Poole
Dorset
BH17 7ER
UK
Generally, these embedded free software files are distributed in the hope that they will be
useful, but WITHOUT ANY WARRANTY, without even implied warranty such as for
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE, and without liability for any
Siemens entity other than as explicitly documented in your purchase contract.
All open source software components used within the product are listed on the device web
page.
Sicore II Operation Handbook
667/HB/52600/001Issue 2
Unrestricted
12
Introduction
Figure 1 – Third party software information available via web interface
1.6.
Trademarks
The following terms used in this document are trademarks of their respective owners:
·
Linux is the registered trademark of Linus Torvalds in the U.S. and other countries.
·
JavaScript is a registered trademark of Oracle Corporation.
·
Windows is a registered trademark of Microsoft Corporation.
1.7.
Static IP Address
When delivered from the Factory the camera will be supplied with a static IP address on the
Ethernet connection of:
HTTPS://192.168.10.20
Connect to this address using a standard Web Browser (Firefox recommended) from a PC
configured on the same subnet address
1.8.
Secure Disposal Instructions
Sicore II stores images and information that in many countries would be classed as personal
data under the relevant data protection legislation, therefore it is important to decommission
and/or dispose of this device carefully, removing all data and settings on the device prior to
its disposal. The removal of such data is your responsibility as part of the disposal process
and therefore, as a minimum, the following steps should be followed:
·
Delete all data in the results database (see section 5.21 on how to achieve this). This
will ensure no images or data such as plate reads, classification, speeds etc remain
stored on the camera on the internal SSD.
·
Wipe the system configuration (see section 4.9 on how to achieve this). This will
ensure that all configuration such as security certificates, passwords and settings are
returned to the factory defaults.
Sicore II Operation Handbook
667/HB/52600/001Issue 2
Unrestricted
13
Introduction
Whether or not the above steps are followed, if any personal data remains on any Sicore II
units following their disposal, Siemens shall not be liable to compensate you or any third
parties for any loss or damage resulting from the continued existence, use or dissemination
of such data, and you shall indemnify Siemens against any such claims it may receive directly
from third parties.
1.9.
Recycling and Disposal
In compliance with the European directive 2002/96/EC on waste electrical and
electronic equipment (WEEE), the appliance must not be disposed of with
household waste, but taken to an authorised waste separation and recycling
centre. Batteries need to be handled appropriately and disposed of correctly
Battery Directive 2006/66/EC
The Sicore II Camera is fitted with a small rechargeable lithium coin cell for backup purposes.
The battery is to be recycled in an appropriate manner.
Sicore II Operation Handbook
667/HB/52600/001Issue 2
Unrestricted
14
Introduction
2. Security Recommendations
2.1.
Password Security
Siemens strongly advises changing the username and password on installation (see Section
Error! Reference source not found.). Ideally the password should be unique for each site
and should have a management process defined that contains:
·
A process for creating secure passwords
·
A method for authorised users to gain access to password
·
A requirement that passwords are changed at regular intervals.
The preferred alternative to passwords is to use Soft PKI Certificates.
2.2.
VPN
Where the VPN is provided by on-site communications equipment (ADSL, 4G) instead of
Sicore II, care should be taken to secure access to and from the communications equipment
by unauthorised personnel. This includes, but is not limited to, firewalls at the upstream
communications equipment and physical security.
An industry-standard security risk assessment should also be performed to assess any risks
introduced by the communications equipment.
2.3.
FTP
The use of FTP (File Transfer Protocol) is not advised without additional security precautions
as it does not provide any protection from the following attacks:
·
Man-in-the-middle – a compromised device can intercept the FTP file transfers and
capture confidential/personal information, for example images and Vehicle
Registration Marks. This information can be considered personal in some countries
and therefore covered by the GDPR/Other regulations.
·
Password snooping – the password for access to the FTP server is sent unencrypted,
this means that an attacker monitoring the network can capture usernames and
passwords that would allow them to bypass security on the server. This would also
allow an attacker to inject fake data.
·
Passwords may become uncontrolled – care should be taken during installation to
make sure that the passwords are transferred in a secure manner. Failure to do so
may lead to leaking the passwords - allowing attackers access to the FTP server.
2.4.
NTP
The Network Time Protocol does not provide any authentication. This means that an attacker
can fake the NTP messages and cause an NTP client to use the incorrect time. It is advised
that if NTP is to be used, multiple NTP servers should be set up and, where possible, Trusted
Time should also be used.
Sicore II Operation Handbook
667/HB/52600/001Issue 2
Unrestricted
15
Error! Reference source not found.
3. General
Sicore II is a traffic monitoring and enforcement camera with embedded ANPR functionality,
designed on a modular platform that is scalable to meet the demanding requirements of
today’s ANPR market.
3.1.
Product Overview
Figure 2 – External Interfaces
Sicore II uses an industrial quad core processor giving superior performance and the
capability to continue to expand to meet future requirements. A separate dedicated Sync
CPU handles all the real time aspects of the camera including camera exposure, flash and all
external I/O. The Sync CPU delivers the accuracy, precision and control needed for the vision
engine to deliver the desired results.
3.1.1. Image Sensors
Sicore II uses two full HD camera sensors, both for ANPR and Overview cameras. The sensors
are specifically designed for the traffic environment give superb results day and night. High
dynamic range results in very little noise within the images giving a crisp, clear evidential
image even in low light situations An example is shown on the right, taken late at night with
no additional lighting (just ordinary LED street lighting).
3.1.2. Flash
With the HD sensors, another benefit is the huge coverage of the road, allowing up to three
lanes of traffic to be covered from one camera. The flash has also been designed to support
this with super bright OSRAM 850nm LEDs that give a perfect crisp image of the plate across
the entire field of view.
3.1.3. External I/O
With multiple I/O options, such as 4 digital optically isolated inputs & outputs, RS422/485 etc,
Sicore II can connect to a wide variety of additional roadside equipment.
3.1.4. Comms
By default all Sicore II units include a wired Ethernet as part of the main cable (compatible
with the previous version of Sicore). Additional options include an embedded 3G/4G modem
Sicore II Operation Handbook
667/HB/52600/001Issue 2
Unrestricted
16
Error! Reference source not found.
with easy to access SIM on the back panel, as well as a WiFi hotspot for wireless
commissioning without any physical access to the camera or network.
3.1.5. Security
Sicore II offers many layers of security based on the latest thinking in secure solutions used
within the finance world. A certificate manager handles the certificates for each part of the
external interface to the camera, ensuring that only known clients can connect and access
the data held.
An embedded OpenVPN solution, allows a secure connection to the camera either via 3G/4G
or wired Ethernet.
3.1.6. Time
Many ANPR applications require precise time to be recorded. Sicore II includes multiple
methods for maintaining and accurate or known time:
3.1.6.1.
NTP
The default time mechanism is NTP which can either connect to a remote network time
server, or to another source like GPS. The options in this area are covered in section 5.2.3.
3.1.6.2.
GPS
Every camera has a GPS inside. This enables the GPS time to be the source of the primary
time.
3.1.6.3.
Secondary Time
In addition to the primary time source (NTP/GPS), Sicore II has a thermally protected time
source known as the secondary clock. This free running time source can be synchronized to
the primary time and then the two clocks are checked for time drift. This allows high
precision to be ensured even between multiple cameras.
See section 5.2 for more details on the time sources in Sicore II.
3.2.
Basic Data Flow
Figure 3 – Main Data Flow
3.2.1. Image Capture
Sicore II can capture images from up to two physical cameras: a mono camera with daylight
cut filter for IR ANPR and a similar mono or colour camera for overview. The camera controls
an inbuilt on-axis IR flash and can also trigger external flashes as required. The timings for the
camera and IR flash synchronisation and offset are fully configurable within the camera.
Sicore II Operation Handbook
667/HB/52600/001Issue 2
Unrestricted
17
Error! Reference source not found.
3.2.2. Vision Processing
The vision engine takes the image stream and tracks vehicles through the area defined as a
region of interest. With the cameras running at 25fps, the vehicle will be captured many
times and each time the vision engine enhances its understanding about the speed and
direction of travel of the vehicle.
Using details about the installation geometry, the camera interprets the 2D image into a 3D
model of the world and therefore produces an accurate track of the vehicle for further video
analytics. Once the vehicle leaves the region of interest, the vision engine selects candidates
as close as possible to the base line.
Thanks to the accuracy of the vision engine and mapping the 2D view to the 3D real world
view, Sicore II can calculate the speed of vehicles that pass the camera (subject to an optional
licence).
The vision processing module can be configured to operate in visual trigger mode, external
trigger mode or a combination of both.
3.2.3. Result Filtering
Results generated through vision processing can be filtered through various configurable
filters. This allows the results to be filtered in the camera prior to being available to the client
system. See section 5.16 for configuration information.
3.2.4. Result Creation
The camera provides several options for result creation. Each result contains summary data
and one or many data items such as evidence images, XML file or ZIP file containing all data
items. See section 5.17 for configuration information.
3.2.5. Result Storage
The camera contains a non-volatile database in which the results are stored. Results can be
‘pushed’ to a remote file server (e.g. Network Attached Storage) using the built-in Simple
Uploader application (see 5.19), or ‘pulled’ by an Instation application designed to interface
to the database. The document Sicore II Interface Description 667/56000/002 describes in
detail the structure of the database and how to retrieve results from it.
Sicore II Operation Handbook
667/HB/52600/001Issue 2
Unrestricted
18
Web User Interface
4. Web User Interface
4.1.
Connecting
Initial connection to the camera is via Ethernet. Sicore II is delivered with the static IP address
192.168.10.20. With the camera connected to a computer on the network 192.168.10, a
browser can be used to access the camera’s web interface using the URL:
https://192.168.10.20.
Initially, it may be necessary to confirm manually that the browser should allow the camera’s
unrecognized certificate. See section 5.4.1 for information on configuring the secure web
server.
The default username and password for the web interface are “pme” and “249” respectively.
Once an Ethernet connection is established, Sicore II can be configured to communicate over
a VPN connection, and WiFi or 3G/4G, if the appropriate hardware options are installed.
See section 5.1 for more information on configuring communications.
4.2.
General
Help - all configurable items have a question mark that can be used to display help
information about the item.
Saving changes – changes to configurable items do not take effect until the Save button is
pressed on the page on which they were made.
Restoring saved values – to revert any unsaved changes made to configurable items, either
press the Restore button on the page or navigate away from the page and back again.
Restoring default values – each configurable item can be restored to its default value by
clicking the corresponding checkbox followed by the Save button on the same page.
Sicore II Operation Handbook
667/HB/52600/001Issue 2
Unrestricted
19
Web User Interface
4.3.
Home Page
The web user interface of the camera provides the ability to configure and monitor the
camera operation through a series of pages accessed through the in the menu at the top of
the page.
Figure 4 – Web Interface – Home Page
4.4.
Status and Configuration
The [Status and Configuration] item shows a menu tree down the left hand side of the page.
This menu structure makes available the most commonly used configuration and status items
available in the camera.
All configurable values have defaults which can be restored by selecting the appropriate
Default checkboxes and saving the changes.
Sicore II Operation Handbook
667/HB/52600/001Issue 2
Unrestricted
20
Web User Interface
Figure 5 – Web Interface – Status and Configuration
4.5.
Terminal
The terminal menu item opens up a separate web browser window to the camera’s command
line interface. The command line interface can sometimes give access to more detailed
diagnostic information. Running the command “help” lists the available commands. Running
the command “help <command>” lists more detailed help for the command specified.
Figure 6 – Web Interface – Terminal
Sicore II Operation Handbook
667/HB/52600/001Issue 2
Unrestricted
21
Web User Interface
4.6.
Site Log
The site log can be used to attach notes or files to the device. This could be, for example, the
site installation drawing or router configuration.
Figure 7 – Web Interface – Site Log
Attachments can be downloaded by clicking on the names in the table. They can also be
deleted to recover storage space by clicking the corresponding Delete button.
Sicore II Operation Handbook
667/HB/52600/001Issue 2
Unrestricted
22
Web User Interface
4.7.
Fault Table
The fault table shows the current list of faults and notifications within the device. It is
possible to view the history of the faults and notifications by pressing the respective buttons.
Some faults can provide additional information by clicking on the [?] that appears at the end
of the fault table. Some faults can be cleared by using the [Request Reset] button.
Figure 8 – Web Interface – Fault Table
4.8.
System Log
The System Log contains diagnostic messages logged by the camera’s software modules that
can be viewed on the web page or exported as a text file for offline analysis. Entries in the
system log can be ordered, filtered and coloured to make viewing of the log easier.
Sicore II Operation Handbook
667/HB/52600/001Issue 2
Unrestricted
23
Web User Interface
Figure 9 – Web Interface – System Log
4.9.
System Information, Reboot and Wipe
The system page displays the top level and detailed level software components and versions
within the main software system. The camera always operates on a base level of running
software; some of the software components are however optional to run. These are known
as applications and these can be started and stopped from this webpage. An example of this
is the Simple Uploader application, which can be used to upload results to an FTP or CIFS
server.
This page also supports export of a site information zip file containing the current status of
the device including configuration, faults, inventory, licences, site log and status.
At the bottom of the page there are buttons to trigger a system reboot and a system wipe.
The system wipe should not be performed remotely because it will revert the camera to
factory default settings, including all network settings.
Sicore II Operation Handbook
667/HB/52600/001Issue 2
Unrestricted
24
Web User Interface
Figure 10 – Web Interface – System
Sicore II Operation Handbook
667/HB/52600/001Issue 2
Unrestricted
25
Web User Interface
4.10. Live View
The Live View provides several monitoring and visual configuration options:
·
Live display of ANPR or overview camera video with brightness control
·
Grid overlay
·
Summary status
·
Live feed of ANPR results including plate patch
·
Visual configuration of the Region of Interest (ROI)
·
Visual configuration of the Baseline
·
Field of View Calibration (depending on software version)
Figure 11 – Web Interface – Live View
4.10.1.
Region of Interest
The camera supports the configuration of up to four regions of interest. ROIs are used to
define and label areas of the camera’s field of view. This could be useful for the following:
·
Remove areas that are not of interest
·
Define lanes or restricted zones
The ROIs are labelled with a numeric ID which must be greater than zero. Setting a ROI to
have an ID of zero disables the ROI. The ROI ID becomes part of the result data for each
vehicle captured within the ROI.
When the ROI check box is enabled, all configured ROIs with IDs greater than zero are
overlaid onto the live video. In addition, the ROI configuration controls become visible
directly below.
To configure a ROI perform the following sequence:
·
Enable the ROI configuration options using the [ROI] checkbox
·
Select the ROI to configure (ROI 1-4) using the drop-down box on the left hand side
·
Press the [Reset] button
Sicore II Operation Handbook
667/HB/52600/001Issue 2
Unrestricted
26
Web User Interface
·
Click the four corners of the required ROI on the live video, the ROI will be drawn as
the points are clicked
·
Define a numeric ID greater than zero in the text box on the left
·
Click [Save]
The buttons [Reset All] and [Save All] can be used to configure multiple ROIs in this way.
Buttons [Default] and [Default All] can be used to reset the ROI coordinates to their default
values. Note this does not reset the ROI IDs.
4.10.2.
Baseline
The camera baseline is a virtual line which normally passes from horizontal left to right
through the vertical centre of the camera’s image. In a typical installation, this would also
normally correspond directly to a virtual line on the road surface lying perpendicular to the
main flow of traffic. The overlaying of these two lines would normally be achieved through
installation and more specifically the camera alignment process.
During normal operation, a VRM is detected multiple times as it travels through the camera’s
field of view. To create one result for each vehicle, the camera tracks the VRM and combined
within various other visual and timing constraints it has a preference for creating results
where the VRM was captured closest to the baseline.
When the camera calibration is configured, the camera can also estimate the real world
shortest horizontal distance from the VRM to the baseline and include this in the ANPR result
(subject to an additional licence). This measurement, which is known as baseline position can
be positive, negative or zero depending on the position of the detected VRM. VRMs captured
above the line are positive and VRMs captured below the line are negative.
Typically the camera’s lens options, installation geometry and alignment should mean that
the default configuration for the baseline (centre left to right) is suitable. If this is not the
case, then the baseline can be configured in the camera by specifying two points on the
baseline in the camera’s live view. The baseline is then assumed to pass through these two
points and extent to the extremes of the field of view.
The baseline is configured as follows:
·
Select [ANPR Camera] as the source of the live view.
·
Enable the Baseline configuration options using the [Baseline] checkbox on the Live
View.
·
Press the [Reset] button
·
Click on baseline point 1 (left)
·
Click on baseline point 2 (right)
·
Check the baseline drawn on the screen
·
Click [Save]
The baseline can be reset to default by clicking on the [Default] button.
Sicore II Operation Handbook
667/HB/52600/001Issue 2
Unrestricted
27
Web User Interface
To assist with the selection of the two baseline points, IR markers could be placed in safe
locations in the field of view so that they are visible when looking at the live view.
4.10.3.
Field of View Calibration
Note: this feature is only available in Sicore II software 667/TZ/48082/000 version 2.02 and
later.
The vision engine in the camera is capable of highly accurate position and speed of vehicles
passing the camera, to do so it needs to know real world information about its installation
geometry. This is explained further in section 5.14.1.
The ANPR Live View includes a feature to allow the installation geometry to be calculated
using a grid of nine known points in image. This could be performed by placing nine
reflective pucks in a grid formation in the field of view.
The larger the distance between the pucks the more accurate the calibration will be. A
minimum distance between each puck would be 1m. Care should be taken to plate the pucks
over a representative section of the road taking into account and road camber, incline etc.
Figure 12 – Web Interface – Live View - Calibration
The calibration is configured as follows:
·
Select [ANPR Camera] as the source of the live view.
·
Show the Calibration tools using the [Calibration] checkbox on the Live View.
·
Click [Enable] to turn on the visual calibration method.
·
Enter the distance between each puck [Size (m)].
·
Press the [Reset] button
·
Click on each reflective pucks in the following order:
Sicore II Operation Handbook
667/HB/52600/001Issue 2
Unrestricted
28
Web User Interface
·
Click the [Save] button
·
The calibration points will be processed and the screen updated when complete. Blue
circles will be draw over the clicked areas, and the calculated Skew, Distance and
Height will be shown. These should be checked against expected values.
·
The Mean Error is also shown in meters. This indicates the average error for puck
position or where the screen has been clicked. It is important that this is as low as
possible (suggested < 0.5m).
Note: when visual calibration is enabled (in the toolbar) then any values entered directly in
the camera calibration (e.g. FOVCX,Y,Z etc) are ignored.
Sicore II Operation Handbook
667/HB/52600/001Issue 2
Unrestricted
29
Product Functional Description
5. Product Functional Description
5.1.
Communications
5.1.1. Basic Network Configuration
This page allows basic local network settings to be configured, along with site information
and NTP (network peer only).
Figure 13 – Web Interface – Basic Network Configuration
The Ethernet IP Mode can be set to DHCP or Manual. In DHCP mode, the camera is assigned
an IP address and other relevant network settings by a DHCP server on the local network, and
all other Ethernet-related settings on this page are not used. In Manual mode, the camera
must be assigned an IP address, and other settings should reflect the setup of the local
network.
The site name and location are text fields that can be used to identify the camera.
The Outstation Support Server (OSS) is a Siemens application that can be run on an instation
host to permit periodic backups of the camera’s configuration and site information, and to
perform firmware upgrades ‘pushed’ from the instation.
The DNS Nameserver can be configured if one is available on the network.
The NTP settings duplicate those on the System/Settings/System Date & Time/NTP page. See
section 5.2.3.
Sicore II Operation Handbook
667/HB/52600/001Issue 2
Unrestricted
30
Product Functional Description
5.1.2. 4G/GPRS
This page provides configuration options for the optional in-camera modem.
The modem’s connection status can be viewed on the Status/Modem page.
Figure 14 – Web Interface – 4G/GPRS
The username, password and APN entered should match those associated with the SIM card
fitted to the camera’s rear panel. All other settings should be as shown above.
The site name/location and OSS settings duplicate the ones on the DSL/Fibre page (see
section 5.1.1).
NOTE - The SIM must have its PIN removed before using in the camera, this can be
achieved in most laptop based modems or on a mobile phone
Sicore II Operation Handbook
667/HB/52600/001Issue 2
Unrestricted
31
Product Functional Description
5.1.3. Open VPN
This page provides the configuration options for connecting to an instation via OpenVPN. The
connection is secured via the OpenVPN service in the Certificate Manager (see 5.4). In
addition, the OpenVPN server’s CA certificate should be uploaded through this page to allow
the camera to authenticate the server.
Figure 15 – Web Interface – Open VPN
5.1.4. Wi-Fi Hotspot
Note that Wi-Fi features are not available if the optional factory-fitted hardware module is not
installed in the camera.
Safety of Wi-Fi Hotspot Security
The Wi-Fi Hotspot is disabled by default. If Wi-Fi is then enabled, it starts in WPA2-PSK
(Pre-Shared Key) mode. Operation in this mode is only acceptable for short durations
for example during configuration in the depot or installation and commissioning onsite.
For sustained use, WPA2 EAP-TLS should be used instead of WPA2-PSK. This is because
long-term exposure on-street could lead to leakage of the Shared Key.
WPA2 EAP-TLS can be setup using this devices Certificate Manager and a certificate
and key management tool (for example XCA) to generate a set of certificates and
private keys for Wi-Fi clients to use (see 5.4).
Sicore II Operation Handbook
667/HB/52600/001Issue 2
Unrestricted
32
Product Functional Description
Sicore II has a built-in Wi-Fi Hotspot/Access Point, allowing local on-site connection for
configuration and/or diagnostics. The SSID can be configured and the Hotspot enabled or
disabled on this page.
Figure 16 – Web Interface – Wifi Hotspot
If operating in WPA2-PSK mode, then the Pre-shared Key is shown on the WiFi status page
along with the number of connected stations and key management mode.
Figure 17 – Web Interface – Wifi Hotspot Status
5.1.5. Stratos
Connectivity with the Siemens Stratos Instation is reserved for future use.
Sicore II Operation Handbook
667/HB/52600/001Issue 2
Unrestricted
33
Product Functional Description
5.2.
Clocks, Date and Time
The Camera has two main clock systems - a primary clock system and a secondary clock
system. The purpose of the two clock systems is to provide additional time integrity checking
within the camera for systems that require it. ANPR record creation is timestamped with both
the primary and secondary timestamps expressed in UTC time, with microsecond resolution.
The primary time is the camera’s main OS system time. This time can be configured to be
synchronised to either a network NTP source or a GPS sensor NTP source.
The secondary time is syncrhonised to the primary time and is used by the real time aspects
of the camera (exposure, flash, IO etc).
5.2.1. System Time
The system time and time zone can be set via the camera web interface. It is also possible to
upload updated time zone data if required.
Figure 18 – Web Interface – System Time
Sicore II Operation Handbook
667/HB/52600/001Issue 2
Unrestricted
34
Product Functional Description
Figure 19 – Web Interface – System Time Zone
5.2.2. GPS
The camera has a built-in GPS module that can be used to maintain the system time.
GPS can be enabled via the camera web interface [Enable GPS]. If the GPS is not required in
an installation, e.g. if the camera is inside a tunnel with no clear view of the sky, then the
GPS should disabled. This will prevent unnecessary faults from being reported.
The GPS module supports the use of the GPS PPS signal for highly accurate time [Use PPS].
The system can also update its internal site location data if the [Use GPS Position] option is
selected.
When the option to [Require Valid Leap Seconds] is selected, the GPS module will wait for
leap seconds to be received from the satellite before providing a valid GPS time to the rest of
the system.
Sicore II Operation Handbook
667/HB/52600/001Issue 2
Unrestricted
35
Product Functional Description
Figure 20 – Web Interface – GPS
Enable GPS – enables the GPS device for use as an NTP sensor. Note that the GPS sensor also
needs be selected on the NTP configuration page.
Use PPS – improves the accuracy of the time derived from the GPS sensor. This should always
be enabled for Sicore II.
Use GPS Position – provides the longitude and latitude information from the GPS to the
camera’s Site Log.
Require Valid Leap Seconds – if enabled, the GPS sensor will not be considered to be
available until up-to-date leap seconds information has been received. This can contribute to
the fit-for-purpose state of the camera (see 5.15).
The web interface also provides GPS status information, which can be useful in diagnosing
GPS issues.
Figure 21 – Web Interface – GPS Status
5.2.3. NTP
The NTP module within the camera can be configured with either a network time source or a
GPS sensor time source, depending on the requirements of the system. The module also
allows the option of a coarse time check with a TLS date server prior to an NTP jump time.
To configure the NTP module in network time mode:
·
Select [Enable NTP]
·
Select [Enable NTP Peer]
Sicore II Operation Handbook
667/HB/52600/001Issue 2
Unrestricted
36
Product Functional Description
·
Enter the NTP server IP address [Peer address]
·
Click [Save]
To configure the NTP module with the GPS sensor time source
·
Select [Enable NTP]
·
Unselect [Enable NTP Peer]
·
Click [Save]
·
In the [Sensors] sub menu, add a GPS sensor as shown below
·
Click [Save]
Figure 22 – Web Interface – NTP
Enable NTP – enables NTP to modify the time based on a configured peer or sensors.
Enable NTP Peer – enables the use of an NTP server as the time reference.
Peer Address – the name or IP address of the NTP server
Enable NTP Jump Time – allows NTP to make large adjustments to the time.
TLS Date Server – the URL for a server that can provide an approximate time over a secure
connection.
Enable NTP Trusted Jump – requires NTP to check that the size of a jump is consistent with
the time received from the TLS Date Server.
NOTE: Use of NTP may introduce security vulnerabilities – see Section Error!
Reference source not found.
Sicore II Operation Handbook
667/HB/52600/001Issue 2
Unrestricted
37
Product Functional Description
Figure 23 – Web Interface – NTP Sensors
The NTP module also provides synchronisation and accuracy monitoring. When there is an
NTP monitoring error, a system fault is generated, which may be configured to affect the
camera’s overall fitness-for-purpose state.
Figure 24 – Web Interface – NTP Monitor
Enable accuracy monitor – enables the monitor.
Maximum allowed accuracy – the maximum allowed offset in ms between the camera and
the NTP time source (peer or sensors).
Maximum time since last accuracy measurement – the maximum allowed time since the
accuracy was measured successfully.
Require synchronised state – if this is enabled, a system fault is generated if the NTP is not
in a synchronised state.
Sicore II Operation Handbook
667/HB/52600/001Issue 2
Unrestricted
38
Product Functional Description
5.2.4. Secondary Time
The secondary time is an independent clock/time source created from a Temperature
Compensated Crystal Oscillator (TCXO). If GPS is available in the camera, then the TCXO PPM
accuracy offset is automatically further compensated for by calibrating against the GPS PPS
signal.
Primary and secondary clocks can be synchronized together at a configurable time of the day
or period. The camera can also be configured with a maximum primary to secondary time
offset. This can then be used to discard results for which the difference between primary and
secondary time exceeds the limit.
The secondary clock is autonomous, therefore the only configuration available is when or
how often it is synchronised with the primary clock.
Even if an application does not specifically require both primary & secondary time stamps in
the capture data, it is still important that the two time sources are synchronised as the real
time aspects of the camera (camera/flash exposure, IO etc) use the secondary time for their
time source.
Figure 25 – Web Interface – Secondary Time
Sicore II Operation Handbook
667/HB/52600/001Issue 2
Unrestricted
39
Product Functional Description
5.3.
Licences
Licences for optional software features are available to order with the product.
Licences are loaded into Sicore II during manufacture and cannot be
changed later without returning the camera to Siemens.
The licensing system is separated into two parts:
·
A licensed module is a module of software that requires a valid licence to enable the
feature of that module.
·
Licence facilities are collections of module licences that can be added to the product.
One licence facility can contain several module licences.
The licences are organised in this way so that the product ordering process is simplified. The
licence facilities are designed such that only a small number of licence facilities are required
for most applications; however, this small number of licence facilities may enable a large
number of licensed modules.
The current list of licence facilities and modules supported by the product and their mapping
is shown in the table below.
Licenced Module
Licence Facilities
Name
Description
General
ANPR
ANPR OCR Engine
Speed
Vehicle speed estimation
inclusion in result output
and
ü
Baseline
Position
Baseline position calculation and
inclusion in result output
ü
PKCS7
Encryption
PKCS7 Encryption of result bulk
data including images
ü
Enforcement
ü
Table 4 – Optional Software Feature Licences
The facilities and their state (inactive or active) can be viewed via the product web interface.
Sicore II Operation Handbook
667/HB/52600/001Issue 2
Unrestricted
40
Product Functional Description
Figure 26 – Web Interface – Licence System
5.4.
Security
Sicore II uses X.509 certificates for both authentication and encryption. Facilities built into
the camera can be used to manage the keys and certificates for the following services:
·
HTTP Server - browser, WebSocket and XML-RPC
·
Wi-Fi Access Point - local client connection e.g. tablet or laptop
·
VPN - secure connection between camera and infrastructure
·
Database Signing – used for signing results
A full description of the principles behind the Public Key Infrastructure (PKI) required to use
these services is beyond the scope of this document. However, the following sections
describe how to use Sicore II to create the essential elements.
Administering a PKI requires the use of one or more external tools that allow Certificate
Authorities (CAs) to respond to Certificate Signing Requests (CSRs) and generate device or
service certificates with the necessary usage attributes and lifetimes. One such tool is XCA
(see http://xca.sourceforge.net/ for more information and tutorials).
5.4.1. Secure Web Server
In order for the camera to authenticate HTTPS clients, the clients’ Certificate Authority (CA)
certificate is installed and enabled through the System/Settings/Security page:
Figure 27 – Web Interface – Security
5.4.2. Certificate Management
All other security-related configuration is brought together in the Certificate Manager, a tool
that supports the management of the following components of a PKI:
·
Private Key
·
Certificate Signing Request (CSR)
·
Device and CA Certificates
Sicore II Operation Handbook
667/HB/52600/001Issue 2
Unrestricted
41
Product Functional Description
·
PKCS#12 files
Figure 28 – Web Interface – Certificate Manager
With the exception of the Machine service, the sequence of operations required to complete
the configuration of each service is as follows:
·
Generate private key in the Certificate Manager
·
Generate a CSR in the Certificate Manager
·
Import the CSR into the external certificate and key management tool used for the PKI
(e.g. XCA).
·
Sign the CSR with the appropriate CA certificate
·
Export the signed certificate and the signing CA certificate from the tool as PEMformatted ‘.crt’ files.
·
Import the signed certificate and the CA certificate into Sicore II using the Certificate
Manager.
An alternative is to import a pre-created private key and certificate stored in a PKCS#12 file.
Note that this is not recommended as it requires the transportation of a private key,
increasing the risk that it is leaked and compromising the security of the system.
The Machine service’s private key and certificate are built into Sicore II and cannot be recreated or deleted. The only operation that can be used for Machine is Export Certificate.
5.4.3. Key Sizes And Hash Functions
When creating keys and/or signing certificates outside of the camera, the choice of key
length and hash function depends on their intended lifetimes. For lifetimes greater than five
Sicore II Operation Handbook
667/HB/52600/001Issue 2
Unrestricted
42
Product Functional Description
years, keys should be at least RSA/4096 bit, and the certificate hash function should be SHA512. For shorter lifetimes, RSA/2048 bit and SHA-256 are acceptable.
Private keys created on the camera by the Certificate Manager are RSA/4096 bit and SHA-512
is used when creating CSRs where appropriate.
5.4.4. Certificate Attributes
The certificate lifetimes should be determined by the security policies of the project in which
Sicore II is installed.
The certificates require usage attributes to be set during the creation and signing process.
The values used depend on the service for which the certificate is being created:
Service
Key Usage
HTTP Server
Digital Signature
Key Encipherment
TLS Web Server Authentication
WiFi AP
Digital Signature
Key Encipherment
TLS Web Server Authentication
Open VPN
Digital Signature
Key Encipherment
TLS Web Client Authentication
Database Signing Digital Signature
5.5.
Language
It is possible to upload different language packs. Please contact Siemens for available
language packs (see section 1.2 for contact information).
Figure 29 – Web Interface – Language
5.6.
Web Interface
The Web Interface page allows some aspects of the interface to be modified.
Sicore II Operation Handbook
667/HB/52600/001Issue 2
Unrestricted
43
Product Functional Description
Figure 30 – Web Interface – Web Interface
Enable High Visibility - makes the 'Hi-vis' checkbox visible at the top of the page which,
when checked, may be used to improve the visibility of the web interface on some devices in
adverse lighting conditions.
High Visibility CSS - a custom CSS file may be uploaded to change the appearance of web
interface elements to improve visibility.
User Text - if enabled, a user-defined string can be added to the home page.
Site Image - an image may be uploaded for display on the home page.
Enable Advanced Options - enables an Advanced menu item that gives access to more
detailed configuration options.
Show Item Keys - enables the display of internal database keys in Help dialogue boxes.
5.7.
Conditioning
Sicore II allows customisation of its behaviour through scripts that can be loaded in through
the web interface’s System/Settings/Conditioning pages.
The scripts can be used to monitor conditions such as external input states, values published
by the camera (e.g. voltages, temperatures, result statistics) and set output states, raise/clear
faults or add entries to the system log.
Custom scripts can be written in a visual language called Blockly, and edited through the web
interface page System/Settings/Conditioning/Visual Editor.
Sicore II Operation Handbook
667/HB/52600/001Issue 2
Unrestricted
44
Product Functional Description
The following is an illustrative example showing how a trigger input can be used to
increment a vehicle counter which is displayed in the Notification Table:
Figure 31 – Web Interface – Conditioning
A detailed description of the scripting facilities is beyond the scope of this document. Please
contact Siemens for more information.
5.8.
Configuration Import / Export
It is possible to import and export the system product configuration. This can then be used
for configuration backup and restore or to assist in creating a similar camera to a known,
correctly configured camera. There are several considerations that should be made when
exporting and or importing configuration:
The exported configuration:
·
Contains network settings including IP address
·
Does not contain passwords, for example, for upload servers
·
Does not contain sensitive data, for example, black or white lists
·
Does not contain the private keys for certificates that might be configured
Sicore II Operation Handbook
667/HB/52600/001Issue 2
Unrestricted
45
Product Functional Description
Figure 32 – Web Interface – Configuration Import/Export
5.9.
Real Time View
Within the status area of the web interface, a Real Time View can be found. Many system
values can be plotted graphically to aid diagnosis of faults or to help with configuration
tuning. For example:
·
CPU and memory usage
·
I/O line states
·
Hardware measurements (temperatures, voltages etc.)
·
Camera gains and exposures
·
ANPR result rates and counts
All values are plotted against time at predefined rates. In general, values that are updated
frequently are not measured until the user chooses to view them in the real-time display i.e.
no history is available. For the duration of monitoring in the graph, values will be measured
and displayed. When the graph is closed, values may continue to be measured for a short
time (approximately one minute) after which, viewing the same graph again will show a gap
in the measurements.
Values that are measured less often and over longer periods are stored by the camera from
start-up, so the real-time graph will show all historical measurements as soon as the value is
selected for display.
Sicore II Operation Handbook
667/HB/52600/001Issue 2
Unrestricted
46
Product Functional Description
Figure 33 – Web Interface – Real Time View
5.10. Inventory
Where possible the product automatically detects and makes available details of internal
components as part of an inventory system.
Sicore II Operation Handbook
667/HB/52600/001Issue 2
Unrestricted
47
Product Functional Description
Figure 34 – Web Interface – Inventory
5.11. Health
The product has various hardware sensors; the current values for these are available through
the System Health page.
Figure 35 – Web Interface – Health
5.12. Firmware Upgrade
The camera can perform remote firmware upgrade via the web interface. A valid firmware
upgrade package is required. Firmware upgrade packages can contain updates for all system
components including operating system, application and peripheral components. The camera
will automatically reboot as part of the upgrade process.
Note that it is not possible to downgrade, i.e. install a version of firmware that is lower than
the one currently running.
Sicore II Operation Handbook
667/HB/52600/001Issue 2
Unrestricted
48
Product Functional Description
Figure 36 – Web Interface – Firmware Upgrade
5.13. Camera and Flash
Sicore II’s default camera and flash settings should be correct for most installations and
should only be modified in exceptional circumstances e.g. in extreme lighting conditions.
There are several options to fine-tune the camera’s image capture settings. The cameras
operate in automatic mode for exposure and gain and the minimum and maximum setting of
for exposure and gain are configurable. The image average brightness target and a mode of
brightness control (minimise exposure or minimise gain) are also configurable.
In addition to normal gain and exposure, Dynamic Digital Shift is a type of gross gain that can
help when the camera has to operate in extremely varying brightness conditions. This is
particularly useful when trying to achieve the best image quality for a colour overview
camera which might have to operate in bright midday sun and then under very low lighting
conditions at night.
The automatic mode can be configured to operate on the entire image or alternatively only
consider the areas of the image inside the combined configured Regions of Interest. This can
be useful particularly if the field of view is covering a large area but the region of interest is a
specific area with different lighting than the rest of the image. To activate this, select “Use
ROI for Auto Functions”.
Gamma and black level options are also configurable.
Normally the ANPR and Overview cameras are exposed at the same time. The overview
camera exposure can be delayed to occur after the ANPR camera. This is particularly useful to
avoid the high intensity flash required for the ANPR camera clashing with a mono IR overview
camera exposure.
Sicore II Operation Handbook
667/HB/52600/001Issue 2
Unrestricted
49
Product Functional Description
Figure 37 – Web Interface – Camera
There are three configurable flashes. Each flash can be configured with:
·
The camera from which to trigger the flash (ANPR or Overview). This is normally only
used if the Overview exposure is delayed from the ANPR exposure.
·
The delay from camera exposure start before starting the flash
·
The duration of the on-board IR flash
·
The duration of any flash connected to the external flash output
·
The on-board flash power (IR flash LED current)
Sicore II Operation Handbook
667/HB/52600/001Issue 2
Unrestricted
50
Product Functional Description
Figure 38 – Web Interface – Flash
5.14. Vision
5.14.1.
Camera Calibration
Calibration is required to give the camera knowledge of how it is positioned and orientated
relative to the road and passing vehicles.
There are two methods to calibrate the camera. Either the installation geometry can be
entered in the settings as explained below, or the calibration feature in ANPR Live View can
be used as described in section 4.10.3 (requires software version 2.0.2 or later). Regardless
of the method used, the camera should be physically installed to get the baseline through
the centre of the field of view as much as possible.
In order to set this information it is imagined that the camera is at a known position in a
three dimensional coordinate system with the image centre at a point with known position
on the road surface called the Field of View Centre (FOVC). The camera may then be rolled
clockwise or anticlockwise on its mounting to rotate the baseline so that it lies approximately
across the road, perpendicular to the flow of traffic. The camera calibration parameters then
become the XYZ position of the camera, the XYZ position of the Field of View Centre and the
roll angle of the camera relative to the vertical (Z) direction. The roll angle is completely
independent of and should not be confused with the pitch angle. The roll and pitch angles
are measured approximately by an accelerometer built into the camera and displayed as part
of the camera calibration web interface.
To simplify the camera calibration process for most installations the following conventions
and procedures should be adopted:
·
The camera position is at the XY origin and is at a known height above the road
surface. This means that camera location configuration becomes [X=0; Y=0;
Z=camera height above road].
·
The Field of View Centre position is on the road surface at a position which is defined
by the Y axis being the direction along the road in the main direction of travel and the
X axis being the direction across the road. The distance of FOVC along the road (Y
direction) is known as distance D and the distance of FOVC across the road (X
Sicore II Operation Handbook
667/HB/52600/001Issue 2
Unrestricted
51
Product Functional Description
direction) is known as skew. The FOVC can then be defined as [X=Skew; Y=D; Z=0].
Distance D is always positive; however skew could be positive or negative.
·
The roll angle measured by the camera’s accelerometer can be used as an indication
of the value to use in the roll angle configuration. It should be validated against
expected values obtained from knowledge of how the camera is mounted. Typically
positive skew would require negative roll and the reverse is also true, negative skew
would typically require positive roll.
The roll angle is negative when the camera is rotated anticlockwise when viewed from the
rear, positive when rotated clockwise, and zero when horizontal.
The pitch (tilt) angle is negative when the camera is pointing ‘nose’ downwards, positive
when pointing upwards, zero when horizontal.
Homography height is also a parameter required for camera calibration. This should be set to
the approximate plate height of the major vehicle type passing through the field of view.
The accuracy at which these parameters should be measured and configured depends on the
required accuracy of result calculations such as Speed and Baseline Position. For systems that
do not require Speed and Baseline Position, the setting of these parameters can be more
approximate and therefore additional measurement activities during installation and
commissioning can be avoided.
Even if the camera calibration parameters are entered approximately, it is essential that the
parameters are approximately correct. Particular attention should be paid to configuring the
correct sign (positive / negative) especially FOVCX as this can easily be misconfigured. If the
parameters are significantly wrong this could lead to a reduction in camera performance.
VC
FO
X
FO
VC
Y
Y
X
Figure 39 – Camera Calibration – Positive Skew
Sicore II Operation Handbook
667/HB/52600/001Issue 2
Unrestricted
52
Product Functional Description
Figure 40 – Camera Calibration – Negative Skew
5.14.2.
Region of Interest
The definition and visual configuration of ROIs can be found in section 4.10.1. In addition,
the ROI IDs and corner coordinates in pixels can be set through the configuration menu.
Figure 41 – Web Interface – ROI ID
Coordinates specified this way should describe a four-sided polygon with non-overlapping
edges. Any of the four coordinates can be used as ID 0, and the direction around the polygon
can be clockwise or anti-clockwise. The coordinate system origin is the top left corner, the
horizontal range (X) is 1-1920, and the vertical range (Y) is 1-1200.
Sicore II Operation Handbook
667/HB/52600/001Issue 2
Unrestricted
53
Product Functional Description
Figure 42 – Web Interface – ROI Coordinates
5.14.3.
Visual Triggering
As a vehicle passes through the camera’s field of view, it is detected and tracked visually.
Result creation based on the visual detection and tracking alone is known as visual triggering
and can be enabled and disabled in the camera [Visual Trigger], this is the default camera
triggering mechanism. The [Visual Trigger Timeout] defines the time after first detecting the
vehicle in which the vehicle track should be evaluated for result output. The track evaluation
involves selecting the best possible candidate using the following criteria:
·
Plates closer to the Baseline are preferred
·
Plates with higher confidence read are preferred
The [Visual Re-Trigger Timeout] defines the time after first creating a result that a new one
should be created for the same vehicle.
Figure 43 – Web Interface – Visual Triggering
5.14.4.
External Triggering
In addition to visual triggering of result output, the camera supports being triggered by
external equipment using digital inputs [Enable External Triggers].
Sicore II Operation Handbook
667/HB/52600/001Issue 2
Unrestricted
54
Product Functional Description
By default, externally triggered results are only created if there is a corresponding plate also
detected visually. In this case, the plate read will be available in the result data. Alternatively
by selecting the [Force Triggered Results] option, a result for each trigger is created but may
not include a plate read. The [Force Triggered Results] option could be used in the case
where it is required to detect and capture vehicles that trigger an external detector, but
cannot be detected visually by the camera, for example, front facing motorbike with no
visible plate.
There are four configurable triggers; each can each be configured to be mapped to one ROI
ID and one of four digital inputs. When the trigger occurs, it is matched in time with visual
tracks of vehicles passing through the ROI. Of the successful matches, a plate candidate is
selected based on the following criteria:
·
Plates with detection time closest to the trigger time are preferred
·
Plates with higher confidence read are preferred
There are some additional options for each trigger which can be used to tune the timing of
the response:
·
[Delay] – The trigger response to an input going active can be delayed. This can be
used to de-bounce noisy going-active edges of external trigger signals.
·
[Extension] – The trigger resetting in response to an input going inactive can be
extended. This can be used to de-bounce noisy going-inactive edges of external
trigger signals. E.g. for detectors, which might trigger multiple times per vehicle.
·
[Offset] – The trigger timestamp can be adjusted by this fixed offset value. This might
be useful if the trigger position of the external detector does not align with the
required visual ROI. The offset can be positive or negative.
·
[Invert] – By default, the trigger responds to rising edges of the input signal and
resets on the falling edge. This can be inverted using this option such that the trigger
responds to falling edges of the input signal.
Sicore II Operation Handbook
667/HB/52600/001Issue 2
Unrestricted
55
Product Functional Description
Figure 44 – Web Interface – External Triggering
The electrical specification of the external inputs can be found in the Installation
Commissioning And Maintenance Handbook 667/HB/52600/000.
5.15. Fitness for Purpose
The camera can be configured to perform various run-time Fit-For-Purpose checks. When one
or more of the checks fails, a specific fault is raised in the system. It is also possible to prevent
results from being created when the camera is not in a fit-for-purpose state (see section
5.16).
The required Fit-For-Purpose checks can be enabled using the camera web interface.
Fit-For-Purpose Check
Description
GPS time available
Tests for GPS time errors. GPS must be enabled and
configured correctly.
Primary
time
synchronised
source
Tests for NTP monitoring error. NTP and NTP monitoring
must be enabled and configured correctly.
Secondary time
synchronised
source
Tests for correct GPS PPS calibration state of the
secondary clock. This check will only fail if GPS is
enabled.
Primary/secondary image Tests that the primary and secondary time are within
timestamp offset within the configured limits.
limits
Configuration
unchanged
is Tests that the configuration change monitor shows that
the configuration is unchanged. [Config change
monitor] must be enabled.
Serial
port
connected
loopback Tests that the RS422 serial connection has a valid
loopback connected. The loopback should connect the
transmit and receive pairs together. This can be used as
an external tamper, where in the tamper state the Tx to
Rx loopback is broken. [Serial port loopback monitor]
must be enabled.
Case tamper not activated
Tests that the in-built case tamper detection has not
been activated.
User-defined fault
Through conditioning (section 0), it is possible to
activate a user-defined fault that is monitored for
fitness-for-purpose. The user-defined fault key must
begin with the “user-fault-“, for example, “user-faultcputemperature”.
Table 5 – Fitness-For-Purpose Criteria
Sicore II Operation Handbook
667/HB/52600/001Issue 2
Unrestricted
56
Product Functional Description
Figure 45 – Web Interface – Fitness for Purpose
Figure 46 – Web Interface – Fitness for Purpose Run Control
5.16. Result Filtering
Prior to result creation and storage, the results can be filtered in a number of ways.
Figure 47 – Web Interface – Result Filtering
Sicore II Operation Handbook
667/HB/52600/001Issue 2
Unrestricted
57
Product Functional Description
Result filter
Description
Fit-For-Purpose
With this filter enabled, results are only stored if the
camera's Fit-For-Purpose state is good.
Timestamp Offset
With this filter enabled, results are only stored if the
ANPR image's primary and secondary timestamp offset
is within the configured limit.
Duplicate Filter
With this filter enabled, results are discarded if the
same plate has been seen within the last configurable
time limit.
Pass Filter
With this filter enabled, results are only stored if they
match the configured criteria. See 5.16.1 for more
details.
Black/White List
With this filter enabled, results are stored if they match
the Black List criteria or discarded if they match the
White List. See 5.16.2 for more details.
Table 6 – Result Filtering
5.16.1.
Pass Filter
When the Pass Filter is enabled, a result is stored only if it matches all of the enabled criteria.
Direction - approaching, departing or parking.
Enable Country - the countries of interest are configured on the Countries sub-page.
Invert Country - if country matching is enabled, results will not be created for those
configured on the Countries sub-page.
Minimum % Confidence - if enabled, a result's confidence must be at least the given value.
Regular Expression - if enabled, allows regular expressions to be applied to result fields as
follows:
The filter string is of the form:
fieldName1:"regex1", fieldName2:"regex2"
The available field names are:
Sicore II Operation Handbook
667/HB/52600/001Issue 2
Unrestricted
58
Product Functional Description
confidence
countryCode
countryConfidence
plateValue
vehicleDirection
Example filter to match country confidence >= 80% for GB plates:
countryConfidence:" ^[8-9]\d|100$", countryCode:"GB"
5.16.2.
Black/White List Filter
The Black/White List filter is configured from a file containing a list of plates to be matched.
The file contains either a black list or a white list, but not both. The header line determines
which type is described by the file. The format is as follows:
<version ID>;<version date>;[BLACK|WHITE]
(header line)
<country>;<VRM>
(entry line)
<country>;<VRM>
(entry line)
...
Version ID is a string of alphanumeric characters, including ‘.’. Version date is a numeric value
of the form YYYYMMDD. These fields can be used for version control of the file.
For example:
1.0;20171101;WHITE
(header line for white list)
GB;ABC123J
(plate)
DE;ZY-XX777
(plate)
...
OR
1.0;20171101;BLACK
(header line for black list)
GB;DEF456X
(plate)
DE;AA-BB999
(plate)
...
Note that although the country code must be present in each entry for the file to be
formatted correctly, it is not currently included in the filter criteria. This may change in a
future version of Sicore II firmware, so it is advisable to use the correct country code where
possible.
5.17. Result Creation
The camera has several options for results creation. This includes which data is stored and
how it is formatted.
Sicore II Operation Handbook
667/HB/52600/001Issue 2
Unrestricted
59
Product Functional Description
Figure 48 – Web Interface – Result Creation Options
Item
Description
Vehicle Speed
Include the vehicle speed calculation in the result (requires
licence)
Baseline Position
Include the baseline position in the result (requires licence)
Plate Hashing
Hash the plate in the result
Capture XML
Create an XML file as part of the result
Plate
Image
Patch Include the plate patch image as part of the result
ANPR Image
Include the ANPR image as part of the result
Overview Image
Include the overview image as part of the result
Create ZIP file
The stored bulk data (images and XML) are combined into a single
ZIP file
Result Data Hash
Store a hash value calculated from the selected data items
Record Signing
A signature used to establish authenticity of the result
Encryption
Enables encryption of the data (requires licence)
Table 7 – Result Creation Options
See Sicore II Interface Description 667/HB/52981/000 for more information about the data
hash, signature and encryption.
The plate patch, ANPR and overview images can be scaled to reduce their file sizes when
stored. 1.0 is full size, 0.5 is half size, for example.
Sicore II Operation Handbook
667/HB/52600/001Issue 2
Unrestricted
60
Product Functional Description
Figure 49 – Web Interface – Result Creation – Image Scaling
When plate hashing is enabled, characters that are sometimes misread can be replaced, to
improve matching in journey time applications.
Figure 50 – Web Interface – Result Creation – Plate Hashing
Characters are replaced as shown:
Character Read
Replacement
D
O
0
O
Q
O
1
I
5
S
Y
V
8
3
B
3
Z
2
F
E
C
G
M
H
N
H
W
H
Table 8 – Plate Hashing Substitutions
If encryption is enabled, the cipher needs to be specified, and a file loaded containing the
public certificates of all entities that are authorised to decrypt the results.
Sicore II Operation Handbook
667/HB/52600/001Issue 2
Unrestricted
61
Product Functional Description
Figure 51 – Web Interface – Result Creation – Encryption
5.18. Testdeck
A testdeck is a sequence of images captured by Sicore II and stored either on the camera, or a
remote file server. The images may be useful for groundtruthing.
Figure 52 – Web Interface – Testdeck
5.18.1.
Controls
Capture can be started immediately the Start button is pressed, or at a specific date and time
using the ‘Start capture’ and ‘Start capture at’ controls (in this case the Start button schedules
the capture).
The duration of the capture can be specified in terms of time, or the number of images
required. When the duration or image count is reached, capture stops automatically.
Sicore II Operation Handbook
667/HB/52600/001Issue 2
Unrestricted
62
Product Functional Description
The images are saved in the location specified by the ‘Capture to’ setting, which is either
‘Local’ or ‘Remote’.
5.18.2.
Local Capture
In local capture, images are stored on the camera’s internal SSD and added to a tar file that
can be downloaded through the browser when capture is complete. The status field displays
the path that should be appended to the camera’s root URL. For example:
Camera URL: https://192.168.10.20
Status: Capture stopped (testdecks/testdeck_images/testdeck_2017-11-03_19-40-57.tar)
The download URL becomes:
https://192.168.10.20/testdecks/testdeck_images/testdeck_2017-11-03_19-40-57.tar
The URL can be pasted into the browser address field to start the download.
When local testdeck capture is started, any previous local testdeck is deleted. The disk space
used by a local testdeck can be recovered by pressing the Delete button.
5.18.3.
Remote Capture
In remote capture, images are stored on the filesystem configured through the Remote
FileSystem page (see 5.20). The files are stored below a top-level directory containing the
capture start time, and with subdirectories containing the configured number of images. For
example:
testdeck_2017-11-03_20-00-26/
000/
2017.11.03.20.00.26.766_00000000615823973883.tiff
2017.11.03.20.00.26.806_00000000615824013885.tiff
2017.11.03.20.00.26.846_00000000615824053886.tiff
...
001/
2017.11.03.20.00.27.166_00000000615824373898.tiff
2017.11.03.20.00.27.206_00000000615824413900.tiff
2017.11.03.20.00.27.246_00000000615824453901.tiff
...
002/
2017.11.03.20.00.27.566_00000000615824773913.tiff
2017.11.03.20.00.27.606_00000000615824813915.tiff
2017.11.03.20.00.27.646_00000000615824853916.tiff
...
5.19. Simple Uploader
The Simple Uploader is an application built into Sicore II that continuously reads results from
the camera’s database, uploads them to the Remote File System (see 5.20) then deletes them
from the database.
The application is run through the System page:
Sicore II Operation Handbook
667/HB/52600/001Issue 2
Unrestricted
63
Product Functional Description
Figure 53 – Web Interface – Simple Uploader
Results are uploaded to a directory that includes the ‘site name’ entered on one of the
System/Settings/Comms web pages.
5.20. Remote File System
The Remote File System is a directory on a remote device that can be used as the destination
for Testdeck files and the Simple Uploader. Typically, this will be a Network Attached Storage
drive (NAS), but could be any device that runs a File Transfer Protocol server (FTP) or supports
the Common Internet File System protocol (CIFS).
For security reasons, if CIFS is available, it is preferred over FTP. FTP’s authentication is based
on username and password sent unencrypted over the connection. CIFS connection
authentication is much more robust, and packets can themselves be authenticated though a
signature.
Note that FTP or CIFS with SMB 1.0 or 2.0 do not provide an encrypted connection, and it is
recommended that the PKCS#7 encryption is enabled (see 5.17).
Figure 54 – Web Interface – Remote File System
Remote Type – allows CIFS or FTP to be chosen as the communication protocol.
Remote Server – the IP address of the server.
Remote Path – the top-level directory name on the server.
Remote Username/Password – the required login credentials.
Sicore II Operation Handbook
667/HB/52600/001Issue 2
Unrestricted
64
Product Functional Description
CIFS requires additional configuration:
Remote Domain – required when connecting to Microsoft Windows servers.
SMB Version – the version of the SMB protocol to be used. The highest number supported by
the server should be chosen for best security. 3.0 includes end-to-end encryption.
Security mode – the authentication protocol. Choose one that is supported by the server, in
increasing order of preference: NTLM, NTLMv2, NTLMSSP.
Enable packet signing – enables per-packet signing for improved data authentication.
5.21. Results Database
Figure 55 – Web Interface – Results Database
JPEG compression level – the amount of compression of JPEG images expressed as image
‘quality’. 100 is the best quality with the least compression and largest file size, 0 is the worst
quality but maximum compression and smallest file size.
Max. Disk usage – when adding results to the database causes this limit to be exceeded, the
oldest results are deleted to make space.
Delete all results – causes all results in the database to be deleted.
Delete status – Read-only field displaying information about the progress of the delete
operation.
Results stored – the number of results stored in the database since the last reboot.
Sicore II Operation Handbook
667/HB/52600/001Issue 2
Unrestricted
65
Product Functional Description
Results discarded – the number of results discarded because of filtering since the last
reboot.
Results in database – the number of results currently in the database.
Purge expired results – if this is enabled, results older than the expiry time are deleted
automatically.
Results expiry time – if ‘Purge expired results’ is enabled, the maximum allowed ‘age’ of a
result before it is automatically deleted.
5.22. Backup Battery
The camera contains a backup battery for supporting the case tamper and Real Time Clock
(RTC) functions when the camera is powered off. The battery is recharged when the camera
is powered on, with a full charge taking approximately 40 hours. Once fully charged, the
battery can last for approximately 50 days.
5.23. Case Tamper
The camera provides a case tamper detection, which will be triggered when the case is
opened or backup battery is depleted. Initial case tamper reset will be performed during
manufacturing. However, if the camera has been in storage or transportation for some time
the tamper may have triggered. The tamper will be reported in the system fault table and it is
also from here where the tamper can be reset.
Figure 56 – Web Interface – Case Tamper Reset
If case tamper detection is important for a particular application, then the following
procedure should be followed during installation and commissioning:
·
Confirm that the camera cannot have been tampered with between manufacture and
installation
·
Configure the camera security such that only authorised and trusted persons/systems
can access the camera software and web interfaces
·
Using this secure access mechanism, reset any case tamper fault that might be
present
·
Ensure the camera remains powered for a short period of time to charge the backup
battery
·
Install and commission the camera
If case tamper detection is important for a particular application and case tamper is detected
after installation and commissioning, this could have occurred due to tampering, hardware
error or the depletion of the backup battery. The camera cannot be trusted, should be
removed from operation and returned to Siemens. The replacement camera should be
installed as required and according to the procedure above.
Sicore II Operation Handbook
667/HB/52600/001Issue 2
Unrestricted
66
Product Functional Description
More information
Siemens Traffic
www.siemens.co.uk/traffic
Siemens Mobility
http://www.mobility.siemens.com/mobility
Siemens Plc
Sopers Lane
Poole
BH17 7ER
United Kingdom
www.siemens.co.uk/traffic
Unrestricted
Subject to change without prior
notice
Document No. 667/HB/52600/001
© Siemens Plc, 2017
For more information
on Sicore II scan the
QR code