CONTAINER DEFENSE SYSTEM
A container includes multiple panels defining an interior volume, with a first panel including a composite material. A first beam detector element positioned within the interior volume detects a directed radiation scan beam that includes a modulated query message. Also positioned within the interior volume are a security element to detect an intrusion and an identification element communicatively coupled to the first beam detector element to store an identity of the container and to produce a query response message without breaking a seal of the container. A transmitter element is coupled to the identification element to transmit a response message to a receiver unit. The beam enters the inter volume along a path directed through the first panel, across a portion of the interior volume and onto the first beam detector element allowing for determination of a material property of contents of the interior volume.
This application is a continuation of U.S. patent application Ser. No. 12/596,971, filed Jul. 7, 2010 by Fred Hewitt Smith, and entitled “Container Defense System,” which is a U.S. National Stage of International Application No. PCT/2008/001350, filed Feb. 1, 2008, which claims the benefit of priority to U.S. Provisional Application No. 60/899,275 filed on Feb. 1, 2007, all of which are hereby incorporated herein by reference in their entirety.
SUMMARYThe inventors have realized that a system featuring low power, inexpensive scanners may be used to scan composite containers for the presence of nuclear weapons and certify the containers for future shipping.
In one aspect, a system for scanning and securing a container including a plurality of at least partially composite panels defining an interior volume is disclosed, the system including: a remote control unit; a receiver unit in communication with the remote control unit; a scanner including a beam generator adapted to emit a directed radiation scan beam and a detector adapted to detect the scan beam, the scanner in remote communication with the remote control unit; a beam detector element positioned within the container adapted to detect the scan beam; an intrusion detection system positioned within the container adapted to detect an intrusion into the container; an identification element positioned within the container and adapted to store identity information indicative of the identity of the container; a transmitter element positioned within the at least one container The e beam generator is adapted to direct the scan beam along a path into the interior volume of the container through one of the plurality of at least partially composite panels, across a portion of the interior volume, out of the interior volume through one of the plurality of at least partially composite panels, and onto the scan beam detector and the scanner is adapted to determine material property information indicative of the material properties of contents of the interior volume based on the detected beam. The scanner is adapted to modulate a query message from the remote control unit onto the scan beam, and the beam detector element is adapted to demodulate the message. The identification element is adapted produce a response message based on the demodulated query message and the stored identity information. The transmitter element is adapted to transmit the response message to the receiver unit.
In some embodiments, the remote control unit is adapted to receive the response message from the receiver unit and verify the identity of the container based on the verification response message. In some embodiments, the query message includes a number generated randomly by the remote control unit.
In some embodiments the remote control unit is adapted to determine the presence or absence of a nuclear device within the container based on the material property information and, if no nuclear device is determined to be present, store a certificate associated with the container. In some embodiments, the scanner is located in proximity to the receiver unit.
Some embodiments include: a dosimeter positioned within the at least one container, the dosimeter including a radon detection element adapted to detect a radon level for the interior volume; and a neutron detection element adapted to detect a neutron level for the interior volume. The dosimeter is adapted to measure the radon level and neutron level for a period of time, compare the measured radon level to a first threshold, compare the measured neutron level to a second threshold, determine dosimeter information indicative of the presence or absence of fissile material within the interior volume based on the comparisons, and communicate the dosimeter information to one or more of the identification element, the transmitter element, the receiver element, and the beam detector element.
In some embodiments, the identification element is adapted to destroy a portion of the stored identification information in response to an intrusion detected by the security element.
In some embodiments, the identification element is adapted to destroy a portion of the stored identification information in response to a detection of fissile material within the container by the dosimeter.
Some embodiments include a verification unit including a verification scanner including a beam generator adapted to emit a directed radiation verification scan beam; and a verification receiver unit located in proximity to the verification scanner unit. The verification scanner unit is adapted to modulate a verification query message received from the remote control unit onto the verification scan beam, and direct the verification scan beam to the beam detector element located within the container. The beam detector element is adapted to detect the verification scan beam and demodulate the verification query message. The identification is adapted produce a verification response message based on the demodulated verification query message and the stored identity information. The transmitter element is adapted to transmit a verification response message to the receiver unit. The remote control unit is adapted to receive the verification response message from the receiver unit and verify the identity of the container based on the verification response message.
Some embodiments include a loading device in communication with the remote control unit and located in proximity the verification unit, the loading device adapted to selectively load the at least one container onto a transport (e.g. a ship, train or truck) based on the verification of the and the of the certificate associated with the identity of the container.
In some embodiments, the identification element stores private identification information which cannot be transmitted to any scanner or receiver located outside the container.
In some embodiments, the security element includes a sensor grid embedded in one or more of the plurality of at least partially composite panels.
In some embodiments, the container includes a sealed container having a substantially air tight interior volume, and the security element includes a radon detector unit adapted to: detect the change in radon level in the interior volume of the sealed container; compare the detected change to an expected change value based on the four day half life of radon; and indicate the presence or absence of an intrusion into the sealed container based on the comparison.
Some embodiments include a first scanner adapted to produce a relatively low energy directed radiation scan beam; a second scanner adapted to produce a relatively high energy directed radiation scan beam; and a sorting module adapted to direct containers represented to contain substantially no metal material to the first scanner and to direct containers represented to contain metal material to the second scanner. The first scanner is adapted to receive a container represented to contain substantially no metal material from the sorting module, and to scan the container to verify that substantially no material is present inside the container. The second scanner is adapted to receive a container represented to contain metal material from the sorting module, and to scan the container to detect the presence of a nuclear device. Some such embodiments also include a third scanner adapted to produce a relatively moderate energy directed radiation scan beam. The sorting module is adapted direct containers represented to contain metal material which has a density above a threshold value to the second scanner, and to direct containers represented to contain metal material consisting only of metal material having a density below the threshold value to the third container. The third scanner is adapted to receive a container represented to contain metal material consisting only of metal material having a density below the threshold value from the sorting module, and to scan the container to verify that substantially no material is present inside the container having a density above the threshold value.
In some embodiments, the scanner and the receiver unit each include an information security element adapted to prevent access to data stored in the scanner and the receiver unit by an entity other than the remote control unit.
In another aspect, a method for scanning and securing a container including a plurality of at least partially composite panels defining an interior volume is disclosed, the method including: storing unique identification information in an identification element within container; sealing the container; monitoring the container for intrusion; without breaching the seal of the container, remotely identifying the container based on the unique identity information without breaching the seal of the container; without breaching the seal of the container; scanning the identified container to determine the presence or absence of a nuclear weapon in the interior volume; and if the scan determines no nuclear weapon is present, remotely storing certificate information associated with the identity of the container in a remote monitor unit.
In some embodiments, the storing unique identification information in an identification element within container includes: at a secure trusted location, providing identification information to be stored in the identification element positioned within the container, the identification information including a public ID portion and a corresponding secret ID portion, and storing a copy of the public ID and the private ID in the remote monitor unit.
In some embodiments, remotely identifying the container includes: at a first location, providing the remote monitor unit; at a second location providing a scanning unit in communication with the remote monitor unit, the scanning unit adapted to communicate with the identification element within the container without breaching the seal of the container; generating query information at the remote monitor unit; transmitting the query information to the remote scanning unit; without breaching the seal of the container transmitting the query information from the remote monitor to the identification element; at the identification element, using a hash algorithm to hash the query information with the private ID to produce response hash information; in response to the query information, without breaching the seal of the container, transmitting the public ID stored in the identification element and the response hash information to the scanning unit transmitting the public ID stored in the identification element and the response hash information from the scanning unit to the remote monitor unit; and at the remote monitor unit: identifying the private ID corresponding the public ID received from the scanning unit; using the hash algorithm to hash the query information with the identified private ID to produce verification hash information; comparing the response hash information to the verification hash information to verify the identity of the container.
Some embodiments include, in response to an intrusion of the container, modifying or destroying at least a portion of the identification information.
In some embodiments, the scanning includes: generating a directed radiation scan beam having a beam energy sufficient to penetrate through at least one of the plurality of composite panels but insufficient to penetrate through bulk metal material; directing the scan beam along a path into the interior volume of the container through one of the plurality of at least partially composite panels, across a portion of the interior volume, out of the interior volume through one of the plurality of composite panels, and onto a scan beam detector; detecting the scan beam with the scan beam detector, analyzing the detected beam to determine information indicative of the material properties of contents of the interior volume based on the detected beam; and outputting the information indicative of the material properties of contents of the interior volume.
Some embodiments include using a dosimeter positioned within the container to measure the radon level and the neutron level in the interior volume over a period of time, detecting the presence or absence of fissile material within the interior volume based on the measured radon level and neutral level; in response to a detection of fissile material, destroying a portion of the identification information stored in the identification element.
Some embodiments include monitoring the container for an indication of an imminent nuclear explosion, and in response to a detection of an imminent nuclear explosion, transmitting a message including information indicative of the identity of the container.
Various embodiments may include any of the above described features, alone or in any combination. These and other features will be more fully appreciated with reference to the following detailed description which is to be read in conjunction with the attached drawings.
In is to be understood that, as used herein, the term “detecting a beam” and related terms refer to detecting any property of a beam of radiation (e.g. an x-ray beam) including, but not limited to: intensity, fluence, cross section, wavelength, pulse duration, etc. Further, it is to be understood that detecting a beam may include detecting the interruption or blocking of a beam (e.g. when an x-ray beam is blocked by metallic material positioned between the beam source and the detector).
The foregoing and other objects of this disclosure, the various features thereof, may be more fully understood from the following description, when read together with the accompanying drawings in which:
The following discloses a system 10 for scanning shipping containers (e.g. maritime containers) for the presence of a concealed nuclear weapon before the container is loaded onto transport, e.g. a ship bound for the US from a foreign nation. System 10 is an inexpensive automated defense which will allow commerce to flow rapidly. An inexpensive automated defense can be widely deployed, with the result that it may become financially and operationally feasible to scan 100% of containers entering the US.
Referring to
Container 20 is constructed from multiple panels defining an interior volume. The panels may be entirely or partially constructed from composite material which has relatively high transmissivity to x-ray radiation compared to conventional container panel materials (e.g. steel).
Container 20 includes a security element 27 which monitors the container for breach or intrusion. For example, as described in detail below, one or more of the panels of container 10 may be composite panels embedded with a multitude of electrically or optically interconnected sensors which can detect a breach in the panel.
Scanner 28 includes beam generator 30 which transmits a directed radiation scan beam 32 (e.g. an x-ray beam) along a path through a composite portion of a sidewall of container 20, across a portion of the interior volume, and out through a composite portion of the opposing sidewall and onto scan beam detector 34 position the other side of the container.
Because scan beam 32 is directed through composite portions of container 10 having relatively high transmissivity, beam generator 30 may have relatively low power (and hence low cost) beam source. As described in detail below, signals from scan beam detector 34 may be analyzed to determine information about the material properties of cargo (not shown) located in the interior volume of container 10. For example, blockage of the beam might indicate the presence of dense material such as metal. Using the techniques described below, scanner 28 can operate to scan the entire contents of container 10 to determine the presence of a nuclear weapon.
Scanner 28 is in communication with remote monitor unit 24. Signals from scan beam detector 34 and/or analyzed data indicating, e.g., the presence or absence of a nuclear weapon within container 10 may be transmitted to remote monitor unit 24. Scanner 28 can operate to modulate a message received from the remote monitor unit onto scan beam 32.
Scan beam detector/demodulator located inside container 10 can detect scan beam 32 and demodulate a message modulated onto the beam. In some embodiments, detector/demodulator 36 may also function to modulate additional messages onto scan beam 36 which can be detected and demodulated by scan beam detector 34 after scan beam 32 exits container 20. In this fashion, a one or two way directed beam communication link may be established with detector/demodulator 36.
Detector/demodulator 36 is in communication with identification element 38 which includes an electronic memory capable of, as described in more detail below, storing information including electronic IDs and other data. Identification element 38 may also include a processor capable of processing the stored data. Identification element 38 also includes a non-directed wave transmitter (e.g. a radio transmitter, RF transmitter, Bluetooth antenna, etc.) which transmits messages based on the stored data. Identification element 38 is also in communication with security element 27, which, upon detecting a breach of container 10, may cause identification element 38 to modify or destroy the stored electronic ID and/or other data.
Receiver 40, positioned in or near scanning lane 22, can receive the non-directed transmissions from identification element 38. For example, receiver 40 may be a laptop or personal computer. Receiver 40 is in communication with remote monitor unit 24 via the internet 26.
Dosimeter 39 is positioned inside container 10, and may be in communication with one or more of identification element 38, security element 27, and detector/demodulator element 36. As described in detail below, dosimeter 39 can detect the presence of even lead shielded fissile material located inside container 20. In some embodiments, if fissile material is detected, dosimeter 39 can produce an alarm which causes cause identification element 38 to modify or destroy the stored electronic ID, certificates, and/or other data.
Explosion detector 41 is positioned inside container 20, and operates to detect the presence of an imminent nuclear explosion (e.g. by detecting x-rays, gamma rays, neutrons, thermal emissions, etc.). Explosion detector 41 can transmit a warning message which includes information indicating the identity of the container. Thus, in the event of a system failure leading to a nuclear explosion, the source of the explosion can be more easily tracked.
The following will describe how system 10 will scan container 20 for the presence of a nuclear weapon, and present the container with a certificate certifying that it has been scanned. As described below, such a certificate can be secured so that it can be trusted when presented at a later time and position, e.g., at the loading crane which loads container 10 onto a transport.
Container 10 is driven into scanning lane 20 analogous to the lanes in a highway toll booth. Scanner 20 modulates a query message onto scan beam 32 which is detected and demodulated by detector/demodulator element 36. In response to the demodulated query message, identification element 38 transmits a response message including stored identity data via Bluetooth to receiver 40, which passes the response message via the Internet to remote monitor unit 24.
Remote monitor unit 24 generates a token (e.g. a random number) and sends it to scanner 28. Scanner 28 modulates the token over scan beam 32. Detector/demodulator 36 detects the scan beam, demodulates the token from the beam, and communicates the token to identification element 38, which sends the token back to receiver 40 via Bluetooth. Receiver 40 sends the token via the Internet back to the remote monitor.
After the transmission and receipt of the token described above, remote monitor unit 24 can verify (e.g. using a look up list of electronic IDs installed in various containers at a secure production facility) that the container associated with the electronic ID produced by identification element 38 is in fact container 10 which is physically present in lane 20 in front of scanner 28. This assurance permits secure remote management of the scan itself.
Using the techniques described herein, scanner 28 scans container 20 for the presence of a nuclear weapon. If the container passes the scan, scanner 28 sends a certificate to remote monitor unit 24, which stores it. This certificate associates the container's ID with the fact that the container passed the scan. In some embodiments, dosimeter communicates information regarding the presence of fissile material with scanner 28 and receiver 40, which may be passed on to remote monitor unit 24. The issuance of the certificate may be based on this information.
After leaving scanning lane 20, when the container is presented for loading by the loading crane, one need only obtain the ID of the container, communicate with the remote monitor, and determine if this container has been issued a certificate certifying that it has passed a scan.
For example, a loading crane may pick up container 10. Through a PC built into the loading crane, remote monitor 24 communicates with identification element 38 in the container to obtain electronic ID information, determines whether the ID is valid and whether a scanning certificate has been issued. If the ID is valid and there is a scanning certificate, the remote monitor instructs the loading crane to load the container on board the ship. In typical applications, this entire procedure takes less than a second. If there is an invalid ID or no certificate, the crane would deposit the container in a secure area for containers that need to be examined by the proper authorities. The process of how the validity of an ID is determined is described in detail below.
Identification element 38 stores a public and a private ID. In response to a query (e.g. modulated over a scan beam and demodulated by detector/demodulator element 36), identification element 38 sends a public ID to remote monitor unit 24, e.g. via a Bluetooth receiver linked via the internet to the monitor. Remote monitor unit 24 then generates a question, which it sends to identification element 38 (e.g. via a scan beam). The identification element 38 transmits an answer to the question which is received and returned to remote monitor unit 24. The question remote monitor unit 24 sends is a randomly generated number (e.g. a 32 bit number). Using a hash algorithm of the type familiar to those in the art, identification element 38 prepares a response hash of this number and the stored hidden ID, and returns this response hash value, the answer, to remote monitor unit 24. Using the same algorithm, remote monitor unit 24 prepares a verification hash of its copy of the hidden ID associated with the public ID presented by identification element 38. If the response and verification hashes are identical, the probability that identification element 38 locate in container 10 does not contain the correct hidden ID is near zero. Note that, since the question is generated randomly, identification element 38 is almost certainly never asked the same question twice. If container 10 is asked the same question twice, identification element 38 will realize this, and will alarm. Only an identification element 38 that has the correct hidden ID will answer these randomly generated questions with the answer that is correct for a particular question.
Using the presented public ID, remote monitor unit 24 can look up the private ID that the identification element 38 should possess. Using the question, the answer, and the correct private ID stored with the remote monitor, the remote monitor can determine whether identification element 38 actually does possess this ID. Using this type of procedure, remote monitor unit 38 can determine whether identification element 38 possesses a certain ID without ever having to transmit the secret portion of the ID outside identification element 38.
As described above, security element 27 and dosimeter 39 may operate to modify or destroy the hidden ID in response to detection of intrusion/tampering and the presence of fissile material, respectively. Accordingly, the identification process described above can also be used to identify containers subject to tamper or containing hidden fissile material.
The above described procedure for testing the secret ID is used both during the scanning of container 20 in scan lane 22 and when the container is presented for loading.
Referring again to
About one third of all in-bound US containers will contain dense metal, and so for these containers, condition (a) will not be met. For these containers it is possible to issue a certificate on the basis of conditions (b) and (c). In other words if dosimeter 39 has not detected fissile material and the container has a valid ID, the container should be issued a certificate for loading.
There are many reasons why container 20 would not have a valid ID. One reason is that the container had never been issued at ID. Issuance of IDs is discussed below. Another reason that container 20 would not have a valid ID would be detection of some type of an alarm condition. When an alarm condition is detected, identification element 38 destroys part of the ID so that the container cannot thereafter present a valid ID. Alarm condition could include a breach through the sides of a container detected by security element 27, an attempt to reverse engineer identification element 38, detection of fissile material by dosimeter 39; detection of an air change by dosimeter 39 (described in detail below).
The following describes various possible attacks against the system 10, and how system 10 defeats the threat.
If remote monitor unit 24 can communicate with an identification element in container 20, remote monitor 24 will check to determine if the ID stored in the identification element is valid. If the ID is valid, remote monitor 24 will verify that a container with this ID has been scanned (e.g. by searching for a certificate associated with the container). In the illustrated threat in this section, the container has not been scanned, there will be no certificate, and container 20 will not be loaded.
As discussed in detail below, security element 27 can detect a breach through the walls of the container. Security element 27 is connected to identification element 38. When the identification element 38 is alerted that the container has been breached, it destroys a part of the private ID as described above. When container 20 is later presented for loading at crane 52, the container will not pass a question and answer interrogation. This will mean that something is wrong and the container should not be loaded.
In some embodiments, identification element 38 consists of a circuit embedded into a composite material. This circuit contains numerous electronic elements which store the values which make up the ID. Destroying one of these elements will cause the identification element 38 to fail the question and answer dialogue with remote monitor 24.
When identification element 38 destroys part of the ID by destroying an electronic element, it does not merely electronically erase the information from the element, but chemically or thermally destroys the element so that the element can never be made to reveal its prior contents. An adversary with advanced technology can sometimes recover a number which has been erased using simple electronic methods. A composite material is superior to silicon as a substrate for an electronic circuit, because data destruction functionality is difficult to implement in silicon.
System 10 defends against this threat by assuring that no two containers can have the same ID and that an adversary cannot discover the ID of the container. An ID embedded in a silicon chip can be discovered by a sophisticated adversary using the Focused Ion Beam System (FIBS) which takes a silicon chip apart molecule by molecule. FIBS reverse engineering services are readily available on the market.
In some embodiments, identification element 38 represents a defense against FIBS. Identification element 38 may be a circuit embedded not into silicon but into composite material whereby the elements are widely dispersed and continuously check on one another. When attack is sensed, identification element 38 permanently destroys various elements of the ID by burning or chemical methods so that the previous value of the element cannot be recovered, even by a sophisticated adversary.
Also, as previously described above, the identification element 38 uses a question and answer procedure whereby the presence of a particular ID can be remotely detected without ever having to send the ID itself over the internet or other long distance public channel.
In such techniques, information is exchanged over a directed X-ray or microwave or other wave by modulating and demodulating the information using well-known technology. Of course this exchange of information may be encrypted. A sophisticated adversary could possibly intercept the exchanged information and defeat the protection using a variation of the man-in-the-middle attack, whereby the scanner believes it is communicating with the container, and the container believes it is communicating with the scanner, but in fact both are communicating with an adversary that has been interposed between them. System 10 may employ methods to detect a man-in-the-middle attack known in the art.
Attacks involving placing a hidden shielded nuclear weapon in container 20 may be defeated by system 10 by employing a dosimeter of the type described in detail below.
There is a possibility an adversary could attempt to discover the ID embedded in identification element 38 by bribing or intimidating employees in the factory where the ID is installed.
When the ID is installed in identification element 38 in container 20, it is generated by remote monitor 24 and transferred over the Internet to the factory for installation into identification element 38. This is the only occasion when the ID travels over the Internet and when it exposed outside the remote monitor.
As described above, after this time, the remote monitor queries identification element 38 to determine if the element has a particular ID, but this procedure does not involving actually communicating the ID outside of identification element 38.
For the initial transfer, the ID is encrypted using secure methods involving asymmetric and symmetric encryption methods. Under this procedure, identification element 38 will generate an asymmetric public/private key pair, send the public key to the remote monitor, which generates a symmetric key and encrypts that key with the public key, and returns the encrypted symmetric key to the identification element 38, which uses the private key to decrypt the symmetric key. The symmetric key is now used to encrypt the ID elements.
Using the above technique, system 10 can protect the ID elements when they are installed at the factory. The factory manufacturing identification element 38 itself would also be physically secure and could be located inside the United States.
There is a possibility that an adversary could bribe or intimate a trusted employee working at a remote site (e.g. scan lane 22) so as to obtain container IDs. This employee might be so trusted that the employee was given “root” or administrative access, meaning the employee was authorized to perform system maintenance tasks. To avoid this, security techniques may be employed to prevent access to critical data, including for example, limiting the availability of certain sensitive operating system functions and/or deleting, modifying, or destroying the critical data when the use of certain sensitive operating system functions are detected.
In various embodiments, system 10 may feature any of the following elements and techniques, alone or in combination.
Composite Container Scanner and Triage SystemReferring to
In the illustrated embodiment, where container 100 is a rectangular parallelpiped, scan beams 110 and their respective emitters 108 and detectors 112 are along axes parallel to one of the sidewalls of container 100. In some embodiments, beams 110 and their respective emitters 108 and detectors 112 may be angularly offset with respect to the container sidewall.
Because panels 102 are made of composite material having relatively high transmissivity (e.g. in comparison to metal, such as steel), scan beam 110 need not be a high energy beam. Accordingly emitter 108 may be an inexpensive, relatively low power beam emitter. For example, emitter 108 may have sufficient power to penetrate composite panels 102 and low density, non-metal cargo loaded into the interior volume of container 100, but insufficient power to penetrate dense, bulk metal (e.g. steel, lead, fissile material) etc. In such a case, an interruption of scan beam 110 measured by detector 112 would indicate the presence of dense metal material in the interior volume.
In various embodiments, emitter 108 may be low-voltage x-ray source (e.g. a 200 kV or less x-ray source) or a cobalt-60 x-ray source. A scanner including such a source could be manufactured at a cost of about $10,000 or less. In contrast, to generate a scan beam with sufficient energy to penetrate a steel container would require a high voltage x-ray source operating at 3000 kV or more.
Container 100 can be moved relative to scanner 108 and detector 112 (e.g. by driving a truck hauling the container past scanner 106) to allow scan beam 110 to be directed through additional points on side panel 102 such that additional portions of the interior volume are scanned. Alternatively, scanner 108 and detector 112 may be moved relative to container 100 to scan different portions of the interior volume. For example, referring to
In some embodiments, scanner 106 may contain multiple emitters: 108 which may produce multiple scan beams 110 simultaneously or sequentially. As described in greater detail below, in some embodiments only select portions of one or more of panels 102 of container 100 consist of composites with the remainder being made up of metal (e.g. steel). The composite portions allow scan beam 110 to access the interior volume of the container.
As will be discussed in greater detail below, in some embodiments it is possible to place a detector inside a shipping container 100 that could detect a scan beam 110. With an appropriate detector, messages could be modulated over the scan beam and demodulated by the detector, so that the scanner could communicate with the detector inside the container. Such communication capability could be useful for a remote monitor to communicate (e.g. using wireless, radio, or Bluetooth links) with a sensor or identification elements inside the container and also to communicate with the same container over the scan beam. This would allow remote assurance that the container in front of the scanner was the same container that was in communication with the remote monitor.
Approximately 66% of container traffic inbound to the West Coast of the US is volume limited. Of this traffic, half contains no metal (i.e. clothing and shoes), a quarter contains electronic parts and games, and the remainder contains other goods such that a full 20 ft. container weighs less than the maximum weight of 67,200 lbs. A scanner slightly more powerful than the type of scanner discussed above could be built that would penetrate a cargo consisting of light electronic goods but would be blocked by dense metal. A nuclear weapon will contain dense metal, even if not shielded with lead. If shielded with lead, it will be even denser. Consequently, 33% of the inbound West Coast Cargo traffic could be scanned with an inexpensive scanner and declared not to contain metal, provided the cargo were transported in a composite container. On the assumption that if a container does not contain metal, it does not contain a nuclear weapon, 33% of the inbound container traffic to the West Coast can be inexpensively scanned and declared safe.
In the following, an exemplary scanning and triage system is disclosed for efficiently scanning multiple at least partially composite containers for the presence of a hidden nuclear device.
Referring to
Any of scanners 502, 504, 506 could be coupled with a data collection program on a lap top or remote monitoring unit which analyzes scan data using one or more of the techniques described above to determine information about the content of the containers.
Containers 508 that are represented as containing non-metallic low density material such as clothing are directed to low power scanners 502. Containers 508 which pass this scan (i.e. if no metal is detected in the container) are declared not to contain a nuclear weapon. These containers would not have to be scanned by a more powerful and more expensive scanner. Approximately one third of in-bound container traffic in the U.S. is of this type. This will save money in scanning equipment and delay.
Containers 510 that are represented as containing electronic components or other medium density cargo are directed to the medium power scanners 506 suitable for this type of cargo. Containers 510 which pass this scan (i.e. if no metal having a density greater than that typical of medium density cargo is detected) are declared not to contain a nuclear weapon. These containers would not have to be scanned by a more powerful and more expensive scanner. Approximately one third of in-bound container traffic is medium density. This will save money in scanning equipment and dock delay.
Containers 512 that are represented as containing high density metallic material are directed to high power scanners 512. These scanners can scan the containers for nuclear weapons using, for example, high energy x-ray scanning techniques known in the art. Containers 512 which pass this scan (i.e. if no metal having a density greater than that typical of medium density cargo is detected) are declared not to contain a nuclear weapon.
In some embodiments, containers 508, 510, 512, are secured so that after scanning the container, a breach through any of its six sides will be detected (e.g. using a sensor grid embedded in the composite panels of the containers of the type described in U.S. Patent Publication No. 20070229285 filed Oct. 4, 2007 and entitled “Secure panel with remotely controlled embedded devices”). In such a case, it would be feasible to scan containers at some distance from a dock where the containers are loaded onto a ship bound for the United States. As shown in
Further, as described above, analysis of the presence or absence of dense metal is very simple and requires very little data and very little data analysis. Consequently, low and medium power scanners 502, 504 (and, in some embodiments, even high power scanners 506) may be automated and/or remotely managed. For example, scanners 502, 504, and 506 may be automated using a system analogous to the familiar toll booth automation systems used on highways. Automated scanning reduces or eliminates the need for on-site operators. This will reduce costs and security risks. For example, it will not be necessary to place trust in an on-site operator. This will be a significant advantage in the maritime shipping environment, which is, unfortunately notoriously corrupt in certain venues.
DosimeterReferring to
Dosimeter 1100 includes a boron element 1108 capable of measuring the level of radon gas and the neutron level within interior volume 1106. For example, dosimeter 1100 may be a commercial off-the-shelf radon detector. In some embodiments, such an off-the-shelf detector may be made more sensitive by modifying boron element 1108, using techniques known in the art.
As noted above, detection of radon and neutrons is a good indicator of fissile material. Substances that do not contain fissile material will typically not produce radon and neutrons.
When interior volume 1106 of container 1102 is sealed such that the air volume does not circulate, if dosimeter senses less than a threshold number of neutrons and a threshold radon level over a period of time, the probability that the container contains a nuclear weapon approaches zero. The threshold levels and time periods can be easily determined based on measured background neutron and radon levels for a given container type and/or known neutron and radon emission rates for fissile material.
In some embodiments, dosimeter 1100 can communicate with devices external to container 1102. For example, referring to
Note that the above described arrangement provides a closed loop so that a remote monitor can be assured of the position of a particular container while communicating with it. The scan beam 1208 is a directed beam, which can be used to assure that the container is located in a particular place, whereas the communication link between transmitter 1212 and receiver 1204, e.g. using Bluetooth, is a non-directed wave that will only locate a container within the Bluetooth range.
This capability of using a communication path consisting of both a directed beam and a non-directed Bluetooth wave would allow a remote monitor to assure that the container with which it was communicating was the container actually being scanned. The ability to assure that a particular container is in front of the scanner is important to avoid various ploys that might be attempted by a clever adversary to avoid the container scanning process. In some embodiments, scanner 1202 and receiver 1204 may be positioned on or in proximity to loading crane 1130. This allows for a positive identification of container 1102 and a determination that it does not contain a nuclear device immediately prior to loading onto a transport (e.g. a maritime container ship, train, truck, etc.). Of course, identification and determination may additionally or alternatively be made during or after loading and/or before during or after off-loading.
Referring to
Referring to
In the illustrated embodiment, where container 100 is a rectangular parallelpiped, scan beams 110 and their respective emitters 108 and detectors 112 are along axes parallel to one of the sidewalls of container 100. In some embodiments, beams 110 and their respective emitters 108 and detectors 112 may be angularly offset with respect to the container sidewall.
Each plug 104 in side panel 102A is located directly opposite to a plug 104 in side panel 102B. Scanner 106 includes directed x-ray beam emitters 108. The emitters 108 each direct scan beams 110 through one plug 104 in sidewall 102A, then through the interior volume of container 100, then through another plug 104 on the opposite sidewall 102B and on to a detector 112 outside on the other side of the container. The detector signals are transmitted to a remote control unit (not shown), and analyzed to determine the material properties of cargo (not shown) loaded in the interior volume of container 100. For example, the detector signals can be analyzed to determine the presence of metals, fissile material, medium density material (e.g. electronic components), etc. Because scan beams 110 need not penetrate the steel portions of side panels 102A, 102B, emitters 108 may be inexpensive, relatively low power beam emitters. For example, in various embodiments, emitters 108 may be low-voltage x-ray source (e.g. a 200 kV x-ray source) or a cobalt-60 x-ray source.
Container 100 can be moved relative to scanner 106 and detectors 112 (e.g. by driving a truck hauling the container past scanner 106) to allow scan beams 110 to be directed through additional pairs of plugs to allow other areas of the interior volume to be scanned. Alternatively, scanner 108 and detector 112 may be moved along the length of the container to access different pairs of plugs 104. In some embodiments, container 10 and scanner 108 and detectors 110 remain stationary during each scan event. For some applications, e.g. for detecting the presence of nuclear weapons, a sufficient quantity of plugs 104 are provided such that that no matter where the weapon was located within the interior, it could be detected by the scan.
Composite plugs 104 may be inserted into panels 102A, 102B by an operation after the steel panel is stamped, or the operation could be integrated into the stamping operation.
In some embodiments, composite plugs 104 have considerable structural strength so that insertion of a plug would not degrade the structural strength of the steel container.
In some embodiments, plugs 104 could be retrofitted to an existing steel container 100 at a modest cost so as to overcome the significant cost disadvantage of all—composite containers.
Referring to
In some embodiments, several inexpensive beam emitters 108 might be arrayed vertically. Opposite these beams, several detectors 112 would be arrayed both horizontally and vertically. In some embodiments beam sources 108 are pulsed sequentially so that the detected pulse could be measured separately for each beam pulse. In some such embodiments, it might be necessary to stop container 100 and scan it while it was stationary rather than driving the container through a scanner. In some embodiments, indicial markers or position detectors may be used to ensure proper alignment of plugs 104 and scanner 106.
Referring to
In some embodiments, a dosimeter 308 is located inside the container. Dosimeter 308 detects the presence of even shielded fissile material. Dosimeter 308 is in communication with detector/demodulator 304 and transmitter 306. A query message is sent from remote monitor 300 via modulated beam 110 through plug 104 to detector/demodulator 304. In response to this massage, information indicating the presence or absence of fissile material is sent from dosimeter 308 via transmitter 306 to computer 302 and on to remote monitor 300. In some such embodiments, a single composite plug could be inserted into the container allowing communication with dosimeter 308 and reducing or eliminating the need to actually scan for metal.
Referring to
Fabric liner 400 has tabs 402 that stick to the panels 102, 102A, 102B for easy installation. In some embodiments, the fabric used along the floor of the container has increased durability, since, in typical applications, fork lifts would need to be driven over it.
Composite plugs 104 contain connections for insertion of leads 404 from the fabric. These plugs 104 having connections may be installed at or near the corners of a sidewall of container 100.
When the fabric liner 400 is installed and the connections were made with plugs 104, a scanner could be used to query fabric liner 400 (e.g. using a closed loop modulation/demodulation/response scheme of the type described above) to assure that the system was functioning properly. As described above, fabric liner 400 could contain unique embedded identification information so that by scanning through the plugs 104 to communicate with fabric liner 400, a remote monitor could assure that the plugs were connecting to one another through the fabric rather than through some wiring device that avoided the fabric liner 400. Such a configuration allows an inexpensive intrusion detection system to be installed in steel container 100 and permits a remote check-out that the system was providing the required coverage.
In some embodiments, fabric liner 400 is manufactured as an integrated electrical unit so that a reduced number of wiring connections would need to be made upon installation. In some embodiments, the fabric liner 400 is capable of being checked out before installation, so that the time spent installing a defective fabric can be avoided.
Composite Panels With Intrusion DetectionAs shown in more detail in
In operation, the microprocessor 2120 receives one or more of the numeric values 2126, 2127 over the communications interface 2128 and stores (i.e., writes) them in the local memory 2124. In response to a remote inquiry as to the stored values, the microprocessor 2120 reads the requested values from local memory 2124 and forwards them to the requester via the communications interface 2128.
Some of the electronic components 2104 are configured to receive an input from an external sensor. Sensors can be configured detect a potential breach of or attempted unauthorized access to a secured asset. For example, a sensor may include a photo detector to detect a change in ambient light as might occur during unauthorized opening of a shipping container. Other sensors are configured to detect a physical breach of a container through one or more embedded sensors that might be compromised if a panel of the container was breached. Still other sensors can include thermal sensors, acoustic sensors, shock and vibration sensors, tipping sensors, etc.
As shown, at least some of the electronic components 2104 can include a high-energy device 2130 located proximate to the local memory 2124. The high-energy device 2130 can include an incendiary device or a small explosive charge (i.e., squib). Upon activation, the high-energy device 130 physically destroys at least a significant portion of the local memory 2124 making it impossible for an adversary to reconstruct data that may have been stored therein. The high-energy device 2130 receives an input signal from a tamper sensor 2132. The tamper sensor 2132 may be the same sensor providing input to the microprocessor 2120, or a separate sensor 2132 as shown. In some embodiments, two sensors are provided, such that a first sensor used to delete memory in response to a sensed event and a second sensor is used to physically destroy memory in response to a sensed event.
In some embodiments, very low power processors 2120 are provided in substrate layers. Very low power, very small processors are currently commercially available, such as the model no. MSP430 series available from Texas Instruments of Dallas, Tex., and the model PIC F10 series, available from Microchip Technology, Inc of Chandler, Ariz., each of which is suitable for being embedded in composite materials in accordance with the invention. Such very low power processors 2120 are designed to run with a power source 2122, such as a permanent battery, for a period of up to ten years, with present device costs starting at about $0.49, and a current size that is approximately one-tenth the size of a penny (4 mm by 4 mm) The size and the cost per unit will probably decrease significantly in the future.
In some embodiments, the structural member is formed of a composite material within which the processors 120 are mounted on a substrate layer. Thus, the composite material replaces standard PVC board on which electronic devices are commonly mounted. To achieve this mounting, the processors are mounted on a substrate fabric, such as a glass fiber, or other type of layer, to allow a resin to flow through the substrate and bond so as to prevent delamination of the resulting composite material. Using very low power processors 2120, applications can run for up to ten years from a single lithium battery 2122.
One or more or any part thereof of the control, sensing, detection, scanning or other techniques described above can be implemented in computer hardware or software, or a combination of both. The methods can be implemented in computer programs using standard programming techniques following the method and figures described herein. Program code is applied to input data to perform the functions described herein and generate output information. The output information is applied to one or more output devices such as a display monitor. Each program may be implemented in a high level procedural or object oriented programming language to communicate with a computer system. However, the programs can be implemented in assembly or machine language, if desired. In any case, the language can be a compiled or interpreted language. Moreover, the program can run on dedicated integrated circuits preprogrammed for that purpose.
Each such computer program is preferably stored on a storage medium or device (e.g., ROM or magnetic diskette) readable by a general or special purpose programmable computer, for configuring and operating the computer when the storage media or device is read by the computer to perform the procedures described herein. The computer program can also reside in cache or main memory during program execution. The technique can also be implemented as a computer-readable storage medium, configured with a computer program, where the storage medium so configured causes a computer to operate in a specific and predefined manner to perform the functions described herein.
Although in the examples described above container 100 was composed of rectangular panels (e.g. corrugated rectangular panels), it is to be understood that in various embodiments one or more of the panels may be curved and/or have any suitable shape. For example, a tank type container may be made up of a cylindrical panel and two circular end cap panels. Similarly, plugs 104 may be of any suitable shape including, for example square, rectangular, circular, oval, polygonal, etc. The plugs may be arranged in any suitable pattern on any number of the panels.
The invention may be embodied in other specific forms without departing from the spirit or essential characteristics thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. The Abstract of the Disclosure is provided with the understanding that it will not be used to interpret or limit the scope or meaning of the claims. In addition, in the foregoing Detailed Description, it can be seen that various features are grouped together in a single embodiment for the purpose of streamlining the disclosure. This method of disclosure is not to be interpreted as reflecting an intention that the claimed embodiments require more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive subject matter lies in less than all features of a single disclosed embodiment. Thus the following claims are hereby incorporated into the Detailed Description, with each claim standing on its own as a separately claimed subject matter.
Claims
1. A container comprising:
- a plurality of panels defining an interior volume of a container, wherein a first panel of the plurality of panels comprises a composite material;
- a first beam detector element positioned within the interior volume of the container to detect an incoming portion of a directed radiation scan beam received from an external scanner comprising a query message modulated thereon and directed through the composite material of the first panel into the interior volume, and to demodulate the query message from within the interior volume of the container, resulting in a demodulated query message;
- a security element positioned within the interior volume of the container to detect an intrusion into the interior volume of the container;
- an identification element positioned within the interior volume of the container, communicatively coupled to the security element and the first beam detector element to store identification information, resulting in stored identification information indicative of an identity of the container, and to produce a response message from within the interior volume of the container based on the demodulated query message, the stored identification information and information received from the security element without breaking a seal of the container when sealed; and
- a transmitter element positioned within the interior volume of the container and communicatively coupled to the identification element to transmit the response message to an external receiver unit, wherein the response is modulated onto an outgoing portion of the directed radiation scan beam passing to the external receiver unit through the composite material of the first panel of the plurality of panels.
2. The container of claim 1, wherein the incoming portion of the directed scan beam and the outgoing portion of the directed scan beam are implemented by means of a radio frequency identification transponder.
3. The container of claim 1, wherein the identification element produces a response message allowing the identity of the container to be verified based on the response message.
4. The container of claim 3, wherein the query message includes a randomly generated number.
5. The container of claim 1, wherein the external scanner determines, from the response sent by the container over a communication channel, one or more material properties of the container, the external scanner inferring from the material properties one of a presence of a nuclear device, an absence of the nuclear device or another security condition, wherein the external scanner in response to inferring the one of the presence of the nuclear device, the absence of the nuclear device or the other security condition, providing one or more numeric values, wherein the one or more numeric values include values associated with the identity of the container, the values being transmitted over the communications channel and stored by the container in the interior volume of the container without breaking the seal, the one or more numeric values responsive to being queried by another scanner, allowing a determination to be made whether any of the one or more numeric values have been altered and, and supporting an inference of a security risk based on the determination.
6. The container of claim 5, further comprising a second panel of the plurality of panels comprising a composite material, wherein the outgoing portion of the directed radiation scan beam exits the container through the composite material of the second panel and is directed onto an external second beam detector element, resulting in a second detected scan beam.
7. The container of claim 6, further comprising:
- a dosimeter positioned within the interior volume of the container, the dosimeter comprising:
- a radon detection element to detect a radon level for the interior volume; and
- a neutron detection element to detect a neutron level for the interior volume, wherein the dosimeter measures the radon level and neutron level, resulting in a measured radon level and a measured neutron level, for a period of time, compares the measured radon level to a first threshold and compares the measured neutron level to a second threshold, resulting in further comparisons, determines dosimeter information indicative of the presence or absence of fissile material within the interior volume based on the further comparisons, and communicates the dosimeter information to one of the identification element, the transmitter element, the first beam detector element, the second beam detector element, or a combination thereof.
8. The container of claim 7, wherein the container comprises a sealed container having a substantially air tight interior volume, and wherein the security element comprises a radon detector unit performing operations comprising:
- detecting a change in radon level, resulting in a detected change, in the interior volume of the sealed container;
- comparing the detected change to an expected change value based on a half-life of radon; and
- indicating the presence or absence of an intrusion into the sealed container based on the comparing of the detected change to the expected change value.
9. The container of claim 5, wherein the identification element irrecoverably alters a portion of the stored identification information in response to one of an intrusion detected by the security element or another detected condition, thereby changing a state of the container such the container cannot thereafter be restored the state prior to detection of the intrusion or other condition
10. The container of claim 6, wherein the first panel comprises a first plurality of plugs of composite material positioned within apertures through a first metal wall, wherein the second panel comprises a second plurality of plugs of composite material positioned within apertures through a second metal wall, wherein a path of the directed radiation scan beam along the interior volume extends through a first plug of the first plurality of plugs and a second plug of the second plurality of plugs, a separation distance between the first and second plugs spanning the interior volume of the container.
11. The container of claim 5, wherein the identification element stores identification information which cannot be transmitted to any scanner or receiver located outside the container.
12. The container of claim 5, wherein the security element comprises a sensor grid embedded in a partially composite panel of the plurality of at least partially composite panels.
13. A method, comprising:
- storing unique identification information and other values to obtain stored information in an identification element within an interior volume of a sealed container, the interior volume being defined by a plurality of panels, a first panel of the plurality of panels comprising a composite material;
- detecting from within the interior volume of the container, a scan beam originating externally from the interior volume of the container and operating according to a predefined protocol and directed into the interior volume of the sealed container through the composite material of the first panel,
- without breaching a seal of the sealed container, remotely identifying the container in response to the detecting of the scan beam based on the unique identity information;
- without breaching the seal of the sealed container, determining in response to the detecting of the scan beam one of a presence of a nuclear weapon or an absence of a nuclear weapon within the interior volume; and
- altering the stored information to obtain altered stored information based on the determination, wherein a remote monitor can identify a dangerous condition based on the altered stored information.
14. The method of claim 13, further comprising receiving the unique identification information originating at a secure trusted location, wherein the unique identification information comprises one of a public key, a private key, a random number, or a combination thereof wherein a copy of at least a portion of the one of the public key, the private key the random number, or the combinations thereof is stored in a remote monitor unit.
15. The method of claim 14, wherein the remote monitor unit is at a first location, the remote monitor unit in communication with a scanning unit at a second location to communicate with the identification element within the container without breaching the seal of the container, query information generated at the remote monitor unit transmitted to the remote scanning unit, the query information being received by an identification unit from the remote monitor;
- applying a hash algorithm at the identification unit to at least some of the query information with some or all of information stored in the container and optionally information developed by the container to produce response hash information; and
- in response to the query information, without breaching the seal of the container, transmitting the response information to the scanning unit, wherein the remote monitor unit, according to the predefined protocol, is able to: identify elements of the information received from the scanning unit; apply the hash algorithm to the elements of the information to produce verification hash information; and compare the response hash information to the verification hash information to verify one of an identity of the container, another condition within the container, or both.
16. The method of claim 15, further comprising, detecting one of an intrusion of the container, a nuclear weapon, or another security breach, and in response to the detecting of the one of the intrusion of the container, the nuclear weapon or the another security breach, one of modifying or destroying a portion of the stored information.
17. The method of claim 13, wherein the scan beam comprises a directed radiation scan beam having a beam energy sufficient to penetrate through the composite material of the first panel but insufficient to penetrate through bulk metal material, wherein the directed radiation scan beam is detectable by a detector unit positioned external to the interior volume, resulting in a detected radiation scan beam having transited a portion of the interior volume, exiting the interior volume through a second panel of the plurality panels, the second panel comprising a composite material, wherein information indicative of material properties of contents of the interior volume is determinable based on the detected radiation scan beam.
18. The method of claim 13, further comprising
- measuring, by a dosimeter positioned within the interior volume of the sealed container, one of a radon level, a neutron level or both in the interior volume over a period of time, resulting in one of a measured radon level, a measured neutron level or both;
- detecting a presence or absence of fissile material within the interior volume based on the measured radon level, the measured neutron level or both; and
- in response to detecting a presence of fissile material, altering a portion of the identification information stored in the identification element.
19. The method of claim 13, further comprising:
- monitoring the container for an indication of an imminent nuclear explosion, and
- in response to a detection of an imminent nuclear explosion, transmitting a message comprising information indicative of the identity of the container.
20. A system, comprising:
- a processor; and
- a memory to store executable instructions that, when executed by the processor, facilitate performance of operations, comprising: detecting from within an interior volume of a sealed container, a directed radiation scan beam originating externally from the interior volume of the sealed container and directed into the interior volume of the sealed container through composite material of a first panel of a plurality of panels defining the interior volume, without breaching a seal of the sealed container, remotely identifying the sealed container in response to the detecting of the directed radiation scan beam based on unique identity information stored in an identification element within the interior volume of the sealed container; without breaching a seal of the sealed container, determining a presence or absence of a nuclear weapon within the interior volume; and generating a signal to allow information associated with the identity of the sealed container to be stored in a remote monitor unit based on determining an absence of a nuclear weapon within the interior volume.
Type: Application
Filed: Aug 11, 2014
Publication Date: Dec 21, 2017
Inventor: Fred Hewitt Smith (Old Town, ME)
Application Number: 14/455,943