BOSCH CPP13 Cameras Security Systems Instruction Manual

: June 15, 2024
: Bosch

Table of Contents

BOSCH CPP13 Cameras Security Systems
Product Information
Changes

BOSCH CPP13 Cameras Security Systems

Product Information

Specifications

Product: Security Systems
Manufacturer: Bosch
Model: BT-VS/MKP
Firmware Version: 8.90.0037
Supported Products: CPP13 cameras

General

The Security Systems from BT-VS/MKP, manufactured by Bosch, provide advanced security features for various applications. This product is designed to ensure the safety and protection of your premises.

Important Notes

The firmware files are now signed using a two-factor authentication process to enhance security. This prevents the installation of non-released versions on production systems.
For pre-release (beta) versions, a special license must be installed before the firmware update. Requests for pre-release versions should be made through tech support tickets and require customer approval.

Originally Manufactured Certificate

Starting from firmware version 6.30, all cameras are prepared to receive a unique Bosch certificate during production. These certificates, assigned and enrolled by Escrypt LRA, validate that each device is an original Bosch-manufactured and untampered unit.
Enrollment of the certificates is done independently of this firmware release.

Secure Element (TPM)

The Security Systems incorporate a Secure Element (TPM) for enhanced security measures. The Secure Element provides secure storage and processing of cryptographic keys, ensuring the integrity and confidentiality of sensitive information.

Open Source Software

Bosch Security Systems supports the integration of open-source software into its products. The use of open-source software is indicated in the Service menu on the System Overview page of the camera’s web interface.
For more information about open-source software in Bosch Security Systems products, please visit http://www.boschsecurity.com/oss.

New Features

The latest firmware version (8.90.0037) introduces the following new features:

Improved torque for increased pan speed
Enhanced pan accuracy tolerance
Updated port configurations:
- RCP+: CONF_RCP_SERVER_PORT
- HTTP: CONF_LOCAL_HTTP_PORT
- RTSP: CONF_RTSP_PORT
- iSCSI: CONF_ISCSI_PORT

Changes

Due to optimization, the originally requested pan speed has been decreased to provide more torque. The camera will continue to pan, and the preposition title will not be displayed until the pan position is within the preset accuracy tolerance.
Users who are currently using insecure connections are advised to switch to a secure connection before performing the firmware upgrade. This will help avoid the need for reconfigurations. However, users can still enable these ports later if required.

FAQ

Q: How can I obtain a pre-release (beta) version of the firmware?

A: To request a pre-release version of the firmware, please submit a tech support ticket. The request will be reviewed and may require customer approval in the form of a concession.

Q: What is the purpose of the Bosch certificate mentioned?

A: The Bosch certificate, assigned and enrolled by Escrypt LRA, validates that each device is an original Bosch-manufactured and untampered unit. This certificate enhances the security and authenticity of the product.

Release Letter

Products:	*H.264/H.265 Firmware for CPP13 cameras*
Version:	*8.90.0037*

This letter contains the latest information about the above-mentioned firmware version.

General

This firmware release is a release based on FW 8.90.0036 for the Common Product Platform 13
(CPP13), covering both CPP13 INTEOX-based products and CPP13 non-INTEOX-based products.
INTEOX cameras are CPP13 cameras that combine the strengths of our Bosch firmware with the openness ecosystem provided by Azena company, formerly known as Security & Safety Things.
Before upgrading the firmware version 8.90.0036, make sure your CPP13 camera has the firmware version 8.12.0005 or higher installed. The reasons behind this prerequisite can be found on page 9 of this release letter, in section 8.1 “Changes with 8.40.0029”.
Changes since the last release are marked in blue.

Applicable products

Fixed cameras

FLEXIDOME inteox 7100i IR
DINION inox 7100i IR

Moving Cameras (PTZ)

AUTODOME 7100i – 2MP
AUTODOME 7100i IR – 2MP
AUTODOME 7100i IR – 8MP
AUTODOME inteox 7000i
MIC inteox 7100i – 2MP
MIC inteox 7100i – 8MP

Important notes

Two-factor authenticated firmware signature
The security of the signature of the firmware file has been strengthened by using a two-factor authentication process for signing the final released firmware file.
The new signature protects from non-released versions being installed in production systems. As a result, pre-release (beta) versions, required sometimes in projects, need to have a special license installed before the firmware update.
Requests for pre-release versions need to be handled via tech support tickets to allow tracking and require a concession signed by the customer.

Originally manufactured” certificate

Since firmware version 6.30 all cameras are prepared to receive a unique Bosch certificate during production, assigned and enrolled by Escrypt LRA. These certificates prove that every device is an original Bosch-manufactured and untampered unit.
Escrypt is a Bosch-owned company, providing the Bosch certificate authority (CA).
Enrollment of the certificates in production is asynchronous to this firmware release.

Secure Element (TPM)

All CPP13 devices incorporate a new secure microcontroller, which we call our Secure Element.
A Secure Element is a tamper-resistant platform capable of securely hosting applications and their confidential and cryptographic data (for example cryptographic keys) under the rules and security requirements set by well-identified trusted authorities.1
In this specific case, the requirements are defined in the Trusted Platform Module library specification defined by the Trusted Computing Group (TCG). As the Secure Element supports the main functionalities specified by TCG, the ones needed for an IoT device, it is often referred to as a “TPM”. Due to security reasons, the firmware or functionality of the secure crypto-microcontroller cannot be altered in the field.
Thus, not all new security features become available on devices with older secure crypto-microcontroller hardware or firmware revisions.

Open Source Software

Bosch Security Systems is an advocate of integrating open-source software into its products. The use of open-source software is noted in the Service menu on the System Overview page of every camera’s web interface.
For general information regarding open-source software in Bosch Security Systems products, please visit http://www.boschsecurity.com/oss.2
https://globalplatform.org/wp-content/uploads/2018/05/Introduction-to-Secure-Element-15May2018.pdf,
Examples: This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/).
This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This software is based in part on the work of the Independent JPEG Group.
BOSCH and the symbol are registered trademarks of Robert Bosch GmbH, Germany

New Features

We are excited to announce that we are upgrading the Operating System of our CPP13 cameras to Android 10.
This update marks an advancement in our camera’s capabilities and brings a host of improvements to enhance mainly the security aspects of our CPP13 products.
With this update, we have implemented updated security patches and measures, ensuring that our devices are more resilient to potential threats and vulnerabilities.
For the convenience of users using Web browsers for the initial setup of our cameras, we now allow disabling/enabling Video Content Analysis (VCA) via our Web user interface.
However, the configuration of the VCA detection still requires Configuration Manager as a desktop software.
Our MQTT solution to allow connection with MQTT brokers was updated to allow DNS (Domain Name System) as an acceptable address entry format.
The cameras now support intermediate certificates.

Changes

Motor Control Changes

A higher current is now used in cold temperatures to provide more power at cold temperatures.
In rare instances where a pan motor stall is detected while moving to a preposition, the originally requested speed is decreased to provide more torque.
The camera will then continue to pan and the preposition title will not be displayed until the pan position is within the preset accuracy tolerance.
The queue size for ONVIF objects is increased to 64 IVA objects.
An issue is fixed where the Playback Tours was not operating correctly when the Intelligent Tracker of the moving cameras was activated.
An issue was fixed where the hostname is not shown in a DHCP server (Windows Server 2019).
An issue is fixed where the ONVIF metadata stream is not showing the Object ID on the Line crossing events.
An issue is fixed where VCA marked regions were moving when the moving camera was moved by using the PTZ interfaces.
An issue is fixed where the SNMP trap community name cannot be changed.
Some legacy RCP+ commands received a higher authentication level to further reduce the attack surface and improve security by default.
As best practice to reduce potential attack surfaces and limit the exposure of sensitive services, we are disabling certain ports by default:
RCP+: CONF_RCP_SERVER_PORT
HTTP: CONF_LOCAL_HTTP_PORT
RTSP: CONF_RTSP_PORT
iSCSI: CONF_ISCSI_PORT
Users using insecure connections are advised to change to a secure one before the firmware upgrade to avoid the effort of reconfigurations.
Users can still enable these ports later if needed.
To raise the cybersecurity protection for customers making use of SNMP, a vulnerable command was replaced by a safe one.
An issue with DHCP being started before EAP authentication, causing the authentication to fail when no IP address was set via DHCP, was fixed.

System Requirements

For configuration purposes:

Bosch Project Assistant 2.0.1 or higher
Bosch Configuration Manager 7.70 or higher
Web Browsers:
Google Chrome
Microsoft Edge (chromium-based)
Mozilla Firefox

For operation purposes:

Bosch Video Security app 3.2.1 or higher
Bosch Video Security Client 3.2.2 or higher
Bosch Video Management System 10.0.1 or higher
Bosch Video Management System Viewer 10.0.1 or higher

Restrictions; Known Issues

Licensing System

After rebooting the camera during the installation of a license, the license information might become not reachable via RCP commands.
Consequently, the information about the license won’t be displayed on servers/devices/interfaces that use RCP commands to communicate with the camera. A fix for the issue will be available on short notice.
The functionalities that are enabled by the Licenses continue to operate properly, despite the communication failure.

Video Content Analysis (VCA)

The accuracy of dynamic privacy masking of VCA shapes relies on the scene-specific performance of Intelligent Video Analytics.
Steering direction issue for the displayed field of Global VCA in an inverted mode of PTZ cameras
Intelligent Tracking performance will receive upgrades on upcoming releases to boost its performance.
The traffic tracking mode, part of the IVA Pro Traffic Pack is not supported when image rotation is 90 or 270 degrees.
While using the Web Browser live view, when a moving camera moves after start tracking an object, the line that displays the trajectory of the tracked object is dislocated in the same direction as the camera movement.
This limitation only affects the display of the trajectories and is restricted to the GUI. These trajectories wrongly displayed on the GUI are always identified and corrected in other clients and can’t trigger alarms and events.

3rd party apps

For app deployment in offline, LAN scenarios it is possible to use the S&ST Device Management Tool as an alternative to Configuration Manager.
Stream/encoder settings as well as permanent metadata display has no effect on the video stream processed by 3rd party apps – only privacy masks apply to 3rd party apps
3rd party app ONVIF events can be sent to clients, ONVIF metadata will follow in a later release.
Part of the dedicated hardware for accelerated neural-network-based Video Analytics is reserved to Bosch in this firmware release. It will be made available in a subsequent release allowing for even better performance for specific apps from Azena which make the use of the neural-network accelerator.
Traffic detection provided by IVA and AI detectors can be affected when the camera simultaneously operates its maximum resolution and 3rd party apps

Encoding

Encoder region configuration settings will be added in a later release.
To fix the critical issue causing network drops on 8.47.0026, we had to disable an optimization made by Qualcomm on the QP parameters (encoding quantization) of our CPP13 cameras.
As a consequence, it is expected that with FW 8.48.0017 higher bitrates are observed versus 8.47.0026, but the bitrate matches FW version 8.46.0030 and lower. Those bitrates can be controlled to some extent by limiting the max bitrates of each stream according to the bitrates budget supported by the customer integration system.
A solution striving to optimize the encoding process to better control the bitrates generated by the camera is under development and we expect it to be available with the next firmware release of CPP13.

Recording

Long-term rate control and low-bitrate features have been excluded from this release.
The possibility that in certain cases non-recording profiles are not correctly displayed.
Small deviations between the selected frame rate and the fps provided by the camera may be noticed during recording

DIVAR hybrid/network

The DIVAR hybrid/network is not compatible with the new encoder concept of the cameras.

Miscellaneous

To enhance cybersecurity protection, passwords are no longer stored in the configuration file
Basic VMS integration at the start, full integration in progress with VMS partners.
Dashboard – Device status can indicate active streams without an actual live connection.
After changing the IP address to a fixed IP via DHCP, the syslog may continue to output the DHCP address as an identifier. To fix it a reboot must be performed.
NTP server cannot be set via DHCP.
The “Double-tap” feature for inverted mode moves in the opposite direction
Updating a configured traffic detector from FW 7.75 to FW 8.10 is not possible. The traffic detector needs to be configured newly.
CPP13 Fixed camera models do not support the Toshiba SD card model “Exceria M301-EA R48 microSDHC 32GB, UHS-I U1, Class 10”.
For both moving and fixed camera models, NTCIP commands related to adjusting lens position/configuration are still operating with restrictions. In that sense, unexpected behaviors may be experienced.
For fixed camera models, the list of NTCIP commands is still restricted. An update of the list, with clear capabilities and limitations will be provided on the upcoming releases.
When requesting a JPEG snapshot the privacy masks generated by the Privacy Mode (based on object detection) won’t be displayed.
On the “Installer menu” of the AUTODOME 7100i cameras, an option entitled “Camera LED” is available. This configuration relates to the LED that signals that the SD card is working properly. This functionality shall only be activated for maintenance and technical verification, as the light emitted by the LED may be detrimental to the quality of the camera image. A more sophisticated solution for the activation of the LED will be implemented in the upcoming release and the current option on the “Installer menu” reviewed to reflect the change.
The firmware downgrade of a camera running firmware 8.90.0036, or higher, into version 8.48.0017, or lower, will generate a factory reset of the camera.
This limitation is created since former versions of firmware were using a different version of the Operational System (Android 8). Because of the factory reset, the camera would delete all configuration settings, so in order to prevent our customers to get their configuration deleted without proper awareness we introduced a mechanism that doesn’t allow the downgrade from a firmware using Android 10 to a firmware version based on Android 8. This mechanism is enabled as default after the upgrade of firmware version 8.90.0036, or higher. If users are still interested in downgrading to an older version, the mechanism can be deactivated by installing the following license:
Enabling the downgrade to an Android 8-based firmware version: 22-01.86.01-53A537EB-80779FA1-48ECFB88-8F474790-2A5EED92 And the mechanism can be re-activated by installing:
Disabling the downgrade to an Android 8-based firmware version: 22-01.86.00-C8EBB875-81BB3BE6-6A1D94D7-5B5BBAB4-6DF9826B
Note: Some of the above-mentioned issues are deviations from the datasheet.

Previous Releases

New Feature with 8.48.0017

General improvements on image quality tuning of:
AUTODOME 7100i – 2MP
AUTODOME 7100i IR – 2MP
AUTODOME 7100i IR – 8MP

Changes with 8.48.0017

It was identified on FW 8.47.0030 as a critical issue causing network drops on CPP13 cameras for some users.
The issue was caused by a malfunction in the DSP (Digital Signal Processing) of our cameras resulting in a loss of network connection to the camera. This issue could only be fixed via a power cycle was completed.
It is still unclear in which conditions the issue was reproduced, but there are strong indications that the following parameters influence how often the issue is reproducible:
Cameras recording into a Storage Management Device
SD card inserted
Camera using VCA busy scenes with multiple objects moving on the field of view
Multiple alarms set
At BOSCH, we strive to provide high-quality and reliable products to our customers. We have thoroughly investigated the reported network drop issue and have developed a solution in the form of this firmware update.
We strongly encourage all users to install this firmware update as soon as possible to benefit from the improved functionality and avoid any potential network drop issues.
The firmware 8.48.0017 fixes a malfunction causing the “Focal length” value to be wrongly displayed in clients which affected mainly the calibration of CPP13 cameras. This bug was not reproducible on other versions, being restricted to 8.47.0030.
An issue is fixed where the secure element could be permanently damaged due to wear-out of its internal flash memory. This issue is only applicable if video authentication is enabled with default settings, using MD5, SHA1, or SHA256 as a hashing algorithm.
The error was introduced with FW 8.50 and has affected all firmware versions since. For more details refer to our Security Advisory BOSCH-SA-435698-BT, published on our Security Advisory web page:
https://www.boschsecurity.com/xc/en/support/product-security/security-advisories.htmlor visit our PSIRT website at https://psirt.bosch.com.

Changes with 8.47.0026

With the introduction of the new AUTODOME 7100i (IR), the CPP13 platform includes from now on both INTEOX and non-INTEOX products.
Those two groups of products have the same SoCs (system-on-chip) and the same feature set of functionalities, being the only difference between them is the access to Azena’s ecosystem, which is limited to the INTEOX products.
B Frames, previously only supported up to the resolution of 1920×1080 on CPP13 cameras, is from now on completely disabled.
To avoid issues while running IPV6 on CPP13 cameras, the MTU minimum size was changed to 1280.

Changes with 8.47.0026

This release introduces the core functionality of the new CPP13 cameras – AUTODOME 7100i IR.
Introduction of new Intelligent Video Analytics (IVA) Pro Packs with new licenses:
All CPP13 cameras are equipped with IVA Pro Buildings Pack. Based on deep learning, the IVA Pro Buildings Pack is ideal for intrusion detection and operational efficiency in and around buildings. Without the need for any calibration, it can reliably detect, count, and classify persons and vehicles in crowded scenes.
The IVA Pro Perimeter Pack is well-suited for reliable long-range intrusion detection, alongside perimeters of buildings, energy facilities, and airports even in extreme weather. Based on advanced background subtraction, it can detect crawling, rolling, and other suspicious movements inside, outside, and under various environmental and lighting conditions while minimizing false triggers. All CPP13 cameras are equipped with an IVA Pro Perimeter Pack. It also includes a Camera Trainer.
The IVA Pro Traffic Pack is designed for ITS applications such as counting and classification, as well as Automatic Incident Detection. Robust algorithms based on deep neural networks are trained to detect and differentiate persons, bicycles, motorbikes, cars, buses, and trucks while ignoring potential disturbances caused by vehicle headlights or shadows, extreme weather, sun reflections, and shaking cameras. IVA Pro Traffic Pack is an additional, licensed option on the CPP13 cameras that can be added to any of the platform models, including moving (PTZ) and fixed cameras.
Cameras purchased as OC (Object Classifier) are pre-equipped with the IVA Pro Traffic Pack, so for those models, no additional license is required.
The IVA Pro Intelligent Tracking Pack is an additional, licensed option on the moving (PTZ) CPP13 camera models which adds sophisticated AI versions of the PTZ-specific video analytics while the PTZ is moving and Intelligent Tracking, where the PTZ follows a target object automatically. Moving as well as stationary persons and vehicles are automatically detected and classified, adding high reliability against false detections for perimeter scenes and allowing for a better understanding of more complex vehicle and pedestrian traffic scenarios and situations such as when vehicles and pedestrians are selected to be tracked by the functionality are temporarily stopped in transit due to traffic lights, traffic jam or traffic accidents. If the IVA Pro Traffic Pack is available on the camera, the subclasses car, truck, bus, bicycle, and motorbike are supported as well.
Video analytics while the PTZ is moving will switch automatically to the AI-based version when the license is available, while the Intelligent Tracking will switch between the older version more suitable for mission-critical perimeter scenes, and the new AI version for more densely populated scenes like traffic-based on the video analytics versions from where it was started.
A new pattern for the Static Privacy Masks of the camera is now available. The “Auto” pattern collects pixel colors which are located on the border of the mask limits, and merges them to create a pattern based on the mix of colors.

Changes with 8.46.0030

The implementation for network authentication using the 802.1x protocol, available since the firmware version 8.40.0029, now offers support for the SHA384 (Secure Hash Algorithm).
SD card Auto-formatting, removed from 8.45.0032, is now re-enabled for all CPP13 camera models.
A bug that caused a loss of camera calibration after a camera reset has now been fixed.
The MTU minimum size accepted by INTEOX cameras is now 1280.

New Features with 8.46.0030

Better performance on detection and metadata handling for stationary objects using Intelligent Video Analytics:
Correcting wriggling bounding boxes of stationary objects to stay still
Allowing users to output stationary objects in the metadata or not, separated by person/vehicle. If the vehicle is enabled, all subclasses are enabled as well.
Possibility to set a stationary flag in the metadata for 2D and 3D tracking.
3D Measurements of width, height, and depth, for objects detected by the traffic detectors (Object Classifier).
Improvement in the performance of the 2D traffic tracking mode:
to output color and direction.
to get a shape polygon in addition to the bounding box.
to count a single object when a motorcycle or bicycle is detected – don’t count the rider separately as a new object.
For the static privacy masks of CPP13 cameras, a new pattern based on a blur filter is now available.
For the permanent metadata display of CPP13 cameras, available on the “encoder streams” menu, an extension has been implemented in a way that besides the privacy pattern, using pixelization of video, a pattern based on a blur filter can be selected for masking objects detected by the camera.
To ensure the reliable performance of the Privacy mode, the permanent metadata display feature that applies a mask over objects detected by the camera, we restricted the simultaneous usage of the feature to two streams.
From 8.46.0030 on, in order to be able to activate the feature is necessary to first select the Privacy mode option on the “Installer Menu” and then set the desired permanent metadata display configuration on the “Encoder Menu”.

Changes with 8.45.0032

The settings of the feature “Sector and Preposition”, available on the INTEOX moving camera models, support now up to 40 characters as input on the “titles” field.
An enhancement on the “Privacy Mode” was introduced to improve the stability of the privacy masks, generated via object detection, on scenes with more than 30 objects. In that sense, we aim to prevent potential glitches in the mask’s generation even on complex scenes.
A new mechanism for SD card recording and management was introduced to fix undesired behaviors observed in previous versions of the firmware, especially when the cameras were set to the maximum of their streaming/recording capabilities.
4CIF aspect ratio is now a supported resolution (704×576).

New features with 8.45.0032

This release introduces the core functionality of the new INTEOX cameras – AUTODOME 7100i.
An IR intensity control via slider was introduced on the “Imaging” menu of the INTEOX fixed camera models.
Certificates and Certificate Signing Requests (CSRs) with a key length of 4096 bits can now be used on all the CPP13 camera models. For the CPP13 products which are equipped with the FIPS-certified secure element the possibility of generating keys is limited to 3072-bit length; those with the standard secure element allow generation of up to 4096-bit key length. Using the hashing algorithm of up to SHA256, those certificates can be applied for HTTPS, EAP-TLS and user authentication usages.
Since firmware version 8.40.0029, TLS 1.3 is supported, including the possibility to set either TLS 1.3 or TLS 1.2 as the minimum TLS version. A UI to support this selection on CPP13 camera models is now available via Configuration Manager and Web-UI.

Changes with 8.41.0029

There was an enhancement on the Privacy Mask solution offered for the fixed camera models. From now on, users can configure up to 8 independent masks and adjust their shapes by using geometrical nodes around the area they want to protect.
Due to an increase in security restrictions related to the most common web browsers, the options to exchange the BOSCH logo for a “Company logo” or “Device logo” were removed from our Web-Interface (Web Interface > Appearance Menu).

New features with 8.41.0029

A mechanism to allow the IR LEDs of the fixed camera models to be either automatically set or permanently disabled was introduced. This functionality is initially available via Web Interface
(image settings), but soon will be available as well via Configuration Manager, on an upcoming release of the software.
In addition to the ONVIF Profile M support available since version 8.40.0029, the possibility to forward MQTT events is now enabled on CPP13 cameras. Currently, the events covered by the implementation are restricted to events generated exclusively by the BOSCH Firmware like the VCA alarms.
The MQTT configuration via Configuration Manager will be available from the Configuration Manager version 7.60 or higher, however, it is already possible to configure the MQTT of the camera while using ONVIF tools to configure it.
Initially, this implementation doesn’t include support to forward MQTT events generated by 3rd party Apps. The support for this kind of event should be available in an upcoming release. Meanwhile, the metadata forwarding options from data generated by Azena’s 3rd party Apps are restricted to:
ONVIF pull-point for events and notifications generated by Apps, to be configurated according to ONVIF tools capabilities.
App message forwarding based on Azena’s “Message Broker” solution, which includes the possibility to share messages and data with 3rd party devices*. This service must be configured via Azena’s Integration Assistant, and in case of trouble integrating the data Azena’s Tech support team should be contacted.
To guarantee integrability via “Message broker”, it is necessary that the 3rd party App used allows the use of the functionality.

Changes with 8.40.0029

At the last release, entitled 8.12.0005, it had been reported that releases of firmware related to INTEOX cameras would start providing customers with 3 different firmware file options so that the users would need to choose which file to upload according to the type of camera to be updated:
A file is exclusive for fixed cameras.
A file is exclusive for moving cameras.
A combined file valid for both fixed and moving cameras.
However, due to a system upgrade, this change has been reverted and the universal file system, which allows the latest version of firmware to work on all INTEOX cameras regardless of model type, is back. So, from version 8.40.0029 onwards there will be offered only one kind of firmware file:
A combined file valid for both fixed and moving cameras.
Our partner, formerly known as Security & Safety Things, went through a name change process and is now called Azena. The functionalities, features, and dependencies between the camera’s firmware and the Azena ecosystem remain the same, in a way that the only change was the updating of the name of the references to this partner in our interfaces.
A dynamic privacy mask enhancement has been introduced in this new FW version. The maximum number of objects that can be detected and protected by the privacy mask (Encoder Stream privacy mode) has been increased, while the accuracy of mask placement on the image has been improved.
The icon typically displayed on-screen to represent the feature “Intelligent Tracking” has been changed.
Due to a change in the Dropbox API, the support for Dropbox will be deprecated.
We are working on providing an alternative, which will be announced with a future firmware version.

New Features with 8.40.0029

ONVIF Profile M is now supported by INTEOX cameras.
Intelligent Tracking Introduced into CPP13 moving cameras. This feature allows the camera to automatically zoom in and follow a selected Intelligent Video Analytics object, as far as possible with the camera. Information on how to operate and configure this feature is available on the following link:
How to configure Intelligent Tracking for Bosch cameras? (link)
SNMPv1 and SNMPv3 are now included on the list of protocols supported by CPP13.
NTCIP is now included on the list of protocols supported by CPP13. For moving camera models most of the commands associated with this protocol are now fully supported, while for the fixed cameras the support for this protocol is still limited. It’s expected to enhance the support offered via this protocol in upcoming firmware releases. NTCIP must be activated on the cameras via a license.
SD Card recording with the MIC into 7100i models is now enabled.
Support for communication between the “MIC into 7100i – 8MP” and external Alarm I/O Box has been introduced.
A framerate switch mechanism was introduced into this firmware version, in a way that now it is possible to change the video frame rate scale according to the options offered by the camera model used:

Camera Model	Default framerate (fps)	Other framerate scales available(fps)
MIC inteox 7100i – 2MP	30	25 / 50 / 60
MIC inteox 7100i – 8MP	30	25
FLEXIDOME inteox 7100i IR	30	25
DINION index 7100i IR	30	25
AUTODOME inteox 7000i	30	–

Notes:

A video framerate change can be performed either via Web-UI or Configuration Manager (version 7.60 or higher).
A system reboot will be enforced to confirm the selected video frame rate configuration.
Before performing a firmware downgrade from version 8.40.0029 to 8.12.0005 or older version, its necessary to configure the video frame rate to 30 fps in advance.
When this condition is not fulfilled the camera may show no video after the re-start and, in order to bring the camera back to its former operating status, a configuration reset would need to be performed – a factory default reset is not required.
When using the configuration upload option to change de video frame rate configuration, two enforced reboots may be required to get the video.

Changes with 8.12.0005

This release adds the tools and features that allow us to offer in the next INTEOX firmware releases three options of firmware files.
This alternative will give the user the freedom to choose between uploading the file according to the product type or opting for the combined version that covers the entire INTEOX platform.
From the next release there will be three options for the INTEOX firmware files:
A file was exclusive for fixed cameras.
A file is exclusive for moving cameras.
combined file valid for both fixed and moving cameras. Change reverted with 8.40.00029.

New Features with 8.10.0005

This release introduces:

the core functionality of the two new INTEOX camera products – FLEXIDOME inteox 7100i IR; and DINION inteox 7100i IR.
the support for the new Bosch Security and Safety Systems AI detectors, and its functionalities.
features associated with traffic detection have been implemented in the new version of Intelligent Video Analytics (IVA), as part of the support for the new AI detectors. To have access to the details of these changes please refer to the IVA 8.10 release letter.

Changes with 8.10.0005

The license ID for 3rd party apps is now displayed on the Remote Portal.
The alarm stamping size is now configurable.
An alternative to factory reset through the Web interface has been developed, eliminating the need to perform the reset through the physical boot of the device.
China standard GB/T 28181 has been put under a global license. When GB/T 28181 is not available it can be disabled with a global license key.
This is irreversible for customers and can only be reversed via service and repair.
The license also prohibits downgrading to earlier versions which provided GB/T 28181 as a standard feature.
The license key to disable GB/T 28181 is: 22- 01.47.01-BF365391-21ABCB3D-28699CE4-3BD3AB09-FE25CD61

Changes with 7.75.0008

During a penetration test, Kaspersky Lab, which was contracted by Bosch for IP camera security maturity certification, detected some vulnerabilities which required immediate actions to ensure the security of installations using our cameras.
For more details refer to our Security Advisory BOSCH-SA-478243-BT, published on our Security Advisory web page https://www.boschsecurity.com/xc/en/support/product-security/security-advisories.html
or visit our PSIRT website at https://psirt.bosch.com.
An issue with reflected XSS in the URL handler is fixed (CVE-2021-23848).
An issue with denial of service due to an invalid web parameter is fixed (CVE-2021-23852).
An issue with improper input validation of the HTTP header is fixed (CVE-2021-23853).
An issue with reflected XSS in the page parameter is fixed (CVE-2021-23854).

Changes with 7.75.0006

Fixed a few bugs and first and foremost further enhanced computational acceleration of analytics workloads for even better AI performance.
Added enhanced vehicle detector functionality available with “-OC” (Object Classification) CTN cameras. The AI-based vehicle detector identifies vehicles with more accuracy than the core IVA. Even in dense traffic, the AI-based vehicle detector reliably separates vehicles for accurate counting results.

New Features with 7.70.00098 – very first release for INTEOX cameras

Note: This section uses the feature set of FW 7.61 for CPP7.3 as a baseline.
Camera functionality customization via secure execution of 3rd party apps from trusted sources
Sandboxed environment protects Bosch firmware functionality from malfunctioning apps
Trusted apps can be found at the Security & Safety Things App Store
Integration into Security & Safety Things ecosystem via Bosch Remote Portal (cloud-connected app deployment) or Configuration Manager 7.20 and above (app deployment in a local network)

Security

Support for next-generation Secure Element microcontroller (“TPM”)
Secure storage of cryptographic keys (supporting up to 4096-bit RSA keys)
Future-proof until 2031 and beyond3
High-risk target protection-grade, certified with Assurance Level (EAL) 6+4
Please also refer to section 3.3. in this document
Remote Device Management (p.14) via Bosch Remote Portal supported as well (feel free to check out this webinar)

Streaming

More flexibility
Full triple streaming with stream prioritization
Selectable H.264/H.265 coding standard per stream
8 independent Encoder profiles per stream
Frame and bit rate test functionality to analyze stream performance and bitrates

Video Content Analysis (VCA)

Support of Artificial Intelligence based analytics for Bosch Intelligent Video Analytics and 3rd party apps
Better detection performance
Detection of moving and still objects
No need for calibration for use cases where object size and speed do not matter
Permanent metadata display per stream for visualization of metadata and object trajectories, for easy and quick integration into VMS systems and recordings
Dynamic privacy masking of VCA shapes per stream

On-screen Display

Custom size fonts [1-1000] for Screen Display text for better readable OSD on big monitors
Increased embedded Logo resolution (1024×1024) and color depth (16M) on video streams
Mosaic Privacy Masks to still see movement behind a mask
According to NIST Special Publication 800-57, part 1, p. 56
Based on Common Criteria for Information Technology Security Evaluation out of 7 levels according to ISO/IEC 15408
BOSCH and the symbol are registered trademarks of Robert Bosch GmbH, Germany