Communications: electrical – Condition responsive indicating system – Specific condition
Reexamination Certificate
1999-06-04
2001-01-09
Hofsass, Jeffrey A. (Department: 2736)
Communications: electrical
Condition responsive indicating system
Specific condition
Reexamination Certificate
active
06172606
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to the security of network devices within a computer network.
2. The Prior Art
As is well known, a computer network is formed of a plurality of network devices, such as computers, printers, file servers, etc., which are interconnected such that data communications may pass between the network devices. This functionality may typically be provided by using one or more communication hubs, each having a number of ports to each of which a network device may be connected. In the case where more than one hub is used, a link is provided from each of these to another also via ports on the hubs. In this fashion the network devices are interconnected in a star or tree topology with the communication hubs being the nodes in the arrangement.
Each network device in this topology is therefore connected to the network via a single data cable, which is connected to a port on one of the communication hubs which in turn provides access for that device to the rest of the network devices.
The physical items forming such a network may be numerous and may be spread over a wide area, for instance in an office environment. Also, network devices such as computers are typically quite high value items and thus susceptible to be stolen or otherwise removed without authority. It would however be impractical and perhaps prohibitively expensive to conduct physical checks on the network devices except in the smallest network installation.
For these reasons there have been previously proposed security or alarm systems which automatically monitor the presence of the network devices and provide a visual, audible or other indication upon the removal of a network device.
For instance, in U.S. Pat. No. 5,406,260 there is described a system and method for monitoring the connection of electronic equipment such as remote computer workstations, to a network via a communication link, and detecting the disconnection of the equipment from the network. This system includes current loops internally coupled to protected pieces of equipment and a low current power signal is provided to each of the current loops. Removal of a piece of protected equipment breaks the current flow through the associated current loop and an alarm can be activated.
In network equipment such as that designed for use in Ethernet 10 base T networks there is typically an isolated transformer provided on the data connection to the device, the primary coil of which may be used as the current loop which will be broken on removal of the network device.
In WO97/09667 a different approach to the monitoring of a computer system is described. In this arrangement, each of the monitored computers continuously collects information about itself and supplies the information to a separate alarm centre. The alarm centre activates an alarm if the collected information changes by a significant amount over time. This system thus relies on the presence of active local intelligence in the monitored computers.
WO96/29638 describes a further alarm system for network connected computer equipment. In this arrangement each workstation is provided with an alarm unit which can communicate alarm signals to an alarm centre to indicate an alarm condition.
In these latter two examples of the prior art it is necessary for the monitored equipment to be powered-up all the time during which monitoring takes place while in the first mentioned document above and in the latter two there is no detailed discussion of the control of the system in particular relating to how the system is armed. The whole network is monitored whenever the alarm system is in operation.
SUMMARY OF THE INVENTION
In a first aspect, the present invention provides a computer network arranged to interconnect a plurality of network devices, comprising:
a communications hub comprising a plurality of ports to each of which a said network device may be connected, each port providing electrical connections arranged for the transmission and reception of data, and detection means associated with each of said ports and arranged to be responsive to an alteration in the electrical characteristics presented by said electrical connections, which alteration is indicative, in use, of the removal of a network device from connection to the port,
management means arranged to receive, in use, indications from users of network devices connected to said communications hub of whether the removal of specific ones of said network devices is to be monitored, and
alarm means arranged to provide an indication in the event that said detection means detects the removal of a network device for which the management means has received an indication that its removal should be monitored.
In a second aspect the present invention provides a computer network monitoring means for use in a computer network which interconnects a plurality of network devices and comprises a communications hub having a plurality of ports to each of which a said network device may be connected, each port providing electrical connections for the transmission and reception of data, the monitoring means comprising:
detection means associated with ports in said communications hub and arranged to be responsive to an alteration in the electrical characteristics presented by said electrical connections at each respective port, which alteration is indicative, in use, of the removal of a network device from connection to the port,
management means arranged to receive, in use, indications from users of network devices connected to said communications hub of whether the removal of specific ones of said network devices is to be monitored, and
alarm means arranged to provide an indication in the event that said detection means detects the removal of a network device for which the management means has received an indication that its removal should be monitored.
In this invention a user is responsible for and in control of the security of his or her own equipment. This facilitates a more mobile work style and also enables a more flexible security arrangement than may be possible with centralised control which may not be able to provide individual control for each network item.
In the preferred embodiment, at least some of the network devices are provided with user interface means by which the users may send the monitoring indications to the management means. Preferably, users may send indications from a network device which has an interface concerning whether that device is to be monitored by the system. Additionally, users may be able to send indications concerning whether other network devices, in particular ones which do not have a user interface, should be monitored. In particular, a user of a pc may be able to control from that pc whether removal of associated equipment such as a printer or scanner is to be monitored, in addition to controlling whether removal of the pc itself should be monitored.
In the preferred arrangement, the electrical characteristic which is sensed is the presence or absence of a winding in a conventional isolation transformer provided at the network device. This arrangement means that there is no additional circuitry required in the network device to enable the implementation of the invention.
Advantageously then, in the present invention, a user of the network device can specify whether that device should be subject to the alarm system without having to make specific personal contact with the system administrator.
Also the alarm utilises the data cables which removes any need for specific cable installation and the system is further sensitive to the removal of the devices which are switched off.
REFERENCES:
patent: 5406260 (1995-04-01), Cummings et al.
patent: 5578991 (1996-11-01), Scholder
patent: 5715174 (1998-02-01), Cotichini et al.
patent: 5821868 (1998-10-01), Kuhling
patent: 5926091 (1999-07-01), Svensson et al.
patent: 6064305 (2000-05-01), Lockyer
3Com Technologies
Hofsass Jeffrey A.
Huang Sihong
Weitz David J.
Wilson Sonsini Goodrich & Rosati
LandOfFree
Network security does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Network security, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Network security will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2516436