1.Technical Field
This invention relates generally to computer networks and, more particularly, to a network management and security system for managing, tracking, and identifying remotely located electronic equipment on a network.
2. Discussion
Over the last several years, one of the largest problems in managing the computerized office environment has been identified as controlling the Total Cost of Ownership, or TCO, of the office computer. Controlling TCO includes not only the cost of the asset but also all costs associated with that asset, such as support costs, software costs, and costs due to loss or theft, including hardware, software, and most importantly, information.
An aspect of the support costs of TCO is asset movement. Today, many employees have more than one computer. When that employee is moved to another location, the assets must be moved as well. A typical organization can have as much as 40% of its employees move from one location to another over the course of a year. When these movements occur daily, tracking each asset over time is nearly impossible. There is also the unauthorized movement of assets, such as moving an asset from an employee's office to his or her associated lab area. In addition to these physical movements, the asset may also be changed over time through hardware and software modifications. Even if an asset is successfully tracked over a period of time, the asset may not be the same at the end of the period. Due to this constant asset relocation and reorganization, an organization may not always know where all of its assets are located. In fact, it is very likely that a company may not even know how many assets they own or if those assets are still in their possession. Additionally, an organization that desires to send a message to all of the assets within a particular physical area is limited to relying on databases that correlate the network identification of an asset to where that asset should be located, not where the asset actually is located. Previous attempts to provide asset tracking and management have relied on software solutions that have proven to be fundamentally flawed. Asset tracking and management software is limited in a number of important areas. It is generally incapable of detecting the electrical connection status of equipment, it cannot detect the physical location of equipment, the identifying name of equipment is not permanent, and the monitored assets must be powered-up.
Therefore, a method for permanently identifying an asset by attaching an external or internal device to the asset and communicating with that device using existing network wiring or cabling is desirable. Also, it is desirable to communicate with an asset based upon the physical location of the asset. Additionally, a method of determining when an asset is being removed or added to the network is desirable. It would also be desirable to communicate with the device without requiring the device or the asset to be connected to alternating current (AC) power. Such a device would allow a company to track its assets, locate any given asset, and count the total number of identified assets at any given time, thus significantly reducing its TCO of identified assets.
One method that attempted to control the hardware theft aspect of TCO is disclosed in U.S. Pat. No. 5,406,260 issued to Cummings et. al, (hereby incorporated by reference) which discusses a means of detecting the unauthorized removal of a networked device by injecting a low current power signal into each existing communications link. A sensor monitors the returning current flow and can thereby detect a removal of the equipment. This method provides a means to monitor the connection status of any networked electronic device thus providing an effective theft detection/deterrent system.
It would, however, be desirable to provide a further means in which a networked device may also be identified by a unique identification number using the existing network wiring or cabling as a means of communicating this information back to a central location. More particularly, it is desirable to provide a means for identification that feasibly employs the same cable (and, if desired, the same wires in the cable) that normally carries high frequency data communications in an existing network. In addition, it is desirable to provide an identification system that is easily and inexpensively implemented in an existing network system.
The theft of information is a further aspect of TCO. Today, the most important resources a company has are its employees and the information that they create and accumulate. Information that is available on a company's internal network can range from personnel files and corporate business plans to research and development efforts related to new products. Restricting access to sensitive or confidential information such as personnel files is a high priority for all companies. The use of passwords and limiting access to certain types of information to particular computer stations are typical methods that companies employ to protect information. These passive methods of protecting company information are sufficient to prevent technically unknowledgeable people from gaining access to protected information. However, these methods are usually unable to protect information from a technically knowledgeable person with specialized electronic equipment. The existence of an unauthorized device connected to the company network may indicate the presence of someone with electronic equipment that has the capability to defeat a company's internal security measures. A method of blocking communications with such a device connected to a network is desirable. Further, automatically blocking communications with an unauthorized device is desirable. An active system that interrogates the devices connected to a network and blocks communications with unauthorized devices would provide enhanced security for sensitive information.
A further aspect of support costs is the cost associated with utilization of network bandwidth. Today, the bandwidth of most networks is being constantly increased to meet the increasing need to transmit large quantities of data. In order to provide the required bandwidth costly hardware upgrades must be purchased resulting in an increase in the TCO. To reduce the need for hardware upgrades the use of available network bandwidth is dedicated to data that is required for the operation of application programs. Using valuable network bandwidth to provide a means of identifying assets would either limit the availability of bandwidth for application programs or require the purchase of new hardware. Additionally, using network bandwidth for asset identification would limit the identification system to operating only when the asset has AC power applied. Assemblies within the asset would have to be operational in order to transmit data over the network. Requiring power to be applied to every monitored asset would limit the capability to identify all the assets connected to a network at any particular time. Therefore, it is desirable to provide a means for asset identification that does not use existing network bandwidth. Such a device would more fully utilize existing network resources without increasing the TCO associated with network bandwidth.