[go: up one dir, main page]

GB2527504A - Monitoring system for data communication / electrical signalling cables - Google Patents

Monitoring system for data communication / electrical signalling cables Download PDF

Info

Publication number
GB2527504A
GB2527504A GB1410940.9A GB201410940A GB2527504A GB 2527504 A GB2527504 A GB 2527504A GB 201410940 A GB201410940 A GB 201410940A GB 2527504 A GB2527504 A GB 2527504A
Authority
GB
United Kingdom
Prior art keywords
communication port
monitoring system
monitoring
data processing
communication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB1410940.9A
Other versions
GB201410940D0 (en
Inventor
Andrew Barry Stephen
Bernard Cavan Connor
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Audiotel International Ltd
Original Assignee
Audiotel International Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Audiotel International Ltd filed Critical Audiotel International Ltd
Priority to GB1410940.9A priority Critical patent/GB2527504A/en
Publication of GB201410940D0 publication Critical patent/GB201410940D0/en
Publication of GB2527504A publication Critical patent/GB2527504A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/85Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices
    • GPHYSICS
    • G01MEASURING; TESTING
    • G01RMEASURING ELECTRIC VARIABLES; MEASURING MAGNETIC VARIABLES
    • G01R31/00Arrangements for testing electric properties; Arrangements for locating electric faults; Arrangements for electrical testing characterised by what is being tested not provided for elsewhere
    • G01R31/50Testing of electric apparatus, lines, cables or components for short-circuits, continuity, leakage current or incorrect line connections
    • GPHYSICS
    • G01MEASURING; TESTING
    • G01RMEASURING ELECTRIC VARIABLES; MEASURING MAGNETIC VARIABLES
    • G01R31/00Arrangements for testing electric properties; Arrangements for locating electric faults; Arrangements for electrical testing characterised by what is being tested not provided for elsewhere
    • G01R31/08Locating faults in cables, transmission lines, or networks
    • GPHYSICS
    • G01MEASURING; TESTING
    • G01RMEASURING ELECTRIC VARIABLES; MEASURING MAGNETIC VARIABLES
    • G01R31/00Arrangements for testing electric properties; Arrangements for locating electric faults; Arrangements for electrical testing characterised by what is being tested not provided for elsewhere
    • G01R31/50Testing of electric apparatus, lines, cables or components for short-circuits, continuity, leakage current or incorrect line connections
    • G01R31/58Testing of lines, cables or conductors
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Small-Scale Networks (AREA)

Abstract

A monitoring system for monitoring electrical signal cables 21, 23 between data processing devices 9, 10 has a first communication port 20 for coupling to a first cable 21 and a second communication port 22 for coupling to a second cable. First and second sensing mechanisms 1, 2 and sense circuits 3, 4 detect a change in impedance or voltage seen at the first and second communication ports. A signal pass-through communication channel 14 between the first and second communication ports enables transmission of electrical data signals between the ports. A control unit generates an alert signal upon detection of a change in impedance or voltage that is independent of any data signal transmission. An antenna 8 may wirelessly transmit a signal to a central monitoring station 16. The system is used to monitor data cables, e.g. USB or Ethernet cables, between processing devices for disconnection or e.g. illicit addition of a logging device.

Description

MONITORING SYSTEM FOR DATA COMMUNICATION / ELECTRICAL SIGNALLING
CABLES
The present invention relates to apparatus and methods for monitoring electrical cables and connection ports for data communication to and from data processing devices.
The security of data processing systems such as computer work stations and personal computer systems can be significantly compromised if an unauthorised person is able to interfere with a data communication channel to and from the data processing system. For example, if a keystroke logging device is installed between a keyboard and the host computer, sensitive or confidential data which is entered via the keyboard, such as passwords and user names, may be intercepted by the keystroke logging device without the knowledge of the user or manager of the data processing system. Similarly, if a logging device is installed between the video output of a data processing system and a video display device coupled thereto without the knowledge of the user or manager of the data processing system, the content of displayed information may be captured by a third party and its security compromised.
More generally, there are many points where electrical signal cabling between computer systems, data processing devices, peripheral devices, user interface peripherals, detachable storage devices etc can be physically interfered with which represents a threat to data security.
The security of electrical signal cables and connections carrying sensitive information can be achieved by a strictly enforced level of physical security, for example: limiting personnel access to areas where the security of a cable or connection could be compromised, installing visual surveillance systems or mechanically blocking / blanking unused ports on PCs or other similar devices. However, achieving complete security by surveillance and/or access restrictions may be difficult or impossible to achieve in practice.
It is an object of the invention to provide a monitoring system for enhancing the security of electrical signal cables between data processing devices.
According to one aspect, the present invention provides a monitoring system for monitoring electrical signal cables between data processing devices comprising: a first communication port for coupling to a first electrical signal cable; a second communication port for coupling to a second electrical signal cable; a first monitoring module for detecting a change in impedance or voltage seen at the first communication port independent of any data signals thereon; a second monitoring module for detecting a change in impedance or voltage seen at the second communication port independent of any data signals thereon; a signal pass-through communication channel between the first communication port and the second communication port for transmitting electrical data signals from the first communication port to the second communication port or from the second communication pod to the first communication port; a control unit configured to generate an alert signal upon detection of a said change in impedance or voltage by either the first monitoring module or the second monitoring module.
The first communication port may comprise a receptacle for receiving one of a USB connector, an Ethernet connector, a keyboard connector, a mouse connector, a display device connector, a coaxial cable connector, a twisted pair cable connector. The second communication port may comprise a receptacle for receiving one of a USB connector, an Ethernet connector, a coaxial cable connector, a twisted pair cable connector. The signal pass-through communication channel may be configured for transmitting electrical data signals from the first communication port to the second communication port and from the second communication port to the first communication port. The monitoring system may further include an autonomous power supply. The monitoring system may further include a transmitter configured to transmit said alert signal to a remote monitoring station. The monitoring system may further include a heartbeat module configured to generate a periodic signal indicative of normal operating status of the monitoring system. The transmitter may be configured to transmit on a wireless communication channel. The transmitter may be configured to transmit on a wired computer network.
At least one of the first and second monitoring modules may be configured to monitor a voltage between a power supply pin I receptacle and a ground pin I receptacle of the respective first or second communication port. At least one of the first and second monitoring modules may be configured to monitor a voltage between a system ground and a shield cable pin I receptacle of the respective first or second communication port. At least one of the first and second monitoring modules may be configured to monitor an impedance between pins I receptacles for twisted pair wires of a twisted pair cable. At least one of the first and second monitoring modules may be configured to monitor a current flow to / from a power pin / receptacle of the respective first or second communication port. The monitoring system may include at least two each of said first S and second communication ports each with a respective monitoring moduZe and each pair of first and second communication ports being coupled to a respective signal pass-through communication channel. The plural first and second communication ports may comprise LJSB connectors. The plural first and second communication ports may comprise USS connectors and display device video connectors. The pluraZ first and second communication ports may comprise USB connectors and computer local area network connectors.
According to another aspect, the invention provides a monitoring system for monitoring electrical signal cables between first and second data processing devices comprising: a communication port in the first data processing device for coupling to a first electrical signal cable; a monitoring module for detecting a change in impedance or voltage seen at the first communication port as a result of a second data processing device being connected to, or disconnected from, the communication port; a control unit configured to generate an alert signal upon detection of a said change in impedance or voltage at the communication port caused by a said connection to, or disconnection from, a second data processing device.
The communication port may comprise a receptacle for receiving one of a USB connector, an Ethernet connector, a keyboard connector, a mouse connector, a display device connector, a coaxial cable connector, a twisted pair cable connector. The monitoring system may further include an autonomous power supply. The autonomous power supply may be separate from any power supply of the first data processing device. The monitoring system may further include a transmitter configured to transmit said alert signal to a remote monitoring station. The monitoring system may further include a heartbeat module configured to generate a periodic signal indicative of normal operating status of the monitoring system. The transmitter may be configured to transmit on a wireless communication channel. The transmitter may be configured to transmit on a wired computer network. The monitoring module may be configured to monitor a voltage between a power supply pin I receptacle and a ground pin / receptacle of the communication port. The monitoring module may be configured to monitor a voltage between a system ground and a shield cable pin I receptacle of the communication port.
The monitoring module may be configured to monitor an impedance between pins / receptacles for twisted pair wires of a twisted pair cable. The monitoring module may be configured to monitor a current flow tot from a power pin / receptacle of the communication port.
According to another aspect, the invention provides a method of monitoring electrical signal cables between data processing devices, the method comprising: providing a monitoring system having a first communication port for coupling to a first electrical signal cable and a second communication port for coupling to a second electrical signal cable; coupling a first data processing device to the first communication port and a second data processing device to the second communication port; providing a signal pass-through communication channel between the first communication port and the second communication port for transmitting electrical data signals from the first communication port to the second communication port or from the second communication port to the first communication port: detecting a change in impedance or voltage seen at the first communication port independent of any electrical data signals; detecting a change in impedance or voltage seen at the second communication port independent of any electrical data signals; generating an alert signal upon detection of a said change in impedance or voltage independent of any electrical data signals.
According to another aspect, the invention provides a method of monitoring electrical signal cables between first and second data processing devices comprising: providing a communication port in a first data processing device and coupling the communication port to a first electrical signal cable coupled to a second data processing device; detecting a change in impedance or voltage seen at the first communication port, that is independent of any electrical data signals, when the second data processing device is connected to, or disconnected from, the communication pod; generating an alert signal upon detection of a said change in impedance or voltage at the communication port caused by a said connection to, or disconnection from, a second data processing device.
Embodiments of the present invention will now be described by way of example and with reference to the accompanying drawings in which: Figure 1 is a functional block diagram of a system for monitoring electrical signal cables between data processing devices; and Figure 2 is a schematic perspective view of a system for monitoring electrical signal cables between data processing devices, showing exemplary electrical connection ports thereon -Implementations of a distributed monitoring and alarm system are now described which are configured to protect electrical signal cable connections between data processing devices and corresponding electrical signal connection ports on those devices. The distributed monitoring and alarm system prevents such electrical signal cables and electrical signal connection ports being tampered with, e.g. for malicious or criminal purposes, usually but not always to covertly obtain sensitive information which is transmitted or otherwise available on the electrical signal cable connection or connection port.
Examples of such electrical signal cable connections which may be monitored include twisted pair data cables such as Ethernet cables, screened cables such as coaxial cables, USS cables, mouse cables, keyboard cables, display monitor! video cables such as the VGA family of cables, HDMI cables, DVI cables and display port cables. The connection ports which may be monitored include those associated with the previously mentioned electrical signal cables, e.g. Ethernet ports such as those for receiving an RJ45 plug, coaxial cable sockets, IJSB ports, PS12 ports, video ports etc. Examples of data processing devices include generic devices such as personal computers, computer workstations, Iaptops, notebooks, tablet computers and their peripheral devices such as mice, keyboards, video monitors, USS-connectable devices including storage devices. Further examples of data processing devices include application-specific devices such as routers, modems, bridges, switches, electronic business machines such as cash registers etc. While it is possible to provide data processing devices with monitoring software which is capable of detecting interference with a data communication channel to and from the data processing device, a potential deficiency of this approach is that when a device is powered down1 it is not possible to continue to monitor the data communication channel. For example, should a personal computer be loaded with software that monitors the connection of the computer to a peripheral such as a keyboard, or to a network, once the computer is switched off it is potentially exposed to the unauthorised installation of a keystroke logging device or a listening device on the network connection without detection by the monitoring software.
Embodiments of the distributed monitoring and alarm system described herein can rapidly and robustly generate an alert when any suspicious activity is detected on electrical signal cables or connection ports associated with data processing devices, regardless of whether the data processing devices are powered on or off. Embodiments of the distributed monitoring and alarm system described herein can generate an alert whether or not the electrical signal cable or connection port is live and active or is in a dormant or off state.
Embodiments of the distributed monitoring and alarm system described herein may be easily integrated into existing systems with no or few changes to the existing infrastructure to minimise expenditure and disruption and may be implemented without impacting on the day-to-day operating processes and procedures within an organisation maintaining the data processing devices.
Embodiments of the monitoring and alarm system may include a pluggable sensor that is connected in series with existing electrical cables or connection ports that are being protected. The sensor unit includes a mechanism that can electrically detect or sense when a connection or disconnection event takes place. The connection or disconnection event sensing may be completely transparent to secure information or data being carried on the electrical cables.
With reference to figure 1, a sensor unit 15 comprises a first communication port 20 suitable for coupling to a first electrical signal cable 21 which communicates with a first data processing device 9. The first data processing device 9 may, for example, comprise a host device such as a personal computer or workstation. A sensing mechanism 1 together with a sense circuit 3 is configured to monitor the first communication port 20 for any changes in impedance detectable at the first port 20, such as occasioned by connection or disconnection of a cable connector relative to the port 20, or connection or disconnection of the cable 21 to or from the first data processing device 9.
The sensor unit 15 further comprises a second communication port 22 suitable for coupling to a second electrical signal cable 23 which communicates with a second data processing device 10. The second data processing device 10 may, for example, compre a peripheral device such as a keyboard, a mouse, a video display unit or a data storage device. The second data processing device 10 could alternatively be a network device such as router, modem, switch, server or network controller. The second data processing device could be another computer or server. A sensing mechanism 2 together with a sense circuit 4 is configured to monitor the second communication port 22 for any changes in impedance detectable at the second port 22, such as occasioned by connection or disconnection of a cable connector relative to the port 22, or connection or disconnection of the cable 23 to or from the second data processing device 10.
A microprocessor control unit 5 is coupled to the sense circuits 3 and 4 to receive signals indicating the status of the first and second communication ports 20, 22 and the electrical connections coupled thereto.
A signal pass-through communication channel 14 couples the first and second communication ports 20, 21 so that data can be transferred therebetween without interference by the sensing mechanisms 1 and 2, while still allowing the sensing mechanisms 1 and 2 to monitor impedance seen respectively from the first and second communication ports 20, 21, as will be discussed in more detail below.
A power supply 6 provides an autonomous power source to the sensor unit 15 so that it need not be reliant on receiving power from an external source or from the power lines associated with either the first electrical signal cable 21 or the second electrical signal cable 23. The power supply 6 may be a battery or a fuel cell. The power supply 6 may be a rechargeable supply capable of taking charging power from an external source when available. The external source could be mains power, or from a network connection to which the sensor unit could be connected, or from the electrical signals cables 21 or 23 when they are active.
The sensor unit 15 further comprises a radio transceiver 7 and an antenna 8 configured to communicate with a central monitoring station 16, via a communication channel 24, to report on the status of the sensor unit 15 and the status of the first and second communication ports 21, 23. The communication channel 24 may be any suitable communication channel such as a radio frequency communication channel or a wired network. Exemplary radio frequency communication channels could include a cellular telephone network, a wifi network, a Bluetooth channel, etc. Exemplary wired networks could include an Ethernet network, a powerline signalling channel or a dedicated wired connection, If a wired communication channel 24 is used, then the radio transceiver 7 and antenna 8 would, of course, be replaced with a suitable transceiver, e.g. a modem or other network transceiver.
Electrical sensing of any connection and disconnection events by the sensing mechanisms 1, 2 is preferably achieved by high impedance sensing of the electrical potential of the cable shield (e.g. USB host, VGA cables, DVI cables) with respect to the system ground.
The system ground may be the ground reference of the sensor unit 15, such as a negative terminal of the power supply 6. If the first data processing device 9, or the second data processing device 10, has a screened cable connection including a shield, connection of this shield to the system ground, or disconnection of this shield from the system ground can be detected by the impedance sensing. High impedance sensing of the electrical potential of a power supply cable or other cable may be used.
Where no shield exists (e.g. CATS network cables) then other forms of sensing can be used such as high impedance sensing of low (DC) impedance magnetics used in network cabling systems.
Sensed or detected connection and/or disconnection events are registered by the microprocessor control unit 5 where they are suitably coded and encrypted for subsequent transmission to the central monitoring station 16 via the radio transceiver module 7 and the antenna(e) 8. The antenna 8 is preferably integral to the radio transceiver 7 and to the sensor unit 15.
A real time clock module or clock function 13 may be connected to, or realised via, the control unit 5 to allow the system to generate a heartbeat signal which can be transmitted to the central monitoring system according to an appropriate protocol. For example, the protocol may require that the heartbeat signal is encrypted, and may require that it is transmitted within a predetermined timeslot of a regular, a periodic or an aperiodic schedule. On reception of the heartbeat signal, the central monitoring station 16 may respond with an encrypted acknowledge (ACK) signal using the same channel 24.
The ACK signal may also include encrypted information relating to the next radio channel or timeslot that the sensor unit 15 should use for communication with the central monitoring station 16, e.g. for the next heartbeat signal or for reporting any connection or disconnection events or any alarm status). The ACK signal may also include an encryption key to be used for the next heartbeat signal. This form of closed loop communication enables improved security on the system communication channel and minimises risk of spoofing heartbeat signals by an unauthorised third party.
With reference to figure 2, an exemplary sensor unit 15 may be provided within a single housing 30 having a plurality of connection or communication ports 20, 22 disposed on a face 31 of the housing. The communication ports 20, 22 may be grouped in pairs, each corresponding to the communication ports 20, 22 of figure 1. Each pair of communication ports 20, 22 may be coupled to respective sensing mechanisms 1, 2 and sensing circuits 3, 4. Different pairs of communication ports 20, 22 may share certain other features of the sensor unit 15 of figure 1. For example, the microprocessor control unit 5, power supply 6, transceiver 7, antenna S and real time clock 13 may conveniently be shared for all communication ports 20, 22, sensing mechanisms 1,2 and sensing circuits 3,4.
The sensor unit 15 of figure 2 may be configured for the specific purpose of monitoring connections to a personal computer or workstation as the first data processing device 9.
In this example, ports 20a, 22a, 20b, 22b, 20c, 22c may be USB sockets for receiving USB cables. The ports 20a. 20b, 20c may be USB sockets for connection to the USE outputs of a personal computer or workstation 9 and the ports 22a, 22b, 22c may be USE sockets for connection to a relevant computer peripheral such as a keyboard, mouse, printer or other input / output device. Ports 20d and 22d may be video monitor sockets such as HDMI sockets. The port 20d may be an HDMI socket for connection to the HDMI output of the personal computer or workstation 9 and the port 22d may be an HDMI socket for receiving the HDMI connector from a relevant computer peripheral such as a display device. Alternatively, the ports 20d, 22d may be other video monitor parts such as VGA, DVI, display port, as mentioned earlier.
Similarly, the connectors 20f, 22f may provide respectively for connection to a computer mouse (e.g. PS/2) output and a computer mouse lead in case a non-USB mouse is in use.
Similarly, the connectors 20g, 22g may provide respectively for connection to a keyboard output of a computer and a keyboard lead, in case a non-USB keyboard is in use. The connectors 20e, 22e may respectively provide for connection to a personal computer or workstation network jack and to a modem or router.
Other connectors 20, 22 may be provided on the sensor unit 15 according to whatever input I output connections of the first data processing device 9 to second data processing devices 10 need monitoring.
The example of figure 2 shows both first and second communication ports 20, 22 in one face 31 of the housing 30. In some circumstances, it may be more convenient and/or more compact to provide some or all first communication ports 20a -20g in one face of the housing and some or all second communication ports 22a -22g in an opposing face of the housing so that the housing can be in-line with cables passing between the first and second data processing devices 9, 10.
The sensor unit 15 is preferably battery powered 6so that it can be completely autonomous of any additional connections. This allows it to monitor connection and disconnection events regardless of any active or inactive state of the cable or connection port and regardless of whether either of the first data processing device 9 or second data processing device 10 is powered or unpowered at the time of any connection or disconnection event.
However, the use of a heartbeat signalling protocol can provide an additional level of security, particularly if it is preferred that the sensor unit 15 is powered from an external source, because the interruption of power and thus interruption of heartbeat signals can then be relied upon to indicate potential interference with the sensor unit and the first and/or second electrical signal cables 21, 23. In another arrangement, the sensor unit may be powered from an external source but with the internal power source 6 serving as a (possibly rechargeable) back-up power supply in the event that the sensor unit is deprived of external power.
Preferably, the central monitoring station 16 is capable of communicating with and monitoring up to 16, or 25, or even more, separate sensor units 15 all operating independently. Each sensor unit 15 and the central monitoring station 16 may be using the same communication channel 24. In practice, it is found that a radio link can readily support at least 25 sensor units operating concurrently, and substantially more if the communication channel 24 is a wired link, such as an Ethernet link. The alert messages and the heartbeat messages can be very short and add little overhead to the network.
In some arrangements, all forms of communication between the sensor unit 15 and the central monitoring system may be encrypted using a suitable encryption protocol such as AES. This may ensure that any alarm messages, operational messages or heartbeat messages cannot be intercepted, modified, corrupted or the content otherwise interfered with by an unauthorised third party.
Use of the sensor units 15 and central monitoring station 16 can enable levels of physical security to be reduced that could otherwise have a severe impact on the day to day running of an organisation. Use of the sensor units 15 and central monitoring station 16 can enable protection of data processing devices 9, 10 without requiring physical modification or replacement of existing systems, equipment and infrastructure with alternative secure equipment.
Although in the arrangements described above the sensor unit 15 is configured to generate an alert which is transmitted to the central monitoring station 16 in the event of any connection or disconnection event sensed by the sensing mechanisms 1 and/or 2, alternatively or additionally the sensor unit may be configured to generate an audible or visual alarm in the event of any connection or disconnection event, and/or when the sensor unit is disconnected from a power supply, where applicable. Alternatively or additionally, an alert may be used to trigger a video surveillance system which may be configured to capture images or other details of a connection or disconnection event.
During installation, first time use, or authorised connection or disconnection of cables 21, 23 or the respective data processing devices 9, 10, the sensor unit may be provided with an initialisation protocol or the central monitoring system 16 may be configured to be switchable to a set-up or authorisation process. An initialisation protocol may include a default encryption key used for first-time use in a protocol that generates a new key for each heartbeat signal.
Any suitable connection or disconnection sensing mechanism may deployed by the sensing mechanisms 1, 2. For example, where the signal pass-through communication channel 14 is a IJSB-type channel, each of the sensing mechanisms 1, 2 may be configured to monitor whether the shield conductor (ground) is connected to a ground or floating', i.e. not connected to a ground. Similarly, where the signal pass-through communication channel 14 is for a video monitor channel, each of the sensing mechanisms 1, 2 may be configured to monitor whether the shield conductor is connected to a ground or floating, i.e. not connected to a ground. In such a situation, the connection I disconnection sensing may be independent of the data transmission conductors by monitoring the shield conductor and not the data conductors.
Where the signal pass-through communication channel 14 is for twisted pair cable transmit and receive channels, each of the sensing mechanisms 1, 2 may be configured to detect any change in impedance, e.g. as occasioned by disconnection of one end of the cable from an inductor winding in the terminating transformers. In such a situation, connection / disconnection events can be distinguished from any data signals which may be present on the conductors, In this way, connection or disconnection events may be detected by changes in voltage or impedance seen at the communication ports independently of any change occasioned by data signals seen at the communication ports.
In another arrangement, the sensor unit may be configured to supply power to one or both of the first and second data processing devices 9, lOon a power supply line of the electrical signal cable 21 or 23. For example, the second data processing device 10 may be a peripheral device such as a mouse or a keyboard. The sensor unit 15 may monitor the impedance seen at the second communication port 22 by monitoring the current drawn by the second data processing device 10. Any disconnection of the data processing device will be detected by sensing the drop in current flow (e.g. to zero, or to below a predetermined threshold) arising from the change of impedance occasioned by the device disconnection. Conversely, connection of a data processing device 10 will be detected by sensing the increase in current flow (e.g. from zero to above a predetermined threshold) occasioned by the device connection. Thus, the sensing mechanisms 1, 2 may comprise current sensors serving as a means for detecting a change in impedance. In a general aspect, therefore, at least one of the first and second monitoring modules is configured to monitor a current flow to and/or from a power pin / receptacle of the respective communication port.
Thus, the sensing mechanisms can be readily adapted to various industry-standard signal cabling and plug / socket arrangements without modification.
The sensor unit can be configured such that the sensing mechanisms 1, 2 do not significantly interfere with the signal pass-through communication channel 14, so that the sensor unit is effectively "transparent' to data flows passing therethrough. If the shield conductor is used for sensing, the shield conductors at the first and second communication ports 20, 22 can be electrically isolated from one another while the data signal connectors can be directly coupled from the first communication port 20 to the second communication port 22. If impedance sensing on data cables (for example, on twisted wire pairs such as for Ethernet channels) is used, one or more capacitors may be used within the signal pass-through communication channel 14 so as to isolate the first communication port 20 from the second communication port 22 for DC signal components, but to allow high frequency data signals to pass. If impedance sensing on a power supply terminal is used, a separate power supply may be injected into one of the first or second communication ports 20, 22.
The sensor unit can be modified to be incorporated within a host data processing device, such as a personal computer or work station. In such a modification, the first communication port 20 corresponds to an external communication port of the data processing device, such as a USB port, an Ethernet port, a coaxial cable socket, a PS/2 port, a video port etc. The second communication port 22 then corresponds not to an external port but to an internal wiring connection within the data processing device and the second sensing mechanism 2 and second sensing circuit 4 may be omitted. Preferably the sensor unit integrated within a host data processing device has an autonomous power supply, i.e. a power supply separate from that of the data processing elements of the data processing device such that the sensor unit can remain active and monitoring connections to or disconnections from the communication ports of the data processing device even when it is switched off or in standby or sleep mode. Such an autonomous power supply can be a rechargeable power supply which is recharged when the host data processing device is connected to a power supply and/or when it is switched on.
Other embodiments are intentionally within the scope of the accompanying claims.

Claims (32)

  1. CLAIMS1. A monitoring system for monitoring electrical signal cables between data processing devices comprising: a first communication port for coupling to a first electrical signal cable; a second communication port for coupling to a second electrical signal cable; a first monitoring module for detecting a change in impedance or voltage seen at the first communication port independent of any data signals thereon; a second monitoring module for detecting a change in impedance or voltage seen at the second communication port independent of any data signals thereon; a signal pass-through communication channel between the first communication port and the second communication pod for transmitting electrical data signals from the first communication port to the second communication port or from the second communication port to the first communication port; a control unit configured to generate an alert signal upon detection of a said change in impedance or voltage by either the first monitoring module or the second monitoring module.
  2. 2. The monitoring system of claim 1 in which the first communication port comprises a receptacle for receiving one of a USB connector, an Ethernet connector, a keyboard connector, a mouse connector, a display device connector1 a coaxial cable connector, a twisted pair cable connector.
  3. 3. The monitoring system of claim 1 or claim 2 in which the second communication port comprises a receptacle for receiving one of a USS connector, an Ethernet connector, a coaxial cable connector, a twisted pair cable connector.
  4. 4. The monitoring system of claim 1 in which the signal pass-through communication channel is configured for transmitting electrical data signals from the first communication port to the second communication port and from the second communication port to the first communication port.
  5. 5. The monitoring system of claim 1 further including an autonomous power supply.
  6. 6. The monitoring system of claim 1 further including a transmitter configured to transmit said alert signal to a remote monitoring station.
  7. 7. The monitoring system of claim 6 further including a heartbeat module configured to generate a periodic signal indicative of normal operating status of the monitoring system.
  8. 8. The monitoring system of claim 6 in which the transmitter is configured to transmit on a wireless communication channel.
  9. 9 The monitoring system of claIm 6 in which the transmitter is configured to transmit on a wired computer network.
  10. 10. The monitoring system of claim 1 in which at least one of the first and second monitoring modules is configured to monitor a voltage between a power supply pin I receptacle and a ground pin I receptacle of the respective first or second communication port.
  11. 11. The monitoring system of claim 1 in which at least one of the first and second monitoring modules is configured to monitor a voltage between a system ground and a shield cable pin I receptacle of the respective first or second communication port.
  12. 12. The monitoring system of claim I in which at least one of the first and second monitoring modules is configured to monitor an impedance between pins / receptacles for twisted pair wires of a twisted pair cable.
  13. 13. The monitoring system of claim 1 in which at least one of the first and second monitoring modules is configured to monitor a current flow tot from a power pint receptacle of the respective first or second communication port.
  14. 14. The monitoring system of claim I including at least two each of said first and second communication ports each with a respective monitoring module and each pair of first and second communication ports being coupled to a respective signal pass-through communication channel.
  15. 15. The monitoring system of claim 14 in which the plural first and second communication ports comprise USB connectors.
  16. 16. The monitoring system of claim 14 in which the plural first and second communication ports comprise USB connectors and display device video connectors.
  17. 17. The monitoring system of claim 14 in which the plural first and second communication ports comprise USB connectors and computer local area network connectors.
  18. 18. A monitoring system for monitoring electrical signal cables between first and second data processing devices comprising: a communication port in the first data processing device for coupling to a first electrical signal cable; a monitoring module for detecting a change in impedance or voltage seen at the first communication port as a result of a second data processing device being connected to, or disconnected from, the communication port; a control unit configured to generate an alert signal upon detection of a said change in impedance or voltage at the communication port caused by a said connection to, or disconnection from, a second data processing device.
  19. 19. The monitoring system of claim 18 in which the communication port comprises a receptacle for receiving one of a USB connector, an Ethernet connector, a keyboard connector, a mouse connector, a display device connector, a coaxial cable connector, a twisted pair cable connector
  20. 20. The monitoring system of claim 1 further including an autonomous power supply.
  21. 21. The monitoring system of claim 20 in which the autonomous power supply is separate from any power supply of the first data processing device.
  22. 22. The monitoring system of claim 18 further including a transmitter configured to transmit said alert signal to a remote monitoring station.
  23. 23. The monitoring system of claim 22 further including a heartbeat module configured to generate a periodic signal indicative of normal operating status of the monitoring system.
  24. 24. The monitoring system of claim 22 in which the transmitter is configured to transmit S on a wireless communication channel.
  25. 25. The monitoring system of claim 22 in which the transmitter is configured to transmit on a wired computer network.
  26. 26. The monitoring system of claim 18 in which the monitoring module is configured to monitor a voltage between a power supply pin / receptacle and a ground pin / receptacle of the communication port.
  27. 27. The monitoring system of claim 18 in which the monitoring module is configured to monitor a voltage between a system ground and a shield cable pin / receptacle of the communication port.
  28. 28. The monitoring system of claim 18 in which the monitoring module is configured to monitor an impedance between pins / receptacles for twisted pair wires of a twisted pair cable.
  29. 29. The monitoring system of claim 18 in which the monitoring module is configured to monitor a current flow to I from a power pint receptacle of the communication port.
  30. 30. A method of monitoring electrical signal cables between data processing devices, the method comprising: providing a monitoring system having a first communication port for coupling to a first electrical signal cable and a second communication port for coupling to a second electrical signal cable; coupling a first data processing device to the first communication port and a second data processing device to the second communication port; providing a signal pass-through communication channel between the first communication port and the second communication port for transmitting electrical data signals from the first communication port to the second communication port or from the second communication port to the first communication port; detecting a change in impedance or voltage seen at the first communication port independent of any electrical data signals; detecting a change in impedance or voltage seen at the second communication port independent of any electrical data signals; generating an alert signal upon detection of a said change in impedance or voltage independent of any electrical data signals.
  31. 31. A method of monitoring electrical signal cables between first and second data processing devices comprising: providing a communication port in a first data processing device and coupling the communication port to a first electrical signal cable coupled to a second data processing device; detecting a change in impedance or voltage seen at the first communication port, that is independent of any electrical data signals, when the second data processing device is connected to, or disconnected from, the communication port; generating an alert signal upon detection of a said change in impedance or voltage at the communication port caused by a said connection to, or disconnection from, a second data processing device.
  32. 32. Apparatus substantially as described herein with reference to the accompanying drawings.
GB1410940.9A 2014-06-19 2014-06-19 Monitoring system for data communication / electrical signalling cables Withdrawn GB2527504A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB1410940.9A GB2527504A (en) 2014-06-19 2014-06-19 Monitoring system for data communication / electrical signalling cables

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB1410940.9A GB2527504A (en) 2014-06-19 2014-06-19 Monitoring system for data communication / electrical signalling cables

Publications (2)

Publication Number Publication Date
GB201410940D0 GB201410940D0 (en) 2014-08-06
GB2527504A true GB2527504A (en) 2015-12-30

Family

ID=51409842

Family Applications (1)

Application Number Title Priority Date Filing Date
GB1410940.9A Withdrawn GB2527504A (en) 2014-06-19 2014-06-19 Monitoring system for data communication / electrical signalling cables

Country Status (1)

Country Link
GB (1) GB2527504A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3435275A1 (en) * 2017-07-27 2019-01-30 Westinghouse Electric Germany GmbH Monitoring device
EP3591898A1 (en) * 2018-07-05 2020-01-08 INTEL Corporation Network function virtualization architecture with device isolation
US20210241585A1 (en) * 2018-05-16 2021-08-05 Wincor Nixdorf International Gmbh Electronic Device Arrangement, Method for Operating an Electronic Device Arrangement, Security Device, and Automated Teller Machine
EP4054152A1 (en) * 2021-03-05 2022-09-07 Maurer, Sören Network module

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116609706B (en) * 2023-07-19 2023-09-19 北京同方艾威康科技有限公司 VGA image quality nondestructive disconnection detection method

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2336225A (en) * 1998-04-09 1999-10-13 Ital Audio Limited An in-line keyswitch for disabling computer keyboards or monitors
JP2005234943A (en) * 2004-02-20 2005-09-02 Sony Corp Communication apparatus
WO2006008732A2 (en) * 2004-07-19 2006-01-26 Kodak IL. Ltd. Apparatus and method for interconnect verification
US8024491B1 (en) * 2007-08-20 2011-09-20 Cypress Semiconductor Corporation Detecting a connection to an unpowered host
US20130155559A1 (en) * 2011-12-17 2013-06-20 Yin-Zhan Wang Data cable and electronic device using same
US8725910B1 (en) * 2011-08-09 2014-05-13 Maxim Integrated Products, Inc Cable connection detection for electronic devices

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2336225A (en) * 1998-04-09 1999-10-13 Ital Audio Limited An in-line keyswitch for disabling computer keyboards or monitors
JP2005234943A (en) * 2004-02-20 2005-09-02 Sony Corp Communication apparatus
WO2006008732A2 (en) * 2004-07-19 2006-01-26 Kodak IL. Ltd. Apparatus and method for interconnect verification
US8024491B1 (en) * 2007-08-20 2011-09-20 Cypress Semiconductor Corporation Detecting a connection to an unpowered host
US8725910B1 (en) * 2011-08-09 2014-05-13 Maxim Integrated Products, Inc Cable connection detection for electronic devices
US20130155559A1 (en) * 2011-12-17 2013-06-20 Yin-Zhan Wang Data cable and electronic device using same

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3435275A1 (en) * 2017-07-27 2019-01-30 Westinghouse Electric Germany GmbH Monitoring device
DE102017007146A1 (en) * 2017-07-27 2019-01-31 Westinghouse Electric Germany Gmbh monitoring device
DE102017007146B4 (en) * 2017-07-27 2020-02-06 Westinghouse Electric Germany Gmbh Monitoring device for at least one communication interface of a data processing device
US20210241585A1 (en) * 2018-05-16 2021-08-05 Wincor Nixdorf International Gmbh Electronic Device Arrangement, Method for Operating an Electronic Device Arrangement, Security Device, and Automated Teller Machine
US11763641B2 (en) * 2018-05-16 2023-09-19 Diebold Nixdorf Systems Gmbh Electronic device arrangement, method for operating an electronic device arrangement, security device, and automated teller machine
EP3591898A1 (en) * 2018-07-05 2020-01-08 INTEL Corporation Network function virtualization architecture with device isolation
EP4054152A1 (en) * 2021-03-05 2022-09-07 Maurer, Sören Network module

Also Published As

Publication number Publication date
GB201410940D0 (en) 2014-08-06

Similar Documents

Publication Publication Date Title
US5406260A (en) Network security system for detecting removal of electronic equipment
US9222285B1 (en) Theft deterrent device and method of use
GB2527504A (en) Monitoring system for data communication / electrical signalling cables
US20090189765A1 (en) Security apparatus for an electronic device
US6064305A (en) Network security
EP3793126B1 (en) Communication systems and methods
US6172606B1 (en) Network security
CA3025545C (en) Method and apparatus for monitoring status of relay
US7295112B2 (en) Integral security apparatus for remotely placed network devices
CN201509204U (en) Computer illegal external link monitoring device and system thereof
US20120128078A1 (en) Power Quality Device Having Communication Interface
CN113364837B (en) Port security device for computing device and method of operating the same
KR20180030119A (en) Security Connector
CN114153301B (en) Power failure monitoring device, method and external protection equipment
CN107968777A (en) Network Security Monitor System
CN111885179B (en) External terminal protection device and protection system based on file monitoring service
US20200341922A1 (en) Electronic apparatus protection device and method
US12079332B2 (en) Security device to protect active communication ports
CN108665651B (en) Safe and intelligent anti-disassembly system applied to payment equipment and payment equipment
CN209168087U (en) Terminal device
US20230118514A1 (en) Security device to protect unused communication ports
CN221948188U (en) A data security protection device for Internet of Things sensors
US11403384B2 (en) Access control
CN215581196U (en) Computer internet information security control device
CN219737783U (en) Satellite space-time safety isolation device

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)