WO2001001362A1 - Security device - Google Patents

Abstract

A security device for equipment comprises a detector (40, 42) for detecting a security breach. A signal generator (44) transmits an alarm signal in response to a signal from the detector (40, 42). In preferred embodiments, the signal generator transmits a GSM signal. Examples are described in which the signal generator transmits information which enables the device to be located and tracked.

Description

SECURITY DEVICE

The invention relates to a security device for equipment. Embodiments of the invention described herein relate to determining the location of the equipment, and in preferred embodiments tracking the equipment.

The theft of items of a huge variety is a growing malaise in present-day society. The authorities acknowledge that casual and organised crime account for a major proportion of police and judicial time. Even though various "initiatives" are instigated at regular or sporadic intervals, the public in general are expected more and more to take active steps to safeguard their possessions. Whilst it is reasonable that people should take responsibility to protect their belongings, it is an inevitable fact of life that there are always those who will seek to deprive others, for whatever motive. Moreover, it has to be recognised that there are limits to what steps the average person can take to protect his or her goods and equipment. This is especially so with items that are regarded as "mobile", for example notebook computers.

The invention therefore seeks to provide a security system which takes the initiative on behalf of owners of items of equipment.

According to the present invention there is provided a security device for equipment, the device comprising a detector for detecting a security breach and a signal generator for transmitting a signal in response to a signal from the detector.

The security device can be used for all types of equipment but finds particular application in relation to equipment including electronic components, in particular computer components. The equipment is not restricted, however, to computers per se. Any article can include the security device. In preferred embodiments, the device is used in equipment including an electronic device, and in particular in electronic equipment. The use of the security device in electronic equipment is preferred because in preferred embodiments, the security device itself includes various electronic components which can be more easily "hidden" in electronic equipment. Such equipment may include computers, devices or other electronic components in cars, computers, domestic appliances such as microwave ovens, televisions, stereo systems and others. The security devices can be disguised as part of other electronic components in the equipment. For example, where the equipment comprises a computer, the security device can be a part of a sound card or network card. The security device can be arranged to interact with equipment in any other way.

Preferably, the security device further includes a control device for controlling the signal generator. Preferably the control device is embodied in software, in which case the control device may comprise a suitably programmed processor. Other types of control device are envisaged, which may be embodied in hardware.

Preferably, the control device includes a password protection device which is arranged to control the activation and deactivation of the device. The password device may comprise any user input security device. By password protecting the control device, the security device may only be activated and, more importantly, deactivated by authorised personnel. Deactivation of the device may be required where it is necessary to move or dismantle the equipment for, for example, maintenance. In preferred embodiments of the invention, the security device is arranged to be active at all times unless specifically operator deactivated for maintenance.

Preferably, the password protection of the control device is such that if more than a predetermined number of wrong attempts are made to input the password, the signal generator is activated and the alarm signal sent. Preferably the control device is written directly onto a chip, for example embedded into a chip. Thus tampering with the control device is hindered. Preferably, where the security device is installed in equipment running computer software, the control device is in communication with the software of the equipment. Preferably the security device is automatically activated on activation or starting up the equipment. For example, where the equipment comprises a computer, preferably the security device is automatically activated when the computer is switched on.

The detector may comprise any device which may detect a security breach. The detector may comprise a hardware or software device. The choice of detector will depend on the equipment to be protected. Examples of detectors which might be used are described below.

Preferably the detector comprises means for detecting the input of an incorrect password. The detector can be arranged to send a signal to the control device on input of an incorrect password. Once the control device has detected that a threshold number of incorrect passwords have been input (the threshold may be one or more), a signal may be sent to the signal generator to transmit the security alarm signal.

Preferably, the control device is adapted to control the starting of electronic equipment, the control device being adapted to prevent the equipment starting unless a correct password is input. This is of particular advantage where use of the equipment by unauthorised users is to be restricted. In particular, where the equipment contains data, for example on a computer memory device, restriction of unauthorised access to the data is of great importance. By preventing the starting of the equipment, for example the computer, access to the memory can be controlled. Where the equipment comprises a computer, preferably the password is a ROM and/or BIOS password so that the computer does not boot up if the correct password is not input. Where the equipment is, for example, a car, starting of the car can be prevented if the correct password is not input.

Preferably the detector includes a power fluctuation detector. Thus power in the security device and/or in the equipment can be monitored and a signal generated if the power changes or is removed, as would occur, for example, if someone disconnected the equipment from the mains supply. Where the equipment includes electronic devices, the detector may monitor power coming onto a circuit board. The detector may be connected across the power supply of the equipment. The detector may monitor the voltage on a bus or internal part of the equipment.

Preferably, the device further includes a power supply. By having its own power supply, the device is able to transmit the signal even when power has been cut from the equipment. Where the equipment has its own power supply, for example the mains electricity, preferably the power supply of the device is arranged to be recharged by the equipment. In that way the power supply requires less maintenance and can have a longer life. The power supply may comprise a rechargeable battery.

Preferably the detector includes a power supply tamper detector. Thus if an attempt is made to remove the device's power supply, the alarm signal will be generated.

Preferably, the detector includes a tamper detector. The tamper detector may be adapted to detect any attempt to open or modify the equipment.

For example, the tamper detector may comprise a light sensor, which may include a photoelectric cell. Thus if the casing, door or cover of the equipment is opened, the light sensor will be exposed to light and the alarm signal will be sent. Alternatively, or in addition, the tamper detector may comprise a micro contact switch. This would be arranged between two parts of the equipment. Such devices may be used for security devices for computers (opening of the casing to expose the circuit boards would be alerted), cars (opening of the bonnet, boot, or petrol cap, for example would be alerted), safe (the door of the safe opening or light entering the safe could be alerted); hi-fi equipment, wine cellars or bags of security papers could all be protected in this way.

Preferably the signal generator is adapted to transmit a wireless transmission. Thus the security device does not rely on its operation to being connected to a landline.

Preferably, the signal generator includes a GSM transmitter. Other signals could be used for the alarm signal, for example GPS signals, digital or audible signals. The signal may comprise a signal on a landline, for example telephone line. The transmitter may be adapted to send the signal to a location measurement unit.

Preferably, the device is adapted to transmit a code identifier of the device. Thus the recipient of the signal is able to identify the equipment for which security has been breached. The code identifier may comprise an ERN security identity code number. Preferably, the device is adapted to transmit a code identifier of the detected security breach. Thus the recipient of the signal is aware what type of security breach has occurred and take the necessary action.

Where reference is made herein to security breaches, it should be appreciated that the security device described herein could be used to notify various other incidents. For example the detector may detect that a part of the equipment has broken, and the signal sent would notify the recipient of the fault. Thus in a broad aspect, the invention relates to the notification of information regarding any aspect of the equipment.

Preferably the control device includes means for disabling an audio device in the equipment. When the signal is being sent, there is often a sound emitted by the equipment, for example the audio device may comprise a sound card or loudspeaker. This might alert the intruder to the presence of the security device. By silencing the loudspeaker, for example, the signal can be sent silently.

Preferably, the signal generator is adapted to transmit a signal to enable the location of the device to be determined.

Preferably the device is adapted for use with the CURSOR radio navigation and tracking system.

Preferably the device further includes means for changing default settings of the security device. For example, where the device includes several different detectors, one or more of those detectors can preferably be disabled by the user, for example if maintenance is to be carried out. Other features may be adjusted, for example passwords, and the number of incorrect passwords tolerated before, for example, the alarm signal is sent. In preferred embodiments of the invention, features of the device are embodied in software, preferably the device further includes software for effecting changes to the default settings. As discussed below, the device may include further software, for example for accessing a website which controls the security device. In a preferred embodiment of the invention, the device is integrated into a circuit board of the equipment. In this way, the device is harder to tamper with or remove.

Alternatively, the device may be provided separately and the invention further provides a bus- or expansion card comprising a device as described herein. In this way, it is easier to install the device into a computer.

The first aspect of the invention also provides a computer including a security device as described herein.

Also provided by the invention is a control device for a security device as described herein. The control device may be sold separately from the signal generator and detectors. The invention further provides a computer read only memory for directing a security operation on the computer, said memory including means for receiving a signal from a detector indicating a security breach has occurred and means for transmitting a signal to a signal generator to generate an alarm signal indicating that the security breach has occurred.

The first aspect of the invention also provides a method of notifying a security breach of equipment, the method comprising the steps of detecting the security breach, and transmitting a signal in response to the detection of the security breach.

Preferably, the method further includes transmitting a GSM signal. Preferably, the method further includes transmitting an identifier code of the equipment and/or a code identifier of the detected security breach.

Also provided by the method is a security monitoring system comprising: means for receiving a notification from the equipment indicating a security breach of equipment has occurred; and means for sending a notification that the breach has occurred.

The notification may be sent by any communication method, for example SMS, email, telephone or other. The notification may be sent to the user, to a security company or to the police, for example. In a preferred embodiment of the invention, the security monitoring system is computer implemented, and is provided on a computer network, for example the Internet. Users may log into the website, to find out information on the whereabouts of their equipment.

Preferably, the system includes means for determining details of the owner of the equipment. In this way, the owner may be contacted to be told of the security breach. Preferably, this information is provided by the user registering his security device with the monitoring device. In a preferred embodiment, each security device has an identifier code, and the monitoring device holds user contact details for each code. Preferably the equipment transmits this code when the security alarm is activated, so that the user of the equipment may be determined and contacted.

Preferably, the system includes means for determining the location of the equipment. If the equipment has been stolen, it is therefore more likely to be recovered.

Preferably the device further includes means for determining the type of security breach which has occurred. This may also be identified to the user.

The invention further provides a method of monitoring a security device in equipment, the method comprising, receiving a notification from the equipment indicating that a security breach has occurred, and sending a notification that the breach has occurred.

Preferably the method further includes the step of determining contact details for the equipment and sending a notification, the notification including an indication of at least one of the security breach which has occurred, and the location of the equipment. The step of determining the contact details preferably includes looking up in a database the user details for the equipment.

Preferably the methods described herein are computer implemented.

The invention further provides a computer memory product having stored thereon a digital data file, said memory product comprising a computer readable memory a data file including contact details and a digital data portion comprising a program for receiving a notification from equipment indicating that a security breach has occurred, determining the contact details for the equipment and sending a notification regarding the security breach.

In a general sense, the first aspect of the present invention is concerned with security devices and systems which enable the unauthorised removal of, and/or access to, various items of equipment to be prevented or at least monitored.

In a more specific form, the invention is concerned with providing a signal, when an unauthorised event, such as theft of an item of equipment, has occurred, which can be used not only to indicate that occurrence but also to provide a means of tracking the item.

A further aspect of the invention provides a method of determining the location of a computer, the method including the steps of receiving a notification from the computer of its location; receiving an identifying code from the computer and determining details of the computer from the identifying code.

Preferably the method further includes sending information to the computer on the basis of its location. For example, the user may be sent information about where he is. In an example of the invention, the equipment may be sent instructions, for example regarding how often the alarm signals should be sent. Fewer could be sent if the equipment is stationary, thus conserving battery power, where appropriate.

Preferably, the method further comprises determining when the computer enters a new location, and sending information on the basis of the new location. Thus, for example, the frequency of signals emitted can be changed depending on whether the equipment is in a built up area or on open ground.

Preferably, the method further includes sending information to a third party regarding the location of the computer. For example, the user's location may be sent to emergency services. A map showing the user's location may be set to the third party. As a further example, if a part of the computer needs to be repaired, the request for spare parts may be sent to the relevant company together with an indication of the location of the user. Preferably, for security, this feature may only activated by an authorised user of the computer.

The invention also provides a method substantially as described herein with reference to the accompanying drawings, and apparatus substantially as described herein with reference to and as illustrated in the accompanying drawings.

The invention also provides a computer program and a computer program product for carrying out any of the methods described herein, and a computer readable medium having stored thereon a program for carrying out any of the methods described herein.

The invention also provides a signal embodying a computer program for carrying out any of the methods described herein, a method of transmitting such a signal, and a computer product having an operating system which supports a computer program for carrying out any of the methods described herein.

Method features analogous to apparatus features may be provided and vice versa. Features of one aspect of the invention may be provided in another aspect of the invention.

A further aspect of the invention provides a self setting, set self configuring security device for a computer comprising tampering, power disruption or disconnection and unauthorised access detecting means control (by way of computer software written to a computers BIOS and/or the device's ROM chip) means coupled to the detecting means (by way of contact switches and or photoelectric cell, power fluctuation module, software password authentication) a power unit (by way of a rechargeable and replaceable battery unit and directly from the computers DC power supply) a triggered signal generator and digital code identification (by way of a GSM transmission chipset) which is coupled to the detecting means and which transmits a GSM digital coded security alert signal and a digital identification code under the control of the control means and in response to a signal from the detecting means. Preferably the detecting means comprises a power fluctuation module, which detects when power to a computer is removed.

Preferably, the control means comprises ROM and/or BIOS based password protection software and is configured, activated and deactivated by means of a password or other form of identification input to the computer. Designed to activate the device if an incorrect password is entered consecutively a predetermined number of times.

Preferably the device is incorporated in the manufacture of a computers motherboard or on a bus or expansion card and is adapted to be connected to a computer by means of an edge connector of the card.

Preferably the power unit comprises a) a rechargeable and replaceable battery module adapted to be charged from the power supply of a computer, b) a live connection into the DC power source of the computer's motherboard/power system.

Preferably the detecting means comprises a detector, which is adapted to detect (either from light intrusion or the make/breaking of a contact switch) when the casing of a computer is opened or tampered with.

The invention also provides a computer having a security device as described above.

In a general sense, the present invention is concerned with security devices and systems which enable the unauthorised removal of, and/or access to, various items of equipment to be prevented or at least monitored.

In a preferred form, the invention provides a deterrent against unauthorised removal of an item of computer equipment by signalling over the GSM (Global System for Mobile Communication) network to a control centre which, because of the cellular nature of the network, can track the whereabouts of the item.

Alternatively, the security system of the present invention can use the GPS (Global Positioning System) to track the item. Other means of communication are also contemplated by the invention.

Preferred features of the invention will now be described, purely by way of example having reference to the accompanying drawings, in which: Figure 1 shows a notebook computer in a typical cellular network;

Figure 2 shows a circuit card for incorporation in a computer;

Figure 3 shows a log-on/registration screen; and

Figure 4 is a flow diagram for the operation of the security system.

Overview of a Particular GSM System with which the Invention may be used

Although, as previously mentioned, the invention has wide application, a preferred form of GSM communication system, with which the security system of the present invention is particularly suited, is that known under the trade mark CURSOR. This is a system of Cambridge Positioning Systems Limited (CPS) using the digital mobile telephone network to provide location services.

The CURSOR radio navigation and tracking system is described in European Patent No EP-B-0 303 371. The system uses spatial coherence of the signals from several transmitters to determine the position of a roving receiver. The phase difference between signals received directly from the roving receiver and those received from a fixed base station whose location is known is utilised to determine the difference in range of the base and roving receiver from each transmitter. Three such measurements are needed from three separate transmitters to enable navigation and tracking in two dimensions so as to fix the position of the roving receiver relative to the base station and the transmitters. The unknown quantities calculated for each new position are the orthogonal spatial co-ordinates in two dimensions together with the phase offset between the local oscillators in the equipment making up the receivers.

The system described in EP-B-0 303 371 also extends to the use of the time difference, as opposed to phase difference, between the signals received at the base station and transmitters. This is a direct result of the use of wide band signals from modulated transmissions. In this case, the position of the peak in the cross- correlation of the received signals can be used to estimate the time difference between the two received signals and hence the difference in distance from the base and roving stations. Three measurements made on widely-spaced transmitters are enough to calculate the spatial co-ordinates of the roving station together with the time offset between the oscillators in the two receiving stations.

In WO 94/28432, the same principles are shown applied to situations where the roving receiver is in radio shadow, such as in a tunnel or other shielded locations such as in underground car parks. Predictions are incorporated into the system to estimate the position of the roving receiver until it can be confirmed when it becomes "visible" once more. Other research has also been carried out (Duffett-Smith and Woan in Journal of Navigation, 45, 157, 1992) by adapting the phase measuring system described above to the extent that signals from three or more medium wave AM public broadcast stations are utilised to track the position of a vehicle travelling at up to HOkm/hr to a precision of 5m.

An advantage of the CURSOR system is that it does not need any additional costly infrastructure of coherent radio transmitters; it is capable of using the signals from any independent radio transmitters set up for any purpose. At present, CURSOR is implemented by a software modification during the production of mobile telephone handsets and can be implemented within a mobile telephone network using a minimum overlay of ancillary equipment. An additional feature of the CPS system which makes it particularly attractive for use in the context of the present invention is that packets of data from the last three cells passed by the roving receiver are transmitted to the network, thereby providing a recent movement history and simultaneously ensuring that the mobile receiver is constantly logged on to the system.

Overview of examples of the Invention

DEVICE OUTLINE:

The application relates to a security device and, more particularly (but not exclusively) to a device for protecting the security of a Computer Network, Network server, Computer terminal, Notebook/Laptop Personal Computer or Power PC. In this application, "computer" will be used as a generic term for devices having a processing capability including, but not restricted to PC's, workstations, Network servers, Networks, Power PC, Macintosh, Unix, notebook or laptop, PDA, mobile telephone, for example a WAP phone, terminals, desktop computer, mainframe/midframe computer, and the like. The computer may be part of another article, for example a car or other vehicle.

Computers, their components and software, are valuable items and are prone to theft. This is more so because, computer casings/chassis are easily opened and the internal components are designed/specified to be easily removed by hand and without damage to these components. There is, therefore, a need for an effective security and tracking device for protecting Computers from theft or tampering.

The device has been devised to be built into new Computers during the manufacturing process, being integrated within the motherboard as part of the overall design and operating system. Furthermore, the device has been devised to be manufactured as an additional appliance to fit into pre manufactured Computers, this being as an accessory, fitted via an expansion appliance designed/specified to fit into the standard ISA or PCI, PDS and PCMCIA expansion slots/or similar that are an integral design feature of computer motherboards and chassis (see Figure 2).

The device provides a security device for a computer comprising detecting means, control means coupled to the detecting means, a power unit and a signal generator which is coupled to the control means and which transmits a GSM Cellphone security alert signal under the control of the control means and in response to a signal from the detecting means.

The device is designed/specified to be active at all times unless temporarily and specifically operator deactivated for maintenance or similar. The control means comprise ROM and BIOS based password protection software and the device is activated and deactivated by means of a password. In this way hardware, software and hardware components or other information can be security protected.

DEVICE COMPOSITION:

A. An owner-designated password protection on/off integrated software mechanism (security code) delivered via a software program linked into the computer software operating system and written directly onto an integrated ROM chip. This password protection system controls the activation, device software default settings and de-activation of the device. B. This device mechanism software will allow the operator to designate a security code into the computer operating system for the device de-activation and software default settings, this being designed/ specified to be protected by a pre set number of attempts to enter the security code correctly. Failure to disable after the pre set security code attempts (software defaults) have expired will activate the GSM signal generator.

C. The device software default is designed/specified to automatically activate the device once connected. The device can via password authentication, be, de-activated temporarily for maintenance etc, but upon re-connection to a electricity supply and the re-starting of the computer the device will automatically be reconfigured to an active state.

D. The device contains a power fluctuation module, which detects when power to a computer is removed. The removal of the main power source will activate the alert signal unless being operator disabled prior to power disconnection. The device incorporates a rechargeable internal battery to activate the GSM alert signal independently from the computer power source.

E. The power unit comprises, a replaceable battery module adapted to be charged from a power supply of a computer. The device has its own power supply in the form of the battery and can, therefore, emit the GSM alert signal for an extended period of time. F. The GSM alert signal is delivered via an integrated chipset within the device. This chipset design is to be specified/supplied from an existing external Cellphone GSM service supplier to comply with the selected monitoring/cell GSM system applications and device monitoring contracts that are agreed at the time of manufacture of the device (see below). G. The alert signal is delivered via the Cellphone GSM chipset by a continual signal emitting a digital coded identity of the device. The signal and chipset are designed/specified to log into the world-wide Cellphone GSM system, which has localised individual cells that will identify the emitted signal location. H. The emitted GSM signal code will be identified from a database, which will be built to hold the exclusive ERN security identity code numbers of each device. It is this code that is emitted from an activated device. The purchaser of each device will be required to file an application form to register the device and the host computer identity/type and serial no etc on this database, thus giving the required information that is needed for the devices code tracking and devices host computer ownership for any recovery.

I. The device contains a photoelectric, light sensitive cell/and or a contact switch, which detects when there is light intrusion within the casings/chassis or when internal contact switches are activated from the case of a computer being opened. The device will need to be de-activated via the software system prior to opening such computer casings. Failure to de-activate prior to opening will cause the photoelectric, light sensitive cell/and or a Contact switch to activate the GSM alarm signal. J. The device is designed/ specified so that an integrated device can be incorporated within the manufacture processes of a computer motherboard design and layout.

K. The device is designed/specified so that the application and functionality can be manufactured on a bus o expansion-card (whether ISA or PCI, PDS and PCMCIA expansion slots/or similar that are an integral design feature of computer motherboards and chassis), and is adapted to be connected to a computer by means of an edge connector of the card. This being manufactured as a computer accessory.

The device will now be described in more detail and by way of example only.

The embodiment of the device shown in Figure 2 is in the form of an expansion card for a Computer and can be slotted into the expansion ports inside the casing by means of the edge connector.

The components on the card are, inter alia: i. Edge connector, ii. Power fluctuation module, iii. ROM software chip, (see below) iv. Battery power unit, v. A GSM signal generator, (see below) vi. Contact switch vii. Photoelectric cell viii GSM aerial (cellular telephone system aerial)

The power fluctuation module (ii) receives DC power from the power supply of a computer and distributes power to the ROM software chip (iii) and also to the battery unit (iv) so as to maintain the battery in a charged state. The battery unit (iv) provides energy for the signal generator (v) and any other components of the security device, which are required to be operational when power is withdrawn from the computer. When the device is activated, any attempt by a thief or other person to remove the power supply will be detected by the power fluctuation module (and such related software) (ii), whereupon the control software stored on the ROM software chip (iii) operates the battery unit (iv) to supply power to the signal generator (v) an alert signal is emitted. The GSM signal generator (v) emits a GSM radio signal to one of the cellular networks. The alert signal, typically comprising an digital identification number is transmitted to the local cell site and the cell operator will then digitally notify a central monitoring station which will in turn notify the police/authorities as to the location of that particular computer which incorporates/houses the device. If the computer is then moved, its position can be traced by means of the cellular system.

In this embodiment of the device, an operator configures the system entering a personal password. This password will be entered prior/during the bios checking sequence on start up/boot and prior to any operating system or hard disc start-up.

For example only: The supervisor password is only configured once. Up to 2 user passwords containing differing and configurable access/configuring changing rights. A user may enter a password to log on to a network or his personal computer and the same password may be recognised by the device's password protection software stored in the software chip (iii), which authenticates the user to the device so that the operator may use the computer without disruption. Once the user has finished, the computer can be switched off, if left running, the device is still active for power fluctuation, and tampering of any casings or chassis. If the computer is switched off, upon restarting, the software will again request the password authentication prior to the start up of any computer boot-up sequences An example of this possible software interface is demonstrated in Figure 3.

The password protection software (whilst the computer is intact) can be used to protect any information stored on the hard disc (as referred above) of a computer or information accessible from that computer. If an incorrect password is entered, or if an incorrect password is entered consecutively a predetermined number of times, the password protection software is configured to stop the computer from completing its start up sequence and operate the signal generator (v) to emit the GSM alert signal.

The battery module is designed to (A) recharge itself after total discharge and reconnection to a power source. (B) The device is furthermore designed to re-emit its GSM signal once discharged and reconnected to a power source. The battery is designed to be periodically replaced with a specifically designed re-pluggable unit. This battery unit if disconnected without prior supervisor password de-activation will automatically, by default activate the GSM signal once power is fed into the computer.

The use of the expansion board allows the device to be sold as an add-on accessory for existing computers. The device is not limited to such; however, as the device can easily be built into new Computers by suitably modifying the production of the motherboard.

Whilst an exemplary embodiment of the device has been described, various modifications may be made without departing from the scope of the device as defined by the appended claims. For example, the device may use any convenient alert signal generator, (possibly audible, possibly digital). Furthermore, additional detectors may be used to provide security to the hardware and software. Specifically a detector, such as a micro Contact switch, may be provided to activate the device if any attempt is made to open the casing of the computer. Additionally ancillary hardware accessories attached to the computer system, (via the computer operation system software having the capability of recognising any accessory disconnection or infra red transmission on some computer systems). The device will be configured to request an operator password input, upon such disconnection to enable the de-activation of any GSM alarm signal being associated with the removal of such hardware. THE SECURITY DEVICE IN SUMMARY

A security device for a computer, capable of detecting when the computer is tampered with, unauthorised access or removed from its power source and which transmits a GSM security alert signal in the event of an attempt to steal or tamper or gain unauthorised access the computer. The device is typically incorporated on a motherboard or bus/expansion card which is fitted to a computer by means of an edge connector (i). The device comprises detecting means (ii)(iii)(vi)(vii), control means (iii), a power unit (iv) and a GSM signal generator (v) which transmits a security GSM digital identity and alert signal under the control of the control means and in response to a signal from the detecting means.

The GSM telephony and signalling will be (typically) delivered by a typical chipset for GSM telephone signalling.

At the heart of the typical GSM type approved phones is (typically) the Analog Devices' AD20msp410 - a three device 3V chipset - Building a complete GSM signal communication system requires adding only a radio subsystem and basic memory.

Typical Algorithm Signal Processor (ASP)

The ADSP-2178 ASP is an application-specific variant of Analog Devices' standard ADSP-2171 DSP. It has been optimised to meet the cost, size and power consumption requirements of GSM. All necessary memory to run GSM-specific programs resides on-chip, so there is no need for external memory. The ADSP-2178 implements full-rate speech transcoding according to GSM specifications, including discontinuous transmission (DTX) and comfort noise insertion (CNI). The ASP contains an embedded high-performance software-based soft-decision Viterbi equaliser. The device is delivered fully ROM-coded and therefore requires no user-generated programming.

A typical chipset for ROM to house embedded software would include:

M27 C512-12F1 ST Microelectronics

CMOS, Organisation 65536 words x8-bit, access time 120ns max, Program voltage 12.75V. 28 pin dil ceramic package.

Acronym Definitions

BIOS Basic Input Output System BOOT Start up sequence of computer system

BUS Bus interface is the data path integrated into a computer's main logic board

ERN Electronic Registration Number

GSM Global Systems for Mobile Communications HARDWARE Manufactured computer components or equipment

ISA Industry Standard Architecture

PC Personal Computer

PCI Peripheral Component Interconnect

PCMCIA Personal Computer Memory Card International Association PDS Processor Direct Slot (Macintosh)

ROM Read Only Memory

SOFTWARE A computer program written in binary code

Detailed Description of the Preferred Embodiments of the Invention

It is convenient to discuss the invention by reference to one particular item of equipment to be protected and one particular form of signalling. However, it must be emphasised that the invention is of far broader scope and application. It is intended, therefore, to introduce into the description variations, adaptations and modifications at the end of this particular description and to discuss their merits, uses and advantages.

Figure 1 illustrates schematically a notebook computer 10 fitted with a security device as part of a security/tracking system within the framework of the present invention. The computer 10 has software and/or hardware designed to initiate a signalling sequence which is transmitted 14 to a local transmit/receive centre 16 of a GSM network cell, indicated generally at 18. The centre 16 is in communication 20 with other centres 22,24 of adjacent cells 26,28 and so on. In consequence, receipt of a signal at centre 16 initiates a procedure, which will be described in more detail later, by which the system as a whole can be made aware of the theft of, for example, unauthorised access to, or tampering with, the notebook 10. Of course, there may be more than one centre within each cell, in which case communication with the notebook will usually take place between it and the nearest centre within the cell.

If any one or more of these events should occur, the computer emits an initial signal identifying itself to the nearest centre in the relevant cell. An interchange of information between that centre and the computer will authenticate the identity of the computer and confirm its presence in the corresponding cell 18.

A navigation system such as CURSOR would then begin to process the signals received from the cellular network. Within moments, the system will have pinpointed the location of the notebook to within 5m to 50m, depending on the accuracy of the system employed. As an alternative to the CURSOR system, the present invention can employ any other suitable position determining and/or navigation system, such as a suitable global positioning system (GPS) which is capable of locating a terrestrial object to the desired accuracy.

The management of the network would then be able to alert the relevant authority, for example the police, that a certain item of equipment, in a specific location, belonging to an identified subscriber had emitted an alarm for a specific reason, for example tamper, theft, unauthorised access. It may be preferable, before the alert is given, that the system management carries out one or more confirmatory checks. For example, there could be interrogation of the notebook in order to ensure that the alarm signal was intentional. There could alternatively or additionally be a need for the owner to be contacted to ensure that removal of the notebook from its determined location was indeed unauthorised. It may even be possible for the notebook itself to be sent a message inviting the current "user" to confirm a password, PIN number or other ID, in case the alarm signal had been initiated by an unintentional action on behalf of the owner which he or she would then be able to cancel before a full alert was actioned.

Initiation of the alarm signal can be effected in a variety of ways. Perhaps the simplest is a mechanical switch that detects the opening of the notebook. However, because of its simplicity it may be relatively easily defeated. It is preferable then to use more discreet sensors which may not be expected by the would-be thief. For example, a light sensor may be built into the casing of the notebook so that, when exposed to higher ambient illumination upon opening the case, the alarm signal is initiated. Circuitry may additionally or alternatively be included which monitors the power being delivered to the notebook. Once the authorised user has logged off the notebook and the system has been "primed", any unauthorised powering up of the notebook would be detected by the circuitry and the alarm signal initiated. If the notebook has experienced an unauthorised power fluctuation, the sound card and/or the loudspeaker(s) may be muted so that the next time the notebook is powered-up, the unauthorised user would be unaware that the notebook was making a connection to the network for the purpose of initiating an alert.

As an extension of this feature, it is contemplated that the keying in of a PIN code, password or other ID is an essential prerequisite for being able to power-up or bootup the laptop. To this end, the notebook would need to be constructed or the operating software so designed that the user must go through this routine before the boot sequence is enabled. Moreover, movement and/or acceleration detector(s) could be employed to detect and signal unauthorised movement. It is also possible for one or more simple mechamcal switches, for example located on the underside of the casing, to be operated by lifting the casing from the position it occupied when the system was primed.

Figure 2 shows a circuit card that can be installed in otherwise conventional computer equipment. It comprises a circuit board 30 having an edge connector 32 enabling the card to be plugged into an expansion slot in a computer. The board 30 also carries circuit elements, components and integrated circuit (IC) chips performing various functions as will become apparent. In addition, the board carries an aerial 34 which, in the preferred embodiment, is of the kind compatible with a GSM network, such as in the CURSOR system.

Mounted on the board are circuit modules including a rechargeable battery unit 36, a software chip 38, a photoelectric cell 40, a power fluctuation module 42, a GSM signal generator 44 and a contact switch 46. The modules are interconnected by traces such as 50 printed or otherwise created on the board 30 in conventional manner. The rechargeable battery unit, or power supply module 36, receives power from connections within the computer to maintain the battery topped-up. The security device is thus always capable of responding to an unauthorised event. The power module 36 supplies voltage and current to the other modules etc on the board.

The software chip 38 is pre-loaded with the software necessary for the security device to operate. The chip is preferably a write once ROM device with the program data burnt in, in the usual manner. The data will provide the interface between the computer and the GSM network. A back-up battery (not shown) may be included in the chip to guard against total power failure or unauthorised removal of the battery pack.

Any or all of the modules making up the circuit card could be "hidden" among modules, components or elements of circuit cards designed to perform other functions within the computer. As mentioned above, any one or more of a selection of detectors may be employed in the computer. In the illustrated embodiment, a photoelectric cell module 40 acts as the light-sensitive detector, the power fluctuation module 42 detects unauthorised power variations within the computer, and a contact switch 46 is operative to detect unauthorised removal of the card from the computer in which it is installed. The power monitoring feature may be implemented by detecting the voltage level either of the nominal 12v supply or of the computer bus.

Centrally located on the card 30 is a GSM generator 44 whose function is to enable signals produced by the various detectors on the card or connected to the card but forming part of the computer, to be modulated onto a carrier for transmission to any of the centres in network cells forming part of the GSM system. The generator will clearly be connected, for example over traces such as 50, to the aerial 34 for the transmission of appropriate alarm-related signals (caller ID, password codes etc) and reception of signals (interrogation, confirmation etc) from the network itself.

As part of the set-up protocol for a subscriber, an initial "welcome" screen, along the lines shown in Figure 3 , may be presented to the user and/or the network Supervisor the first time the subscriber logs onto the security system. The requirements for passwords and repetition of those passwords is self-evident from the Figure itself and follows standard, accepted procedure for registering a subscriber to a system. It is worth noting the box in the bottom right hand corner of the screen, marked "Temporarily Disable". This is a facility built into the system to allow the computer to be "disconnected" from the system for maintenance or other measures, for example replacing a rechargeable battery module. The use of the subscriber password is a valuable additional feature of the invention since it only allows the person registered to use the particular computer to boot up and gain access to the information and/or the network via that computer. The user password may be burnt into the ROM on board the circuit card and any additional software necessary to complete the registration process can be downloaded via the subscriber's Internet access.

Installed in the computer is a chipset using GSM Technology. This is registered with a central station via software supplied and set up on the computer both on the hard disk and ROM based (software that is embedded onto the chip).

The software has three different levels of password protection

1. System administrator [who is given access to all levels]

2. Management [who is able to change its own and user level] 3. User [who is able to turn the system on or off only]

Passwords are to enable or disable the device and/or to be able to turn some features on or of as listed in the table below. These features can be enhanced or added to.

The software comprises three main parts. The first part sets up the supervisor, manager and user passwords. The second part sets up the features of the unit, for example whether it should monitor for light sensitivity or not, whether it should monitor for power fluctuation or not, whether there is an audible sound when activated or a silent alarm, and whether the 5user would like a voice message to his telephone or an SMS (small message service) text message to his mobile if there is a detected security breach.

The third part of the software links into an Internet connection and connects the user to a dedicated website. He will then be asked to fill out a form on line to license, register and lOenable the tracking system via the GSM device. The software will link all the components for monitoring on the computer or external to a central program that will check that all aspects are working correctly. All aspects of the security device switch on or off. When the system is armed, all the parts of the switch are in the on position. When the user logs on to the computer using his password he switches off the monitoring components. If one

15of the parts is interrupted it will act as a switch and enable the security device to send information via the CURSOR system to a central station. In so doing, a message will be sent to, for example, the police and the system administrator notifying them of the activation.

20The passwords will be saved on the product. The checking of the password is built into the start-up sequence of the system. Before the user boots to an operating system, he will be asked to enter his password or login. The computer will not boot unless the correct password is entered. If the user fails to type the correct password three times, after the third attempt the security device will send its signal to its monitoring station. 5 The software is preferably flash-upgradable.

A simple flow diagram of the operation of the alarm system will now be described with reference to Figure 4. It is assumed that the computer has been switched off by the 30authorised user. The description will include various options which are not all necessarily provided in all cases.

The input to the flow diagram represents a decision by the user to power-up the computer. The first line of the security system requires the user to enter at step 400 a code, password, PIN code or the like to enable a pre-boot subroutine 402 to be completed before the computer is permitted to boot-up 404. The software in the computer, for example as part of that included in the add-on circuit card previously described, could permit certain keys of the computer keyboard to be allocated to this function. The user is given a set number 5 of tries within which to enter the correct code. This is counted at 406. If entry is unsuccessful, the counter times out for a preset time period, for example one hour, before allowing the user a further attempt. It could then be arranged that after a second round of attempts the system includes a facility 408 to initiate the alarm sequence. The system described so far prevents an unauthorised user from booting-up the computer and thereby lOgaining access to information saved on the hard disk.

Once the boot-up sequence has been completed, the computer 410 is operational and can be used as normal. At this stage, the computer may establish a connection with the GSM network 414 by means of a conventional handshake protocol as shown at 412. This involves 15the network and the computer establishing the identity of the subscriber and/or the computer and confirming that the user is an authorised subscriber, entitled to the service offered by the provider. It is also possible that the system could be configured to carry out a position determination step 430 as part of the handshake.

0The computer is equipped with event detection means as previously mentioned. Sensors or detectors 418, 420, 422 and so on, for example a photocell, mechanical switch(es), or movement (locally or geographically), are coupled into an event detector 416 which initiates activation of the GSM generator module 424 such as provided on the circuit card described in Figure 2. The signal thus generated is carried to the aerial 426 for transmission to a 5network cell centre such as 428 which will relay the signal to the GSM network management 414. At this point, the system may activate a further checking routine back over the same path in order to interrogate the computer and/or the user in an attempt to verify whether the signalled alarm status was genuine and was not a false alarm. Once the status has been confirmed as genuine or if, after a predetermined number of unsuccessful attempts at 0verification, the status is unresolved, the network management will then, automatically or manually, issue a signal to alert the authorities and/or the genuine owner that the detected event is, as far as can be verified, genuine.

The computer and the network will remain in a continual state of communication from then on as the network continues to determine the position of the computer. In this way, the path of the computer can be "tracked" in its unauthorised route, regardless of how many cells it passes through. Assuming the different Network Service Providers are willing to cooperate, it is also possible for communication to be established cross-network. This can be 5particularly valuable where, for instance, coverage by one NSP is more comprehensive in one geographical are than another. If so, the networks and/or the software built into the circuit card, can be augmented by additional software which will enable the computer to select which NSP to signal to and/or will monitor GSM signal strength and automatically switch to a different NSP if the GSM signal falls below a preselected or adaptive threshold. lOThe system could also shut down some of the services offered to the user/computer so as to deny the unauthorised user access to any information that the genuine user may have associated with the computer and/or the GSM network, such as personal or account details, or may signal the alarm if access is sought to areas of the computer protected by the password.

15 The position determining process may be iterative so as to improve resolution with successive sweeps. As an illustration, depending on the cell density (for example, as between rural and urban areas) resolution can be narrowed down from 500m to 5m in a minimal number of iterations. 0 Variations from the system described above are possible and are intended to form part of, and be encompassed by, the present invention. These variations occur in separate areas of the invention and will become apparent in the following discussion.

5Although the invention has been described primarily in connection with the GSM network, the principles of its operation are equally appropriate for the GPS system or any other Global navigation, position-finding or like system. Further, the protection/deterrent aspects of the invention have a wider applicability than simply protection of computers and computer-like equipment. There can be particular sensitivity in a whole host of other types 0of personal belongings or domestic or other apparatus. Car theft is a multi-million pound "business". The present invention can be applied to vehicles or other modes of transport, including road, rail, sea and air transport. Successful operation of the security system is not reliant on the device-to-be-protected being a computer per se. The preferable requirements are that the item in question should be capable of being associated with a means of transmitting identification signals over a communications network in such a manner that the identity of the item and its position can be determined.

It follows that the invention is applicable to items which are not normally regarded as "mobile", as has the been the case in all of the examples considered so far. Items of domestic equipment such as fridges and freezers, which can contain food and drink of considerable value, may readily be protected by application of the above principles, methods and systems. More valuable items such as safes, containers for shredded documents, esoteric audio/video equipment, photographic equipment, can be protected.

The manner in which the alarm signal is communicated can also vary considerably whilst still remaining within the purview of the invention. For example, items of domestic or commercial equipment can be coupled to a "smart" box containing the essential elements of the invention by any acceptable means, such as by direct cable connection, infra-red beam, optical link, radio link and so on. In the case of items that are normally connected to the mains power supply, each item could incorporate a unit unique to that item which is designed to transmit signals along the power cord so as to couple into the local or national power system. Suitable receiving stations would then need to be connected to the power network in such a way as to be able to pick up and decode the alarm signals. The unit associated with the item could continue to signal over a communication system that was not tied to land. Alternatively, the items in question could be coupled to a single unit in the premises which could signal over the GSM and/or GPS systems. In this case, of course, the system would not be capable of tracking a stolen item but could still guard against tampering of the items and/or unauthorised access to the items or to premises in which the items are located. It is also possible for the system to alert the authorities to a fire, flood or other peril.

It will be understood that the present invention has been described above purely by way of example, and modifications of detail can be made within the scope of the invention.

Each feature disclosed in the description, and (where appropriate) the claims and drawings may be provided independently or in any appropriate combination.

In any or all of the aforementioned, certain features of the present invention have been implemented using computer software. However, it will of course be clear to the skilled man that any of these features may be implemented using hardware or a combination of hardware and software. Furthermore, it will be readily understood that the functions performed by the hardware, the computer software, and such like are performed on or using 5electrical and like signals.

Features which relate to the storage of information may be implemented by suitable memory locations or stores. Features which relate to the processing of information may be implemented by a suitable processor or control means, either in software or in hardware or lOin a combination of the two.

In any or all of the aforementioned, the invention may be embodied in any, some or all of the following forms: it may be embodied in a method of operating a computer system; it may be embodied in the computer system itself; it may be embodied in a computer system 15 when programmed with or adapted or arranged to execute the method of operating that system; and/or it may be embodied in a computer-readable storage medium having a program recorded thereon which is adapted to operate according to the method of operating the system.

0 As used herein throughout the term "computer system" may be interchanged for "computer", "system", "equipment", "apparatus", "machine" and like terms.

Claims

Clai s:

1. A security device for equipment, the device comprising a detector for detecting a security breach and a signal generator for transmitting an alarm signal in response to a signal from the detector.

2. A device according to claim 1 , further including a control device for controlling the signal generator.

3. A device according to claim 2, wherein the control device includes a password protection device which is arranged to control the activation and deactivation of the device.

4. A device according to any preceding claim, wherein the detector comprises means for detecting the input of an incorrect password.

5. A device according to claim 3 or claim 4, wherein the control device is adapted to control the starting of electronic equipment, wherein the control device is adapted to prevent the equipment starting unless a correct password is input.

6. A device according to any preceding claim, wherein the detector includes a power fluctuation detector.

7. A device according to any preceding claim, further including a power supply.

8. A device according to claim 7, wherein the power supply is arranged to be recharged by the equipment.

9. A device according to any preceding claim, wherein the detector includes a power supply tamper detector.

10. A device according to any preceding claim, wherein the detector includes a tamper detector. - so i l . A device according to claim 10, wherein the tamper detector includes a light sensor.

12. A device according to claim 10 or claim 11 , wherein the tamper detector includes a micro contact switch.

13. A device according to any preceding claim, wherein the signal generator is adapted to transmit a wireless transmission.

14. A device according to any preceding claim, wherein the signal generator includes a GSM transmitter.

15. A device according to any preceding claim, wherein the device is adapted to transmit a code identifier of the device.

16. A device according to any preceding claim, wherein the device is adapted to transmit a code identifier of the detected security breach.

17. A device according to any preceding claim, wherein the control device includes means for disabling an audio device in the equipment.

18. A device according to any preceding claim, wherein the signal generator is adapted to transmit a signal to enable the location of the device to be determined.

19. A device according to any preceding claim, wherein the device is adapted for use with the CURSOR radio navigation and tracking system.

20. A device according to any preceding claim, further including means for changing default settings of the security device.

21. A device according to any preceding claim integrated into a circuit board of electronic equipment.

22. A bus- or expansion card comprising a device according to any preceding claim.

23. A computer including a security device according to any preceding claim.

24. A control device for a security device according to any one of claims 1 to 21.

25. A computer read only memory for directing a security operation on the computer, said memory including: means for receiving a signal from a detector indicating a security breach has occurred; and means for transmitting a signal to a signal generator to generate an alarm signal indicating that the security breach has occurred.

26. A method of notifying a security breach of equipment, the method comprising the steps of detecting the security breach, and transmitting a signal in response to the detection of the security breach.

27. A method according to claim 26, further including transmitting a GSM signal.

28. A method according to claim 26 or claim 27, further including transmitting an identifier code of the equipment and/or a code identifier of the detected security breach.

29. A security monitoring system comprising: means for receiving a notification from the equipment indicating a security breach of equipment has occurred; and means for sending a notification that the breach has occurred.

30. A system according to claim 29, further including means for determining details of the owner of the equipment.

31. A system according to claim 29 or claim 30, further including means for determining the location of the equipment.

32. A device according to any of claims 29 to 31, further including means for determining the type of security breach which has occurred.

33. A method of monitoring a security device in equipment, the method comprising, receiving a notification from the equipment indicating that a security breach has occurred, and sending a notification that the breach has occurred.

34. A method according to claim 33, further including the step of determining contact details for the equipment and sending a notification, the notification including an indication of at least one of the security breach which has occurred, and the location of the equipment.

35. A computer implemented method including the steps of a method according to claim 33 or claim 34.

36. A computer memory product having stored thereon a digital data file, said memory product comprising: a computer readable memory; a data file including contact details; and a digital data portion comprising a program for receiving a notification from equipment indicating that a security breach has occurred, determining the contact details for the equipment and sending a notification regarding the security breach.

37. A method of determining the location of a computer, the method including the steps of receiving a notification from the computer of its location; receiving an identifying code from the computer and determining details of the computer from the identifying code.

38. A method according to claim 36, further including sending information to the computer on the basis of its location.

39. A method according to claim 37 or claim 38, further comprising determining when the computer enters a new location, and sending information on the basis of the new location.

40. A method according to any of claims 37 to 39, further including sending information to a third party regarding the location of the computer.

41. A self setting, set self configuring security device for a computer comprising tampering, power disruption or disconnection and unauthorised access detecting means control (by way of computer software written to a computers BIOS and the devices ROM chip) means coupled to the detecting means (by way of contact switches and or photoelectric cell, power fluctuation module, software password authentication) a power unit (by way of a rechargeable and replaceable battery unit and directly from the computers DC power supply) a triggered signal generator and digital code identification (by way of a GSM transmission chipset) which is coupled to the detecting means and which transmits a GSM digital coded security alert signal and a digital identification code under the control of the control means and in response to a signal from the detecting means.

42. A security device as claimed in claim 41, wherein the detecting means comprises a power fluctuation module, which detects when power to a computer is removed.

43. A security device as claimed in claim 41 or 42, wherein the control means comprises ROM/BIOS based password protection software and being configured, activated and deactivated by means of a password or other form of identification input to the computer. Designed to activate the device if an incorrect password is entered consecutively a predetermined number of times.

44. A security device as claimed in any of claims 41 to 43, wherein the device is incorporated in the manufacture of a computers motherboard or on a bus or expansion card and is adapted to be connected to a computer by means of an edge connector of the card. 5. A security device as claimed in any one of the preceding claims, wherein the power unit comprises a) a rechargeable and replaceable battery module adapted to be charged from the power supply of a computer, b) a live connection into the DC power source of the computers motherboard/power system.

45. A security device as claimed in any of claims 41 to 44, wherein the detecting means comprises a detector, which is adapted to detect (either from light intrusion or the make/breaking of a contact switch) when the casing of a computer is opened or tampered with.

46. A computer having a security device as claimed in any one of claims 41 to 45.

47. A security device as herein before described with reference to the accompanying schematic drawings (typically).

48. A device being substantially as herein described having reference to the figures.

49. A method being substantially as herein described having reference to the figures.