Apparatus for controlling safety-critical processes
First Claim
1. An apparatus for controlling safety-critical processes, said apparatus comprising:
- a safe control unit for controlling said safety-critical processes, a plurality of safe signal units each of which having I/O channels for connecting said safe signal units to said safety critical processes, and each of said signal units being allocated to at least one defined group of signal units, and a fieldbus, wherein said safe control unit and said safe signal units are connected to said fieldbus for communication, and wherein said safe signal units communicate with said safe control unit, but not with one another during faultless control mode, wherein each safe signal unit further comprises;
a transmitter for broadcasting a fault message via said fieldbus, when a fault is detected by said signal unit, an evaluator for evaluating any fault message broadcasted by another unit across said fieldbus as to its relevance with respect to the safety critical processes connected, and a switching device which autonomously changes, via said I/O channels, said safety-critical processes connected to a safe state when said evaluator evaluates said general fault message as being relevant, wherein said evaluator evaluates said general fault message for its relevance to said group to which said respective signal unit is allocated.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention relates to an apparatus for controlling safety-critical processes. The apparatus includes at least one safe control unit for controlling the safety-critical processes and at least two safe signal units which are connected via I/O channels to the safety-critical processes. The safe control unit and the safe signal units are connected to a common fieldbus. The safe signal units communicate with the safe control unit, but not with one another, when the apparatus is in the control mode. The safe signal units have an evaluator for evaluating a fault message which is broadcasted across the fieldbus, as well as a switching device which autonomously change the safety-critical process to a safe state when a fault message which is evaluated as being relevant occurs.
-
Citations
16 Claims
-
1. An apparatus for controlling safety-critical processes, said apparatus comprising:
-
a safe control unit for controlling said safety-critical processes, a plurality of safe signal units each of which having I/O channels for connecting said safe signal units to said safety critical processes, and each of said signal units being allocated to at least one defined group of signal units, and a fieldbus, wherein said safe control unit and said safe signal units are connected to said fieldbus for communication, and wherein said safe signal units communicate with said safe control unit, but not with one another during faultless control mode, wherein each safe signal unit further comprises;
a transmitter for broadcasting a fault message via said fieldbus, when a fault is detected by said signal unit, an evaluator for evaluating any fault message broadcasted by another unit across said fieldbus as to its relevance with respect to the safety critical processes connected, and a switching device which autonomously changes, via said I/O channels, said safety-critical processes connected to a safe state when said evaluator evaluates said general fault message as being relevant, wherein said evaluator evaluates said general fault message for its relevance to said group to which said respective signal unit is allocated. - View Dependent Claims (2)
-
-
3. An apparatus for controlling safety-critical processes, said apparatus comprising:
-
a safe control unit for controlling said safety-critical processes, at least two safe signal units having I/O channels which are connected to said safety-critical processes, and a fieldbus, said safe control unit and said safe signal units being connected to said fieldbus for communication, wherein said safe signal units communicate with said safe control unit, but not with one another, when said apparatus is in a faultless control mode, and wherein said safe signal units each comprise an evaluator for evaluating any general fault message broadcasted across said fieldbus, as well as a switching device which autonomously changes at least one of said safety-critical processes to a safe state when a general fault message broadcasted is evaluated as being relevant. - View Dependent Claims (4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
Specification