Method and apparatus for converting multichannel messages into a single-channel safe message

US 20070180286A1
Filed: 01/18/2007
Published: 08/02/2007
Est. Priority Date: 01/19/2006
Status: Active Grant

First Claim

Patent Images

1. A method for the coupling of a safety-critical process from a safe environment, which has at least two redundant processing channels, to an environment which is unsafe or to an environment which is safe but has fewer processing channels, said method comprising:

processing a data record which is relevant to the safety-critical process, to form a respective safe protocol (14, 24) using the at least two redundant processing channels (1, 2) in accordance with identical laws; and

forming a common safe protocol, taking into account at least two redundant safe coupling protocols (14, 24), by accessing a common (buffer) register (30) using each of the processing channels (1, 2), in which case a write authorization is allocated only once for each register location;

wherein, when writing at least elements (14′

) of the common safety-based protocol using a processing channel (1) with write authorization, at least one further processing channel (2) is first of all used to check (25) whether these elements (14′

) are identical to one another, and access to the common register for the purpose of storing these elements is enabled only when they are identical to one another.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention relates to a method and to an apparatus, which has been adapted to carry out the method, for the coupling of a safety-critical process from a safe environment, which has at least two redundant processing channels, to an environment which is not safe or to an environment which is safe but has fewer processing channels. To this end, provision is made of a method which processes a data record which is relevant to the safety-critical process, in particular on a protocol-specific basis, to form a respective safe protocol (14, 24) using at least two redundant processing channels (1, 2) in accordance with identical laws, and forms a common safe protocol taking into account at least two redundant safe coupling protocols (14, 24), to be precise by accessing a common (buffer) register (30) using each of the processing channels (1, 2), in which case a write authorization is allocated only once for each register location, and, when writing at least elements (14′) of the common safety-based protocol using a processing channel (1) with write authorization, at least one further processing channel (2) is first of all used to check (25) whether these elements (14′) are identical to one another, and access to the common buffer register for the purpose of storing these elements is enabled only when they are identical to one another.

22 Citations

View as Search Results

28 Claims

1. A method for the coupling of a safety-critical process from a safe environment, which has at least two redundant processing channels, to an environment which is unsafe or to an environment which is safe but has fewer processing channels, said method comprising:
- processing a data record which is relevant to the safety-critical process, to form a respective safe protocol (14, 24) using the at least two redundant processing channels (1, 2) in accordance with identical laws; and
  
  forming a common safe protocol, taking into account at least two redundant safe coupling protocols (14, 24), by accessing a common (buffer) register (30) using each of the processing channels (1, 2), in which case a write authorization is allocated only once for each register location;
  
  wherein, when writing at least elements (14′
  
  ) of the common safety-based protocol using a processing channel (1) with write authorization, at least one further processing channel (2) is first of all used to check (25) whether these elements (14′
  
  ) are identical to one another, and access to the common register for the purpose of storing these elements is enabled only when they are identical to one another.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method as claimed in claim 1, wherein, furthermore, the respective write authorizations and verification duties are determined by prescribing at least one of specific master functionalities and specific slave functionalities for the processing channels (1, 2).
  - 3. The method as claimed in claim 2, wherein, furthermore, the at least one of specific master functionalities and specific slave functionalities for the processing channels (1, 2) are changed in accordance with particular cycles.
  - 4. The method as claimed in claim 1, wherein, furthermore, the same address bus (102), which is connected to the buffer register, and the same data bus (103), which is connected to the buffer register, are accessed using each of the processing channels (1, 2).
  - 5. The method as claimed in claim 4, wherein, furthermore, during the write operation, the respective protocol elements (14′
    - ) which are to be written into at least one register location are transferred to the data bus (103) using that processing channel (1) which has the corresponding write authorization and are read from said data bus using the at least one further processing channel (2) for the purpose of verification.
  - 6. The method as claimed in claim 5, wherein, furthermore, after verification has been carried out, the at least one processing channel (2) which carries out verification is used to output an enable signal (26) for enabling the write signal for the register.
  - 7. The method as claimed in claim 5, wherein, furthermore, after the protocol elements have been transferred to the data bus (103), the processing channel (1) which is writing in is used to output an enable signal (16).
  - 8. The method as claimed in claim 4, wherein, furthermore, a respective register location for writing in protocol elements using one of the processing channels (1, 2) is prescribed by transferring the corresponding address to the address bus (102).
  - 9. The method as claimed in claim 8, wherein, furthermore, an address for determining a register location is transferred using one of (i) the same processing channel and (ii) different processing channels, and protocol elements for this register location are written using one of (i) the same processing channel and (ii) different processing channels.
  - 10. The method as claimed in claim 1, wherein, furthermore, a watchdog component which is connected between the processing channels (1, 2) and the buffer register is used to monitor the function of the processing channels (1, 2).
  - 11. The method as claimed in claim 10, wherein, furthermore, an enable signal is required from the watchdog component in order to enable access to the common buffer register for the purpose of storing elements to be written in.
  - 12. The method as claimed in claim 11, wherein, furthermore, one of (i) a standard RAM, (ii) a standard DPM and (iii) a memory/protocol chip which is hostile to read-back is used as the buffer register (30).
  - 13. The method as claimed in claim 1, wherein, furthermore, the common safe protocol is transferred from the buffer register (30) to a further application-specific coupling device (35) on one channel.
  - 14. The method as claimed in claim 1, which is used for the single-channel bus coupling of the safety-critical process.

15. An apparatus for the coupling of a safety-critical process from a safe environment, which has at least two redundant processing channels, to an environment which is not safe or to an environment which is safe but has fewer processing channels, said apparatus comprising :
- at least two redundant computers (11, 21) for the processing of an identical input data record to form a respective safe protocol (14, 24) using identical laws; and
  
  a circuit arrangement for connecting each computer (11, 21) to a common buffer register (30) in such a manner that write access is given to only a respective one of the computers for each register location in the buffer register (30), and access to the common buffer register for the purpose of storing the elements to be written in is locked until the elements to be written in have been verified by at least one further computer.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 16. The apparatus as claimed in claim 15, wherein, furthermore, the computers are allocated respective write authorizations or verification duties by means of at least one of specific master functionalities and specific slave functionalities which can also be changed.
  - 17. The apparatus as claimed in claim 15, wherein, furthermore, the circuit arrangement comprises a common address bus (102) and a common data bus (103).
  - 18. The apparatus as claimed in claim 15, wherein, furthermore, the computers (11, 21) are connected to one another using a communication interface (101).
  - 19. The apparatus as claimed in claim 15, wherein, furthermore, the circuit arrangement requires an enable signal (26) from the computer which is carrying out verification in order to enable a write signal for accessing the register.
  - 20. The apparatus as claimed in claim 19, wherein, furthermore, the circuit arrangement requires an enable signal (16) from the computer which is writing in order to enable a write signal for accessing the register.
  - 21. The apparatus as claimed in claim 15, wherein, furthermore, the circuit arrangement comprises a watchdog component, which is connected to the computers (11, 21) and to the buffer register, for the purpose of monitoring the function of the computers (11, 21).
  - 22. The apparatus as claimed in claim 21, wherein, furthermore, access to the common buffer register for the purpose of storing elements to be written in is enabled only in response to an enable signal from the watchdog component.
  - 23. The apparatus as claimed in claim 15, wherein, furthermore, the computers (11, 21) each comprise one of the following:
    - (i) an integrated protocol chip;
      
      (ii) a connection, on the output side, to a protocol chip (13, 23); and
      
      (iii) software that provides the function of the protocol chip.
  - 24. The apparatus as claimed in claim 15, wherein, furthermore, the apparatus is one of:
    - (i) a bus subscriber unit, and the computers are connected, on the input side, at least to input channels for connecting process data input units, and (ii) a bus control unit.
  - 25. The apparatus as claimed in claim 15, wherein the circuit arrangement is based on one of:
    - (i) simple logic and (ii) an FPGA.
  - 26. The apparatus as claimed in claim 25, wherein, furthermore, the buffer register (30) is one of (i) a standard RAM, (ii) a standard DPM and (iii) a memory which is hostile to read-back.
  - 27. The apparatus as claimed in claim 15, wherein, furthermore, the buffer register (30) has an interface for one of:
    - (i) the direct single-channel bus coupling and (ii) the single-channel connection to an application-specific bus coupling device (35).
  - 28. The apparatus as claimed in claim 15, which has been adapted for the single-channel bus coupling of the safety-critical process.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Phoenix Contact GmbH & Company KG
Original Assignee
Phoenix Contact GmbH & Company KG
Inventors
Schmidt, Joachim, Oster, Viktor, Landwehr, Heinz-Carsten

Granted Patent

US 7,945,818 B2
Time in Patent Office

Days
Field of Search
US Class Current

714/2
CPC Class Codes

H04L 12/4625 Single bridge functionality...

Method and apparatus for converting multichannel messages into a single-channel safe message

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

22 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for converting multichannel messages into a single-channel safe message

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links