Method and Device for the Safe, Systematic, Exclusive Assignment of the Command Authorization of an Operator to a Controllable Technical Installation
1 Assignment
0 Petitions
Accused Products
Abstract
The invention relates to methods and appropriate devices for safely, unequivocally and exclusively, temporarily assigning the command authority of an operator (1) to a controllable technical system (60) using a mobile control device (2) which is technically suitable for periodically controlling a plurality of controllable technical systems (60), which is equipped as standard with safety switch elements (38, 39) such as an emergency stop switch, ok key and operating mode selection switches and for a data coupling with the controllable technical system (60) in spite of having only normal transmission means (6) or network technologies without any particular features specific to safety function.
95 Citations
250 Claims
-
1-126. -126. (canceled)
- 127. Mobile control device 2, in particular a mobile hand-held device, for influencing at least a part of a controllable technical system 60, with at least one control element for issuing control commands by an operator 1, with at least one data interface for temporarily establishing an active data connection to a safe data transmission counter station 9 assigned to the controllable technical system, with at least one standardized data transmission means without any physically safe unequivocal point-to-point assignment to the subscribers connected in between, with a first processor or detection circuit 34 for encoding information, messages or signal states in a plurality of first data telegrams with a view to transmitting them across the active data connection to the safe data transmission counter station 9, wherein the mobile control device 2 has a second processor or detection circuit 35 and a reading unit 24, and the reading unit is suitable for reading, essentially simultaneously, several electronically readable tag codes when several log-in tags 4, zone tags 68 or key tags 5 are disposed within the detection range of the reading unit, and the second processor or detection circuit 35 is configured to encode information, messages or signal states in a plurality of first data telegrams or in a plurality of second data telegrams, which first and optionally second data telegrams are intended for a transmission across the data interface via an active connection to the safe data transmission counter station 9, and the first 34 and second 35 processor or detection circuit is able to access the detected tag codes via the reading unit 24, and the first and/or optionally second data telegrams are generated, identified or sent under the influence of the detected tag codes.
- 168. Safe data transmission counter station to provide a safe, temporary coupling of a mobile control device 2 to at least the safety loop of a controllable technical system 60 for data transmission purposes and optionally to the controller of the technical system, with a first data interface for establishing an active data connection to a mobile control device with at least one data transmission medium without any interconnected, physically secured unequivocal point-to-point assignment of the subscribers with one or more safety interfaces for connecting the data transmission counter station to the safety loop of the technical system 60, with a first processor or monitoring circuit 48 for receiving a plurality of first data telegrams across the first data interface and a second processor or monitoring circuit 49 for simultaneously receiving a plurality of first data telegrams and/or optionally for receiving a plurality of second data telegrams across the first data interface, wherein the first 48 and second 49 processor or monitoring circuit are respectively provided with an accessible memory in which at least one registered permissible security code is stored, which security code is assigned to a log-on tag 4 or zone tag 68 spatially assigned to the controllable technical system 60 or which is assigned to a key tag 5 allocated to an operator 1, which first 48 and second 49 processor or monitoring circuit respectively check the received first and optionally second data telegrams independently of one another to establish the unequivocal code on the basis of a tag code assigned to the stored permissible security code and once the code is established, the information or messages of the received data telegrams are evaluated and the signal states or data for the safety loop are fed into the safety loop depending on the information or messages ascertained.
- 184. Log-on procedure for safely and temporarily assigning the command authority of a user to a control device, wherein the user 1 is allocated a key tag 5 which is provided with an electronically readable code in the form of a user code and optionally other user-related information, and during a log-on procedure the user code and the optional additional user-related information is detected by means of a reading unit 24 provided in the control device 2, the detected user code is checked to ascertain its validity and/or the right to authorize functions of the control device for which rights are required is checked, and when the validity and/or right has been established, the functions for which rights are required are released and the read user code is registered in the control device 2 as an active user code, and information about the spatial distance of the read key tag 5 provided by the reading unit 24 is evaluated and a read user code is evaluated as being invalid or lacking the right to authorize functions for which rights are required if the detected distance exceeds a given maximum distance 8.
- 202. Log-off procedure for safely terminating a temporary safe assignment of the command authority of an operator 1 to a control device 2, wherein the user is allocated a key tag 5 which is provided with an electronically readable code in the form of a user code and optionally additional user information, and during a log-off procedure at least the user code and optionally the additional user information is detected by means of a reading unit 24 provided in the control device 2, the detected user code is checked to ascertain a match with a registered active user code and if a match is established, the registered active user code is deleted or designated as inactive and an authorization to use functions of the control device 2 for which rights are required is terminated.
- 205. Log-on procedure for safely establishing a temporary active data connection of a mobile control device 2 to at least one safety loop of a controllable technical system 60 and optionally to a controller 10 of a technical system 60, with an interconnected data transmission means, in particular a bus system or a network with no physically secured unequivocal point-to-point assignment of the message sources and message sinks, and with an interconnected safe data transmission counter station which is permanently connected to the safety loop, wherein at least one electronically detectable security code of a log-on tag 4 moved into the immediate vicinity of the controllable technical system is detected by a first processor or detection circuit 34 and by a second processor or detection circuit 35 of the mobile control device 2 by means of a reading unit 24 with a locally limited detection range provided in the mobile control device, the at least one detected security code is registered in the mobile control device 2 as an active security code and is stored in a memory so that it can be accessed.
- 227. Operating method for safely operating a temporary active data connection from a mobile control device 2 to at least one safety loop of a controllable technical system 60 and optionally to a controller 10 of a technical system, with an interconnected data transmission means, in particular a bus system or a network without a physically secured unequivocal point-to-point assignment of the message sources and message sinks, and with an interconnected safe data transmission counter station 9 which is permanently connected to the safety loop, wherein data telegrams are generated by a first processor or detection circuit 34 and a second processor or detection circuit 35 of the mobile control device 2, these data telegrams are identified with a previously read log-on tag 4 and a security code registered in the control device 2 or with a connection code checked and registered by means of the read security code, the data telegrams are transmitted to the safe data transmission counter station, the data telegrams received in the safe data transmission counter station 9 are checked for a valid code corresponding to a security code registered in the memory of the data transmission counter station 9 and/or corresponding to a connection code checked by means of the security code and registered, and if a valid code is established, the signals or data for the safety loop are adjusted or fed into the safety loop in accordance with the data content of the data telegrams.
- 239. Log-off procedure for safely terminating a temporary active data connection from a mobile control device 2 to at least a safety loop of a controllable technical system 60 and optionally with to a controller of a technical system, with an interconnected data transmission means, in particular a bus system or a network without a physically secured unequivocal point-to-point assignment of the message sources and message sinks, and with an interconnected safe data transmission counter station 9 which is permanently connected to the safety loop, wherein a registered active connection identification code which is stored both in a memory of the mobile control device 2 and in a memory of the data transmission counter station 9 so that it can be accessed is deleted from the respective memory or designated as inactive.
-
247. Method of switching on with a view to safely operating a mobile control device, wherein during an initialization procedure, all memories provided as a means of holding a read security code or for holding a connection identification code are deleted or initialized with an unequivocally invalid value.
-
250. Recording method for recording safety-relevant information for use in a system with at least one safe mobile control device 2 and at least one safe data transmission counter station 9 with a link to the safety loop of a controllable technical system 60 and optionally to a controller 10 of the technical system, wherein data is transmitted from the mobile control device 2 and/or from the safe data transmission counter station 9 and/or from the controller 10 of the technical system to a central server 65, where it is recorded with time-related information which can be chronologically reconstructed and retrieved, which data relates to the establishment and termination of safe assignments of users to mobile control devices 2 and/or to controllable technical systems 60 and/or which data relates to the triggering of potentially safety critical control operations by the users 1.
Specification