CONTROL OF SAFETY CRITICAL OPERATIONS

US 20120303145A1
Filed: 02/14/2011
Published: 11/29/2012
Est. Priority Date: 02/13/2010
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

an operative portion for performing a safety critical operation, a command portion remote from the operative portion for controlling performance of the safety critical operation, and low integrity transmission means for transmitting a control command from the command portion to the operative portion, wherein the control command comprises a plurality of keywords generated in a high integrity control command generation part of the command portion which are outputted only in response to a correct command from an operator, and the operative portion comprises a plurality of high integrity key safe switches which operate to compare the keywords received from the command portion via the low integrity transmission means, the performance of the safety critical operation being effected only in the event of a correct comparison by the key safe switches.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system wherein control of a safety-critical system operation is effected by sending a plurality of keywords via a low integrity transmission means.

Citations

23 Claims

1. A system comprising:
- an operative portion for performing a safety critical operation, a command portion remote from the operative portion for controlling performance of the safety critical operation, and low integrity transmission means for transmitting a control command from the command portion to the operative portion, wherein the control command comprises a plurality of keywords generated in a high integrity control command generation part of the command portion which are outputted only in response to a correct command from an operator, and the operative portion comprises a plurality of high integrity key safe switches which operate to compare the keywords received from the command portion via the low integrity transmission means, the performance of the safety critical operation being effected only in the event of a correct comparison by the key safe switches.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 20, 21)
- - 2. The system of claim 1 wherein the low integrity transmission means comprises a common transmission path for the keywords.
  - 3. The system of claim 1 comprising a plurality of switches each selectively responsive to said keywords, operation of at least a majority of the switches being required to effect said control.
  - 4. The system of claim 3 wherein the switches are arranged in series with respect to a power supply or other executive signal for the said system operation.
  - 5. The system of claim 4 comprising means for causing the switches to operate in a predetermined sequence.
  - 6. The system of claim 3 wherein a said keyword is sent to a said switch via a serial data bus.
  - 7. The system of claim 1 configured to provide local power to the switch from a data signal containing the keyword.
  - 8. The system of claim 3, wherein each switch is configured to respond to a different said keyword.
  - 9. The system of claim 8, wherein each said switch is individually addressable.
  - 20. The system of claim 1, being configured to be at least partially embodied in an unmanned aerial vehicle or other vehicle.
  - 21. The system of claim 20, being a stores management system.

10. A system comprising:
- an operative portion for performing a safety critical operation, a command portion remote from the operative portion for controlling performance of the safety critical operation, and low integrity transmission means for transmitting a control command from the command portion to the operative portion, wherein the control command comprises a plurality of decrypt keys generated in a high integrity control command generation part of the command portion which are outputted only in response to a correct command from an operator, and the operative portion comprises a high integrity store for storing a plurality of keywords generated only on receipt of the decrypt keys received from the command portion via the low integrity transmission means and a plurality of high integrity key safe switches which operate to compare the generated keywords, the performance of the safety critical operation being effected only in the event of a correct comparison by the key safe switches.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 23)
- - 11. The system of claim 10, wherein the operative portion comprises means for decrypting the keywords and supplying them to the switches.
  - 12. The system of claim 10, wherein the low integrity transmission means comprises a common transmission path for the keywords.
  - 13. The system of claim 10 comprising said plurality of switches is each selectively responsive to said keywords, operation of at least a majority of the switches being required to effect said control.
  - 14. The system of claim 13 wherein the switches are arranged in series with respect to a power supply or other executive signal for the said system operation.
  - 15. The system of claim 14 comprising means for causing the switches to operate in a predetermined sequence
  - 16. The system of claim 13, wherein a said keyword is sent to a said switch via a serial data bus.
  - 17. The system of claim 10, configured to provide local power to the switch from a data signal containing the keyword.
  - 18. The system of claim 13 wherein each switch is configured to respond to a different said keyword.
  - 19. The system of claim 18, wherein each said switch is individually addressable.
  - 23. The system of claim 10, being configured to be at least partially embodied in an unmanned aerial vehicle or other vehicle.

22. An unmanned aerial vehicle comprising:
- an operative portion for performing a safety critical operation in response to a control command received from a command portion remote from the vehicle via low integrity transmission means, wherein the control command comprises a plurality of keywords generated in a high integrity control command generation part of the command portion which are outputted only in response to a correct command from an operator, and the operative portion comprises a plurality of high integrity key safe switches which operate to compare the keywords received from the command portion via the low integrity transmission means, the performance of the safety critical operation being effected only in the event of a correct comparison by the key safe switches.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
BAE Systems Plc
Original Assignee
BAE Systems Plc
Inventors
Bennett, Simon Grant, Belcher, Nicholas Andrew, Parker, David, Challis, Kevin, Watkins, David Christopher, Watkins, Gary Robert

Granted Patent

US 9,383,740 B2
Time in Patent Office

Days
Field of Search
US Class Current

700/90
CPC Class Codes

G05B 19/0425 Safety, monitoring

CONTROL OF SAFETY CRITICAL OPERATIONS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

CONTROL OF SAFETY CRITICAL OPERATIONS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links