Method and apparatus for monitoring the operation of a computer-controlled operating element, particularly triggered safety apparatus for an automotive vehicle

US 4,864,202 A
Filed: 10/09/1987
Issued: 09/05/1989
Est. Priority Date: 11/14/1986
Status: Expired due to Fees

First Claim

Patent Images

1. Method of monitoring a computer system wherein the system includesa computer apparatus unit (10) having an output terminal (16) anda controlled operating element (12) coupled to the output terminal (16) of the computer apparatus unit,said computer apparatus unit (10) providing a control signal at the output terminal (16) for propagation of the control signal to the operating element (12) and for controlling the operating element to carry out a predetermined operation, andwherein, additionally, the output terminal (16) of the computer apparatus unit is subject to disturbance signals which, if propagated to the operating element (12) cause undesired operation of the operating element,comprising, in accordance with the invention, the steps ofdelaying propagation of the control signal from the computer apparatus unit (10) to the operating element (12) for a predetermined time interval;

deriving signal samples from the output terminal (16) of the computer apparatus unit (10);

evaluating said signal samples;

comparing said signal samples continuously within said predetermined time interval with check of test values and, if the comparison between said check or test values and the signal samples(a) indicates coincidence, transmitting, after said time interval, said control signal to the operating element (12) to carry out the predetermined operation;

(b) indicates a deviation, preventing, before elapse of said time interval, transmission of the control signal to the operating element and controlling the computer apparatus unit to repeat its computation.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

To prevent spurious operation of a controlled operating element (12), typically a safety element which can be irreversibly triggered, such as a trigger or firing cartridge of a passenger restraint airbag, while providing for reliable operation in case of a crash of a vehicle in which the airbag is installed, a control signal is derived from a computer (10) processing input signals. The transmission of the control signals from the computer (10) to the operating element (12) is through a time delay stage (30) which has a time delay of sufficient length to permit the computer to correct, if necessary, signals from its output (16) and to carry out tests on the output signals from the computer apparatus. An evaluation circuit (18) continuously compares the output signals with check values. The check values may be derived from, for example a second computer similar to the computer, or from stored representative values. If the comparison indicates coincidence, the operating control signal from the computer is transmitted to the operating element (12). If, however, e.g. due to extraneous disturbances, a deviation between the test samples and the signals derived from the output (16) of the computer indicates a deviation, transmission of the control signals from the computer (10) to the operating element (12) is prevented, and the computer is controlled to repeat its computation, or part of a computation cycle.

23 Citations

View as Search Results

23 Claims

1. Method of monitoring a computer system wherein the system includesa computer apparatus unit (10) having an output terminal (16) anda controlled operating element (12) coupled to the output terminal (16) of the computer apparatus unit,said computer apparatus unit (10) providing a control signal at the output terminal (16) for propagation of the control signal to the operating element (12) and for controlling the operating element to carry out a predetermined operation, andwherein, additionally, the output terminal (16) of the computer apparatus unit is subject to disturbance signals which, if propagated to the operating element (12) cause undesired operation of the operating element,comprising, in accordance with the invention, the steps ofdelaying propagation of the control signal from the computer apparatus unit (10) to the operating element (12) for a predetermined time interval;
- deriving signal samples from the output terminal (16) of the computer apparatus unit (10);
  
  evaluating said signal samples;
  
  comparing said signal samples continuously within said predetermined time interval with check of test values and, if the comparison between said check or test values and the signal samples(a) indicates coincidence, transmitting, after said time interval, said control signal to the operating element (12) to carry out the predetermined operation;
  
  (b) indicates a deviation, preventing, before elapse of said time interval, transmission of the control signal to the operating element and controlling the computer apparatus unit to repeat its computation.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, wherein the step of delaying propagation of the control signal from the computer apparatus unit (10) includes the step of buffer-storing said control signal.
  - 3. The method of claim 1, wherein th step of delaying propagation of the control signal between its appearance at the output of the computer apparatus unit (10) and reception by the operating element (12) comprising delaying the control signal for a perid of time corresponding at least to a test and correction time interval sufficient for testing and repeating the computation.
  - 4. The method of claim 3, wherein the control signal has the form of a voltage jump or pulse;
    - and wherein the steps of evaluating said signal samples and comparing said signal samples comprise integrating the control signal continuously and comparing the integrated value continuously with a reference or check value;
      
      and, if the reference value or check value is reached, generating a derived control signal in form of a voltage jump or pulse and transmitting said derived control signal to the operating element;
      
      if the comparison indictes a deviation, terminating or suppressing said evaluating and comparing steps before the integration has reached said reference or check value to thereby prevent generation of the derived control signal.

5. A system to monitor disturbances in a computer system and to inhibit effects of the disturbances,said computer system havinga computer apparatus unit (10) having an output terminal (16);
- a controlled operating element (12) coupled to the output terminal,said computer apparatus unit providing an operating control signal at the output terminal (16) for preparation of the operating control signal to the controlled operating element (12) for controlling the operating element to carry out a predetermined operation, andwherein, additionally, the output terminal (16) of the computer apparatus unit is subject to disturbance signals which, if propagated to the operating element, cause undesired operation of the element (12),comprising, in accordance with the invention,an evaluation stage or circuit (18) coupled to the output terminal (16) of the computer apparatus unit (10),said evaluation stage or circuit including means (20) for providing test or check signals;
  
  a comparator (22) receiving signal samples from the output terminal (16) of the computer apparatus unit and said test or check signals and effecting comparison;
  
  and a control signal source (24) coupled to receive the output from the comparator (22) and responding to the comparator output indicative of(a) coincidence of the signal samples and the test or check signals,(b) a deviation between the signal samples and the test or check signals;
  
  said control signal source providing control signals of differing characteristics in dependence on the output from the comparator (22) in accordance with the comparison therein;
  
  a time delay stage (30) coupled between the output terminal (16) of the computer apparatus unit (10) and an input terminal (28) of the operating element (12);
  
  a correction terminal (34) on the computer apparatus unit (10) and controlling the computer apparatus unit to repeat at least one of;
  
  a computation;
  
  a computation cycle;
  
  a computation step;
  
  and coupling means (32) connected to receive the control signals from the control signal source and connected to the correction terminal (34) of the computer apparatus unit (10) to cause the computer apparatus unit to correct its computation if a deviation has been detected and for providing output signals inhibiting transmission of the operating control signal from the computer apparatus unit (10) through the time delay stage (30) to the operating element (12) if such a deviation has been detected by the comparator.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 6. The systen of claim 5, wherein the time delay stage (30) comprises a read-write memory;
    - and the control signal source (24) includes a connection connected to a "release" input (36) and a "reset" input (38) of the write-read memory (30), for, respectively, either releasing transmission of the operating control signal from the computer apparatus unit (10) to the operating element (12) if the comparison condition (a) is met, or to reset the read-write memory (30) if the comparison condition (b) is met.
  - 7. The system of claim 5, wherein the time delay stage (30) comprises a shift register;
    - and wherein the output of the control signal source (24) is connected to a reset input (36) of the shift register for resetting the shift register if the comparison condition (b) is detected by the comparator (22).
  - 8. The system according to claim 5, wherein the time delay stage (30) comprises a delay line, and the output of the control signal source (24) is connected to a reset input (38) of the delay line to reset the delay line if the comparison condition (b) is detected in the comparator (22).
  - 9. The system according to claim 5, wherein the time delay stage (30) comprises a reference signal source (50), an integrator (52) and a comparator element (54) coupled to receive the operating control signal from the computer apparatus unit (10) and a reference signal from the reference signal source (50);
    - and wherein the evaluation stage or circuitcontrols the correction terminal (34) of the computer apparatus unit (10) to inhibit transmission of a control signal therefrom to the integrator if the comparison condition (b) is determined by the comparator (22).
  - 10. The system according to claim 9, wherein the reference signal source (50) comprises a voltage divider connected between a reference voltage source;
    - the integrator comprises a low-pass filter comprising a resistor and a capacitor (68) connected to the output terminal (16) of the computer apparatus unit (10), the capacitor being coupled to one terminal of the reference signal source;
      
      and wherein said comparator element (54) comprises an operational amplifier (54) having its direct input connected to the output of the low-pass filter (52) and the inverting input (70) connected to receive the reference signal of the reference signal source.
  - 11. The system according to claim 10, wherein the operational amplifier has an open collector output terminal (76).
  - 12. The system according to claim 10, including a differentiating network (74) coupled between the output of the operational amplifier and its direct input terminal to provide a positive feedback and to provide a holding voltage at the direct input terminal after the operating control signal has exceeded said reference signal and the operational amplifier has switched state.
  - 13. The system according to claim 12, wherein the differentiating network (74) comprises a capacitor (78) coupled to the output of the operational amplifier and to the direct input thereof;
    - and a resistor (80) coupled to the direct input of the operational amplifier and to said reference voltage signal source.
  - 14. The system according to claim 5, wherein the operating element (12) comprises an emitter-follower transistor circuit and a complementary driver stage (82) coupled to a transistor of the emitter-follower transistor circuit.

15. A method of monitoring a computer system, wherein the computer system includesa computer apparatus unit (10) having an output terminal (16) and a controlled operating element (12), which controlled operating element comprisessafety apparatus in an automotive vehicle including at least one of:
- a brake antilock system;
  
  a passenger restraint system,wherein the passenger restraint system comprises at least one of;
  
  an air bag,a safety belt tightening system,a safety belt locking system,said method including the steps ofproviding an operating control signal at the output terminal (16) of the computer apparatus unit (10);
  
  propagating the operating control signal to the operating element (12) for controlling the operating element to carry out a predetermined operation, andwherein, additionally, the operating terminal (16) of the computer apparatus unit is subject to disturbance signals which, if propagated to the operating element, cause undesired operation of the operating element (12),comprising, in accordance with the invention, the steps ofdelaying propagation of the operating control signal from the computer apparatus unit (10) to the operating element (12) for a predetermined time interval;
  
  deriving signal samples from the output terminal (16) of the computer apparatus unit (10);
  
  evaluating said signal samples;
  
  comparing said signal samples continuously within said predetermined time interval with check or test values and, if the comparison between said check or test values and the signal samples(a) indicates concidence, transmitting, after said time interval, said operating control signal to the operating element (12) to carry out the predetermined operation;
  
  (b) indicates a deviation, preventing, before elapse of said time interval, transmission of the operating control signal to the operating element and controlling the computer apparatus unit to repeat its computation.
- View Dependent Claims (16, 17, 18)
- - 16. The method of claim 15, wherein the step of delaying propagation includes the step of buffer-storing said operating control signal.
  - 17. The method of claim 15, wherein the step of delaying propagation of the operating control signal between its appearance at the output of the computer apparatus unit (10) and reception by the operating element (12) comprising delaying the signal for a period of time corresponding at least to a test and correction time interval sufficient for testing and repeating the computation.
  - 18. The method of claim 17, wherein th operating control signal has the form of a voltage jump or pulse;
    - and wherein the steps of evaluating said signal samples and comparing said signal samples comprise integrating the control signal continuously and comparing the integrated value continuously with a reference or check value;
      
      and, if the reference value or check value is reached, generating a derived control signal in form of a voltage jump or pulse and transmitting said derived control signal to the operating element;
      
      if the comparison indicates a deviation, terminating or suppressing said evaluating and comparing steps before the integration has reached said reference or check value to thereby prevent generation of the derived control signal.

19. In an automotive vehicle having a safety system including an operating element (12) comprising at least one of:
- a brake antilock system,a passenger restraint system,wherein the passenger restraint system comprises at least one of;
  
  an air bag,a safety belt tightening system,a safety belt locking system,said safety system includinga computer apparatus unit (10) having an output terminal (16);
  
  the controlled operating element (12) being coupled to the output terminal (16),said computer apparatus unit providing an operating control signal at the output terminal (16) for propagation of the operating control signal to the controlled operating element (12) for controlling the operating element to carry out a predetermined operation, andwherein, additionally, the output terminal (16) of the computer apparatus unit is subject to disturbance signals which, if propagated to the operating element, cause undesired operation of the element (12),comrising, in accordance with the invention;
  
  an evaluation stage or circuit (18) coupled to the output terminal (16) of the computer apparatus unit (10),said evaluation stage or circuit including means (20) for providing test or check signals;
  
  a comparator (22) receiving signal samples from the output terminal (16) of the computer apparatus unit and said test or check signals and effecting comparison;
  
  and a control signal source (24) coupled to receive the output from the comparator (22) and responding to the comparator output indicative of(a) coincidence of the signal samples and the test or check signals,(b) a deviation between the signal samples and the test or check signals;
  
  said control signal source providing control signals of differing characteristics in dependence on the output from the comparator (22) in accordance with the comparison therein;
  
  a time delay stage (30) coupled between the output terminal (16) of the computer apparatus unit (10) and an input terminal (28) of the operating element (12);
  
  a correction terminal (34) on the computer apparatus unit (10) and controlling the computer apparatus unit to repeat at leat one of;
  
  a computation;
  
  a computation cycle;
  
  a computation step;
  
  and coupling means (32) connected to receive the control signals from the control signal source and connected to the correction terminal (34) of the computer apparatus unit (10) to cause the computer apparatus unit to correct its computation if a deviation has been detected and for providing output signals inhibiting transmission of the operating control signal from the computer apparatus unit (10) through the time delay stage (30) to the operating element (12) if such a deviation has been detected by the comparator.
- View Dependent Claims (20, 21, 22, 23)
- - 20. The system of claim 19, wherein the time delay stage (30) comprises a read-write memory;
    - and the control signal source (24) includes a connection connected to a "release" input (36) and a "reset" input (38) of the write-read memory (30), for, respectively, either releasing transmission of the operating signal from the computer apparatus unit (10) to the operating element (12) if the comparison condition (a) is met, or to reset the read-write memory (30) if the comparison condition (b) is met.
  - 21. The system of claim 19, wherein the time delay stage (30) comprises a shift register;
    - and wherein the output of the control signal source (24) is connected to a reset input (36) of the shift register for resetting the shift register if the comparison condition (b) is detected by the comparator (22).
  - 22. The system according to claim 19, wherein the time delay stage (30) comprises a delay line, and the output of the control signal source (24) is connected to a reset input (38) of the delay line to reset the delay line if the coparison condition (b) is detected in the comparator (22).
  - 23. The system according to claim 19, wherein the time delay stage (30) comprises a reference signal source (50), an integrator (52) and a comparator element (54) coupled to receive the operating control signal from the computer apparatus unit (10) and a reference signal from the reference signal source (50);
    - and wherein the evaluation stage or circuit controls the correction terminal (34) of the computer apparatus unit (10) to inhibit transmission of a control signal therefrom to the integrator if the comparison condition (b) is determined by the comparator (22).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Robert Bosch GmbH
Original Assignee
Robert Bosch GmbH
Inventors
Nitschke, Werner, Taufer, Peter, Drobny, Wolfgang, Jeenicke, Edmund, Weller, Hugo
Primary Examiner(s)
Ro, Bentsu

Application Number

US07/107,379
Time in Patent Office

697 Days
Field of Search

318/560, 318/563, 318/565, 180/197, 180/271, 280/728, 280/734, 280/735, 280/801, 280/802, 303/92, 303/95, 307/9, 307/10 R, 307/105 B, 340/52 R, 340/52 E, 340/61, 342/71, 342/72, 364/424, 364/426
US Class Current

318/560
CPC Class Codes

B60R 21/0173   Diagnostic or recording mea...

B60T 17/22   Devices for monitoring or c...

B60T 2270/406   Test-mode; Self-diagnosis

B60T 8/885   using electrical circuitry

G06F 11/0763   by bit configuration check,...

G06F 11/0796   Safety measures, i.e. ensur...

Method and apparatus for monitoring the operation of a computer-controlled operating element, particularly triggered safety apparatus for an automotive vehicle

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

23 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for monitoring the operation of a computer-controlled operating element, particularly triggered safety apparatus for an automotive vehicle

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links