Protocol for critical security applications
First Claim
Patent Images
1. A communication system for critical-security applications comprising:
- a plurality of transmitting and receiving stations for transmitting and receiving messages;
means for transmitting messages between respective transmitting and receiving stations, said transmitting means being based on a continuously-deterministic allocation of time slices where said time slices are allocated to a respective station in communication cycles and said transmitting means are programmed so that there is global consistency among all of the stations in the system, said time slices being respectively subdivided into a temporal transfer window for transmitting the message and an acknowledgement window following said transfer window;
means for transmitting a VETO signal in the acknowledgement window from an affected receiving station when a transmission error occurs, said VETO signal indicating a message was one of received erroneously and not received by the affected receiving station during a previous time slice and said VETO signal having no additional information beyond its presence in order to increase the recognition of the VETO signal, even in the presence of a disturbance signal; and
means, associated with the means for transmitting messages, for transmitting a VETO signal until the end of the acknowledgement window so that a disturbance signal that is misinterpreted locally by one of the transmitting and receiving stations and erroneously recognized as a VETO signal is converted into a VETO signal throughout the plurality of transmitting and receiving stations.
2 Assignments
0 Petitions
Accused Products
Abstract
Proposed is a protocol for transmitting messages between transmitting and receiving stations in time slices for critical security applications, based on a synchronous arbitration, by means of which disturbances in the communications system (including communication subscribers) are ascertained reliably. The time slices are continuously allocated deterministically to a respective station in cycles. The time slices are respectively subdivided into a temporal transfer window for transmitting the message and an acknowledgement window following the transfer window; the receiving station transmits an objection signal (VETO signal) in the acknowledgement window only if a message is received erroneously, or not at all, to indicate a disturbance.
29 Citations
16 Claims
-
1. A communication system for critical-security applications comprising:
-
a plurality of transmitting and receiving stations for transmitting and receiving messages;
means for transmitting messages between respective transmitting and receiving stations, said transmitting means being based on a continuously-deterministic allocation of time slices where said time slices are allocated to a respective station in communication cycles and said transmitting means are programmed so that there is global consistency among all of the stations in the system, said time slices being respectively subdivided into a temporal transfer window for transmitting the message and an acknowledgement window following said transfer window;
means for transmitting a VETO signal in the acknowledgement window from an affected receiving station when a transmission error occurs, said VETO signal indicating a message was one of received erroneously and not received by the affected receiving station during a previous time slice and said VETO signal having no additional information beyond its presence in order to increase the recognition of the VETO signal, even in the presence of a disturbance signal; and
means, associated with the means for transmitting messages, for transmitting a VETO signal until the end of the acknowledgement window so that a disturbance signal that is misinterpreted locally by one of the transmitting and receiving stations and erroneously recognized as a VETO signal is converted into a VETO signal throughout the plurality of transmitting and receiving stations. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
means for setting a plurality of variables or flags in a first way, at the beginning of the reconfiguration cycle, for receiving stations that have received no transmission or no correct transmission in the previous time slice wherein the first way of setting the variables or flags are opposite to the respective variables or flags set in a receiving station that has received a correct transmission in the previous time slice;
means for transmitting messages from all active receiving stations during said reconfiguration cycle with a set reconfiguration bit (r) and a value previously stored in an error variable as an error bit (f) in a respective time slice of the respective receiving station where if a receiving station receives the set reconfiguration bit correctly, a reconfiguration variable is set to indicate that the reconfiguration bit has been received correctly, and if the error bit (f) in the respective message is set to TRUE, another receiving station was initially disturbed;
means for returning all transmitting and receiving stations to normal operation if an initially disturbed station transmits a further time slice, which does not have a VETO signal in the acknowledgement window;
means for re-evaluating variables or flags of receiving stations, at the end of the reconfiguration cycle, where the receiving station terminates itself and sets all transmissions, if a transmission window of a further time slice of the initially-disturbed transmitting station passes and the receiving station detects another transmission error in the further time slice, if the reconfiguration variable indicates that the receiving station cannot receive a message correctly from another transmitting station, and if the reconfiguration variable indicates that the receiving station received the correct message, the error bit of the respective message is set to FALSE and a VETO signal is not initiated by another receiving station; and
means for terminating the disturbed transmitting station and causing all of the receiving stations to ignore further transmission errors in time slices of the disturbed transmitting station, if the reconfiguration bit indicates that a message was received correctly by a respective receiving station and the error bit is set to TRUE, in this case, the respective receiving station transmitting the VETO signal indicating that the disturbed transmitting station time slice was disturbed.
-
-
6. A communication system according to claim 5, wherein a burst disturbance that does not last for more than one communication cycle does not result in an erroneous termination of a transmitting station.
-
7. A communication system according to claim 6, wherein periodic disturbances of a duration less than an acknowledgement window of a time slice do not result in an erroneous termination of a transmitting station.
-
8. A communication system according to claim 7, wherein, if two partial communication cycles are combined into one communication cycle and all stations assuming critical security tasks are authorized to transmit in the partial communication cycles, the transmission authorization exists in different time slices of the partial cycles.
-
9. A communication system according to claim 1, wherein said means for transmitting messages between respective transmitting and receiving stations includes a protocol controller, a dual-port RAM in communication with said protocol controller, an application system having a processor (CPU) in communication with said dual-port RAM where a dual-channel bus provides the communication between the above-mentioned elements.
-
10. A communication system according to claim 9, wherein dual-port RAM is divided into a first part and a second part, said first part being CPU write-authorized and said second part being protocol controller write authorized.
-
11. A method of communicating for critical-security applications comprising the steps of:
-
transmitting messages between a plurality of transmitting and receiving stations, said transmitting step being based on a continuously-deterministic allocation of time slices where said time slices are allocated in communication cycles to a respective station and said transmitting step being programmed so that there is global consistency among all of the stations in the system, said time slices being respectively subdivided into a temporal transfer window for transmitting the message and an acknowledgement window following said transfer window;
transmitting a VETO signal in the acknowledgement window from an affected receiving station when a transmission error occurs, said VETO signal indicating a message was one of received erroneously and not received by the affected receiving station during a previous time slice and said VETO signal having no additional information beyond its presence in order to increase the recognition of the VETO signal, even in the presence of a disturbance signal; and
transmitting a VETO signal until the end of the acknowledgement window so that a disturbance signal that is misinterpreted locally by one of the transmitting and receiving stations and erroneously recognized as a VETO signal is converted into a VETO signal throughout the plurality of transmitting and receiving stations. - View Dependent Claims (12, 13, 14, 15, 16)
setting a plurality of variables or flags in a first way, at the beginning of the reconfiguration cycle, for receiving stations that have received no transmission or no correct transmission in the previous time slice wherein the first way of setting the variables or flags are opposite to the respective variables or flags set in a receiving station that has received a correct transmission in the previous time slice;
transmitting messages from all active receiving stations during said reconfiguration cycle with a set reconfiguration bit (r) and a value previously stored in an error variable as an error bit (f) in a respective time slice of the respective receiving station where if a receiving station receives the set reconfiguration bit correctly, a reconfiguration variable is set to indicate that the reconfiguration bit has been received correctly, and if the error bit (f) in the respective message is set to TRUE, another receiving station was initially disturbed;
returning all transmitting and receiving stations to normal operation if an initially disturbed station transmits a further time slice, which does not have a VETO signal in the acknowledgement window;
re-evaluating variables or flags of receiving stations, at the end of the reconfiguration cycle, where the receiving station terminates itself and sets all transmissions, if a transmission window of a further time slice of the initially-disturbed transmitting station passes and the receiving station detects another transmission error in the further time slice, if the reconfiguration variable indicates that the receiving station cannot receive a message correctly from another transmitting station, and if the reconfiguration variable indicates that the receiving station received the correct message, the error bit of the respective message is set to FALSE and a VETO signal is not initiated by another receiving station; and
terminating the disturbed transmitting station and causing all of the receiving stations to ignore further transmission errors in time slices of the disturbed transmitting station, if the reconfiguration bit indicates that a message was received correctly by a respective receiving station and the error bit is set to TRUE, in this case, the respective receiving station transmitting the VETO signal indicating that the disturbed transmitting station time slice was disturbed.
-
-
15. A method of communicating according to claim 14, wherein a burst disturbance that does not last for more than one communication cycle does not result in an erroneous termination of a transmitting station.
-
16. A method of communicating according to claim 15, wherein periodic disturbances of a duration less than an acknowledgement window of a time slice do not result in an erroneous termination of a transmitting station.
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeDaimler Chrysler Company LLC (Stellantis NV)
-
Original AssigneeDaimler Chrysler Company LLC (Stellantis NV)
-
InventorsBohne, Jürgen
-
Primary Examiner(s)CANGIALOSI, SALVATORE A
-
Application NumberUS09/180,471Time in Patent Office1,078 DaysField of Search370/442, 370/438-440US Class Current370/442CPC Class CodesH04L 12/40176 involving redundancy error ...H04L 12/407 with decentralised controlH04L 2012/40273 the transportation system b...
