Failsafe data output system and automation system having the same
First Claim
Patent Images
1. A method of operating an automation system having at least one input unit for receiving process signals and at least one output unit for driving external peripherals which are communicatively interconnected via a bus, wherein at least one of the at least one input units is constructed as a failsafe input unit and at least one of the at least one output units is constructed as a failsafe output unit, the method comprising:
- transmitting a telegram from the at least one failsafe input unit to the at least one failsafe output unit at predetermined times, the telegram including at least one useful information item, one destination code point designating an address for one of the at least one failsafe output units and one origin code designating the failsafe input unit transmitting the telegram;
interpreting receipt of the telegram at the predetermined times as an indication of an intact communications relationship; and
shifting the connected peripherals into a safe state if the telegram is not received at the predetermined times.
1 Assignment
0 Petitions
Accused Products
Abstract
An apparatus for and a method of operating an automation system. A processing unit subjects useful information which is received via a telegram to a user designated logic operation and drives an output channel in accordance with a result of the logic operation. The processing unit monitors a time sequence of process data transmitted with the useful information and drives the output channel only when the time sequence lies within predetermined tolerances. A monitoring unit monitors the processing unit and shifts the output channel to a safe condition as soon as a malfunction of the processing unit is detected. The output channel may include a readback channel which reads back a signal applied to the output channel whereby the monitoring unit compares the applied signal and the readback signal and shifts the output channel to a safe state if the applied signal and the readback signal differ.
17 Citations
18 Claims
-
1. A method of operating an automation system having at least one input unit for receiving process signals and at least one output unit for driving external peripherals which are communicatively interconnected via a bus, wherein at least one of the at least one input units is constructed as a failsafe input unit and at least one of the at least one output units is constructed as a failsafe output unit, the method comprising:
-
transmitting a telegram from the at least one failsafe input unit to the at least one failsafe output unit at predetermined times, the telegram including at least one useful information item, one destination code point designating an address for one of the at least one failsafe output units and one origin code designating the failsafe input unit transmitting the telegram;
interpreting receipt of the telegram at the predetermined times as an indication of an intact communications relationship; and
shifting the connected peripherals into a safe state if the telegram is not received at the predetermined times. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
triggering a test procedure at predetermined times;
effecting a status change for at least one input channel of at least one of the at least one failsafe input units;
monitoring the status change;
outputting an error message, if necessary; and
canceling the effected status change at an end of the test procedure, the test procedure being completely transparent for reading out the at least one input channel.
-
-
3. The method as recited in claim 2, further comprising:
operating the at least one input channel as an antivalent channel.
-
4. The method as recited in claim 3, further comprising:
-
providing a monitoring circuit which operates as a watchdog; and
shifting the at least one output channel into a safe state as soon as the monitoring circuit detects a malfunction of the automation system.
-
-
5. The method as recited in claim 4, further comprising:
-
reading back a signal supplied to the output channel;
comparing the signal supplied to the output channel and the signal read back from the output channel; and
shifting at least one of output channel to a safe state in response to a deviation detected by the comparison.
-
-
6. The method as recited in claim 2, further comprising:
-
evaluating the at least one useful information item of the telegram;
subjecting the at least one useful information item to a user designated logic operation; and
driving the at least one output channel in accordance with a result of the designated logic operation.
-
-
7. The method as recited in claim 6, further comprising:
-
monitoring a time sequence of the process data which is transmitted with the useful information; and
driving the at least one output channel only when the time sequence of the data required for driving the at least one output channel lies within predetermined tolerances.
-
-
8. The method as recited in claim 6, further comprising:
-
providing a monitoring circuit which operates as a watchdog; and
shifting the at least one output channel into a safe state as soon as the monitoring circuit detects a malfunction of the automation system.
-
-
9. The method as recited in claim 8, further comprising:
-
reading back a signal supplied to the output channel;
comparing the signal supplied to the output channel with the signal read back from the output channel; and
shifting at least one output channel to a safe state in response to a deviation detected by the comparison.
-
-
10. An automation system, comprising:
-
at least one input unit which receives process signals; and
at least one output unit for driving external peripherals, the at least one input unit and the at least one output unit being communicatively interconnected via a bus, wherein at least one of the at least one input units is constructed as a failsafe input unit and at least one of the at least one output units is constructed as a failsafe output unit, wherein;
the at least one failsafe input unit transmits a telegram to the at least one failsafe output unit at predetermined times, the telegram including at least one useful information item, one destination code point designating an address for one of the at least one failsafe output units and one origin code designating the failsafe input unit transmitting the telegram; and
the at least one failsafe output unit interprets receipt of the telegram at the predetermined times as an indication of an intact communications relationship, otherwise the automation system shifts the connected peripherals into a safe state. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
a test circuit which triggers a test procedure at predetermined times and effects a status change for at least one input channel of at least one of the at least one failsafe input units; and
an internal logic circuit which monitors the status change and outputs an error message, if necessary and cancels the effected status change at an end of the test procedure, wherein the test procedure is completely transparent for reading out the at least one input channel.
-
-
12. The automation system as recited in claim 10, wherein the at least one failsafe input device comprises at least one input channel which operates as an antivalent channel.
-
13. The automation system as recited in claim 12, further comprising:
-
a processing unit which;
evaluates the at least one useful information item of the telegram;
subjects the at least one useful information item to a user designated logic operation; and
drives the at least one output channel in accordance with a result of the designated logic operation.
-
-
14. The automation system as recited in claim 13, further comprising:
a watchdog which monitors the processing unit and shifts the at least one output channel into a safe state as soon as the watchdog detects a malfunction of the automation system.
-
15. The automation system as recited in claim 14, wherein:
-
the output channel is constructed as a readback output channel;
a signal supplied to the output channel is also supplied to the watchdog; and
the watchdog compares the signal supplied to the output channel and a signal read back from the output channel shifts at least one output channel to a safe state in response to a deviation detected by the comparison.
-
-
16. The automation system as recited in claim 10, wherein the processing unit:
-
monitors a time sequence of process data transmitted with the useful information; and
drives the at least one output channel only when the time sequence of the data required for driving the at least one output channel lies within predetermined tolerances.
-
-
17. The automation system as recited in claim 16, further comprising:
a watchdog which monitors the processing unit and shifts the at least one output channel into a safe state as soon as the watchdog detects a malfunction of the automation system.
-
18. The automation system as recited in claim 17, wherein:
-
the output channel is constructed as a readback output channel;
a signal supplied to the output channel is also supplied to the watchdog; and
the watchdog compares the signal supplied to the output channel and a signal read back from the output channel shifts at least one output channel to a safe state in response to a deviation detected by the comparison.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeSiemens AG
-
Original AssigneeSiemens AG
-
InventorsZaech, Joerg-Peter, Trauth, Armin, von Krosigk, Hartmut, Barthel, Herbert, Schenk, Andreas, Weber, Karl, Birzer, Johannes, Fuchs, Heiner, Schuetz, Hartmut
-
Primary Examiner(s)PATEL, RAMESH B
-
Application NumberUS09/600,393Time in Patent Office1,484 DaysField of Search700/2.4, 700/19, 700/20, 700/21, 700/79, 700/80, 700/81, 700/82, 340/500-503, 340/693.12, 714/2-3, 714/14US Class Current700/79CPC Class CodesG05B 19/0428 Safety, monitoring G05B19/0...G05B 2219/25428 Field deviceG06F 11/0796 Safety measures, i.e. ensur...
