Automation system with integrated safe and standard control functionality

US 7,933,676 B2
Filed: 09/30/2005
Issued: 04/26/2011
Est. Priority Date: 09/30/2005
Status: Active Grant

First Claim

Patent Images

1. An industrial control system, comprising:

a machine having a restricted access portion presenting a danger to a human operator in the restricted access portion;

a machine controller executing a stored control program to;

a) identify a need for a human operator to be in the restricted access portion wherein the need is based on a planned machine-operator interaction indicated by a point in the control program and not based on detection of a human presence or on an operator input,b) place the machine into a ready state in response to the identification of the need for the operator to be in the restricted access portion by suspending operation of the machine through machine control, andc) upon the control program placing the machine into the ready state, generate a ready message signaling that the control program has identified the machine is in the ready state;

a protection sensor providing a safety signal, wherein the safety signal implements fault tolerance or fault detection according to the target safety level of the control system, indicating the presence of a human in the restricted access portion; and

a safety controller, wherein the machine controller and the safety controller are independently functioning computing devices with separate memory for storing variables and programs and each controller independently executes its respective program, the safety controller executing a stored program to;

a) receive the ready message from the machine,b) receive the safety signal indicating the presence of the human operator in the restricted access portion from the protection sensor,c) after receiving either one of the ready message or the safety signal, initiate placing the machine into a safe state, wherein the safe state suspends operation of at least the restricted portion of the machine by interrupting power to at least the restricted portion of the machine,d) verify that the machine has been placed in the safe state with no fault conditions, ande) if the machine has been placed in the safe state with no fault conditions, provide a human interaction indication sensible by a human that indicates that the machine is ready for human interaction with the restricted access portion in response to receiving the ready message and placing the machine into a safe state;

whereby the machine is placed in the safe state before the human operator moves into the restricted access portion.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An industrial control system includes a machine, a machine controller, and a safety controller. The machine controller is operable to identify a need for a human interaction, place the machine into a ready state for the human interaction, and generate a ready message responsive to placing the machine into the ready state. The safety controller is operable to receive the ready message, place the machine into a safe state responsive to receiving the ready message, and provide a human interaction indication responsive to placing the machine into the safe state.

Citations

25 Claims

1. An industrial control system, comprising:
- a machine having a restricted access portion presenting a danger to a human operator in the restricted access portion;
  
  a machine controller executing a stored control program to;
  
  a) identify a need for a human operator to be in the restricted access portion wherein the need is based on a planned machine-operator interaction indicated by a point in the control program and not based on detection of a human presence or on an operator input,b) place the machine into a ready state in response to the identification of the need for the operator to be in the restricted access portion by suspending operation of the machine through machine control, andc) upon the control program placing the machine into the ready state, generate a ready message signaling that the control program has identified the machine is in the ready state;
  
  a protection sensor providing a safety signal, wherein the safety signal implements fault tolerance or fault detection according to the target safety level of the control system, indicating the presence of a human in the restricted access portion; and
  
  a safety controller, wherein the machine controller and the safety controller are independently functioning computing devices with separate memory for storing variables and programs and each controller independently executes its respective program, the safety controller executing a stored program to;
  
  a) receive the ready message from the machine,b) receive the safety signal indicating the presence of the human operator in the restricted access portion from the protection sensor,c) after receiving either one of the ready message or the safety signal, initiate placing the machine into a safe state, wherein the safe state suspends operation of at least the restricted portion of the machine by interrupting power to at least the restricted portion of the machine,d) verify that the machine has been placed in the safe state with no fault conditions, ande) if the machine has been placed in the safe state with no fault conditions, provide a human interaction indication sensible by a human that indicates that the machine is ready for human interaction with the restricted access portion in response to receiving the ready message and placing the machine into a safe state;
  
  whereby the machine is placed in the safe state before the human operator moves into the restricted access portion.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The system of claim 1, wherein the machine controller is operable to place the machine into the ready state by instructing the machine to achieve a ready position.
  - 3. The system of claim 2, wherein the machine is operable to generate an at position message responsive to achieving the ready position.
  - 4. The system of claim 3, wherein the machine controller is operable to disable the machine responsive to receiving the at position message.
  - 5. The system of claim 4, wherein the machine controller is operable to generate the ready message responsive to disabling the machine.
  - 6. The system of claim 2, further comprising a safety-rated sensor operable to generate a safety-rated at position signal responsive to determining the machine is in the ready position, wherein the safety controller is operable to place the machine into the safe state responsive to receiving the safety-rated at position signal.
  - 7. The system of claim 6, wherein the safety controller is operable to inhibit the human interaction indication responsive to the safety-rated sensor not generating the safety-rated at position signal.
  - 8. The system of claim 1, wherein the machine controller is operable to place the machine into the ready state by disabling the machine.
  - 9. The system of claim 1, wherein the safety controller is operable to inhibit the human interaction indication responsive to identifying a fault condition.
  - 10. The system of claim 1, wherein the machine controller and the safety controller are integrated into a single unit.
  - 11. The system of claim 1, further comprising an energy source coupled to the machine, wherein the safety controller is operable to isolate the machine from the energy source to place the machine in the safe state.
  - 12. The system of claim 1, wherein the machine includes a drive unit operable to provide drive signals for the machine and the safety controller is operable to inhibit the drive unit from generating the drive signals to place the machine in the safe state.
  - 13. The system of claim 1, further comprising a protection sensor operable to detect the presence of an operator in a protected region associated with the machine, wherein the safety controller is operable to disable the protection sensor after placing the machine into the safe state.

14. A method for controlling a human interaction with a machine, comprising:
- in a machine controller, executing a stored control program, identifying a need for a human to be within a restricted access portion of the machine during normal machine operation wherein the need is based on a planned machine-operator interaction indicated by a point in the control program and not based on detection of a human presence or on an operator input;
  
  placing the machine into a ready state for the human interaction in response to the identification of the need for the operator to be in the restricted access portion by temporarily suspending normal machine operation through machine control signals from the machine controller;
  
  generating a ready message in the machine controller responsive to the control program placing the machine into the ready state signaling that the control program has identified the machine is in the ready state;
  
  transmitting the ready message to a safety controller, wherein the machine controller and the safety controller are independently functioning computing devices with separate memory for storing variables and programs and each controller independently executes its respective program;
  
  placing the machine into a safe state using the safety controller responsive to receiving the ready message or a safety signal from a protection sensor indicating the presence of the human operator in the restricted access portion, wherein the safe state suspends operation of at least the restricted access portion of the machine by interrupting power to at least the restricted access portion of the machine and wherein the safety signal implements fault tolerance or fault detection according to the target safety level of the control system;
  
  verifying that the machine is in the safe state with no fault conditions; and
  
  providing a human interaction indication sensible by a human from the safety controller indicating the machine is ready for human interaction with the restricted access portion responsive to placing the machine into the safe state and receiving the ready message.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 15. The method of claim 14, wherein placing the machine into the ready state further comprises instructing the machine to achieve a ready position.
  - 16. The method of claim 15, further comprising generating an at position message responsive to achieving the ready position.
  - 17. The method of claim 16, wherein placing the machine into the ready state further comprises disabling the machine responsive to receiving the at position message.
  - 18. The method of claim 17, further comprising generating the ready message responsive to disabling the machine.
  - 19. The method of claim 15, further comprising:
    - generating a safety-rated at position signal responsive to determining the machine is in the ready position using a safety-rated sensor; and
      
      placing the machine into the safe state responsive to receiving the safety-rated at position signal.
  - 20. The method of claim 19, further comprising inhibiting the human interaction indication responsive to not receiving the safety-rated at position signal.
  - 21. The method of claim 14, wherein placing the machine into the ready state further comprises disabling the machine.
  - 22. The method of claim 14, further comprising inhibiting the human interaction indication responsive to identifying a fault condition.
  - 23. The method of claim 14, further comprising isolating the machine from an energy source to place the machine in the safe state.
  - 24. The method of claim 14, wherein the machine includes a drive unit operable to provide drive signals for the machine, and placing the machine in the safe state further comprises inhibiting the drive unit from generating the drive signals.
  - 25. The method of claim 14, further comprising disabling a protection sensor operable to detect the presence of an operator in a protected region associated with the machine after placing the machine into the safe state.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Rockwell Automation Technologies Incorporated (Rockwell Automation, Inc.)
Original Assignee
Rockwell Automation Technologies Incorporated (Rockwell Automation, Inc.)
Inventors
Schuster, George K.
Primary Examiner(s)
Patel; Ramesh B
Assistant Examiner(s)
DUNN, DARRIN D

Application Number

US11/239,948
Publication Number

US 20070168077A1
Time in Patent Office

2,034 Days
Field of Search

700/2, 700/18, 700/21, 700/79, 700/81, 700 65- 66, 700/83, 340/500, 340/532, 340/539.22, 340/541
US Class Current

700/170
CPC Class Codes

G05B 19/4061   Avoiding collision or forbi...

G05B 2219/36473   Prohibit teaching if force,...

G05B 2219/49152   Feedhold, stop motion if ma...

Automation system with integrated safe and standard control functionality

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Automation system with integrated safe and standard control functionality

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links