Method and apparatus for converting multichannel messages into a single-channel safe message

US 7,945,818 B2
Filed: 01/18/2007
Issued: 05/17/2011
Est. Priority Date: 01/19/2006
Status: Active Grant

First Claim

Patent Images

1. A method for the coupling of a safety-critical process from a safe environment, which has at least a first redundant processing channel and a second redundant processing channel, to an environment that is unsafe or to an environment that is safe but has fewer processing channels, said method comprising:

processing a data record that is relevant to the safety-critical process, using the first and second processing channels in accordance with identical laws, wherein the first processing channel forms a first redundant safe protocol and the second processing channel forms a second redundant safe protocol; and

forming an additional identical common safe protocol based on the first redundant safe protocol and the second redundant safe protocol, by accessing a common buffer register, in which case a write authorization is allocated only once for each register location in the common buffer register;

wherein, when writing elements of the additional identical common safe protocol using corresponding elements of the first redundant safe protocol of the first processing channel, in which the first processing channel has the write authorization,i) access to the common buffer register for the purpose of storing the elements of the additional identical common safe protocol is kept locked, andii) the second processing channel is used to check whether the elements of the additional identical common safe protocol are identical to corresponding elements of the second redundant safe protocol, andwherein access to the common buffer register for the purpose of storing the elements of the additional identical common safe protocol is enabled only when i) the elements of the additional identical common safe protocol to be stored and ii) corresponding elements of the second redundant safe protocol are identical to one another.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and an apparatus are disclosed for the coupling of a safety-critical process from a safe environment to an environment that is not safe or to an environment that is safe but has fewer processing channels. To this end, provision is made of a method which processes a data record that is relevant to the safety-critical process to form a respective safe protocol using at least two redundant processing channels in accordance with identical laws, and forms a common safe protocol taking into account at least two redundant safe coupling protocols. When writing at least elements of the common safety-based protocol using a processing channel with write authorization, another processing channel is used to check whether these elements are identical to one another. Access to a common buffer register for the purpose of storing these elements is enabled only when they are identical to one another.

19 Citations

View as Search Results

28 Claims

1. A method for the coupling of a safety-critical process from a safe environment, which has at least a first redundant processing channel and a second redundant processing channel, to an environment that is unsafe or to an environment that is safe but has fewer processing channels, said method comprising:
- processing a data record that is relevant to the safety-critical process, using the first and second processing channels in accordance with identical laws, wherein the first processing channel forms a first redundant safe protocol and the second processing channel forms a second redundant safe protocol; and
  
  forming an additional identical common safe protocol based on the first redundant safe protocol and the second redundant safe protocol, by accessing a common buffer register, in which case a write authorization is allocated only once for each register location in the common buffer register;
  
  wherein, when writing elements of the additional identical common safe protocol using corresponding elements of the first redundant safe protocol of the first processing channel, in which the first processing channel has the write authorization,i) access to the common buffer register for the purpose of storing the elements of the additional identical common safe protocol is kept locked, andii) the second processing channel is used to check whether the elements of the additional identical common safe protocol are identical to corresponding elements of the second redundant safe protocol, andwherein access to the common buffer register for the purpose of storing the elements of the additional identical common safe protocol is enabled only when i) the elements of the additional identical common safe protocol to be stored and ii) corresponding elements of the second redundant safe protocol are identical to one another.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method as claimed in claim 1, wherein, furthermore, the respective write authorizations and verification duties are determined by prescribing at least one of specific master functionalities and specific slave functionalities for the first and second processing channels.
  - 3. The method as claimed in claim 2, wherein, furthermore, the at least one of specific master functionalities and specific slave functionalities for the first and second processing channels are changed in accordance with particular cycles.
  - 4. The method as claimed in claim 1, wherein, furthermore, the same address bus, which is connected to the buffer register, and the same data bus, which is connected to the buffer register, are accessed using each of the first and second processing channels.
  - 5. The method as claimed in claim 4, wherein, furthermore, during the write operation, the respective protocol elements that are to be written into at least one register location are transferred to the data bus using the first processing channel, which has the corresponding write authorization, and are read from said data bus using the second processing channel for the purpose of verification.
  - 6. The method as claimed in claim 5, wherein, furthermore, after verification has been carried out, the second processing channel, which carries out verification, is used to output an enable signal for enabling the write signal for the register.
  - 7. The method as claimed in claim 5, wherein, furthermore, after the protocol elements have been transferred to the data bus, the first processing channel is used to output an enable signal.
  - 8. The method as claimed in claim 4, wherein, furthermore, a respective register location for writing in protocol elements using one of the first and second processing channels is prescribed by transferring the corresponding address to the address bus.
  - 9. The method as claimed in claim 8, wherein, furthermore, an address for determining a register location is transferred using one of (i) the same processing channel and (ii) different processing channels, and protocol elements for this register location are written using one of (i) the same processing channel and (ii) different processing channels.
  - 10. The method as claimed in claim 1, wherein, furthermore, a watchdog component that is connected between the first and second processing channels and the buffer register is used to monitor the function of the first and second processing channels.
  - 11. The method as claimed in claim 10, wherein, furthermore, an enable signal is required from the watchdog component in order to enable access to the common buffer register for the purpose of storing elements to be written in.
  - 12. The method as claimed in claim 11, wherein, furthermore, one of (i) a standard Random-Access Memory (RAM), (ii) a standard dual-port memory (DPM), and (iii) a memory/protocol chip that is hostile to read-back is used as the buffer register.
  - 13. The method as claimed in claim 1, wherein, furthermore, the common safe protocol is transferred from the buffer register to an application-specific coupling device on one channel.
  - 14. The method as claimed in claim 1, which is used for the single-channel bus coupling of the safety-critical process.

15. An apparatus for the coupling of a safety-critical process from a safe environment, which has at least two redundant processing channels, to an environment that is unsafe or to an environment that is safe but has fewer processing channels, said apparatus comprising:
- a first redundant computer for processing an input data record to form a first redundant safe protocol;
  
  a second redundant computer for processing the input data record to form a second redundant safe protocol, wherein the first and second redundant computers process the input data record using identical laws; and
  
  a circuit arrangement for connecting each of the first and second redundant computers to a common buffer register in such a manner that for forming an additional identical common safe protocol, write access is given to only a respective computer of the first and second redundant computers for each register location in the buffer register, andwhen writing elements of the first redundant safe protocol for the purpose of forming elements of the additional identical common safe protocol, the access to the common buffer register for the purpose of storing the elements to be written in is kept locked until the elements to be written in have been verified by a computer other than the respective computer, andthe access to the common buffer register for the purpose of storing the elements to be written in is enabled only when i) the elements to be written in and ii) corresponding elements of the second redundant safe protocol are identical to one another.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 16. The apparatus as claimed in claim 15, wherein, furthermore, the first and second redundant computers are allocated respective write authorizations or verification duties by means of at least one of specific master functionalities and specific slave functionalities that can also be changed.
  - 17. The apparatus as claimed in claim 15, wherein, furthermore, the circuit arrangement comprises a common address bus and a common data bus.
  - 18. The apparatus as claimed in claim 15, wherein, furthermore, the first and second redundant computers are connected to one another using a communication interface.
  - 19. The apparatus as claimed in claim 15, wherein, furthermore, the circuit arrangement requires an enable signal from the computer that is carrying out verification in order to enable a write signal for accessing the register.
  - 20. The apparatus as claimed in claim 19, wherein, furthermore, the circuit arrangement requires an enable signal from the computer that is writing in order to enable a write signal for accessing the register.
  - 21. The apparatus as claimed in claim 15, wherein, furthermore, the circuit arrangement comprises a watchdog component, which is connected to the first and second redundant computers and to the buffer register, for the purpose of monitoring the function of the first and second redundant computers.
  - 22. The apparatus as claimed in claim 21, wherein, furthermore, access to the common buffer register for the purpose of storing elements to be written in is enabled only in response to an enable signal from the watchdog component.
  - 23. The apparatus as claimed in claim 15, wherein, furthermore, the first and second redundant computers each comprise one of the following:
    - (i) an integrated protocol chip;
      
      (ii) a connection, on the output side, to a protocol chip; and
      
      (iii) software that provides the function of the protocol chip.
  - 24. The apparatus as claimed in claim 15, wherein, furthermore, the apparatus is one of:
    - (i) a bus subscriber unit, wherein the first and second redundant computers are connected, on the input side, at least to input channels for connecting process data input units, and (ii) a bus control unit.
  - 25. The apparatus as claimed in claim 15, wherein the circuit arrangement is based on one of:
    - (i) simple logic and (ii) a Field Programmable Gate Array (FPGA).
  - 26. The apparatus as claimed in claim 25, wherein, furthermore, the buffer register is one of (i) a standard Random-Access Memory (RAM), (ii) a standard dual-port memory (DPM), and (iii) a memory that is hostile to read-back.
  - 27. The apparatus as claimed in claim 15, wherein, furthermore, the buffer register has an interface for one of:
    - (i) the direct single-channel bus coupling and (ii) the single-channel connection to an application-specific bus coupling device.
  - 28. The apparatus as claimed in claim 15, which has been adapted for the single-channel bus coupling of the safety-critical process.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Phoenix Contact GmbH & Company KG
Original Assignee
Phoenix Contact GmbH & Company KG
Inventors
Schmidt, Joachim, Oster, Viktor, Landwehr, Heinz-Carsten
Primary Examiner(s)
Beausoliel; Robert
Assistant Examiner(s)
Mehrmanesh; Elmira

Application Number

US11/624,500
Publication Number

US 20070180286A1
Time in Patent Office

1,580 Days
Field of Search

714/4, 714/12, 714 47- 49, 700/21, 700/79, 711/154
US Class Current

714/48
CPC Class Codes

H04L 12/4625 Single bridge functionality...

Method and apparatus for converting multichannel messages into a single-channel safe message

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

19 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for converting multichannel messages into a single-channel safe message

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

19 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links