Method and apparatus for converting multichannel messages into a single-channel safe message
First Claim
1. A method for the coupling of a safety-critical process from a safe environment, which has at least a first redundant processing channel and a second redundant processing channel, to an environment that is unsafe or to an environment that is safe but has fewer processing channels, said method comprising:
- processing a data record that is relevant to the safety-critical process, using the first and second processing channels in accordance with identical laws, wherein the first processing channel forms a first redundant safe protocol and the second processing channel forms a second redundant safe protocol; and
forming an additional identical common safe protocol based on the first redundant safe protocol and the second redundant safe protocol, by accessing a common buffer register, in which case a write authorization is allocated only once for each register location in the common buffer register;
wherein, when writing elements of the additional identical common safe protocol using corresponding elements of the first redundant safe protocol of the first processing channel, in which the first processing channel has the write authorization,i) access to the common buffer register for the purpose of storing the elements of the additional identical common safe protocol is kept locked, andii) the second processing channel is used to check whether the elements of the additional identical common safe protocol are identical to corresponding elements of the second redundant safe protocol, andwherein access to the common buffer register for the purpose of storing the elements of the additional identical common safe protocol is enabled only when i) the elements of the additional identical common safe protocol to be stored and ii) corresponding elements of the second redundant safe protocol are identical to one another.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and an apparatus are disclosed for the coupling of a safety-critical process from a safe environment to an environment that is not safe or to an environment that is safe but has fewer processing channels. To this end, provision is made of a method which processes a data record that is relevant to the safety-critical process to form a respective safe protocol using at least two redundant processing channels in accordance with identical laws, and forms a common safe protocol taking into account at least two redundant safe coupling protocols. When writing at least elements of the common safety-based protocol using a processing channel with write authorization, another processing channel is used to check whether these elements are identical to one another. Access to a common buffer register for the purpose of storing these elements is enabled only when they are identical to one another.
19 Citations
28 Claims
-
1. A method for the coupling of a safety-critical process from a safe environment, which has at least a first redundant processing channel and a second redundant processing channel, to an environment that is unsafe or to an environment that is safe but has fewer processing channels, said method comprising:
-
processing a data record that is relevant to the safety-critical process, using the first and second processing channels in accordance with identical laws, wherein the first processing channel forms a first redundant safe protocol and the second processing channel forms a second redundant safe protocol; and forming an additional identical common safe protocol based on the first redundant safe protocol and the second redundant safe protocol, by accessing a common buffer register, in which case a write authorization is allocated only once for each register location in the common buffer register; wherein, when writing elements of the additional identical common safe protocol using corresponding elements of the first redundant safe protocol of the first processing channel, in which the first processing channel has the write authorization, i) access to the common buffer register for the purpose of storing the elements of the additional identical common safe protocol is kept locked, and ii) the second processing channel is used to check whether the elements of the additional identical common safe protocol are identical to corresponding elements of the second redundant safe protocol, and wherein access to the common buffer register for the purpose of storing the elements of the additional identical common safe protocol is enabled only when i) the elements of the additional identical common safe protocol to be stored and ii) corresponding elements of the second redundant safe protocol are identical to one another. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. An apparatus for the coupling of a safety-critical process from a safe environment, which has at least two redundant processing channels, to an environment that is unsafe or to an environment that is safe but has fewer processing channels, said apparatus comprising:
-
a first redundant computer for processing an input data record to form a first redundant safe protocol; a second redundant computer for processing the input data record to form a second redundant safe protocol, wherein the first and second redundant computers process the input data record using identical laws; and a circuit arrangement for connecting each of the first and second redundant computers to a common buffer register in such a manner that for forming an additional identical common safe protocol, write access is given to only a respective computer of the first and second redundant computers for each register location in the buffer register, and when writing elements of the first redundant safe protocol for the purpose of forming elements of the additional identical common safe protocol, the access to the common buffer register for the purpose of storing the elements to be written in is kept locked until the elements to be written in have been verified by a computer other than the respective computer, and the access to the common buffer register for the purpose of storing the elements to be written in is enabled only when i) the elements to be written in and ii) corresponding elements of the second redundant safe protocol are identical to one another. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
Specification