Methods and systems for vital bus architecture
First Claim
Patent Images
1. A safety critical bus system for communicating data in a control system, said bus system comprising:
- a plurality of data communication buses configured in a multiple redundant orientation;
at least one safety supervisor module communicatively coupled to and associated with at least two of said plurality of data communication buses, said safety supervisor comprising a database including a plurality of logic rules, said logic rules programmed to;
receive data from the at least two of said plurality of data communication buses;
determine the validity of the received data from each bus using one or more of the plurality of the logic rules;
if the received data is determined to be invalid, restore the validity of the data using one or more of the plurality of the logic rules;
if the data can not be restored transmit an alert to the control system; and
transmit the validated data to an intended destination; and
whereinsaid safety supervisor module is configured to determine a type of device coupled to the associated bus, and further configured to select one or more logic rules programmed to detect faults in the device, instigate data replacement logic rules for the device while the fault exists, and alert the control system when the severity of the fault exceeds a predetermined threshold.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for a vital bus system for communicating data in a control system are provided. The system includes a plurality of data communication buses configured in a multiple redundant orientation and at least one safety supervisor module including a database including a plurality of logic rules. The logic rules are programmed to receive data from the plurality of data communication buses and to determine the validity of the received data from each bus using one or more of the plurality of the logic rules. If the received data is invalid, the logic rules are programmed to restore the validity of the data using one or more of the plurality of the logic rules. If the data can not be restored the logic rules are programmed to transmit an alert to the control system. Otherwise, the logic rules are programmed to transmit the validated data to an intended destination.
34 Citations
10 Claims
-
1. A safety critical bus system for communicating data in a control system, said bus system comprising:
-
a plurality of data communication buses configured in a multiple redundant orientation; at least one safety supervisor module communicatively coupled to and associated with at least two of said plurality of data communication buses, said safety supervisor comprising a database including a plurality of logic rules, said logic rules programmed to; receive data from the at least two of said plurality of data communication buses; determine the validity of the received data from each bus using one or more of the plurality of the logic rules; if the received data is determined to be invalid, restore the validity of the data using one or more of the plurality of the logic rules; if the data can not be restored transmit an alert to the control system; and transmit the validated data to an intended destination; and
whereinsaid safety supervisor module is configured to determine a type of device coupled to the associated bus, and further configured to select one or more logic rules programmed to detect faults in the device, instigate data replacement logic rules for the device while the fault exists, and alert the control system when the severity of the fault exceeds a predetermined threshold.
-
-
2. A safety critical bus system for communicating data in a control system, said bus system comprising:
-
a plurality of data communication buses configured in a multiple redundant orientation; at least one safety supervisor module communicatively coupled to and associated with at least two of said plurality of data communication buses, said safety supervisor comprising a database including a plurality of logic rules, said logic rules programmed to; receive data from the at least two of said plurality of data communication buses; determine the validity of the received data from each bus using one or more of the plurality of the logic rules; if the received data is determined to be invalid, restore the validity of the data using one or more of the plurality of the logic rules; if the data can not be restored transmit an alert to the control system; and transmit the validated data to an intended destination; and
whereinsaid safety supervisor module comprises a first safety supervisor module communicatively coupled to a first communication bus, and a second safety supervisor module that is separately coupled to a second communication bus, the first and second safety supervisor modules being communicatively coupled one to the other.
-
-
3. A vehicle including a control system comprising:
-
a plurality of low-integrity systems configured to detect operating conditions of the vehicle, the low-integrity systems configured to control operation of the vehicle, the low-integrity systems each comprising redundant vehicle control devices configured to control a function of the operation of the vehicle, each of the redundant vehicle control devices coupled to one of a plurality of separate communication buses; the redundant vehicle control devices coupled one to the other for communication therebetween via a cross talk bus, the cross talk communication for verifying the output signals between the redundant vehicle control devices; and a safety supervisor module communicatively coupled to and associated with at least one of a control device and an input device associated with each low-integrity system via a respective one of the communication buses, said safety supervisor module configured to monitor the state of each of the vehicle control devices using one or more logic rules, said safety supervisor module configured to remove control from a vehicle control device determined to be in an abnormal state; wherein independent supervision of the plurality of low-integrity systems by the safety supervisor module permits operation of the control system as a high-integrity system. - View Dependent Claims (4, 5, 6, 7, 8, 9, 10)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeWestinghouse Air Brake Technologies Corporation
-
Original AssigneeGeneral Electric Company
-
InventorsPlawecki, Daniel Walter
-
Primary Examiner(s)Black, Thomas G.
-
Assistant Examiner(s)Nolan, Peter D
-
Application NumberUS11/970,918Publication NumberTime in Patent Office1,701 DaysField of Search701/19, 701/20, 701/29, 701/31, 701/33, 701/34, 701/45, 340/3.1, 340/3.43, 340/438, 340/506, 340/507, 340/508, 700/79, 700/81US Class Current701/31.7CPC Class CodesG05B 19/0428 Safety, monitoring G05B19/0...G05B 2219/24008 Safety integrity level, saf...G05B 2219/2623 Combustion motorG05B 2219/2637 Vehicle, car, auto, wheelchairG05B 9/03 with multiple-channel loop,...
