Control of safety critical operations

US 9,383,740 B2
Filed: 02/14/2011
Issued: 07/05/2016
Est. Priority Date: 02/13/2010
Status: Active Grant

First Claim

Patent Images

1. A control apparatus for triggering a safety-critical operation, the control apparatus comprising:

a receiver for receiving control command signals from a remote operator; and

a safety management system having a first part and at least one second part, said first part being responsive to a receivedcontrol command signal to trigger operation of said at least one second part and thereby to trigger the safety-critical operation, wherein said first part transmits a plurality of keywords to said at least one second part in response to a received control command signal, andwherein said at least one second part comprisesa plurality of key-safe switches, selectively responsive to the plurality of predetermined keywords, where each of said plurality of key-safe switches being configured to be activated upon receipt of a different respective one or more of the plurality of keywords, wherein the safety-critical operation is triggered in the event that at least a majority of said key-safe switches are activated.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system wherein control of a safety-critical system operation is effected by sending a plurality of keywords via a low integrity communication path.

8 Citations

16 Claims

1. A control apparatus for triggering a safety-critical operation, the control apparatus comprising:
- a receiver for receiving control command signals from a remote operator; and
  
  a safety management system having a first part and at least one second part, said first part being responsive to a receivedcontrol command signal to trigger operation of said at least one second part and thereby to trigger the safety-critical operation, wherein said first part transmits a plurality of keywords to said at least one second part in response to a received control command signal, andwherein said at least one second part comprisesa plurality of key-safe switches, selectively responsive to the plurality of predetermined keywords, where each of said plurality of key-safe switches being configured to be activated upon receipt of a different respective one or more of the plurality of keywords, wherein the safety-critical operation is triggered in the event that at least a majority of said key-safe switches are activated.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The control apparatus of claim 1, wherein said first part and said at least one second part of the safety management system are implemented according to a relatively high level of integrity, and wherein the control apparatus further comprises a communications path, implemented according to a relatively low level of integrity, to convey the plurality of keywords from said first part to said at least one second part.
  - 3. The control apparatus according to claim 2, wherein the communications path comprises a serial data bus.
  - 4. The control apparatus according to claim 2, wherein the communications path is arranged to convey a combined data and power signal to each of said plurality of key-safe switches.
  - 5. The control apparatus according to claim 1, wherein said plurality of key-safe switches are arranged in series with respect to a power supply or other executive signal for triggering the safety-critical operation.
  - 6. The control apparatus according to claim 1, wherein said plurality of key-safe switches operate in a predetermined sequence.
  - 7. The control apparatus according to claim 6, further comprising at least one logic gate configured such that a keyword is supplied to one of said plurality of key-safe switches via a logic gate to which an output from another of said plurality of key-safe switches is supplied, which causes said plurality of key-safe switches to operate in the predetermined sequence.
  - 8. The control apparatus according to claim 1, wherein each of said plurality of key-safe switches is individually addressable.
  - 9. The control apparatus according to claim 8, wherein the control command signals comprise an address for each of said plurality of key-safe switches and an associated one or more of said plurality of keywords and wherein said first part of said safety management system is configured to transmit each of said plurality of keywords to respectively addressed key-safe switches of said plurality of key-safe switches according to the control command signals.
  - 10. The control apparatus according to claim 1, wherein said first part of said safety management system comprises a high integrity storage for storing said plurality of keywords and wherein said first part is configured to release said plurality of keywords from the storage for communication to said at least one second part upon receipt of a control command signal.
  - 11. The control apparatus according to claim 10, wherein said plurality of keywords are stored in the high integrity storage in encrypted form and wherein the control command signal comprises a decryption key, and wherein said first part further comprises a processor for applying a predetermined decryption algorithm to said encrypted keywords using the decryption key, and wherein the results of said application of the decryption algorithm are communicated to said at least one second part.
  - 12. The control apparatus according to claim 1, wherein the control command signals comprise said plurality of keywords and wherein said first part of said safety management system is configured to extract said plurality of keywords from the control command signals for communication to said at least one second part.
  - 13. The control apparatus according to claim 12, wherein said first part of said safety management system is configured to transmit said plurality of keywords to said at least one second part of said safety management system in a sequence determined by the order in which they are received in the control command signals.
  - 14. The control apparatus according to claim 1, wherein said receiver is configured to receive the control command signals from the remote operator over a communications path of relatively low integrity.
  - 15. The control apparatus according to claim 1, wherein the control apparatus is configured for embodiment in an access control, power switching, or other form of safety-critical signalling or switching system.
  - 16. An unmanned mobile or stationary platform or other form of autonomous or remotely controllable mobile or stationary platform carrying or associated with one or more weapon systems or other forms of countermeasure, the platform incorporating the control apparatus according to claim 1 configured to control the firing, launch or deployment of said one or more weapon systems or countermeasures.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
BAE Systems Plc
Original Assignee
BAE Systems Plc
Inventors
Bennett, Simon Grant, Belcher, Nicholas Andrew, Parker, David, Challis, Kevin, Watkins, David Christopher, Watkins, Gary Robert
Primary Examiner(s)
Patel, Shardul

Application Number

US13/578,747
Publication Number

US 20120303145A1
Time in Patent Office

1,968 Days
Field of Search

701/1, 701/2, 700/90
US Class Current

1/1
CPC Class Codes

G05B 19/0425 Safety, monitoring

Control of safety critical operations

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

8 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Control of safety critical operations

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

8 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links