METHODS AND SYSTEMS FOR VITAL BUS ARCHITECTURE

US 20090177356A1
Filed: 01/08/2008
Published: 07/09/2009
Est. Priority Date: 01/08/2008
Status: Active Grant

First Claim

Patent Images

1. A high integrity safety critical bus system for communicating data in a control system, said bus system comprising:

a plurality of data communication buses configured in a multiple redundant orientation;

at least one safety supervisor module communicatively coupled to and associated with at least two of said plurality of data communication buses, said safety supervisor comprising a database including a plurality of logic rules, said logic rules programmed to;

receive data from the at least two of said plurality of data communication buses;

determine the validity of the received data from each bus using one or more of the plurality of the logic rules;

if the received data is determined to be invalid, restore the validity of the data using one or more of the plurality of the logic rules;

if the data can not be restored transmit an alert to the control system; and

transmit the validated data to an intended destination.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for a vital bus system for communicating data in a control system are provided. The system includes a plurality of data communication buses configured in a multiple redundant orientation and at least one safety supervisor module including a database including a plurality of logic rules. The logic rules are programmed to receive data from the plurality of data communication buses and to determine the validity of the received data from each bus using one or more of the plurality of the logic rules. If the received data is invalid, the logic rules are programmed to restore the validity of the data using one or more of the plurality of the logic rules. If the data can not be restored the logic rules are programmed to transmit an alert to the control system. Otherwise, the logic rules are programmed to transmit the validated data to an intended destination.

44 Citations

View as Search Results

20 Claims

1. A high integrity safety critical bus system for communicating data in a control system, said bus system comprising:
- a plurality of data communication buses configured in a multiple redundant orientation;
  
  at least one safety supervisor module communicatively coupled to and associated with at least two of said plurality of data communication buses, said safety supervisor comprising a database including a plurality of logic rules, said logic rules programmed to;
  
  receive data from the at least two of said plurality of data communication buses;
  
  determine the validity of the received data from each bus using one or more of the plurality of the logic rules;
  
  if the received data is determined to be invalid, restore the validity of the data using one or more of the plurality of the logic rules;
  
  if the data can not be restored transmit an alert to the control system; and
  
  transmit the validated data to an intended destination.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. A system in accordance with claim 1 wherein said plurality of data communication buses are each configured to receive and transmit control signals and acquired data signals.
  - 3. A system in accordance with claim 1 wherein said logic rules are further programmed to determine the validity of the received data using at least one of historical data corresponding to the received data, data corresponding to the received data derived from other received data, and predetermined threshold values corresponding to the received data.
  - 4. A system in accordance with claim 1 wherein said logic rules are further programmed to restore the validity of the data using corresponding data received from another of the plurality of data communication buses.
  - 5. A system in accordance with claim 1 wherein said vital bus system includes a plurality of safety supervisor modules and wherein said logic rules are further programmed to exchange information between selected ones of said safety supervisor modules of said plurality of safety supervisor modules and compares the information in each safety supervisor module with the information in other selected ones of said safety supervisor modules.
  - 6. A system in accordance with claim 1 wherein said plurality of data communication buses is configured in a dual redundant orientation having at least one safety supervisor module communicatively coupled to each communication bus.
  - 7. A system in accordance with claim 1 wherein said safety supervisor module is configured to determine a type of device coupled to the associated bus, said safety supervisor module is further configured to select one or more logic rules programmed to detect faults in the device, instigate data replacement logic rules for the device while the fault exists, and alert the control system when the severity of the fault exceeds a predetermined threshold.
  - 8. A system in accordance with claim 1 wherein a first safety supervisor module is communicatively coupled to a first communication bus and to a second safety supervisor module that is separately coupled to a second communication bus.

9. A method of implementing safety critical control of a vehicle, said method comprising:
- determining an operational state of a plurality of redundant vehicle control devices using at least one of a plurality of logic rules, the vehicle control devices configured to control a function of the vehicle;
  
  blocking the operation of ones of the plurality of redundant vehicle control devices that are determined to be in an abnormal state; and
  
  transmitting control signals to a selected one of the plurality of redundant vehicle control devices.
- View Dependent Claims (10, 11, 12)
- - 10. A method in accordance with claim 9 further comprising:
    - communicating state information for each vehicle control device to other ones of the redundant vehicle control devices;
      
      determining the state of each control device by the plurality of control devices using a voting rule; and
      
      selecting one of the plurality of redundant vehicle control devices by the vehicle control devices determined to be in a normal state using a voting rule, the selected one receiving control signals for operation of the redundant control function.
  - 11. A method in accordance with claim 9 further comprising communicating between each redundant vehicle control device and a respective redundant communication bus using a bus controller, the bus controller configured to communicate with other bus controllers associated with other redundant vehicle control devices.
  - 12. A method in accordance with claim 11 further comprising communicating between bus controllers associated with other redundant vehicle control devices to check data being transmitted through each bus controller and each other associated bus controller.

13. A vehicle including a control system comprising:
- a plurality of low-integrity systems configured to detect operating conditions of the vehicle, at least some of said plurality of low-integrity systems configured to control operation of the vehicle; and
  
  a safety supervisor module communicatively coupled to and associated with at least one of a control device and an input device associated with each low-integrity system, said safety supervisor module configured to monitor the state of each device using one or more logic rules, said safety supervisor module configured to remove control from a device determined to be in an abnormal state wherein supervision of the plurality of low-integrity systems by the safety supervisor module permits operation of the control system as a high-integrity system.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. A system in accordance with claim 13 wherein the plurality of low-integrity systems are at least one of commercial of the shelf and rated less than safety integrity level (SIL) 4.
  - 15. A system in accordance with claim 13 wherein the control system is rated safety integrity level (SIL) 4.
  - 16. A system in accordance with claim 13 wherein said control system is configured to control movement of the vehicle.
  - 17. A system in accordance with claim 13 further comprising a vital bus system for communicating data in the control system, said bus system comprising a plurality of data communication buses configured in a multiple redundant orientation having at least one of a control device and an input device communicatively coupled to each of said plurality of data communication buses through a respective channel controller.
  - 18. A system in accordance with claim 13 further comprising a fail-safe interrupt configured to block control signals from an abnormally functioning control device.
  - 19. A system in accordance with claim 13 wherein said safety supervisor module is configured to determine the state of an associated control device, said safety supervisor module is configured to block control signals from the control device based on the determined state of the control device.
  - 20. A system in accordance with claim 13 wherein said safety supervisor module is configured to determine the validity of the received data from each bus using one or more of the plurality of the logic rules.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Westinghouse Air Brake Technologies Corporation
Original Assignee
General Electric Company
Inventors
Plawecki, Daniel Walter

Granted Patent

US 8,260,487 B2
Time in Patent Office

Days
Field of Search
US Class Current

701/45
CPC Class Codes

G05B 19/0428   Safety, monitoring G05B19/0...

G05B 2219/24008   Safety integrity level, saf...

G05B 2219/2623   Combustion motor

G05B 2219/2637   Vehicle, car, auto, wheelchair

G05B 9/03   with multiple-channel loop,...

METHODS AND SYSTEMS FOR VITAL BUS ARCHITECTURE

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

44 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

METHODS AND SYSTEMS FOR VITAL BUS ARCHITECTURE

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

44 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links