AU2022250944A1 - Device, method, and system for train safety management - Google Patents
Device, method, and system for train safety management Download PDFInfo
- Publication number
- AU2022250944A1 AU2022250944A1 AU2022250944A AU2022250944A AU2022250944A1 AU 2022250944 A1 AU2022250944 A1 AU 2022250944A1 AU 2022250944 A AU2022250944 A AU 2022250944A AU 2022250944 A AU2022250944 A AU 2022250944A AU 2022250944 A1 AU2022250944 A1 AU 2022250944A1
- Authority
- AU
- Australia
- Prior art keywords
- train
- confirmation request
- unit
- confirmation
- signaling
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- B—PERFORMING OPERATIONS; TRANSPORTING
- B61—RAILWAYS
- B61L—GUIDING RAILWAY TRAFFIC; ENSURING THE SAFETY OF RAILWAY TRAFFIC
- B61L15/00—Indicators provided on the vehicle or vehicle train for signalling purposes ; On-board control or communication systems
- B61L15/0063—Multiple on-board control systems, e.g. "2 out of 3"-systems
-
- B—PERFORMING OPERATIONS; TRANSPORTING
- B61—RAILWAYS
- B61L—GUIDING RAILWAY TRAFFIC; ENSURING THE SAFETY OF RAILWAY TRAFFIC
- B61L15/00—Indicators provided on the vehicle or vehicle train for signalling purposes ; On-board control or communication systems
- B61L15/0072—On-board train data handling
Abstract
Aspects relate to providing a device, method, and system for train safety management that is capable of automatically handling confirmation requests without user intervention in order to reduce the workload of a train operator while maintaining train operation safety. A train safety management method including the steps of detecting a safety event that affects operation of a train including a first signaling system and a second signaling system, generating a confirmation request associated with a first train control operation for handling the safety event, transmitting the confirmation request to a confirmation request output unit, detecting transmission of the confirmation request to the confirmation request output unit, suppressing output of the confirmation request, generating a substitute confirmation response and transmitting the substitute confirmation response to the first signaling system to prevent performing of the first train control operation.
Description
The present disclosure generally relates to train safety management, and more particularly relates to managing confirmation responses in on-board signaling systems.
As complexity of train control systems increases, so too does the demand for safety functionality that can maintain railway safety in a wide variety of circumstances. Over the years, a number of train signaling systems have been developed to provide train operators with information regarding train status, and facilitate train control to maintain safety of the train, its passengers, and the surrounding area.
For instance, as one example of a system for providing train status information, JP2014-78163 (Patent Document 1) discloses “A train status confirmation system for confirming the status of a running train, including an on-board display/input terminal for accepting a selection of options for each of a plurality of predetermined confirmation items in each of a plurality of trains, a train safety confirmation response reception process 122 for acquiring information indicating selection result options for multiple trains, determining a damage level of each of the multiple trains based on the options, and storing it in a storage medium in association with an identifier for identifying the multiple trains, and a train safety confirmation screen display process for receiving a display request for a screen for checking a status of multiple trains, extracting an identifier associated with the damage level specified in the display request from the storage medium, and generating and outputting display information for displaying information indicating the train identified by the extracted identifier.”
Patent Document 1 discloses a technique for providing train status information regarding multiple trains to a train dispatcher. According to Patent Document 1, it is possible for a train dispatcher to view and confirm safety information for a large number of trains and their passengers in a short time period.
The technique disclosed in Patent Document 1, however, primarily relates to streamlining the task of confirming status information for a large number of trains and passengers, and does not teach or suggest a means for automatically handling confirmation requests without user intervention.
Accordingly, it is an object of the present disclosure to provide a device, method, and system for train safety management that is capable of automatically handling confirmation requests without user intervention in order to reduce the physical and cognitive workload of a train operator and eliminate the risk of human error in this operation while maintaining train operation safety.
One representative example of the present disclosure relates to a train safety management device installed onboard a train, the train safety management device including a first signaling unit for performing, in a first operation mode, a first train control operation with respect to the train; and a second signaling unit for performing, in a second operation mode, a second train control operation with respect to the train; wherein the first signaling unit includes a confirmation request generation unit configured to generate a confirmation request with respect to a first train control operation, a confirmation request output unit configured to output the confirmation request to an operator of the train, a transmission unit configured to transmit the confirmation request to the confirmation request output unit, and a first control unit configured to perform the first train control operation in a case that a confirmation response in response to the confirmation request is not received within a predetermined time period; and the second signaling unit includes a confirmation request detection unit configured to detect transmission of the confirmation request to the confirmation request output unit, a confirmation request suppression unit configured to suppress output of the confirmation request via the confirmation request output unit, and a substitute confirmation response unit configured to generate a substitute confirmation response and transmit the substitute confirmation response to the first control unit to prevent performing of the first train control operation.
According to the present disclosure it is possible to provide a device, method, and system for train safety management that is capable of automatically handling confirmation requests without user intervention in order to reduce the physical and cognitive workload of a train operator and eliminate the risk of human error in this operation while maintaining train operation safety.
Problems, configurations, and effects other than those described above will be made clear by the following description in the embodiments for carrying out the invention.
Hereinafter, embodiments of the present invention will be described with reference to the Figures. It should be noted that the embodiments described herein are not intended to limit the invention according to the claims, and it is to be understood that each of the elements and combinations thereof described with respect to the embodiments are not strictly necessary to implement the aspects of the present invention.
Various aspects are disclosed in the following description and related drawings. Alternate aspects may be devised without departing from the scope of the disclosure. Additionally, well-known elements of the disclosure will not be described in detail or will be omitted so as not to obscure the relevant details of the disclosure.
The words “exemplary” and/or “example” are used herein to mean “serving as an example, instance, or illustration.” Any aspect described herein as “exemplary” and/or “example” is not necessarily to be construed as preferred or advantageous over other aspects. Likewise, the term “aspects of the disclosure” does not require that all aspects of the disclosure include the discussed feature, advantage or mode of operation.
Further, many aspects are described in terms of sequences of actions to be performed by, for example, elements of a computing device. It will be recognized that various actions described herein can be performed by specific circuits (e.g., an application specific integrated circuit (ASIC)), by program instructions being executed by one or more processors, or by a combination of both. Additionally, the sequence of actions described herein can be considered to be embodied entirely within any form of computer readable storage medium having stored therein a corresponding set of computer instructions that upon execution would cause an associated processor to perform the functionality described herein. Thus, the various aspects of the disclosure may be embodied in a number of different forms, all of which have been contemplated to be within the scope of the claimed subject matter.
As described herein, over the years, a number of onboard signaling systems have been developed to provide train operators with information regarding train status, and facilitate train control to maintain safety of the train, its passengers, and the surrounding area. For example, there exist a variety of onboard signaling systems that are configured to output a confirmation request to a train operator to notify the train operator of a safety event (for example, the train is approaching a restricted area or the like), and automatically perform a train control operation (for example, applying the brakes) to maintain train operation safety in the case that the train operator fails to respond to the confirmation request.
One example of such a system is the Automatic Warning System (AWS). In AWS, confirmation requests pertaining to safety events are provided to the train operator in the form of audio-visual warnings (for example, a buzzer, a warning display on a screen, or the like), and the train operator performs a confirmation response (for example, a button press or other input) to acknowledge the safety event and indicate to the onboard signaling system that the safety event will be handled manually. In the case that no confirmation response is received from the train operator within a predetermined timeframe, then a failsafe is triggered, and the onboard signaling system automatically performs the train control operation.
Further, more recent types of onboard signaling systems allow for a greater degree of automated control over the operation of the train. One example of such a system includes Automatic Train Protection (ATP) systems. In ATP systems, the status of the train is continually monitored, and in the case that a safety event is detected, the ATP system automatically performs a train control operation, without outputting a confirmation request to the train operator or requiring a confirmation response.
In recent years, some train control systems integrate a plurality of types of onboard signaling systems. For example, some train control systems may include both AWS together with ATP systems. In such cases, measures must be taken to facilitate co-existence between the two systems, and prevent conflicting signals that could lead to malfunction or decreased train safety.
Turning now to the Figures, FIG. 1 illustrates an example configuration of a conventional onboard signaling system 50, according to embodiments of the present disclosure. As illustrated in FIG. 1, the conventional onboard signaling system 50 includes a legacy signaling system 10, such as AWS, together with an ATP system 20.
Generally, in order to facilitate coexistence between the legacy signaling system 10 and the ATP system 20, the train control system is configured to operate in either a first operation mode in which the legacy signaling system 10 manages train operation and the ATP system 20 is maintained in a standby mode, or a second operation mode in which the ATP system 20 manages train operation and the legacy signaling system 10 is maintained in a standby mode. In this way, malfunctions arising from conflicts between the legacy signaling system 10 and the ATP system 20 can be prevented. The control system may then switch between the first operation mode and the second operation mode as necessary.
However, in order to switch to the second operation mode in which the ATP system 20 is in full control of the operation of the train, it is necessary to physically disconnect the legacy signaling system 10 from the brakes 70 of the train and/or a power supply 60, in order to prevent the legacy signaling system 10 from performing a train control operation that may conflict with the ATP system 20. This disconnection of the legacy signaling system 10 is achieved by physically isolating the legacy signaling system 10, and shunting (that, is, decoupling) the brakes 70 from the legacy signaling system 10 whenever the train enters an area in which it is desirable for the train to operate in the second operation mode.
This conventional method of disconnecting the legacy signaling system 10, however, is associated with a number of challenges that negatively impact operation of the train. For instance, shunting the brakes 70 may give rise to additional risk factors that impact safe brake operations. In addition, this process of disconnecting the legacy signaling system 10 from the brakes 70 must be performed manually by the train operator, and requires that the train be brought to a complete stop, which consumes excess operation fleet time. Further, disconnecting the legacy signaling system 10 from the power supply 60 results in loss of legacy mode operation data accumulated while the train was operating in the first operation mode under control of the legacy signaling system 10 (for instance, data collected by the legacy signaling system 10 from trackside devices).
In view of the above-described issues, there is a need for a train safety management device that is capable of facilitating integration and coexistence of multiple onboard signaling systems without requiring disconnection or isolation of one or more of the onboard signaling systems. Accordingly, aspects of the present disclosure relate to a device, method, and system for train safety management that facilitates integration and coexistence of multiple onboard signaling systems and is capable of automatically handling confirmation requests without user intervention in order to reduce the workload of a train operator while maintaining train operation safety.
FIG. 2 depicts a high-level block diagram of a computer system 100 for implementing various embodiments of the present disclosure, according to embodiments. The mechanisms and apparatus of the various embodiments disclosed herein apply equally to any appropriate computing system. The major components of the computer system 100 include one or more processors 102, a memory 104, a terminal interface 112, a storage interface 113, an I/O (Input/Output) device interface 114, and a network interface 115, all of which are communicatively coupled, directly or indirectly, for inter-component communication via a memory bus 106, an I/O bus 108, bus interface unit 109, and an I/O bus interface unit 110.
The computer system 100 may contain one or more general-purpose programmable central processing units (CPUs) 102A and 102B, herein generically referred to as the processor 102. In embodiments, the computer system 100 may contain multiple processors; however, in certain embodiments, the computer system 100 may alternatively be a single CPU system. Each processor 102 executes instructions stored in the memory 104 and may include one or more levels of on-board cache.
In embodiments, the memory 104 may include a random-access semiconductor memory, storage device, or storage medium (either volatile or non-volatile) for storing or encoding data and programs. In certain embodiments, the memory 104 represents the entire virtual memory of the computer system 100, and may also include the virtual memory of other computer systems coupled to the computer system 100 or connected via a network. The memory 104 can be conceptually viewed as a single monolithic entity, but in other embodiments the memory 104 is a more complex arrangement, such as a hierarchy of caches and other memory devices. For example, memory may exist in multiple levels of caches, and these caches may be further divided by function, so that one cache holds instructions while another holds non-instruction data, which is used by the processor or processors. Memory may be further distributed and associated with different CPUs or sets of CPUs, as is known in any of various so-called non-uniform memory access (NUMA) computer architectures.
The memory 104 may store all or a portion of the various programs, modules and data structures for processing data transfers as discussed herein. For instance, the memory 104 can store a weighted knowledge transfer application 150. In embodiments, the weighted knowledge transfer application 150 may include instructions or statements that execute on the processor 102 or instructions or statements that are interpreted by instructions or statements that execute on the processor 102 to carry out the functions as further described below.
In certain embodiments, the weighted knowledge transfer application 150 is implemented in hardware via semiconductor devices, chips, logical gates, circuits, circuit cards, and/or other physical hardware devices in lieu of, or in addition to, a processor-based system. In embodiments, the weighted knowledge transfer application 150 may include data in addition to instructions or statements. In certain embodiments, a camera, sensor, or other data input device (not shown) may be provided in direct communication with the bus interface unit 109, the processor 102, or other hardware of the computer system 100. In such a configuration, the need for the processor 102 to access the memory 104 and the latent factor identification application may be reduced.
In certain embodiments, the weighted knowledge transfer application 150 is implemented in hardware via semiconductor devices, chips, logical gates, circuits, circuit cards, and/or other physical hardware devices in lieu of, or in addition to, a processor-based system. In embodiments, the weighted knowledge transfer application 150 may include data in addition to instructions or statements. In certain embodiments, a camera, sensor, or other data input device (not shown) may be provided in direct communication with the bus interface unit 109, the processor 102, or other hardware of the computer system 100. In such a configuration, the need for the processor 102 to access the memory 104 and the latent factor identification application may be reduced.
The computer system 100 may include a bus interface unit 109 to handle communications among the processor 102, the memory 104, a display system 124, and the I/O bus interface unit 110. The I/O bus interface unit 110 may be coupled with the I/O bus 108 for transferring data to and from the various I/O units. The I/O bus interface unit 110 communicates with multiple I/O interface units 112, 113, 114, and 115, which are also known as I/O processors (IOPs) or I/O adapters (IOAs), through the I/O bus 108. The display system 124 may include a display controller, a display memory, or both. The display controller may provide video, audio, or both types of data to a display device 126. Further, the computer system 100 may include one or more sensors or other devices configured to collect and provide data to the processor 102.
As examples, the computer system 100 may include biometric sensors (e.g., to collect heart rate data, stress level data), environmental sensors (e.g., to collect humidity data, temperature data, pressure data), motion sensors (e.g., to collect acceleration data, movement data), or the like. Other types of sensors are also possible. The display memory may be a dedicated memory for buffering video data. The display system 124 may be coupled with a display device 126, such as a standalone display screen, computer monitor, television, or a tablet or handheld device display.
In one embodiment, the display device 126 may include one or more speakers for rendering audio. Alternatively, one or more speakers for rendering audio may be coupled with an I/O interface unit. In alternate embodiments, one or more of the functions provided by the display system 124 may be on board an integrated circuit that also includes the processor 102. In addition, one or more of the functions provided by the bus interface unit 109 may be on board an integrated circuit that also includes the processor 102.
As examples, the computer system 100 may include biometric sensors (e.g., to collect heart rate data, stress level data), environmental sensors (e.g., to collect humidity data, temperature data, pressure data), motion sensors (e.g., to collect acceleration data, movement data), or the like. Other types of sensors are also possible. The display memory may be a dedicated memory for buffering video data. The display system 124 may be coupled with a display device 126, such as a standalone display screen, computer monitor, television, or a tablet or handheld device display.
In one embodiment, the display device 126 may include one or more speakers for rendering audio. Alternatively, one or more speakers for rendering audio may be coupled with an I/O interface unit. In alternate embodiments, one or more of the functions provided by the display system 124 may be on board an integrated circuit that also includes the processor 102. In addition, one or more of the functions provided by the bus interface unit 109 may be on board an integrated circuit that also includes the processor 102.
The I/O interface units support communication with a variety of storage and I/O devices. For example, the terminal interface unit 112 supports the attachment of one or more user I/O devices 116, which may include user output devices (such as a video display device, speaker, and/or television set) and user input devices (such as a keyboard, mouse, keypad, touchpad, trackball, buttons, light pen, or other pointing device). A user may manipulate the user input devices using a user interface in order to provide input data and commands to the user I/O device 116 and the computer system 100, and may receive output data via the user output devices. For example, a user interface may be presented via the user I/O device 116, such as displayed on a display device, played via a speaker, or printed via a printer.
The storage interface 113 supports the attachment of one or more disk drives or direct access storage devices 117 (which are typically rotating magnetic disk drive storage devices, although they could alternatively be other storage devices, including arrays of disk drives configured to appear as a single large storage device to a host computer, or solid-state drives, such as flash memory). In some embodiments, the storage device 117 may be implemented via any type of secondary storage device. The contents of the memory 104, or any portion thereof, may be stored to and retrieved from the storage device 117 as needed. The I/O device interface 114 provides an interface to any of various other I/O devices or devices of other types, such as printers or fax machines. The network interface 115 provides one or more communication paths from the computer system 100 to other digital devices and computer systems; these communication paths may include, for example, one or more networks 130.
Although the computer system 100 shown in FIG. 1 illustrates a particular bus structure providing a direct communication path among the processors 102, the memory 104, the bus interface 109, the display system 124, and the I/O bus interface unit 110, in alternative embodiments the computer system 100 may include different buses or communication paths, which may be arranged in any of various forms, such as point-to-point links in hierarchical, star or web configurations, multiple hierarchical buses, parallel and redundant paths, or any other appropriate type of configuration. Furthermore, while the I/O bus interface unit 110 and the I/O bus 108 are shown as single respective units, the computer system 100 may, in fact, contain multiple I/O bus interface units 110 and/or multiple I/O buses 108. While multiple I/O interface units are shown which separate the I/O bus 108 from various communications paths running to the various I/O devices, in other embodiments, some or all of the I/O devices are connected directly to one or more system I/O buses.
In various embodiments, the computer system 100 is a multi-user mainframe computer system, a single-user system, or a server computer or similar device that has little or no direct user interface, but receives requests from other computer systems (clients). In other embodiments, the computer system 100 may be implemented as a desktop computer, portable computer, laptop or notebook computer, tablet computer, pocket computer, telephone, smart phone, or any other suitable type of electronic device.
Next, an example configuration of a train safety management device according to embodiments of the present disclosure will be described with reference to FIG. 3.
FIG. 3 illustrates an example configuration of a train safety management device 300 according to embodiments of the present disclosure. The train safety management device 300 may include a device configured to facilitate integration and coexistence of multiple onboard signaling systems and is capable of automatically handling confirmation requests without user intervention in order to reduce the workload of a train operator while maintaining train operation safety. The train safety management device 300 may be implemented as a computer system (for example, the computer system 100 illustrated in FIG. 2) having a memory that stories a train safety management application configured to perform the various functions according to the embodiments of the present disclosure, as a dedicated integrated circuit, or the like.
As illustrated in FIG. 3, the train safety management device 300 may be installed in the control car of a train 350, and include a first signaling unit 310 and a second signaling unit 320.
In embodiments, the first signaling unit 310 may be a legacy signaling unit configured to output a confirmation request to a train operator of the train 350 to notify the train operator of a safety event (for example, the train is approaching a restricted area or the like), and automatically perform a train control operation (for example, applying the brakes) to maintain train operation safety in the case that the train operator fails to respond to the confirmation request. As an example the first signaling unit 310 may include an Automated Warning System (AWS).
The second signaling unit 320 may be a signaling unit configured to continually monitor the status of the train 350, and in the case that a safety event is detected, automatically perform a train control operation, without outputting a confirmation request to the train operator or requiring a confirmation response. As an example, the second signaling unit 320 may include an Automatic Train Protection (ATP) system.
In embodiments, the train 350 may be configured to operate in a first operation mode, in which the first signaling unit 310 is in control of the train 350 or a second operation mode, in which the second signaling unit 320 is in control of the train 350.
Herein, for convenience of description, embodiments will be described of a configuration in which the first signaling unit 310 is an AWS and the second signaling unit 320 is an ATP system, but the present disclosure is not limited to such a configuration, and the first signaling unit 310 and the second signaling unit 320 may be implemented using other types of signaling systems.
Herein, for convenience of description, embodiments will be described of a configuration in which the first signaling unit 310 is an AWS and the second signaling unit 320 is an ATP system, but the present disclosure is not limited to such a configuration, and the first signaling unit 310 and the second signaling unit 320 may be implemented using other types of signaling systems.
As illustrated in FIG. 3, the first signaling unit 310 includes a confirmation request generation unit 312, a transmission unit 314, a confirmation request output unit 316, and a first control unit 318.
The confirmation request generation unit 312 is a functional unit configured to generate a confirmation request with respect to a first train control operation. Here, the confirmation request may include a notification or warning regarding a safety event (for example, when entering a restricted area, when an obstacle has been detected, or the like) that prompts a train operator of the train 350 for a confirmation response. The first train control operation may be an action for modifying the operation of the train in order to mitigate or handle the safety event (for example, applying the brakes).
The transmission unit 314 is a functional unit configured to transmit the confirmation request from the confirmation request generation unit 312 to the confirmation request output unit 316 for output. The transmission unit 314 may, for example, transmit the confirmation request in the form of a digital or electrical signal to the confirmation request output unit 316.
The confirmation request output unit 316 is a functional unit configured to output the confirmation request to an operator of the train 350. In embodiments, the confirmation request output unit 316 may include a buzzer, warning light, speaker, or display screen configured to output the confirmation request in an audio or visual form.
The first control unit 318 is a functional unit configured to perform the first train control operation in the case that a confirmation response responding to the confirmation request output by the confirmation request output unit 316 is not received within a predetermined time period (for example, 3 seconds, 10 seconds, 30 seconds, 1 minute or the like). Here, the confirmation response may include an indication from the train operator that the train operator will manually perform a train operation to mitigate or handle the safety event. For example, the confirmation response may include a button press performed by the train operator.
The confirmation request generation unit 312 is a functional unit configured to generate a confirmation request with respect to a first train control operation. Here, the confirmation request may include a notification or warning regarding a safety event (for example, when entering a restricted area, when an obstacle has been detected, or the like) that prompts a train operator of the train 350 for a confirmation response. The first train control operation may be an action for modifying the operation of the train in order to mitigate or handle the safety event (for example, applying the brakes).
The transmission unit 314 is a functional unit configured to transmit the confirmation request from the confirmation request generation unit 312 to the confirmation request output unit 316 for output. The transmission unit 314 may, for example, transmit the confirmation request in the form of a digital or electrical signal to the confirmation request output unit 316.
The confirmation request output unit 316 is a functional unit configured to output the confirmation request to an operator of the train 350. In embodiments, the confirmation request output unit 316 may include a buzzer, warning light, speaker, or display screen configured to output the confirmation request in an audio or visual form.
The first control unit 318 is a functional unit configured to perform the first train control operation in the case that a confirmation response responding to the confirmation request output by the confirmation request output unit 316 is not received within a predetermined time period (for example, 3 seconds, 10 seconds, 30 seconds, 1 minute or the like). Here, the confirmation response may include an indication from the train operator that the train operator will manually perform a train operation to mitigate or handle the safety event. For example, the confirmation response may include a button press performed by the train operator.
As illustrated in FIG. 3, the second signaling unit 320 includes a confirmation request detection unit 322, a confirmation request suppression unit 324, a substitute confirmation response unit 326, and a second control unit 328.
The confirmation request detection unit 322 is a functional unit configured to detect transmission of the confirmation request to the confirmation request output unit 316. More particularly, the confirmation request detection unit 322 may detect transmission of the confirmation request signal from the confirmation request generation unit 312 to the confirmation request output unit 316.
The confirmation request suppression unit 324 is a functional unit configured to suppress output of the confirmation request via the confirmation request output unit 316. Here, suppressing output of the confirmation request refers to intercepting transmission of the confirmation request signal prior to it reaching the confirmation request output unit 316, and preventing the confirmation request from being output by the confirmation request output unit 316. In embodiments, in the case that the confirmation request output unit 316 is implemented as a buzzer, the confirmation request suppression unit 324 may be implemented as disconnect switch connected in series with an input of the buzzer.
The substitute confirmation response unit 326 is a functional unit configured to generate a substitute confirmation response and transmit the substitute confirmation response to the first control unit 318 to prevent performing of the first train control operation. Here, the substitute confirmation response refers to an acknowledgement of the confirmation request that is automatically generated by the substitute confirmation response unit 326 instead of the train operator of the train 350. When the substitute confirmation response is transmitted to the first control unit 318, the first control unit 318 treats the substitute confirmation response in the same way it would a confirmation response from the train operator, and aborts execution of the first train control operation as a failsafe. In this way, the substitute confirmation response unit 326 acts as a proxy for the train operator, automatically generating and transmitting a substitute confirmation response in place of the confirmation response of the train operator. In embodiments, in the case that the confirmation response is to be performed using a button press, the substitute confirmation response unit 326 may be implemented as a button press simulation switch connected to the first control unit.
The second control unit 328 is a functional unit configured to perform a second control operation with respect to the train 350. In embodiments, the second control operation may include an action for modifying the operation of the train in order to mitigate or handle the safety event (for example, applying the brakes). The second control operation may be performed while the train is in the second operation mode.
The confirmation request detection unit 322 is a functional unit configured to detect transmission of the confirmation request to the confirmation request output unit 316. More particularly, the confirmation request detection unit 322 may detect transmission of the confirmation request signal from the confirmation request generation unit 312 to the confirmation request output unit 316.
The confirmation request suppression unit 324 is a functional unit configured to suppress output of the confirmation request via the confirmation request output unit 316. Here, suppressing output of the confirmation request refers to intercepting transmission of the confirmation request signal prior to it reaching the confirmation request output unit 316, and preventing the confirmation request from being output by the confirmation request output unit 316. In embodiments, in the case that the confirmation request output unit 316 is implemented as a buzzer, the confirmation request suppression unit 324 may be implemented as disconnect switch connected in series with an input of the buzzer.
The substitute confirmation response unit 326 is a functional unit configured to generate a substitute confirmation response and transmit the substitute confirmation response to the first control unit 318 to prevent performing of the first train control operation. Here, the substitute confirmation response refers to an acknowledgement of the confirmation request that is automatically generated by the substitute confirmation response unit 326 instead of the train operator of the train 350. When the substitute confirmation response is transmitted to the first control unit 318, the first control unit 318 treats the substitute confirmation response in the same way it would a confirmation response from the train operator, and aborts execution of the first train control operation as a failsafe. In this way, the substitute confirmation response unit 326 acts as a proxy for the train operator, automatically generating and transmitting a substitute confirmation response in place of the confirmation response of the train operator. In embodiments, in the case that the confirmation response is to be performed using a button press, the substitute confirmation response unit 326 may be implemented as a button press simulation switch connected to the first control unit.
The second control unit 328 is a functional unit configured to perform a second control operation with respect to the train 350. In embodiments, the second control operation may include an action for modifying the operation of the train in order to mitigate or handle the safety event (for example, applying the brakes). The second control operation may be performed while the train is in the second operation mode.
Accordingly, by suppressing output of confirmation requests from the first signaling unit 310 to the train operator and transmitting a substitute confirmation response to the first signaling unit 310 to prevent operation of the first train control operation, it becomes possible to operate the train 350 in the second operation mode in which the second signaling unit 320 is in full control of the operation of the train without requiring disconnection of the first signaling unit 310. In this way, issues associated with physical isolation of the first signaling unit, such as safety issues related to shunting the brakes, bringing the train to a stop, consuming excess operation fleet time, and loss of legacy mode operation data can be circumvented.
Next, a train safety management method according to the embodiments of the present disclosure will be described with reference to FIG. 4.
FIG. 4 is a flowchart illustrating the train safety management method 400 according to the embodiments of the present disclosure. The train safety management method 400 is a method for automatically handling confirmation requests without user intervention in order to reduce the workload of a train operator while maintaining train operation safety, and is performed using the various functional units of the first signaling unit 310 and the second signaling unit 320.
First, at Step S410, the first signaling unit 310 detects a safety event with respect to the train. As described herein, the safety event may be any event that impacts safe operation of the train. As examples, the safety event may include a restricted area in which the train needs to switch between the first operation mode in which train operation is controlled by the first signaling unit 310 and a second operation mode in which train operation is controlled by the second signaling unit 310, an obstacle on or nearby the tracks, a weather event (rain, hail, snow, high winds), or the like. In embodiments, the safety event may be detected based on information received from trackside devices passed by the train, a message from a train controller/dispatcher, sensor data collected by sensors attached to the train, or the like.
Next, at Step S420, the first signaling unit 310 generates a confirmation request. As described herein, the confirmation request may include a notification or warning regarding the safety event detected at Step S410 that prompts the train operator for a confirmation response.
Next, at Step S430, the confirmation request is transmitted to the confirmation request output unit of the first signaling unit 310 for output. As described herein, the confirmation request output unit may include a buzzer, warning light, speaker, or display screen configured to output the confirmation request in an audio or visual form.
Next, at Step S440, the first signaling unit 310 monitors for a confirmation response with respect to the confirmation request output in Step S430. As described herein, the confirmation response may include an acknowledgement of the confirmation request, and an indication that the train operator will manually perform a train operation to handle the safety event detected in Step S410. As an example, the confirmation response may include a button press performed by the train operator.
Next, at Step S450, the second signaling unit 320 detects transmission of the confirmation request that was transmitted at Step S430. For example, the second signaling unit 320 may detect transmission of the confirmation request signal from the confirmation request generation unit to the confirmation request output unit.
Next, at Step S460, the second signaling unit 320 suppresses output of the confirmation request via the confirmation request output unit. Here, suppressing output of the confirmation request may include intercepting transmission of the confirmation request signal prior to it reaching the confirmation request output unit, and preventing the confirmation request from being output by the confirmation request output unit. In other embodiments, suppressing output of the confirmation request may include using a disconnect switch that is connected in series with the confirmation request output unit. For example, in the case that the confirmation request output unit is a buzzer, the second signaling unit 320 may use a buzzer disconnect switch that is connected in series to the buzzer input signal.
Next, at Step S470, the second signaling unit 320 generates a substitute confirmation response and transmits the substitute confirmation response to the first signaling unit 310 (more particularly, to the first control unit of the first signaling unit 310) to prevent performing of the first train control operation. Here, the substitute confirmation response refers to an acknowledgement of the confirmation request that is automatically generated by the second signaling unit instead of the train operator of the train. When the substitute confirmation response is transmitted to the first signaling unit 310, the first signaling unit 310 treats the substitute confirmation response in the same way it would a confirmation response from the train operator, and aborts execution of the first train control operation as a failsafe. In this way, the first signaling unit 310 acts as a proxy for the train operator, automatically generating and transmitting a substitute confirmation response in place of the confirmation response of the train operator.
Next, at Step S480, the second signaling unit 320 performs a second control operation. In embodiments, the second control operation may include an action for modifying the operation of the train in order to mitigate or handle the safety event (for example, applying the brakes). The second control operation may be performed while the train is in the second operation mode.
Accordingly, by performing the train safety management method 400 to suppress output of confirmation requests from the first signaling unit 310 to the train operator and transmitting a substitute confirmation response to the first signaling unit 310 to prevent performing of the first train control operation, it becomes possible to operate the train in the second operation mode in which the second signaling unit 320 is in full control of the operation of the train without requiring isolation of the first signaling unit 310 (e.g., physical disconnection of the first signaling unit 310 from the brakes). In this way, issues associated with physical isolation of the first signaling unit, such as safety issues related to shunting the brakes, bringing the train to a stop, consuming excess operation fleet time, and loss of legacy mode operation data can be circumvented.
Next, an example of the logical configuration of the train safety management device 300 according to the embodiments of the present disclosure will be described with reference to FIG. 5.
FIG. 5 is a simplified block diagram illustrating the logical configuration of the train safety management device 300 according to the embodiments of the present disclosure. It should be noted that FIG. 5 illustrates a simplified configuration of the train safety management device 300, and that a portion of the functional units of the train safety management device 300 are omitted in FIG. 5 for convenience of explanation.
As described herein, the train safety management device 300 makes it possible to automatically handle confirmation requests from a first signaling unit 310 (e.g., a legacy signaling unit such as AWS) using a second signaling unit 320 (e.g., an ATP system), thereby eliminating the need to disconnect (e.g., physically isolate) the first signaling device 310 and allowing the second signaling unit 320 to remain in control of the operation of the train.
As described herein, the train safety management device 300 makes it possible to automatically handle confirmation requests from a first signaling unit 310 (e.g., a legacy signaling unit such as AWS) using a second signaling unit 320 (e.g., an ATP system), thereby eliminating the need to disconnect (e.g., physically isolate) the first signaling device 310 and allowing the second signaling unit 320 to remain in control of the operation of the train.
First, as illustrated in FIG. 5, in response to detection of a safety event (for example, entering a restricted area in which the second signaling device 320 is not supported by existing trackside infrastructure), the confirmation request generation unit 312 of the first signaling device 310 generates a confirmation request to be output to an operator of the train. This confirmation request is transmitted to the confirmation request output unit 316 for output to the train operator.
Next, in response to detecting the confirmation request, the second signaling device 320 suppresses output of the confirmation request. For example, here, the second signaling device 320 may transmit a suppression signal to the confirmation request output unit 316. As another example, output of the confirmation request may be suppressed by using a disconnect switch connected in series with the confirmation request output unit 316.
Next, once the output of the confirmation request has been suppressed, the substitute confirmation response unit 326 generates, using the confirmation request from the first signaling device 310 as a trigger, a substitute confirmation response, and transmits the substitute confirmation response to the first control unit 318. Upon receiving the substitute confirmation request, the first control unit 318 aborts execution of the first train control operation. As described herein, the logic governing the second signaling device 320 may be implemented as a computer program, or a dedicated integrated circuit including a number of relays suitably arranged to perform the function of the substitute confirmation response unit 326. In embodiments, the substitute confirmation response unit 326 may be implemented as a button press simulation switch connected to the first control unit 318. The substitute confirmation response unit 326 may send a signal to activate the button press simulation switch to simulate acknowledgment of the confirmation request.
Further, in embodiments, the substitute confirmation response unit 326 may extend the duration of the substitute confirmation response signal to the first control unit 318 (that is, hold the signal). This extension refers to the additional time the substitute confirmation response signal is kept active with respect to the time an acknowledgment button is actually pressed by the train operator in the first operation mode. This extension creates extra time for the functional units of the second signaling device 320 to communicate among each other, store data, and perform other processes. As an example, in a case that an acknowledgement button is pressed by the train operator for 30 milliseconds, the substitute confirmation response unit 326 may extend the substitute confirmation response signal to 300 milliseconds to allow for recording operations and other processes to be performed. However, the present invention is not limited to this configuration, and the length of the extension may be determined and set in consideration of other constraints of the train safety management device 300.
In this way, the second signaling device 320 can automatically acknowledge confirmation requests transmitted by the first signaling device 310 while suppressing output of these confirmation requests to the train operator, and eliminating the need to disconnect the first signaling device 310 from the brakes 520 or the power supply 510 while the train is operating in the second operation mode (that is, when the second signaling device 320 is in control of the operation of the train). Accordingly, the train can be continuously operated in the second operation mode while the first signaling device 310 remains active to collect operation data. As the need to switch between the first operation mode and the second operation mode can thus be eliminated, issues associated with physical isolation of the first signaling unit 310, such as safety issues related to shunting the brakes 520, consuming excess operation fleet time, bringing the train to a halt to facilitate mode switching, and loss of legacy mode operation data can be circumvented.
The present invention may be a system, a method, and/or a computer program product. The computer program product may include a computer readable storage medium (or media) having computer readable program instructions thereon for causing a processor to carry out aspects of the present invention.
The computer readable storage medium can be a tangible device that can retain and store instructions for use by an instruction execution device. The computer readable storage medium may be, for example, but is not limited to, an electronic storage device, a magnetic storage device, an optical storage device, an electromagnetic storage device, a semiconductor storage device, or any suitable combination of the foregoing. A non-exhaustive list of more specific examples of the computer readable storage medium includes the following: a portable computer diskette, a hard disk, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or Flash memory), a static random access memory (SRAM), a portable compact disc read-only memory (CD-ROM), a digital versatile disk (DVD), a memory stick, a floppy disk, a mechanically encoded device such as punch-cards or raised structures in a groove having instructions recorded thereon, and any suitable combination of the foregoing.
A computer readable storage medium, as used herein, is not to be construed as being transitory signals per se, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through a waveguide or other transmission media (e.g., light pulses passing through a fiber-optic cable), or electrical signals transmitted through a wire.
A computer readable storage medium, as used herein, is not to be construed as being transitory signals per se, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through a waveguide or other transmission media (e.g., light pulses passing through a fiber-optic cable), or electrical signals transmitted through a wire.
Aspects of the present invention are described herein with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer readable program instructions.
These computer readable program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks. These computer readable program instructions may also be stored in a computer readable storage medium that can direct a computer, a programmable data processing apparatus, and/or other devices to function in a particular manner, such that the computer readable storage medium having instructions stored therein comprises an article of manufacture including instructions which implement aspects of the function/act specified in the flowchart and/or block diagram block or blocks.
The computer readable program instructions may also be loaded onto a computer, other programmable data processing apparatus, or other device to cause a series of operational steps to be performed on the computer, other programmable apparatus or other device to produce a computer implemented process, such that the instructions which execute on the computer, other programmable apparatus, or other device implement the functions/acts specified in the flowchart and/or block diagram block or blocks.
Embodiments according to this disclosure may be provided to end-users through a cloud-computing infrastructure. Cloud computing generally refers to the provision of scalable computing resources as a service over a network. More formally, cloud computing may be defined as a computing capability that provides an abstraction between the computing resource and its underlying technical architecture (e.g., servers, storage, networks), enabling convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction. Thus, cloud computing allows a user to access virtual computing resources (e.g., storage, data, applications, and even complete virtualized computing systems) in “the cloud,” without regard for the underlying physical systems (or locations of those systems) used to provide the computing resources.
The flowchart and block diagrams in the Figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods, and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of instructions, which comprises one or more executable instructions for implementing the specified logical function(s). In some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems that perform the specified functions or acts or carry out combinations of special purpose hardware and computer instructions.
While the foregoing is directed to exemplary embodiments, other and further embodiments of the invention may be devised without departing from the basic scope thereof, and the scope thereof is determined by the claims that follow. The descriptions of the various embodiments of the present disclosure have been presented for purposes of illustration, but are not intended to be exhaustive or limited to the embodiments disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the described embodiments. The terminology used herein was chosen to explain the principles of the embodiments, the practical application or technical improvement over technologies found in the marketplace, or to enable others of ordinary skill in the art to understand the embodiments disclosed herein.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the various embodiments. As used herein, the singular forms “a,” “an,” and “the” are intended to include the plural forms as well, unless the context clearly indicates otherwise. “Set of,” “group of,” “bunch of,” etc. are intended to include one or more. It will be further understood that the terms “includes” and/or “including,” when used in this specification, specify the presence of the stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. In the previous detailed description of exemplary embodiments of the various embodiments, reference was made to the accompanying drawings (where like numbers represent like elements), which form a part hereof, and in which is shown by way of illustration specific exemplary embodiments in which the various embodiments may be practiced. These embodiments were described in sufficient detail to enable those skilled in the art to practice the embodiments, but other embodiments may be used and logical, mechanical, electrical, and other changes may be made without departing from the scope of the various embodiments. In the previous description, numerous specific details were set forth to provide a thorough understanding the various embodiments. But, the various embodiments may be practiced without these specific details. In other instances, well-known circuits, structures, and techniques have not been shown in detail in order not to obscure embodiments.
100…Computer system, 102…Processor, 104…Memory, 106…Memory bus, 108…I/O bus, 109…Bus interface, 110… I/O bus interface, 112…Terminal interface, 113…Storage interface, 114…I/O device interface, 115…Network interface, 116…User I/O device, 117…Storage device, 124…Display system, 126…Display, 130…Network, 300…Train safety management device, 310…First signaling unit, 312…Confirmation request generation unit, 314…Transmission unit, 316…Confirmation request output unit, 318…First control unit, 320…Second signaling unit, 322…Confirmation request detection unit, 324…Confirmation request suppression unit, 326…Substitute confirmation response unit, 328…Second control unit, 350…Train
Claims (9)
- A train safety management device installed onboard a train, the train safety management device comprising:
a first signaling unit for performing, in a first operation mode, a first train control operation with respect to the train; and
a second signaling unit for performing, in a second operation mode, a second train control operation with respect to the train;
wherein the first signaling unit includes:
a confirmation request generation unit configured to generate a confirmation request with respect to a first train control operation,
a confirmation request output unit configured to output the confirmation request to an operator of the train,
a transmission unit configured to transmit the confirmation request to the confirmation request output unit, and
a first control unit configured to perform the first train control operation in a case that a confirmation response in response to the confirmation request is not received within a predetermined time period; and
the second signaling unit includes:
a confirmation request detection unit configured to detect transmission of the confirmation request to the confirmation request output unit,
a confirmation request suppression unit configured to suppress output of the confirmation request via the confirmation request output unit, and
a substitute confirmation response unit configured to generate a substitute confirmation response and transmit the substitute confirmation response to the first control unit to prevent performing of the first train control operation.
- The train safety management device according to claim 1, wherein the second signaling unit further includes:
a second control unit configured to perform a second train control operation in the second operation mode without disconnecting the first signaling unit from brakes of the train.
- The train safety management device according to claim 1 or 2, wherein the substitute confirmation response unit generates the substitute confirmation response and transmits the substitute confirmation response to the first control unit to prevent performing of the first train control operation when the train is in the second operation mode.
- The train safety management device according to any one of claim 1 to 3, wherein:
the confirmation request output unit is a buzzer; and
the confirmation request suppression unit is a disconnect switch connected in series with an input of the buzzer.
- The train safety management device according to any one of claim 1 to 4, wherein:
the confirmation response is performed using a button press; and
the substitute confirmation response unit is a button press simulation switch connected to the first control unit.
- The train safety management device according to any one of claim 1 to 5, wherein the substitute confirmation response unit sets an extension for extending a duration of signal transmission of the substitute confirmation response to the first control unit.
- The train safety management device according to any one of claim 1 to 6, wherein:
the first signaling unit is an Automatic Warning System; and
the second signaling unit is Automatic Train Protection system.
- A train safety management method comprising:
detecting a safety event that affects operation of a train including a first signaling system and a second signaling system;
generating, in the first signaling system, a confirmation request associated with a first train control operation for handling the safety event;
transmitting, in the first signaling system, the confirmation request to a confirmation request output unit for output to an operator of the train;
detecting, in the second signaling system, transmission of the confirmation request to the confirmation request output;
suppressing, in the first signaling system by the second signaling system, output of the confirmation request via the confirmation request output unit;
generating, in the second signaling system, a substitute confirmation response; and
transmitting the substitute confirmation response to the first signaling system to prevent performing of the first train control operation.
- A computer program product for train safety management, the computer program product comprising a computer readable storage medium having program instructions embodied therewith, wherein the computer readable storage medium is not a transitory signal per se, the program instructions executable by a processor to cause the processor to perform a method comprising:
detecting a safety event that affects operation of a train including a first signaling system and a second signaling system;
generating, in the first signaling system, a confirmation request associated with a first train control operation for handling the safety event;
transmitting, in the first signaling system, the confirmation request to a confirmation request output unit for output to an operator of the train;
detecting, in the second signaling system, transmission of the confirmation request to the confirmation request output;
suppressing, in the first signaling system by the second signaling system, output of the confirmation request via the confirmation request output unit;
generating, in the second signaling system, a substitute confirmation response; and
transmitting the substitute confirmation response to the first signaling system to prevent performing of the first train control operation.
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| JP2021060148 | 2021-03-31 | ||
| JP2021-060148 | 2021-03-31 | ||
| PCT/JP2022/007506 WO2022209451A1 (en) | 2021-03-31 | 2022-02-24 | Device, method, and system for train safety management |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| AU2022250944A1 true AU2022250944A1 (en) | 2023-07-13 |
Family
ID=83455986
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| AU2022250944A Pending AU2022250944A1 (en) | 2021-03-31 | 2022-02-24 | Device, method, and system for train safety management |
Country Status (3)
| Country | Link |
|---|---|
| EP (1) | EP4313721A1 (en) |
| AU (1) | AU2022250944A1 (en) |
| WO (1) | WO2022209451A1 (en) |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP4706315B2 (en) * | 2005-04-18 | 2011-06-22 | 株式会社ニコン | Vehicle driving support system |
| JP5868608B2 (en) * | 2011-03-31 | 2016-02-24 | 東日本旅客鉄道株式会社 | Railway alarm generation system |
-
2022
- 2022-02-24 WO PCT/JP2022/007506 patent/WO2022209451A1/en active Application Filing
- 2022-02-24 AU AU2022250944A patent/AU2022250944A1/en active Pending
- 2022-02-24 EP EP22779676.0A patent/EP4313721A1/en active Pending
Also Published As
| Publication number | Publication date |
|---|---|
| EP4313721A1 (en) | 2024-02-07 |
| WO2022209451A1 (en) | 2022-10-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11829896B2 (en) | Uncertainty-based data filtering in a vehicle | |
| US9110867B2 (en) | Providing application based monitoring and recovery for a hypervisor of an HA cluster | |
| US9342407B2 (en) | Storage control apparatus and computer-readable recording medium recorded with control program | |
| JP6461784B2 (en) | Airborne system | |
| WO2008116712B1 (en) | In-band problem log data collection between a host and a storage system | |
| US20210334151A1 (en) | Dynamic communications paths for sensors in an autonomous vehicle | |
| US11775400B2 (en) | Redundant processing fabric for autonomous vehicles | |
| US11520617B2 (en) | Modifying access privileges to secure resources in an autonomous vehicle | |
| US11893412B2 (en) | Device initialization by an access-restricted virtual machine | |
| US10252736B2 (en) | Method and system for controlling grade of automation of train operation | |
| CN101782863A (en) | Method and system for load balancing to operation | |
| WO2022209451A1 (en) | Device, method, and system for train safety management | |
| CN110717999A (en) | Communication method, communication device, electronic device and storage medium | |
| US10243803B2 (en) | Service interface topology management | |
| US10923082B2 (en) | Maintaining visibility of virtual function in bus-alive, core-off state of graphics processing unit | |
| WO2021111639A1 (en) | Controller | |
| US20160034548A1 (en) | System and Method for Obtaining Automated Scaling of a Virtual Desktop Environment | |
| JP6897145B2 (en) | Information processing device, information processing system and information processing device control method | |
| CN114374712A (en) | Driving management method, electronic device and storage medium | |
| CN105460026A (en) | Safety isolation and protection system of locomotive | |
| US9778625B2 (en) | Facility control system and facility control method | |
| Amendola et al. | A real-time vital control module to increase capabilities of railway control systems in highly automated train operations | |
| US20130253665A1 (en) | Facility Control System and Facility Control Method | |
| CN109286792B (en) | Monitoring video storage method and device | |
| US9836364B2 (en) | In-band recovery mechanism for I/O modules in a data storage system |