CN101046678A - Safety cut-off method and device for output in three-mould redundancy safety computer - Google Patents

Safety cut-off method and device for output in three-mould redundancy safety computer Download PDF

Info

Publication number
CN101046678A
CN101046678A CN 200710064305 CN200710064305A CN101046678A CN 101046678 A CN101046678 A CN 101046678A CN 200710064305 CN200710064305 CN 200710064305 CN 200710064305 A CN200710064305 A CN 200710064305A CN 101046678 A CN101046678 A CN 101046678A
Authority
CN
China
Prior art keywords
safety
output
circuit
triode
signal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN 200710064305
Other languages
Chinese (zh)
Other versions
CN100570519C (en
Inventor
马连川
李开成
袁磊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Traffic Control Technology TCT Co Ltd
Original Assignee
Beijing Jiaotong University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Jiaotong University filed Critical Beijing Jiaotong University
Priority to CNB2007100643059A priority Critical patent/CN100570519C/en
Publication of CN101046678A publication Critical patent/CN101046678A/en
Application granted granted Critical
Publication of CN100570519C publication Critical patent/CN100570519C/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Safety Devices In Control Systems (AREA)

Abstract

本发明公开了一种三模冗余安全计算机中输出的安全关断方法,本发明主要利用三模冗余安全计算机输出的安全关断条件信号进行判断,通过对多组安全关断条件信号进行表决,判断是否需要进行安全关断。通过动态信号到电平信号的转换电路,生成关断信号,直接控制模块输出安全关断电路的供电电源,来实现安全关断输出。该三模冗余安全计算机输出的安全关断方法,本身也是安全的。

Figure 200710064305

The invention discloses a safety shutdown method output by a triple-mode redundant safety computer. The invention mainly uses the safety shutdown condition signal output by the triple-mode redundancy safety computer to judge, and performs multiple groups of safety shutdown condition signals Vote to determine whether a safe shutdown is required. A shutdown signal is generated through a conversion circuit from a dynamic signal to a level signal, and directly controls the module to output the power supply of the safety shutdown circuit to realize a safety shutdown output. The safety shutdown method output by the triple-mode redundant safety computer is also safe.

Figure 200710064305

Description

三模冗余安全计算机中输出的安全关断方法及装置Safety shutdown method and device for output in triple-mode redundant safety computer

技术领域technical field

本发明涉及三模冗余安全计算机中输出的安全关断方法,为安全计算机安全输出的控制系统、特别是列车运行控制、核电站控制等领域,也涉及磁悬浮列车的运行控制。The invention relates to a safety shut-off method for the output of a triple-mode redundant safety computer, and is a control system for the safety output of the safety computer, especially in the fields of train operation control, nuclear power plant control, and the like, and also relates to the operation control of a maglev train.

背景技术Background technique

三模冗余系统(Triple Modular Redundancy(TMR),也称三取二)是目前安全计算机系统中最常用的一种容错技术。三模冗余是指:三个功能相同的模块同时执行相同的操作,用三个模块的输出做大数表决,把多数相同的输出作为该三模冗余系统的正确输出。该系统基于“少数服从多数”的纠错原理,通常也被称为三取二系统。Triple Modular Redundancy (TMR), also known as two out of three, is currently the most commonly used fault-tolerant technology in secure computer systems. Triple-mode redundancy means that three modules with the same function perform the same operation at the same time, use the outputs of the three modules to make a large number of votes, and use most of the same outputs as the correct output of the triple-mode redundancy system. The system is based on the "minority obeys the majority" error correction principle, and is often referred to as a two-out-of-three system.

图a为三模冗余(TMR)系统原理框图。图中的M1、M2、M3是三个功能相同的工作模块,V是一个输出表决器。Figure a is a block diagram of the triple-mode redundancy (TMR) system. M1, M2, and M3 in the figure are three working modules with the same function, and V is an output voter.

正常情况下,三个模块输出的结果应完全相同,V将最终输出这个结果,作为TMR系统的正确输出。异常情况下,如果某一模块出错,其输出将不同于其它两个模块的输出,依据“少数服从多数”原则,V仍将输出正确结果。因此,可以写出输出表决器的逻辑表达式:F=M1M2+M2M3+M1M3,根据该表达式不难设计出该表决器的一种逻辑电路,如图b所示。Under normal circumstances, the results output by the three modules should be exactly the same, and V will finally output this result as the correct output of the TMR system. Under abnormal circumstances, if a module makes an error, its output will be different from the output of the other two modules. According to the principle of "the minority obeys the majority", V will still output the correct result. Therefore, the logic expression of the output voter can be written: F=M 1 M 2 +M 2 M 3 +M 1 M 3 , it is not difficult to design a logic circuit of the voter according to this expression, as shown in Figure b shown.

从上述逻辑图可看出,在三模冗余系统中,当同时有两个模块出错,并产生相同的错误状态,表决器V的输出就会出现错误输出。一般情况下,三模冗余系统中的每个单独模块的可靠性都很高,因此,三个模块中有两个模块同时出现瞬时错误的概率会非常小。但是,必须考虑错误累积的情况:即一个模块出现错误,如果系统不做任何处理,过一段时间另一个模块也出现错误,这时表决器V得到的表决输出将会是错误的输出,或系统不能正常工作。这说明,如果三模表决系统中,一个模块出现故障后,其输出如果还保持原来的值或其它值,不管其正确与否,都可能导致系统输出不安全。在安全等级较高的系统中,系统故障下的错误输出可能会导致危险的操作,造成严重的人员伤亡或财产损失。因此在安全系统的设计中,应尽可能保证系统在故障情况下导向安全输出。It can be seen from the above logic diagram that in a three-mode redundant system, when two modules fail at the same time and produce the same error state, the output of the voter V will have an error output. In general, the reliability of each individual module in a triple-mode redundant system is very high, so the probability that two of the three modules experience transient errors at the same time is very small. However, the situation of error accumulation must be considered: that is, if an error occurs in one module, if the system does not do any processing, another module will also have an error after a period of time, and the voting output obtained by the voter V will be the wrong output, or the system Can not work normally. This shows that if a module fails in the three-mode voting system, if its output maintains the original value or other values, no matter whether it is correct or not, the system output may be unsafe. In systems with higher safety levels, erroneous output under system failure may lead to dangerous operations, resulting in serious personal injury or property damage. Therefore, in the design of the safety system, it should be ensured that the system leads to a safe output in the event of a failure as much as possible.

鉴于以上情况,本发明提出了一种三模冗余安全计算机输出的安全关断方法,使安全计算机系统在故障情况下其输出导向安全侧。In view of the above situation, the present invention proposes a method for safely shutting down the output of a triple-redundant safety computer, so that the output of the safety computer system is directed to the safety side in the event of a failure.

发明内容Contents of the invention

本发明的目的是针对安全计算机安全输出问题,提出一种三模冗余安全计算机中输出的安全关断方法及装置,保证三模冗余系统的表决输出即使在模块出现错误的情况下也不会导向危险侧。该方法强制将模块出错时的输出设置为事先指定的安全值,同时该强制电路本身也是安全的,即出现故障时不会使系统的输出导向危险侧。The purpose of the present invention is to solve the problem of safe output of the safety computer, and propose a method and device for safely shutting down the output of the triple-mode redundant safety computer, so as to ensure that the voting output of the triple-mode redundant system does not fail even in the event of a module error. will lead to the dangerous side. This method forces the output of the module to be set to a pre-specified safe value when an error occurs. At the same time, the forced circuit itself is also safe, that is, the output of the system will not be directed to the dangerous side when a fault occurs.

为实现上述目的,本发明通过下述技术方案实现的。In order to achieve the above object, the present invention is achieved through the following technical solutions.

一种三模冗余安全计算机中输出的安全关断方法,包括以下步骤;A safety shutdown method output in a triple-mode redundant safety computer, comprising the following steps;

选择安全计算机输出安全侧步骤;Select the safety computer output safety side step;

设定安全关断条件步骤;Steps for setting safety shutdown conditions;

安全关断条件信号进行判断步骤;The step of judging the safety shutdown condition signal;

控制模块输出安全关断电路步骤。The control module outputs a safety shutdown circuit step.

确定系统故障时输出应处于的状态。对于控制系统,输出的安全侧可设定为能量释放后的状态。该状态关系到输出安全关断电路的关断逻辑。Determines the state the output should be in if the system fails. For control systems, the safe side of the output can be set to the state after the energy is released. This state is related to the shutdown logic of the output safety shutdown circuit.

利用三模冗余安全计算机输出的安全关断条件信号进行判断,按照相应原则决定是否关断输出,并通过直接控制模块输出安全关断电路的供电电源来实现安全关断输出。Use the safety shutdown condition signal output by the three-mode redundant safety computer to judge, decide whether to shut down the output according to the corresponding principle, and realize the safety shutdown output by directly controlling the power supply of the safety shutdown circuit output by the module.

三模冗余安全计算机的每个模块输出3组安全关断的条件信号,判断是否安全关断采用“自身认为出错则必须关断,或者其它两模块认为出错则必须关断”的原则。Each module of the triple-mode redundant safety computer outputs 3 sets of conditional signals for safe shutdown, and the judgment of whether it is safe to shutdown adopts the principle of "it must be shut down if it thinks it is wrong, or it must be shut down if the other two modules think it is wrong".

三模冗余安全计算机通过直接控制模块输出安全关断电路的供电电源,来实现安全关断输出,并采用串并结构或并串结构,提高关断电路的安全性和可靠性。The three-mode redundant safety computer realizes the safety shutdown output by directly controlling the power supply of the module output safety shutdown circuit, and adopts a series-parallel structure or a parallel structure to improve the safety and reliability of the shutdown circuit.

三模冗余安全计算机输出的动态信号到电平信号的转换,通过数字逻辑的计数器电路实现。The conversion of the dynamic signal output by the triple-mode redundant safety computer to the level signal is realized by a digital logic counter circuit.

三模冗余安全计算机中输出的安全关断方法及装置的安全输出电路采用图6~9所示的方法。The safety shutdown method for the output in the triple-mode redundant safety computer and the safety output circuit of the device adopt the methods shown in Figs. 6-9.

本发明的有益效果;应用本发明,可在安全计算机出现故障的情况下,使安全计算机的输出导向安全侧,从而提高安全计算机的可靠性和安全性,避免安全计算机故障可能带来的生命和财产的损失。同时,本发明也有较广的应用范围,可推广到其它多模冗余安全计算机中,提高输出的安全性。Beneficial effects of the present invention: the application of the present invention can lead the output of the safety computer to the safety side when the safety computer breaks down, thereby improving the reliability and safety of the safety computer and avoiding the life and death that may be caused by the failure of the safety computer loss of property. At the same time, the invention also has a wide application range, and can be extended to other multi-mode redundant safety computers to improve the safety of output.

附图说明Description of drawings

图1为三模冗余安全计算机的安全关断方法的原理图;Fig. 1 is the schematic diagram of the safety shutdown method of triple-mode redundant safety computer;

图1a为三模冗余(TMR)系统原理框图;Figure 1a is a functional block diagram of a triple-mode redundant (TMR) system;

图1b三取二表决逻辑图;Figure 1b is a logical diagram of two out of three voting;

图2为安全关断电路供电电源控制原理图;Figure 2 is a schematic diagram of the power supply control of the safety shutdown circuit;

图3为多个输出安全关断条件电平信号的合成方法;Fig. 3 is the synthesizing method of multiple output safety shutdown condition level signals;

图4为数字的动态信号到电平信号的转换电路;Fig. 4 is the conversion circuit of digital dynamic signal to level signal;

图5为模拟的动态信号到电平信号的转换电路;Fig. 5 is the conversion circuit of analog dynamic signal to level signal;

图6为安全输出逻辑电路一;Fig. 6 is safety output logic circuit one;

图7为安全输出逻辑电路二;Fig. 7 is safety output logic circuit two;

图8为安全输出逻辑电路三;Fig. 8 is safety output logic circuit three;

图9为安全输出逻辑电路四。Figure 9 is the safety output logic circuit four.

具体实施方式Detailed ways

下面结合附图和具体实施方式对本发明作进一步的说明。The present invention will be further described below in conjunction with the accompanying drawings and specific embodiments.

实施例1;Embodiment 1;

(1)选择输出的安全侧(1) Select the safety side of the output

首先要确定系统故障时输出应处于的状态。对于控制系统,输出的安全侧可设定为能量释放后的状态。在三模冗余系统中,选定接地(逻辑“0”)为输出安全侧。这个选择非常重要,它关系到输出安全关断电路的关断逻辑。也就是说,后述的输出安全关断电路是建立在逻辑“0”为输出安全侧这一前提条件之上。The first step is to determine the state the output should be in when the system fails. For control systems, the safe side of the output can be set to the state after the energy is released. In a triple-mode redundant system, ground (logic "0") is selected as the output safety side. This selection is very important as it relates to the shutdown logic of the output safety shutdown circuit. That is to say, the output safety shutdown circuit described later is based on the precondition that logic "0" is the output safety side.

(2)输出安全关断的条件(2) Conditions for output safety shutdown

在三模冗余安全计算机中,为三个模块均设置3组输出安全关断的条件信号,其中1组表示该模块对自身工作状态的判断,另2组分别表示本模块对其它两组模块工作状态的判断。这样,共得到9组输出安全关断条件信号,即:模块M1输出3组输出安全关断条件信号GDAA、GDAN、GDAC;模块M2输出3组输出安全关断条件信号GDBB、GDBA、GDBC;模块M3输出3组输出安全关断条件信号GDCC、GDCA、GDCNIn the triple-mode redundant safety computer, three groups of conditional signals for outputting safety shutdown are set for the three modules, one of which represents the judgment of the module on its own working state, and the other two represent the module’s response to the other two groups of modules. Judgment of working status. In this way, a total of 9 groups of output safety shutdown condition signals are obtained, namely: module M 1 outputs 3 groups of output safety shutdown condition signals GD AA , GD AN , GD AC ; module M 2 outputs 3 groups of output safety shutdown condition signals GD BB , GD BA , GD BC ; module M 3 outputs 3 groups of output safety shutdown condition signals GD CC , GD CA , GD CN .

对于每个模块,利用上述3组输出安全关断条件信号控制其安全关断电路的供电电源。当该模块故障时或其它两个模块认为其发生故障时,将会断开其安全关断电路的供电电源,其输出导向安全的“0”电平。这样,可以避免当该模块故障时其输出还维持错误的状态,从而带来安全隐患。For each module, use the above three groups of output safety shutdown condition signals to control the power supply of its safety shutdown circuit. When the module fails or the other two modules consider it to be faulty, it will cut off the power supply of its safety shutdown circuit, and its output will lead to a safe "0" level. In this way, it can be avoided that when the module fails, its output maintains an erroneous state, thereby causing potential safety hazards.

控制模块安全关断电路供电电源的逻辑表达式为:GDXX(GDXY+GDXZ),式中X、Y、Z分别代表A、B、C。该表达式的含义为:如果该模块认为自身出现错误,则必须关断输出;或者如果其它两个模块都认为本模块出现错误,则也必须关断输出。The logical expression of the power supply of the control module safely shutting down the circuit is: GD XX (GD XY +GD XZ ), where X, Y, and Z represent A, B, and C, respectively. The meaning of this expression is: if the module thinks that it has an error, it must turn off the output; or if the other two modules think that this module has an error, it must also turn off the output.

(3)安全关断电路供电电源的结构(3) The structure of the power supply for the safety shutdown circuit

在控制每个模块输出安全关断电路的供电电源时,采用继电器(光电、机械)器件来实现对供电电源的安全关断。该继电器设备可以采用串联或串并结合的结构,一般情况下,多采用串并结构或并串结构,这样该安全关断电路的安全性和可靠性都有保证。当然,也可采用简单的串连结构,此时安全关断电路的安全性指标不会下降,但可靠性指标会下降。When controlling the power supply of each module to output the safety shutdown circuit, a relay (photoelectric, mechanical) device is used to realize the safety shutdown of the power supply. The relay device can adopt a series or series-parallel structure. Generally, a series-parallel structure or a parallel-series structure is used, so that the safety and reliability of the safety shutdown circuit are guaranteed. Of course, a simple series connection structure can also be adopted, at this time, the safety index of the safety shutdown circuit will not decrease, but the reliability index will decrease.

(4)输出安全关断条件信号的选择(4) Selection of output safety shutdown condition signal

上述的9组输出安全关断条件信号,可以选择常见的电平信号(TTL、CMOS等)。考虑可靠性和安全性,每组输出安全关断条件信号至少包括2个电平信号,一般来说,需要考虑信号线的多少对系统复杂性的影响,所以选择每组输出安全关断条件信号包括2个或3个电平信号。当采用多个电平信号时,需要考虑如何把多个电平信号合成为1个模块输出安全关断电路供电电源控制信号。一般情况下,当采用2个电平信号时,多采用二取二的方式进行比较,即只有当两路电平信号都指示系统工作正常时,模块才能输出安全关断电路供电电源;当采用3个电平信号时,多采用三取二的方式进行表决,即当有多数电平信号指示系统工作正常,模块才能输出安全关断电路供电电源。The above 9 groups output safety shutdown condition signals, and common level signals (TTL, CMOS, etc.) can be selected. Considering reliability and safety, each group of output safety shutdown condition signals includes at least 2 level signals. Generally speaking, it is necessary to consider the influence of the number of signal lines on the complexity of the system, so each group of output safety shutdown condition signals is selected. Includes 2 or 3 level signals. When multiple level signals are used, it is necessary to consider how to synthesize multiple level signals into one module to output the power supply control signal of the safety shutdown circuit. In general, when two level signals are used, the method of two out of two is used for comparison, that is, only when the two level signals indicate that the system is working normally, the module can output the power supply for the safety shutdown circuit; when using When there are 3 level signals, two out of three is usually used for voting, that is, when there are a majority of level signals indicating that the system is working normally, the module can output the power supply for safely shutting down the circuit.

另外,由于数字电路失效时,会导致电平信号发生固“0”或固“1”的错误,但具体是“0”还是“1”并不固定,出现概率大致相当。因此,不管用“0”或者“1”来表示安全计算机系统故障都可能带来安全隐患。但由于数字电路失效绝大多数时保持某固定电平,因此可以使用动态信号来代替上述的电平信号(TTL、CMOS等),作为安全计算机系统工作正常的标志。这里,动态信号是指高低电平交替翻转的信号,能够和数字电路失效带来的输出信号固“0”或固“1”错误相区分,因此动态信号本身是安全的。In addition, when the digital circuit fails, it will cause a solid "0" or "1" error in the level signal, but the specific "0" or "1" is not fixed, and the probability of occurrence is roughly the same. Therefore, no matter whether "0" or "1" is used to represent a safety computer system failure, it may bring a safety hazard. However, since most of the digital circuits fail to maintain a certain fixed level, dynamic signals can be used to replace the above-mentioned level signals (TTL, CMOS, etc.) as a sign that the security computer system is working normally. Here, the dynamic signal refers to the signal whose high and low levels alternately flip, which can be distinguished from the output signal solid "0" or solid "1" error caused by the failure of the digital circuit, so the dynamic signal itself is safe.

当然,动态信号本身不能直接控制继电器之类的元件,无法利用动态信号直接关断安全关断信号的供电电源。因此必须进行动态信号到电平信号的转换。动态信号到电平信号的转换可以采用传统的模拟方法,也可以采用数字电路转换方法。其中,利用数字电路进行转换,可灵活设定溢出时间,具有更高的灵活性。Of course, the dynamic signal itself cannot directly control components such as relays, and the dynamic signal cannot be used to directly turn off the power supply of the safety shutdown signal. Therefore dynamic signal to level signal conversion must be done. The conversion from dynamic signal to level signal can adopt traditional analog method or digital circuit conversion method. Among them, the use of digital circuits for conversion can flexibly set the overflow time, which has higher flexibility.

(5)安全输出逻辑电路(5) Safety output logic circuit

安全输出逻辑可以采用多种方式实现,但必须保证:模块正常工作时,输出安全关断电路供电电源正常,模块输出正常逻辑。一旦该模块工作不正常,输出安全关断电路供电电源断开,其输出一定导向安全侧:0电平(接地)。The safety output logic can be implemented in many ways, but it must be ensured that: when the module is working normally, the power supply of the output safety shutdown circuit is normal, and the module outputs normal logic. Once the module is not working properly, the power supply of the output safety shutdown circuit is disconnected, and its output must be directed to the safe side: 0 level (ground).

实施例2;Embodiment 2;

图1示范性地表示了三模冗余安全计算机的安全关断方法的原理,各部分框图将在后续详细介绍具体实施方式。Fig. 1 exemplarily shows the principle of the safety shutdown method of the triple-mode redundant safety computer, and the block diagrams of each part will introduce the specific implementation in detail later.

控制每个模块输出的安全关断电路供电电源控制的原理如图2(a)(b)所示,该图示范性地表示了输出供电电源的安全关断逻辑。被关断部分使用继电器(光电、机械)。安全关断逻辑可采用串并结构或并串结构,这样,系统的安全性和可靠性都有保证。同时,安全关断逻辑也可简化成图2(c)所示的电路,此时安全性指标不会下降,但可靠性指标会下降。The principle of power supply control of the safety shutdown circuit that controls the output of each module is shown in Figure 2(a)(b), which exemplarily shows the safety shutdown logic of the output power supply. The part to be turned off uses a relay (photoelectric, mechanical). The safety shutdown logic can adopt a serial-parallel structure or a parallel-serial structure, so that the safety and reliability of the system are guaranteed. At the same time, the safety shutdown logic can also be simplified to the circuit shown in Figure 2(c), at this time the safety index will not decrease, but the reliability index will decrease.

图3表示了多个输出安全关断条件信号合成为一个输出安全关断电路供电电源控制信号的方法。当每组输出安全关断条件信号为2个电平信号时,可采用并联方式(“或”逻辑)合成为1个模块输出安全关断电路供电电源控制信号,即只要有一路条件信号有效,则输出控制信号有效,如图3(a)所示;当每组输出安全关断条件信号为3个电平信号时,可采用3取2表决方式合成为1个模块输出安全关断电路供电电源控制信号,即只有当多数条件信号有效时,输出控制信号才有效,如图3(b)所示。FIG. 3 shows a method for synthesizing multiple output safety shutdown condition signals into one output safety shutdown circuit power supply control signal. When each group of output safety shutdown condition signals are 2-level signals, they can be combined in parallel ("or" logic) into one module to output the safety shutdown circuit power supply control signal, that is, as long as one condition signal is valid, Then the output control signal is valid, as shown in Figure 3(a); when each group of output safety shutdown condition signals is a 3-level signal, it can be synthesized into a module output safety shutdown circuit power supply by using a 2 out of 3 voting method The power control signal, that is, the output control signal is valid only when most conditional signals are valid, as shown in Figure 3(b).

安全计算机最主要的特性即故障导向安全,因此安全计算机中给出的故障诊断信号是具有安全侧的动态信号逻辑。图5给出了动态信号转换为电平信号的模拟电路实现方法。其中,动态信号是高低电平交替翻转的信号。图中,DTOUTA1为动态信号输入端,TJA1为电平信号输出端。The most important characteristic of safety computer is fault-oriented safety, so the fault diagnosis signal given in safety computer is a dynamic signal logic with safety side. Figure 5 shows an analog circuit implementation method for converting dynamic signals into level signals. Wherein, the dynamic signal is a signal whose high and low levels are flipped alternately. In the figure, DTOUTA1 is the dynamic signal input end, and TJA1 is the level signal output end.

当安全计算机工作状态为正常时,DTOUTA1为动态翻转的信号。当DTOUTA1处于低电平这一半周时,三极管N7发射极电压为0,三极管截止,因此TJ01端为高电平。此时三极管N1的发射极正偏,三极管N1导通,三极管P1的发射极电压约为0,三极管P1截止。三极管N1导通和三极管P1截止会使电源通过N1、E4、D29这一回路对电容E4进行充电,使电容E4蓄能。同时,如果电容E5之前处于蓄能状态,则该电容E5会通过后级的负载释放能量。When the working state of the security computer is normal, DTOUTA1 is a dynamic flip signal. When DTOUTA1 is in the half cycle of the low level, the emitter voltage of the transistor N7 is 0, and the transistor is cut off, so the terminal TJ01 is in the high level. At this time, the emitter of the transistor N1 is forward-biased, the transistor N1 is turned on, the emitter voltage of the transistor P1 is about 0, and the transistor P1 is turned off. When the transistor N1 is turned on and the transistor P1 is turned off, the power supply will charge the capacitor E4 through the loop of N1, E4, and D29, so that the capacitor E4 can store energy. At the same time, if the capacitor E5 is in an energy storage state before, the capacitor E5 will release energy through the load of the subsequent stage.

当DTOUTA1处于高电平这一半周时,三极管N7发射极正偏,三极管N7导通,因此TJ01端为低电平。根据前述,此时电容E4蓄能,TJ02为高电平,因此三极管N1的发射极反偏,三极管N1截止,三极管P1的发射极正偏,三极管P1导通。三极管N1截止和三极管P1导通会使电容E4通过P1、E5、D28这一回路对电容E5进行充电,使电容E5蓄能,同时电容E4释放能量。When DTOUTA1 is in the half cycle of the high level, the emitter of the transistor N7 is forward biased, and the transistor N7 is turned on, so the terminal TJ01 is in the low level. According to the foregoing, at this time, the capacitor E4 stores energy, and TJ02 is at a high level, so the emitter of the transistor N1 is reverse-biased, the transistor N1 is cut off, the emitter of the transistor P1 is forward-biased, and the transistor P1 is turned on. Transistor N1 is turned off and triode P1 is turned on to make capacitor E4 charge capacitor E5 through the circuit of P1, E5 and D28, so that capacitor E5 stores energy, and capacitor E4 releases energy at the same time.

综上,当DTOUTA1为动态翻转的信号时,电路处于电容E4和E5交替充放电的状态,从而使TJA1保持负电压。而如果安全计算机工作异常,即输入信号为固定电平信号时,或者电路中某个元件异常(短路或断路)时,都不能使电容E4和E5交替充放电,从而输出电平固定为0电平。To sum up, when DTOUTA1 is a dynamic flip signal, the circuit is in the state of alternately charging and discharging capacitors E4 and E5, so that TJA1 maintains a negative voltage. And if the safety computer works abnormally, that is, when the input signal is a fixed level signal, or when a certain component in the circuit is abnormal (short circuit or open circuit), the capacitors E4 and E5 cannot be charged and discharged alternately, so that the output level is fixed at 0. flat.

动态信号到电平信号的转换也可以采用数字逻辑的方法来实现,如图4所示。首先利用一个计数器进行计数,然后利用一个上升沿和下降沿提取电路,将动态信号的每一个上升沿和下降沿都转换为一个短的脉冲信号,并作为计数器的异步复位信号。另外,利用一个简单的与或逻辑和锁存器,使电路在计数到一定数值时输出低电平,其余输出高电平。正常情况下,动态信号保持翻转,上升沿和下降沿提取电路将上升沿或下降沿统一变换为一个短的脉冲信号,即统一变换为一个下降沿。该下降沿对计数器进行异步复位,这样计数器每隔一段时间就会被复位,计数值始终不会超过设定的溢出时间。当安全计算机出现异常时,即动态信号停止翻转,这时计数器的异步复位始终无效,计数器就会一直向上计数,一旦计数器数值达到事先指定的数值后,与或逻辑电路就会向锁存器输出锁存信号,使锁存器输出低电平。这样,在动态信号无效时,电路输出导向安全侧-零电平,从而使输出安全关断电路供电电源被断开,达到故障导向安全的目的。当动态信号恢复正常时,会产生一个下降沿对锁存器进行置位,这样电路又继续在正常状态下工作了。The conversion from dynamic signal to level signal can also be realized by means of digital logic, as shown in Figure 4. First use a counter to count, and then use a rising edge and falling edge extraction circuit to convert each rising edge and falling edge of the dynamic signal into a short pulse signal, and use it as an asynchronous reset signal for the counter. In addition, using a simple AND or logic and a latch, the circuit outputs a low level when it counts to a certain value, and the rest outputs a high level. Under normal circumstances, the dynamic signal remains inverted, and the rising edge and falling edge extraction circuit uniformly transforms the rising edge or falling edge into a short pulse signal, that is, uniformly transforms it into a falling edge. The falling edge resets the counter asynchronously, so that the counter will be reset every once in a while, and the count value will never exceed the set overflow time. When the safety computer is abnormal, that is, the dynamic signal stops flipping. At this time, the asynchronous reset of the counter is always invalid, and the counter will keep counting up. Once the counter value reaches the value specified in advance, the AND or logic circuit will output to the latch. The latch signal makes the latch output low. In this way, when the dynamic signal is invalid, the circuit output leads to the safe side-zero level, so that the power supply of the output safety shutdown circuit is disconnected, and the purpose of fault-oriented safety is achieved. When the dynamic signal returns to normal, a falling edge will be generated to set the latch, so that the circuit continues to work in the normal state.

该电路可以灵活设置动态信号翻转的门限数值,即可设置多长时间没有翻转即认为该动态信号无效。通过对与或逻辑进行设计,可决定计数器计数到多少时产生锁存信号。另外,利用该电路可以产生两路输出信号,并对两路信号用二取二的原则进行比较,可提高该电路的安全性。产生两路输出信号时,可以对另一路动态信号取反后输入到相同的动态信号转换到电平信号的电路中,也可以使另一路的计数器向下计数,使电路具备双轨输出功能,同时也进一步提高电路的安全性。The circuit can flexibly set the threshold value of dynamic signal inversion, that is, it can be set how long the dynamic signal is considered invalid if there is no inversion. By designing the AND or logic, it is possible to determine how much the counter counts to generate a latch signal. In addition, the circuit can generate two output signals, and compare the two signals with the principle of two out of two, which can improve the safety of the circuit. When two output signals are generated, the other dynamic signal can be reversed and then input to the circuit that converts the same dynamic signal into a level signal, or the counter of the other can be counted down, so that the circuit has a dual-rail output function, and at the same time It also further improves the safety of the circuit.

安全输出的逻辑采用以下四种电路都可以实现,如图6所示;电阻R1接三极管N2基极,三极管N2集电极接电阻R2和电阻R3的一端,电阻R3的另一端接三极管P2基极,三极管P2发射极接电阻R2和受控电源;三极管P2集电极接电阻R4和输出;三极管N2发射极接电阻R4的一端和地。The logic of the safety output can be realized by using the following four circuits, as shown in Figure 6; the resistor R1 is connected to the base of the transistor N2, the collector of the transistor N2 is connected to one end of the resistor R2 and the resistor R3, and the other end of the resistor R3 is connected to the base of the transistor P2 , The emitter of the transistor P2 is connected to the resistor R2 and the controlled power supply; the collector of the transistor P2 is connected to the resistor R4 and the output; the emitter of the transistor N2 is connected to one end of the resistor R4 and the ground.

如图7所示;输入接光电耦合器UA的一端1,光电耦合器UA的一端2接电阻R5,光电耦合器UA的另一端16接受控电源;光电耦合器UA的另一端15接输出和电阻R6,电阻R5和电阻R5的另一端接地。As shown in Figure 7; the input is connected to one end 1 of the optocoupler UA, one end 2 of the optocoupler UA is connected to the resistor R5, and the other end 16 of the optocoupler UA is connected to the control power supply; the other end 15 of the optocoupler UA is connected to the output and The resistor R6, the resistor R5 and the other end of the resistor R5 are grounded.

如图8所示;输入接电阻R7后接三极管N3基极,三极管N3发射极接电阻R8和输出;三极管N3集电极接受控电源;电阻R8的另一端接地。As shown in Figure 8; the input is connected to the resistor R7 and then the base of the triode N3, the emitter of the triode N3 is connected to the resistor R8 and the output; the collector of the triode N3 is connected to the control power supply; the other end of the resistor R8 is grounded.

如图9所示;输入接电阻R9后接三极管P3基极,三极管P3集电极接电阻R10和输出;三极管P3发射极接受控电源;电阻R10的另一端接地。As shown in Figure 9; the input is connected to the resistor R9 and then the base of the triode P3, the collector of the triode P3 is connected to the resistor R10 and the output; the emitter of the triode P3 is controlled by the power supply; the other end of the resistor R10 is grounded.

它们共同的特点是:当安全计算机正常工作时,输出安全关断电路供电电源正常,模块输出正常逻辑。一旦安全计算机工作异常,根据上述的实施方法,可导致输出安全关断电路供电电源断开,这时输出一定导向安全侧-0电平(接地)。另外,由于这四个电路输出安全关断的方法都采用的是直接切断供电电源,因此即使电路中的元件出现故障(不管出现短路或断路的故障),其输出都将导向安全侧-0电平,因此这四个电路本身也是故障安全的。Their common feature is: when the safety computer is working normally, the power supply of the output safety shutdown circuit is normal, and the module outputs normal logic. Once the safety computer works abnormally, according to the above-mentioned implementation method, the power supply of the output safety shutdown circuit can be disconnected, and at this time, the output must lead to the safety side-0 level (ground). In addition, because the methods of these four circuit output safety shutdowns are to directly cut off the power supply, even if the components in the circuit fail (regardless of short-circuit or open-circuit failure), their output will be directed to the safe side - 0 power supply. level, so the four circuits themselves are also fail-safe.

Claims (9)

1. the safety cut-off method of exporting in the three-mould redundancy safety computer is characterized in that:
May further comprise the steps;
Select the side step of fail-safe computer output safety rapid;
Set safe shutdown condition step;
The safe shutdown conditioned signal carries out determining step;
Control module output safety breaking circuit step.
2. the safety cut-off method of a kind of three-mould redundancy safety computer output according to claim 1, it is characterized in that: safe shutdown condition step, judge whether safe shutdown adopt " self thinking makes mistakes then must turn-off, perhaps other two module think to make mistakes then must turn-off " method.
3. the safety cut-off method of a kind of three-mould redundancy safety computer output according to claim 1, it is characterized in that: the control module output safety breaking circuit of control module output safety breaking circuit step adopts string and structure or and string structure, the directly power supply of control module output safety breaking circuit.
4. the safety cut-off method of a kind of three-mould redundancy safety computer output according to claim 1 is characterized in that: the Dynamic Signal of control module output safety breaking circuit step is realized by the counter circuit of Digital Logic to the conversion of level signal.
5. the safety cut-off method of a kind of three-mould redundancy safety computer output according to claim 1, it is characterized in that: control module output safety breaking circuit step is; At first utilize a counter to count, utilize a rising edge and negative edge to extract circuit then, the pulse signal that each rising edge and the negative edge of Dynamic Signal all is converted to a weak point, and as the asynchronous reset signal of counter, in addition, utilize one simple with or logic and latch, make circuit output low level when counting down to certain numerical value, all the other export high level, under the normal condition, Dynamic Signal keeps upset, rising edge and negative edge extract the pulse signal that circuit is transformed to rising edge or negative edge unification a weak point, i.e. unification is transformed to a negative edge, this negative edge carries out asynchronous reset to counter, counter will be reset at set intervals like this, when fail-safe computer occurs when unusual, be that Dynamic Signal stops upset, the asynchronous reset of this hour counter is invalid all the time, the counter counting that will always make progress, after in case counter values reaches the numerical value of prior appointment, with or logical circuit will be to latch output latch signal, make the latch output low level, like this, when Dynamic Signal was invalid, circuit export orientation secure side-zero level was disconnected output safety breaking circuit power supply, when Dynamic Signal recovers just often, produce a negative edge latch is carried out set.
6. the safety cut-off method of a kind of three-mould redundancy safety computer output according to claim 1 is characterized in that: the circuit that control module output safety breaking circuit step adopts is; Resistance (R1) connects triode (N2) base stage, an end of triode (N2) collector connecting resistance (R2) and resistance (R3), another termination triode (P2) base stage of resistance (R3), triode (P2) emitter connecting resistance (R2) and controlled source; Triode (P2) collector connecting resistance (R4) and output; One end of triode (N2) emitter connecting resistance (R4) and ground.
7. the safety cut-off method of a kind of three-mould redundancy safety computer output according to claim 1 is characterized in that: the circuit that control module output safety breaking circuit step adopts is; Input connects an end (1) of photoelectrical coupler (UA), and an end (2) connecting resistance (R5) of photoelectrical coupler (UA), the other end (16) of photoelectrical coupler (UA) are accepted the control power supply; The other end (15) of photoelectrical coupler (UA) connects output and resistance (R6), the other end ground connection of resistance (R5) and resistance (R5).
8. the safety cut-off method of a kind of three-mould redundancy safety computer output according to claim 1 is characterized in that: the circuit that control module output safety breaking circuit step adopts is; Connect triode (N3) base stage behind the input connecting resistance (R7), triode (N3) emitter connecting resistance (R8) and output; Triode (N3) collector is accepted the control power supply; The other end ground connection of resistance (R8).
9. the safety cut-off method of a kind of three-mould redundancy safety computer output according to claim 1 is characterized in that: the circuit that control module output safety breaking circuit step adopts is; Connect triode (P3) base stage behind the input connecting resistance (R9), triode (P3) collector connecting resistance (R10) and output; Triode (P3) emitter is accepted the control power supply; The other end ground connection of resistance (R10).
CNB2007100643059A 2007-03-09 2007-03-09 Safety shutdown method and device for output in triple-mode redundant safety computer Active CN100570519C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNB2007100643059A CN100570519C (en) 2007-03-09 2007-03-09 Safety shutdown method and device for output in triple-mode redundant safety computer

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB2007100643059A CN100570519C (en) 2007-03-09 2007-03-09 Safety shutdown method and device for output in triple-mode redundant safety computer

Publications (2)

Publication Number Publication Date
CN101046678A true CN101046678A (en) 2007-10-03
CN100570519C CN100570519C (en) 2009-12-16

Family

ID=38771345

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB2007100643059A Active CN100570519C (en) 2007-03-09 2007-03-09 Safety shutdown method and device for output in triple-mode redundant safety computer

Country Status (1)

Country Link
CN (1) CN100570519C (en)

Cited By (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101893848A (en) * 2010-07-22 2010-11-24 北京交通大学 Fail-safe method by shutting down the power supply
CN101931519A (en) * 2010-08-26 2010-12-29 北京交通大学 Realization Method of Triple-mode Redundancy Based on Synchronous Communication Switching
CN102096401A (en) * 2010-12-22 2011-06-15 北京昊图科技有限公司 Redundant and fault-tolerant safety instrument control system based on fieldbus and ARM (advanced RISC machines)
CN102606331A (en) * 2012-03-20 2012-07-25 西安航天动力试验技术研究所 Triple-redundancy voting control system and triple-redundancy voting control method
CN103092186A (en) * 2012-12-28 2013-05-08 北京交控科技有限公司 Voting structure of two out of three secure output and voting method thereof
CN103186100A (en) * 2011-12-31 2013-07-03 北京圣涛平试验工程技术研究院有限责任公司 Redundancy protection system and redundancy protection method
CN104866390A (en) * 2015-04-15 2015-08-26 中国科学院高能物理研究所 Triple modular redundancy controller for static random access memory
CN105204389A (en) * 2015-10-08 2015-12-30 武汉聚鑫源机电工程设备有限公司 Programmable rotating speed signal device based on software and hardware dual TMR type
CN105245426A (en) * 2015-11-05 2016-01-13 株洲南车时代电气股份有限公司 Platform plug-in having board position identification function
CN105278328A (en) * 2015-11-24 2016-01-27 上海空间电源研究所 Three-take-two redundancy switching control circuit for analog circuit and control method thereof
CN105398472A (en) * 2015-11-06 2016-03-16 株洲南车时代电气股份有限公司 Platform host plug-in
CN105026265B (en) * 2012-12-11 2017-03-08 萨基姆防卫安全 For the redundant circuit that the equipment of cutting off is powered
CN107291580A (en) * 2017-05-04 2017-10-24 复旦大学 MATLAB software system and method
CN107978108A (en) * 2017-12-27 2018-05-01 上海欣能信息科技发展有限公司 A kind of system and method for electric power terminal device instruction operation troubles
CN110347095A (en) * 2019-08-07 2019-10-18 天津津航计算技术研究所 A kind of triplex redundance switching circuit applied to aviation electric heating control system
CN110413456A (en) * 2019-07-30 2019-11-05 上海航天计算机技术研究所 Triple redundance data voting system and method step by step
CN110830013A (en) * 2019-10-30 2020-02-21 卡斯柯信号有限公司 Safety switch realization circuit with real-time self-checking function
CN111839573A (en) * 2020-08-31 2020-10-30 上海大骋医疗科技有限公司 CT heterogeneous redundant exposure control system and method
CN112230751A (en) * 2020-10-13 2021-01-15 北京中科宇航技术有限公司 High-reliability triple-modular redundancy computer power supply circuit
CN113219817A (en) * 2021-04-07 2021-08-06 中国船舶重工集团公司第七一九研究所 Pressure safety control system and control method for multiple redundancy voting
WO2022011801A1 (en) * 2020-07-15 2022-01-20 南京科远智慧科技集团股份有限公司 Circuit method for improving reliability of current output in triple redundancy
CN114740702A (en) * 2022-03-15 2022-07-12 西安电子科技大学 High-reliability voting circuit based on triple-redundancy framework processor and triple-redundancy control system

Cited By (31)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101893848A (en) * 2010-07-22 2010-11-24 北京交通大学 Fail-safe method by shutting down the power supply
CN101931519A (en) * 2010-08-26 2010-12-29 北京交通大学 Realization Method of Triple-mode Redundancy Based on Synchronous Communication Switching
CN101931519B (en) * 2010-08-26 2012-01-11 北京交大资产经营有限公司 Triple-modular redundancy implementation method based on synchronous communication exchange
CN102096401A (en) * 2010-12-22 2011-06-15 北京昊图科技有限公司 Redundant and fault-tolerant safety instrument control system based on fieldbus and ARM (advanced RISC machines)
CN102096401B (en) * 2010-12-22 2015-03-11 北京昊图科技有限公司 Redundant and fault-tolerant safety instrument control system based on fieldbus and ARM (advanced RISC machines)
CN103186100B (en) * 2011-12-31 2016-03-02 北京圣涛平试验工程技术研究院有限责任公司 Redundancy guard system and method
CN103186100A (en) * 2011-12-31 2013-07-03 北京圣涛平试验工程技术研究院有限责任公司 Redundancy protection system and redundancy protection method
CN102606331A (en) * 2012-03-20 2012-07-25 西安航天动力试验技术研究所 Triple-redundancy voting control system and triple-redundancy voting control method
CN105026265B (en) * 2012-12-11 2017-03-08 萨基姆防卫安全 For the redundant circuit that the equipment of cutting off is powered
CN103092186A (en) * 2012-12-28 2013-05-08 北京交控科技有限公司 Voting structure of two out of three secure output and voting method thereof
CN104866390B (en) * 2015-04-15 2018-07-20 中国科学院高能物理研究所 Asynchronous static random access memory triplication redundancy controller
CN104866390A (en) * 2015-04-15 2015-08-26 中国科学院高能物理研究所 Triple modular redundancy controller for static random access memory
CN105204389A (en) * 2015-10-08 2015-12-30 武汉聚鑫源机电工程设备有限公司 Programmable rotating speed signal device based on software and hardware dual TMR type
CN105245426A (en) * 2015-11-05 2016-01-13 株洲南车时代电气股份有限公司 Platform plug-in having board position identification function
CN105245426B (en) * 2015-11-05 2018-07-17 湖南中车时代通信信号有限公司 A kind of platform plug-in with plate position identification function
CN105398472A (en) * 2015-11-06 2016-03-16 株洲南车时代电气股份有限公司 Platform host plug-in
CN105398472B (en) * 2015-11-06 2017-08-11 湖南中车时代通信信号有限公司 A kind of platform host plug-in unit
CN105278328A (en) * 2015-11-24 2016-01-27 上海空间电源研究所 Three-take-two redundancy switching control circuit for analog circuit and control method thereof
CN107291580A (en) * 2017-05-04 2017-10-24 复旦大学 MATLAB software system and method
CN107978108A (en) * 2017-12-27 2018-05-01 上海欣能信息科技发展有限公司 A kind of system and method for electric power terminal device instruction operation troubles
CN110413456A (en) * 2019-07-30 2019-11-05 上海航天计算机技术研究所 Triple redundance data voting system and method step by step
CN110413456B (en) * 2019-07-30 2023-05-26 上海航天计算机技术研究所 Triple redundant data step-by-step voting system and method
CN110347095A (en) * 2019-08-07 2019-10-18 天津津航计算技术研究所 A kind of triplex redundance switching circuit applied to aviation electric heating control system
CN110347095B (en) * 2019-08-07 2022-02-11 天津津航计算技术研究所 Three-redundancy switching circuit applied to aviation electric heating control system
CN110830013A (en) * 2019-10-30 2020-02-21 卡斯柯信号有限公司 Safety switch realization circuit with real-time self-checking function
WO2022011801A1 (en) * 2020-07-15 2022-01-20 南京科远智慧科技集团股份有限公司 Circuit method for improving reliability of current output in triple redundancy
CN111839573A (en) * 2020-08-31 2020-10-30 上海大骋医疗科技有限公司 CT heterogeneous redundant exposure control system and method
CN112230751A (en) * 2020-10-13 2021-01-15 北京中科宇航技术有限公司 High-reliability triple-modular redundancy computer power supply circuit
CN112230751B (en) * 2020-10-13 2022-04-15 北京中科宇航技术有限公司 High-reliability triple-modular redundancy computer power supply circuit
CN113219817A (en) * 2021-04-07 2021-08-06 中国船舶重工集团公司第七一九研究所 Pressure safety control system and control method for multiple redundancy voting
CN114740702A (en) * 2022-03-15 2022-07-12 西安电子科技大学 High-reliability voting circuit based on triple-redundancy framework processor and triple-redundancy control system

Also Published As

Publication number Publication date
CN100570519C (en) 2009-12-16

Similar Documents

Publication Publication Date Title
CN101046678A (en) Safety cut-off method and device for output in three-mould redundancy safety computer
CN103901772B (en) Two CSTR redundancy inertial platform controller
CN102880567B (en) data read-write system
CN100555235C (en) The N-modular redundancy voting system
CN109669823B (en) Multi-bit upset error resisting chip reinforcement method based on improved triple modular redundancy system
CN103235591B (en) A kind of online fault filling method combined based on hardware and software direct fault location
CN103647526B (en) A kind of PWM locking control circuits
CN106896282A (en) A kind of data sampling method and the combining unit for data sampling
CN104881544A (en) Multi-data triple modular redundancy judgment module based on FPGA (Field Programmable Gate Array)
CN1278488C (en) Semiconductor integrated circuit and its reset method
US20150153796A1 (en) System and method for protecting power supply
CN104866390B (en) Asynchronous static random access memory triplication redundancy controller
CN105653771A (en) Method for improving single event upset resistance of chips through logic design
CN202798645U (en) Anti-irradiation triple module redundancy (TMR) circuit structure
CN102082568B (en) Anti-single event transient circuit
CN1405985A (en) Master-spare converting control circuit and method for realizing it
CN101788940A (en) Power-on-reset circuit for 2*2 redundancy fault-tolerant computers based on programmable logic device
KR102505454B1 (en) Static Var Compensator of controller system and Controlling Method Thereof
CN204290775U (en) A kind of tri-level circuit of high fault tolerance
CN114720913A (en) Detection system and detection method for parallel connection and series-reverse connection of photovoltaic system
CN219780106U (en) Photovoltaic power generation system and its inverter, fault protection device and combiner box
CN201315470Y (en) A module for selecting one of two signals for output in a direct current transmission system
CN207352138U (en) Induction heating power failure detects in real time and processing system
CN102255618A (en) Low-overhead transient fault automatic correction circuit for high speed adder
CN114967419B (en) A three-out-of-two voting control circuit

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
ASS Succession or assignment of patent right

Owner name: BEIJING JIAOTONG UNIVERSITY ASSETS MANAGEMENT CO.,

Free format text: FORMER OWNER: BEIJING COMMUNICATION UNIV.

Effective date: 20110902

C41 Transfer of patent application or patent right or utility model
TR01 Transfer of patent right

Effective date of registration: 20110902

Address after: 100044 Beijing city Haidian District sorghum Bridge Street No. 44 Building Room 806

Patentee after: Beijing Jiaotong University

Address before: 100044 Beijing Xizhimen Shangyuan Village No. 3

Patentee before: Beijing Jiaotong University

ASS Succession or assignment of patent right

Owner name: BEIJING TRAFFIC CONTROL TECHNOLOGY CO., LTD.

Free format text: FORMER OWNER: BEIJING JIAOTONG UNIVERSITY ASSET MANAGEMENT CO., LTD.

Effective date: 20120809

C41 Transfer of patent application or patent right or utility model
COR Change of bibliographic data

Free format text: CORRECT: ADDRESS; FROM: 100044 HAIDIAN, BEIJING TO: 100070 FENGTAI, BEIJING

TR01 Transfer of patent right

Effective date of registration: 20120809

Address after: 100070 Beijing science and Technology Park of Fengtai District Haiying Road No. 6 hospital of Beijing, the headquarters of the International 2 Building No. 3

Patentee after: Beijing Traffic Control Technology Co., Ltd.

Address before: 100044, room 44, science building, 806 Jiao Feng street, Haidian District, Beijing

Patentee before: Beijing Jiaotong University

C56 Change in the name or address of the patentee
CP01 Change in the name or title of a patent holder

Address after: 100070 Beijing science and Technology Park of Fengtai District Haiying Road No. 6 hospital of Beijing, the headquarters of the International 2 Building No. 3

Patentee after: TRAFFIC CONTROL TECHNOLOGY Co.,Ltd.

Address before: 100070 Beijing science and Technology Park of Fengtai District Haiying Road No. 6 hospital of Beijing, the headquarters of the International 2 Building No. 3

Patentee before: Beijing Traffic Control Technology Co., Ltd.

CP03 Change of name, title or address

Address after: 100070 Beijing science and Technology Park of Fengtai District Seahawks Hospital No. 6 2, No. 3 (Park)

Patentee after: TRAFFIC CONTROL TECHNOLOGY Co.,Ltd.

Address before: 100070 Beijing science and Technology Park of Fengtai District Haiying Road No. 6 hospital of Beijing, the headquarters of the International 2 Building No. 3

Patentee before: TRAFFIC CONTROL TECHNOLOGY Co.,Ltd.

CP03 Change of name, title or address