CN1099075C - Redundant electronic device with certified and non-certified channels - Google Patents
Redundant electronic device with certified and non-certified channels Download PDFInfo
- Publication number
- CN1099075C CN1099075C CN98802340A CN98802340A CN1099075C CN 1099075 C CN1099075 C CN 1099075C CN 98802340 A CN98802340 A CN 98802340A CN 98802340 A CN98802340 A CN 98802340A CN 1099075 C CN1099075 C CN 1099075C
- Authority
- CN
- China
- Prior art keywords
- passage
- sign
- authentication
- electronic equipment
- inquiry
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Classifications
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B19/00—Programme-control systems
- G05B19/02—Programme-control systems electric
- G05B19/04—Programme control other than numerical control, i.e. in sequence controllers or logic controllers
- G05B19/042—Programme control other than numerical control, i.e. in sequence controllers or logic controllers using digital processors
- G05B19/0428—Safety, monitoring
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B9/00—Safety arrangements
- G05B9/02—Safety arrangements electric
- G05B9/03—Safety arrangements electric with multiple-channel loop, i.e. redundant control systems
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B2219/00—Program-control systems
- G05B2219/20—Pc systems
- G05B2219/24—Pc safety
- G05B2219/24191—Redundant processors are different in structure
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/16—Error detection or correction of the data by redundancy in hardware
- G06F11/1629—Error detection by comparing the output of redundant processing systems
- G06F11/1641—Error detection by comparing the output of redundant processing systems where the comparison is not performed by the redundant processing components
Landscapes
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Engineering & Computer Science (AREA)
- Automation & Control Theory (AREA)
- Programmable Controllers (AREA)
- Signal Processing For Digital Recording And Reproducing (AREA)
- Measurement Of Resistance Or Impedance (AREA)
Abstract
A homogeneously and redundantly built electronic device (EG) with at least two channels, especially a two-channel, homogeneously and redundantly built programmable central unit of a controller with at least one certified channel (A) and at least one non-certified channel (B). Said certified channel (A) is a channel (A) which is sufficiently free of systematic faults whilst in the non-certified channel (B), components can be used which have not been explicitly proven to be sufficiently free of systematic faults.
Description
The present invention relates to a kind of electronic equipment of at least two channel architectures, the Programmable Logic Device of a channel structure particularly, wherein this Programmable Logic Device for example is the central location of a storer Programmable Logic Controller.
For relating to safe task, need the reliable electronic equipment of performance height, the term here " dependable performance " is chosen according to international document draft IEC 1508 " functional safety ".
The outstanding part of the electronic equipment of dependable performance is to provide special measures so that avoid, discern and control mistake and fault for it.
A kind of common method of avoiding, discern and controlling mistake and fault is the multi-channel redundant structure of electronic equipment, the wherein same operation of executed in parallel in each passage.Be identified in the passage mistake whether occurs by comparative result or output valve.
Certain group mistake relevant especially with the operation of support equipment dependable performance ground may be the so-called system mistake of assembly, element or the parts of a passage.This mistake for example can cause by logical organization or its physical characteristics.So-called physical arrangement is meant the misconnection each other of single parts and assembly, and physical characteristics depends on the manufacture process of each use.For the application of being planned, prove enough few system mistake by multiple authentication measures.
In the semiconductor technology that develops rapidly now, manufacture method promptly changed after very short time.Consequently, must prove again that to related parts or assembly it does not have system mistake, because in a system as the classification of dependable performance ground, the such parts and the operation of assembly have only by multiple authentication measures and just allow.
The technical innovation cycle requires for example to be necessary for each re-executes this authentication for new type microprocessor or novel memory assembly fast in the semiconductor applications, wherein, because for verification process need provide test and/or proof operational reliability, estimate to spend in time above this cause novel component only after quite postponing, just can be applied in some security-related purposes on.
Therefore, the object of the present invention is to provide a kind of electronic equipment, can in relating to system safe, that have even redundant channel, use by this equipment not to be proved to be the enough few assembly of system mistake, element or parts as yet.
The objective of the invention is to realize by the electronic equipment of the even redundancy structure of a kind of like this binary channels at least, the electronic equipment of the even redundancy structure of these at least two passages especially can be the Programmable Logic Device of an even redundancy structure of binary channels, it has at least one authentication passage and at least one non-authentication passage, and wherein authenticating passage is a passage that system mistake is enough few.
As the enough few passage of system mistake correspondingly can be regarded as probability of malfunction during a stipulated time be no more than a regulation be subjected to use the threshold value that influences at that time, it for example is a threshold value according to international document draft IEC 1508.
When an askable identifier is provided for each passage, for example when special memory cell or mechanical switch or electronic switch, can obtain one first sign this moment when this identifier of inquiry authentication passage, when this identifier of the non-authentication passage of inquiry, can obtain one second sign, this electronic equipment only just begins its operation under at least one inferior situation of the first sign appearance when the sign at each passage of inquiry, like this this electronic equipment is realized self check, it guarantees that this electronic equipment only confirming that at least one passage of the electronic equipment of channel structure is a passage that system mistake is enough few at least, that is just begins its operation when being an authentication passage.
When the sign of each passage of poll, can know definitely which passage is a passage that system mistake is enough few, also authentication authorization and accounting passage, which passage is the enough not few passage of system mistake, that is non-authentication passage.
When this electronic equipment operation, non-authentication passage be identified at one can be given in advance the time period that does not have identification error after can be from second sign that characterizes non-authentication passage to the first sign conversion that characterizes the authentication passage, this moment is at enough run durations with after the serviceability of still unverified so far passage is done enough analyses, can be with this passage itself as using with reference to passage, make and utilize this electronic equipment can use for example still unverified follow-on element, parts or assembly, and needn't prove in advance that there is not mistake in it.
From below with reference to accompanying drawing to understanding other advantage of the present invention and invention details the explanation of an embodiment.
Fig. 1 is the block scheme of central location of the even redundancy structure of binary channels of a storer Programmable Logic Controller.
According to Fig. 1, electronic equipment EG is the central location of the even redundancy structure of binary channels of a storer Programmable Logic Controller.Even redundant each passage of expression here is with element, parts or assembly symmetric construction with said function at least.
In the embodiment shown in fig. 1, passage A has a microprocessor P, a program storage I and a data storer R.The operation of microprocessor P is by monitor unit W, and promptly so-called house dog monitors.Channel B is even redundancy structure for passage A, and this is from having same parts P, I, the R of same reference numerals respectively, and is clear and definite especially.
Passage A must be by proving system mistake enough few parts P, I, R, W structure, so each parts, element and assembly are through authenticating.Thereby passage A integral body appears as the enough few passage of system mistake.
Use parts P, I, R, the W of one or more various modification in channel B, they were once for example changed owing to manufacture method new or that revised in some way, and were not doing enough proofs aspect the no system failure.
If the system mistake that may exist in related element, parts or the assembly in channel B manifests its effect, then this point relatively is identified by the result with passage A and is therefore controlled.Described result relatively can realize by the connection K that is present between passage A and the B.
Can under the situation of the security feature in not worsening passage A, the B of redundant electronic device EG, use thus and fully not prove inerrancy that is still unverified element, parts or assembly as yet.
By the result relatively, for example can discern because the physical characteristics of each electronic component, parts or assembly or because the system mistake that altered manufacturing or installation process cause.
Electronic equipment EG of the present invention allows the supplier of this kind equipment directly the technical innovation cycle of for example semi-conductor industry to be reacted, in the system of dependable performance, always supply with element, parts or assembly, even these elements are enough being lacked the occasion that this point does not clearly prove by authentication so far as yet with regard to its system mistake corresponding to current development level.
In this regard, can utilize method of the present invention or electronic equipment EG of the present invention to realize that impliedly this authentication probably is particularly advantageous.
For this purpose, be sign of each passage A, B management of electronic equipment EG, whether this identifier declaration each passage A, B can be counted as the enough few passage of system mistake.After certain time period of particularly freely selecting by the user, if unidentified to any system mistake in unverified so far passage A, B electronic equipment in service at this section time durations, then this sign can be changed to " authenticating " from " unverified ".Like this, clearly do not authenticate so far but its passage that does not have the system mistake this point fully to be proved in concrete operations also can use as a passage that clearly authenticates.
This point can use member, assembly or the parts of being made by semiconductor element of future generation especially in another redundant channel A, B in the electronic equipment EG that is combined with present " online-the authentication passage ", also these parts are proved the possibility that its system mistake is enough few according to said process then.
Thus, the electronic equipment of the application of the invention or adopt method of the present invention can at any time freely adopt up-to-date element, and assembly or parts relate in the safe system and needn't just they be applied to behind verification process quite consuming time.
Claims (6)
1. electronic equipment (EG) with even redundancy structure of at least two passages, the Programmable Logic Device of an even redundancy structure of binary channels particularly, wherein this electronic equipment (EG) has at least one authentication passage (A) and at least one non-authentication passage (B), this authentication passage (A) is a passage that system mistake is enough few, wherein be each passage (A, B) provide an askable identifier, wherein when the identifier of inquiry authentication passage (A), obtain one first sign, when the identifier of the non-authentication passage of inquiry (B), obtain one second sign, wherein only (A exists the occasion of one first sign just to begin its operation to this electronic equipment (EG) at least during B) sign at each passage of inquiry.
2. electronic equipment according to claim 1 is characterized in that, described (A, B) Biao Shi inquiry is carried out in proper order to each passage.
3. electronic equipment according to claim 1 and 2 is characterized in that, described non-authentication passage (B) be identified at one can be given in advance the unidentified time period that makes mistake after can be from second sign to the first sign conversion.
4. one kind is moved an electronic equipment (EG) that has the even redundancy structure of two passages at least, the method of the Programmable Logic Device of an even redundancy structure of binary channels particularly, wherein this electronic equipment (EG) has at least one authentication passage (A) and at least one non-authentication passage (B), this authentication passage (A) is a passage that system mistake is enough few, wherein be each passage (A, B) provide an askable identifier, wherein when the identifier of inquiry authentication passage (A), obtain one first sign, when the identifier of the non-authentication passage of inquiry (B), obtain one second sign, wherein only (A, the occasion that occurs one time first sign during B) sign at least just begins its operation to this electronic equipment (EG) at each passage of inquiry.
5. method according to claim 4 is characterized in that, described (A, B) Biao Shi inquiry is carried out in proper order to each passage.
6. according to claim 4 or 5 described methods, it is characterized in that, described non-authentication passage (B) be identified at one can be given in advance the unidentified time period that makes mistake after can be from second sign to the first sign conversion.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| EP97103151 | 1997-02-26 | ||
| EP97103151.3 | 1997-02-26 |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1246938A CN1246938A (en) | 2000-03-08 |
| CN1099075C true CN1099075C (en) | 2003-01-15 |
Family
ID=8226528
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN98802340A Expired - Fee Related CN1099075C (en) | 1997-02-26 | 1998-02-13 | Redundant electronic device with certified and non-certified channels |
Country Status (3)
| Country | Link |
|---|---|
| CN (1) | CN1099075C (en) |
| DE (1) | DE59800963D1 (en) |
| ES (1) | ES2160407T3 (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| DE102018121885A1 (en) * | 2018-09-07 | 2020-03-12 | Phoenix Contact Gmbh & Co. Kg | Electronic device for use in an automation system and an automation system |
| CN114253124A (en) * | 2021-12-22 | 2022-03-29 | 浙江中控技术股份有限公司 | High-availability hot standby redundancy system and method |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| DE3718582A1 (en) * | 1986-06-05 | 1987-12-10 | Zf Herion Systemtechnik Gmbh | Electronic security device |
| US5136704A (en) * | 1989-06-28 | 1992-08-04 | Motorola, Inc. | Redundant microprocessor control system using locks and keys |
| DE19504404C1 (en) * | 1995-02-10 | 1996-06-20 | Pilz Gmbh & Co | System architecture |
| EP0742507A1 (en) * | 1995-05-12 | 1996-11-13 | The Boeing Company | Method and apparatus for synchronizing flight management computers |
-
1998
- 1998-02-13 DE DE59800963T patent/DE59800963D1/en not_active Expired - Lifetime
- 1998-02-13 CN CN98802340A patent/CN1099075C/en not_active Expired - Fee Related
- 1998-02-13 ES ES98910662T patent/ES2160407T3/en not_active Expired - Lifetime
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| DE3718582A1 (en) * | 1986-06-05 | 1987-12-10 | Zf Herion Systemtechnik Gmbh | Electronic security device |
| US5136704A (en) * | 1989-06-28 | 1992-08-04 | Motorola, Inc. | Redundant microprocessor control system using locks and keys |
| DE19504404C1 (en) * | 1995-02-10 | 1996-06-20 | Pilz Gmbh & Co | System architecture |
| EP0742507A1 (en) * | 1995-05-12 | 1996-11-13 | The Boeing Company | Method and apparatus for synchronizing flight management computers |
Also Published As
| Publication number | Publication date |
|---|---|
| DE59800963D1 (en) | 2001-08-09 |
| ES2160407T3 (en) | 2001-11-01 |
| CN1246938A (en) | 2000-03-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP6073414B2 (en) | Removable security module and associated method | |
| US8290660B2 (en) | Data access to electronic control units | |
| CN100382474C (en) | Method and system of safety-oriented data transfer | |
| US20060248172A1 (en) | Method for updating software of an electronic control device by flash programming via a serial interface and corresponding automatic state machine | |
| US10922071B2 (en) | Centralized off-board flash memory for server devices | |
| CN1737787A (en) | Method and device of bus coupling safe related course | |
| CN103378771A (en) | Motor drive control device | |
| US6901350B2 (en) | Method and device for monitoring the functioning of a system | |
| CN102224466A (en) | Method for determining a security step and security manager | |
| CN108604084B (en) | Method and device for monitoring data processing and transmission in a security chain of a security system | |
| US7372248B2 (en) | Electronic circuit, system with an electronic circuit and method for testing an electronic circuit | |
| CN111694702A (en) | Method and system for secure signal manipulation | |
| JP2004227575A (en) | Single signal transmission of safety-related process information | |
| CN1099075C (en) | Redundant electronic device with certified and non-certified channels | |
| US20030145221A1 (en) | Smart cards for the authentication in machine controls | |
| CN105988365A (en) | Safety architecture for failsafe systems | |
| EP1850554A2 (en) | Safe communications in a network | |
| CN106250262A (en) | A kind of based on double-mirror prevent SD from using during the method surprisingly distorted of flash | |
| CN101271317A (en) | Circuit device and corresponding method for controlling a load | |
| CN103237977B (en) | Reversible, the anti-tamper encoding method of motor car engine control gear and engine controlling unit | |
| WO2021076339A1 (en) | Secure control of intelligent electronic devices in power delivery systems | |
| US7284152B1 (en) | Redundancy-based electronic device having certified and non-certified channels | |
| US20140164550A1 (en) | Method of connecting a hardware module to a fieldbus | |
| CN115658449B (en) | Storage method, storage device, computer equipment and storage medium for fault diagnosis data | |
| US20230281076A1 (en) | Data processing procedure for safety instrumentation and control (i&c) systems, i&c system platform, and design procedure for i&c system computing facilities |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20030115 Termination date: 20150213 |
|
| EXPY | Termination of patent right or utility model |