CN112187847B - Method and apparatus for monitoring a device - Google Patents
Method and apparatus for monitoring a device Download PDFInfo
- Publication number
- CN112187847B CN112187847B CN202010633480.0A CN202010633480A CN112187847B CN 112187847 B CN112187847 B CN 112187847B CN 202010633480 A CN202010633480 A CN 202010633480A CN 112187847 B CN112187847 B CN 112187847B
- Authority
- CN
- China
- Prior art keywords
- operating state
- communication interface
- unit
- analysis
- critical
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 18
- 238000012544 monitoring process Methods 0.000 title claims abstract description 14
- 230000005540 biological transmission Effects 0.000 claims abstract description 102
- 238000004891 communication Methods 0.000 claims abstract description 56
- 238000011156 evaluation Methods 0.000 claims abstract description 18
- 238000004458 analytical method Methods 0.000 claims description 57
- 230000004069 differentiation Effects 0.000 claims description 2
- 230000000903 blocking effect Effects 0.000 claims 1
- 230000004913 activation Effects 0.000 description 4
- 238000004880 explosion Methods 0.000 description 3
- 238000000926 separation method Methods 0.000 description 3
- 230000008901 benefit Effects 0.000 description 2
- 238000009529 body temperature measurement Methods 0.000 description 2
- 230000001419 dependent effect Effects 0.000 description 2
- 238000001514 detection method Methods 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 230000003213 activating effect Effects 0.000 description 1
- 230000002238 attenuated effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000001816 cooling Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000007274 generation of a signal involved in cell-cell signaling Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
- 238000012806 monitoring device Methods 0.000 description 1
- 230000002028 premature Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 238000004804 winding Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04Q—SELECTING
- H04Q9/00—Arrangements in telecontrol or telemetry systems for selectively calling a substation from a main station, in which substation desired apparatus is selected for applying a control signal thereto or for obtaining measured values therefrom
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- G—PHYSICS
- G08—SIGNALLING
- G08C—TRANSMISSION SYSTEMS FOR MEASURED VALUES, CONTROL OR SIMILAR SIGNALS
- G08C19/00—Electric signal transmission systems
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04Q—SELECTING
- H04Q2209/00—Arrangements in telecontrol or telemetry systems
- H04Q2209/40—Arrangements in telecontrol or telemetry systems using a wireless architecture
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Arrangements For Transmission Of Measured Signals (AREA)
- Selective Calling Equipment (AREA)
Abstract
The invention relates to a method and a device for monitoring a device, wherein a. At least one safety-relevant parameter of the device is measured, b. The safety-relevant parameter is evaluated in a first evaluation unit for compliance with at least one predetermined limit value, c. The first evaluation unit is arranged on the transmitting side of a communication interface, and a triggering unit is arranged on the receiving side of the communication interface, and a data transmission takes place between the transmitting side and the receiving side, and wherein furthermore d. A distinction is made between three operating states (normal operation, first critical operating state and second critical operating state), wherein e. at least information about the operating state is transmitted during the data transmission, and f. A second evaluation unit connected to the triggering unit is arranged on the receiving side of the communication interface, which evaluates the information about the operating state independently of one another in the first evaluation channel and in the second evaluation channel, g. wherein the triggering unit is activated when the first operating state or the second operating state is present, in order to bring the device into a safe state.
Description
Technical Field
The invention relates to a method and an arrangement for monitoring a device, wherein security-related information is transmitted via a communication interface.
Background
From the standpoint of hazards to humans and the environment, equipment (e.g., equipment in areas where there is an explosion hazard) is typically monitored by electronic protection circuitry. These protection circuits should bring the device into a safe state when a predefined hazard is detected. Here, the reliability of these protection circuits and the secure processing of security-related information are particularly important.
EP 1 967 831 B1 describes a protection concept for temperature monitoring, in which a measuring circuit (temperature measurement), a measured value analysis, and an actuator which should bring the monitored device into a safe state when a safety-related hazard (excessive temperature) is detected are compactly accommodated in a device.
In certain applications, the spatial separation of the measuring unit from the actuator (triggering unit) is technically significant or necessary. Thus, machines specifically designed for use in areas at risk of explosion, for example, must be monitored for ignitable excessive temperatures. The monitoring is regarded as security-related and must function particularly reliably in accordance with security requirements. The actuator, which is usually formed by an electrical switching element (relay; contactor), should shut down the machine when a potentially ignitable excessive temperature is detected, but cannot be placed with the machine itself or only at a high cost in areas that are at risk of explosion, since any switching sparks of the actuator may themselves form an ignition source. In this case, the safety-relevant temperature information must then be transmitted via the communication interface to an actuator which is arranged in a safe and spatially separated area from the machine. In this case, high safety requirements are applicable or high reliability with respect to the transmission of temperature information is required.
Even in the industry 4.0 era, the transmission of security related information via a communication interface is no longer contemplated. Thus, the high security requirements also apply to the entire processing chain of the measurement unit, signal generation, communication interface, information transmission, information reception and analysis and the execution of security-related tasks. The implementation of these security requirements generally requires higher costs, with an increase in complexity (which is generally necessary for the direct implementation of the security requirements), and also an increase in confusion (which then becomes a further source of problems).
Disclosure of Invention
The object of the present invention is therefore to create a simple and clear security concept for a monitoring device, with which security-related information is transmitted via a communication interface.
According to the invention, this object is achieved by the features of claims 1 and 11.
The method for monitoring a device according to the invention is characterized in that:
a. at least one security-related parameter of the device is measured,
b. the safety-relevant parameter is analyzed in a first analysis unit for compliance with at least one predetermined limit value,
c. the first analysis unit is arranged on the transmitting side of the communication interface, and the triggering unit is arranged on the receiving side of the communication interface, and data transmission is carried out between the transmitting side and the receiving side, and the triggering unit is arranged in addition
d. Distinguishing between three operating states (i.e., normal operation, first critical operating state, and second critical operating state), wherein
d1. Normal operation is characterized in that the at least one measured safety-related parameter corresponds to the at least one predetermined limit value and in that no technical fault is present which prevents an effective data transmission via the communication interface,
d2. the first critical operating state is characterized in that the measured safety-related parameter exceeds the at least one predetermined limit value and in that no technical fault is present which prevents an effective data transmission via the communication interface,
d3. the second critical operating state is characterized by the presence of a technical fault that prevents effective data transmission via the communication interface, and wherein
e. Transmitting at least information about the operating state during data transmission, and
f. a second evaluation unit connected to the triggering unit is provided on the receiving side of the communication interface, which second evaluation unit evaluates the information about the operating state in the first evaluation channel and the second evaluation channel independently of one another,
g. wherein the triggering unit is activated when the first or second operating state is present to bring the device into a safe state.
The device for executing the method according to the invention at least comprises:
a. at least one measuring unit for measuring a safety-related parameter of the device,
b. a first analysis unit for analyzing the measured safety-related parameter for compliance with at least one predetermined limit value,
c. a triggering unit, to bring the device into a safe state,
d. an operation state determination unit for determining an operation state of the apparatus, wherein a distinction is made between three operation states (i.e., a normal operation, a first critical operation state, and a second critical operation state), wherein
d1. Normal operation is characterized in that the at least one measured safety-related parameter corresponds to the at least one predetermined limit value and in that no technical fault is present which prevents an effective data transmission via the communication interface,
d2. the first critical operating state is characterized in that the measured safety-related parameter exceeds the at least one predetermined limit value and in that no technical fault is present which prevents an effective data transmission via the communication interface,
d3. the second critical operating state is characterized by the presence of a technical fault that prevents efficient data transmission via the communication interface,
e. a communication interface for transmitting data of an operation state between a transmitting side and a receiving side, wherein a first analysis unit and an operation state determination unit are provided on the transmitting side of the communication interface, and a trigger unit is provided on the receiving side of the communication interface, and
f. a second evaluation unit, which is connected to the triggering unit on the receiving side of the communication interface and has a first evaluation channel and a second redundant evaluation channel, is used for monitoring the operating state and for controlling the triggering device (9) when the first operating state or the second operating state is present.
Although traditionally only information about measured parameters or trigger signals derived therefrom is transmitted, it is now also considered according to the invention if there is a technical fault that prevents a valid data transmission via the communication interface. For example, if the transmission link is interrupted due to an unexpected interruption of the USB cable used, data transmission will no longer be possible and thus an effective status detection of the device based on the measured value transmission is not possible. According to the invention, a second critical operating state is present in this case.
Furthermore, it is conceivable, for example, that the signal level is significantly reduced due to hardware errors on the transmitting side of the communication interface, as a result of which the analysis of the transmitted data on the receiving side of the communication interface can no longer be ensured. According to the invention, each possible error state of the communication interface and the transmission link, which prevents effective data transmission, is regarded as a transmission form for the second critical operation.
Further embodiments of the invention are the subject matter of the dependent claims, wherein the features expressed in the dependent claims can also be combined with one another.
A particular embodiment of the invention consists in that each operating state is assigned at least one transmission form, which characterizes the determined operating state and is used for data transmission. In this case, a clear and definite distinction between normal operation and two critical operating states can be ensured by a suitable choice of the transmission form. Each error state of the communication interface (6) that prevents an effective data transmission via the communication interface (6) is assigned a transmission form for the second critical operation.
According to a further embodiment of the invention, the second analysis unit performs an analysis of the information about the operating state by analyzing the transmitted transmission form. In this case, it is conceivable that, for differentiation, the transmission form characterizing the normal operation is differentiated from the transmission form characterizing the first critical operating state by at least a first differentiating characteristic and from the transmission form characterizing the second critical operating state by at least a second differentiating characteristic. A clear and definite separation of normal operation from the first or second critical operating state should thereby be ensured. For example, the defined DC offset may be set as the first distinguishing characteristic. Thus, a transmission form with a defined DC offset may mean normal operation, whereas a transmission form with a DC offset outside the tolerance range of the defined DC offset indicates that a first critical operating state exists. Alternatively, the defined amplitude may also be set as a first distinguishing feature, wherein a transmission form with the defined amplitude is indicative of normal operation, whereas a transmission form with an amplitude outside the tolerance range of the defined amplitude signals a first critical operating state. The defined DC offset can in turn be used as a second distinguishing feature for demarcating the normal operation from the second critical operating state. Alternatively, however, the defined amplitude which distinguishes the normal operation from the second critical operating state can also be set again here.
The first and second distinguishing features preferably have a common characteristic that enables normal operation to be distinguished from both the first and second critical operating conditions. However, it is also conceivable within the scope of the invention for the first distinguishing feature and the second distinguishing feature to be identical, since in many application cases it is only important on the receiving side that there is normal operation or one of the two critical operating states, since the activation of the triggering unit takes place in both the first critical operating state and the second critical operating state.
In a further embodiment of the invention, in the normal operation and/or in the first critical operating state, information about the measured safety-relevant parameters and/or other operating data are transmitted in addition to the information about the operating state. This has the advantage that in normal operation information about the position of the measured safety-relevant parameter relative to its limit value is obtained at the receiving side of the communication interface. Thus, countermeasures can be taken as early as necessary, for example by operating the device at a correspondingly reduced power. In contrast, if a first critical operating state is present, the error cause can be defined more precisely and in detail from the transmitted information about the measured safety-relevant parameters, in particular when measuring and analyzing different safety-relevant parameters.
Furthermore, it is of course conceivable to transmit other operating data for information and diagnostic purposes too, which operating data do not negatively influence the analysis of the transmitted operating states on the receiving side.
Furthermore, the first analysis channel and the second analysis channel are preferably connected to the triggering unit in such a way that the triggering unit is activated when at least one of the two analysis channels generates a triggering signal. This may be done via an or gate, for example. To further improve the analysis and to ensure a higher security, the two analysis channels are configured in different ways, so that the first analysis channel can be based on a software-controlled working principle, while the analysis in the second analysis channel can be based on a hardware-controlled working principle. However, both analysis channels are configured such that they can detect the transmitted operating state, wherein the first analysis channel analyses safety-relevant parameters transmitted when necessary in addition to the operating state, while the second analysis channel detects only the presence of one of two critical operating states.
Drawings
Further advantages and design configurations of the invention are further elucidated on the basis of the following description and the accompanying drawing.
The drawings show:
figure 1 shows a block diagram of an apparatus according to the invention,
figure 2 shows the signal course of a transmission form with a defined limit frequency as a first distinguishing characteristic in normal operation and in a first critical operation,
figure 3 shows the signal course of a transmission form with a limit frequency set to zero as a first distinguishing characteristic in normal operation and in a first critical operating state,
figure 4 shows the signal course of a transmission form with a defined amplitude as a first distinguishing characteristic in normal operation and in a first critical operation,
figure 5 shows the signal course of a transmission form with a defined DC offset as a first distinguishing characteristic in normal operation and in a first critical operation,
fig. 6 shows the signal course of the transmission pattern in normal operation and in first critical operation, wherein the first distinguishing feature is that the data transmission is carried out continuously in normal operation and with sufficient pauses in the first critical operating state,
fig. 7 shows the signal course in normal operation and in a second critical operating state, in which the transmission takes place in such a way that no data transmission takes place and the DC level corresponds to ground, wherein the defined limit frequency is regarded as a second distinguishing characteristic,
fig. 8 shows the signal course in normal operation and in a second critical operating state, wherein the transmission form in the second critical operating state is characterized by no data transmission and the presence of a DC level at an undefined height, wherein the defined limit frequency is regarded as a second distinguishing characteristic,
fig. 9 shows the signal course in normal operation and in a second critical operating state, in which the DC offset is shifted to a different level than in normal operation, wherein the defined DC offset is regarded as a second distinguishing characteristic,
fig. 10 shows the signal course in normal operation and in a second critical operating state, wherein the transmission form in the second critical operating state is characterized by a significantly reduced amplitude of the transmission signal, wherein the defined amplitude is regarded as a second distinguishing feature, and
fig. 11 shows an exemplary embodiment in the region of the second analysis unit.
Detailed Description
The device according to the invention for monitoring an apparatus, such as a cooling apparatus or a pump station, has a measuring unit 1, which measuring unit 1 measures at least one safety-relevant parameter of the apparatus via a sensor not further shown. Here, this may be, for example, the winding temperature of the motor. The measured safety-relevant parameters are evaluated in the first evaluation unit 2 for compliance with the at least one assigned limit value. In this case, it is checked in the case of a temperature measurement whether a predetermined maximum temperature value is exceeded. Furthermore, a triggering unit 9 is provided to bring the device into a safe state by, for example, switching off the device or operating the device at reduced power.
The operating state of the device is determined in the following manner:
the distinction between normal operation and the first critical operating state is made by the first evaluation unit 2 determining whether the at least one safety-relevant parameter exceeds a limit value. The detection of the second critical operating state is the task of the receiving side, since in the presence of such a technical fault, the data transmission via the communication interface 6 can no longer be considered valid or it is not known which error state the communication interface is in.
Furthermore, a signal generating unit 5 is provided on the transmitting side of the communication interface 6, which signal generating unit 5 generates a data signal to be transmitted from the transmitting side to the receiving side of the communication interface, wherein the data signal has an operating state of the characteristic transmission form determined by the operating state determining unit 3. On the receiving side of the communication interface 6, in addition to the triggering unit 9, a second analysis unit 8 is provided, which second analysis unit 8 is provided with a first analysis channel 80 and a second redundant analysis channel 81 for analyzing the transmitted operating state. The first and second analysis channels 80, 81 are connected to the triggering unit via an or gate 82 in order to activate the triggering unit when at least one of the two analysis channels determines that a first or second critical operating state is present and a corresponding triggering signal 83 or 84 is generated.
The transmission link 7 between the communication interface 6 and the second analysis unit 8 may in particular be a wired connection or be configured as a radio connection. Depending on the application, in particular in the case of explosion-hazard devices, a spatial separation of the explosion-hazard device region from the triggering unit 9 is ensured via the transmission link 7. This is particularly necessary in cases where the triggering unit may generate a switching spark during triggering, which may constitute an ignition source.
Although in the embodiment shown only a measuring unit 1 is provided, it is of course possible to measure a plurality of safety-relevant and other operating parameters of the analysis device.
In the following fig. 2 to 10, different examples of transmission forms are shown, which can be used to transmit operating states during data transmission.
In the case of data transmission via the communication interface 6, at least information about the operating state is transmitted. However, the transfer of conventional data information is a fundamental task of the communication interface. Preferably, both the information about the operating state and the regular data are transmitted via a single communication interface. In a preferred embodiment, information about the at least one measured safety-relevant parameter is therefore additionally transmitted at least in normal operation and preferably also in the first critical operating state.
Fig. 2 shows a first exemplary embodiment of a signal change process in the form of a transmission in normal operation and in a first critical operating state. In order to distinguish the two operating states from one another, a first distinguishing characteristic is used, which is realized here by different transmission frequencies. Thus, signals which also contain information about the measured safety-relevant parameter are transmitted in normal operation at frequencies above the determined limit frequency. However, if it is determined by the operating state determining unit 3 that the measured safety-related parameter does not meet the predetermined limit value and, therefore, a first critical operating state exists, data transmission is performed at a transmission frequency lower than the determined limit frequency, as can be seen from fig. 2.
If in the case of the first critical operating state no information of the measured safety-relevant parameter has to be transmitted, it is also possible, for example, to simply stop the data transmission in the first critical operating state, as is shown in the embodiment according to fig. 3.
Although in the embodiment of fig. 2 the first distinguishing feature of the transmission form between the normal running transmission form and the transmission form in the first critical running state is realized by different transmission frequencies, the embodiment of fig. 4 shows a transmission form in which the transmission is carried out with a significantly reduced amplitude in the case of the first critical running state.
Another alternative is shown in fig. 5, in which signals are transmitted with different DC offset voltages in normal operation and in a first critical operating state. Thus, the DC offset voltage U is used in normal operation 1 While in the first critical operating state, a value higher than U is used Z DC offset voltage U of (2) 2 。
Finally, fig. 6 also shows a final embodiment of how the transmission form in normal operation can be distinguished from the transmission form in the first critical operating state. In this case, a continuous data transmission is carried out in normal operation, while in the case of the first critical operating state the data transmission is interrupted by a sufficient pause.
Of course, other distinguishing criteria are also conceivable within the scope of the invention, in particular combinations of the examples shown can also be used.
Different examples of different transmission forms for illustrating the normal operation and the second critical operation state are described below with reference to fig. 7 to 10.
In the embodiment according to fig. 7, the cancellation of the data transmission is shown as the second critical operating state. In the exemplary embodiment according to fig. 3, this error state is selected in a targeted manner as a transmission form for the first critical operating state. Thus, the same distinguishing features are used between the normal operation and the first critical operation state and between the normal operation and the second critical operation state. This is especially sufficient for situations where no information of the measured safety-related parameter needs to be transmitted and the first and second critical operating states result in activation of the trigger unit in the same way.
However, it is often helpful for the receiving side if a distinction can be made between a first critical operating state and a second critical operating state. Thus, for the first critical operating state, the DC level may be shifted to a level different from ground as defined according to the embodiment in fig. 5, in order to thus distinguish from an error state of the second critical operating state of the communication interface 6 according to the embodiment in fig. 7. In this case, all 3 operating states can be analyzed differently on the receiving side using their transmission form characterizing the respective operating state: the transmission pattern in fig. 5 for the normal operation and the first critical operation state and the transmission pattern in fig. 7 for the second critical operation state, respectively. The first distinguishing feature with defined DC offset and the second distinguishing feature with defined limiting frequency according to the embodiment in fig. 5 have a common characteristic: data signals in a defined DC offset range and in a defined frequency range.
The embodiments according to fig. 9 and 10 show further error states of the second critical operating state, which can likewise be selected in a targeted manner as in the embodiments according to fig. 5 and 4 for the respective transmission form of the first critical operating state if the same distinguishing characteristics are desired between normal operation and the first critical operating state and between normal operation and the second critical operating state. If it is originally only checked in the second evaluation unit whether normal operation or one of the two critical operating states is present, wherein the triggering unit is activated both in the case of the first critical operating state and in the case of the second critical operating state, there is no need to distinguish these two critical operating states from one another by means of different transmission forms.
A conceivable embodiment for the second analysis unit 8 is further elucidated below with respect to fig. 11. In order to ensure an increased analysis reliability, the first analysis channel 80 is configured as a software-controlled implementation and has, for example, a microcontroller which analyzes the data signals to be transmitted from the communication interface 6 via the transmission link 7. In addition to the analysis of the transmitted operating states, it is of course also possible to analyze information about the measured safety-relevant parameters in the first analysis channel in order to influence the operation of the device if necessary. Thus, for example, in the event of a sharply increased temperature being determined, the power of the device can be reduced in order to prevent premature activation of the triggering device. If it is determined in the microcontroller that a first or second critical operating state exists, a trigger signal 83 is generated, which triggers the activation of the trigger unit via the or gate 82.
The second analysis channel 81 is constructed as a hardware-controlled implementation and preferably contains simple and robust circuit technology which is only designed to detect the transmitted operating state in order to subsequently generate a trigger signal 84 in the event that one of the two critical operating states is detected. In the illustrated embodiment, the second analysis channel 81 has a high pass filter 81a and a frequency monitoring circuit 81b. For transmission forms (according to fig. 5 and 9) with defined DC offset as the first and second distinguishing characteristics, the high pass filter 81a may combine the voltage limiter V1 with the terminal voltage U Z And (5) integration. Terminal voltage U Z Greater than DC offset voltage U for normal operation 1 However less than the DC offset voltage U for the first critical operation (fig. 5) 2 And is also smaller than the possible DC offset voltage U in the error state for the second critical operation (fig. 9) 2 . The frequency monitoring circuit 81b monitors the signal passing through the high-pass filter 81a using the evaluated electrostatic current principle. Accordingly, the operation of the monitored device is only switched on if the data transmission on the communication interface 6 has a transmission form allocated to normal operation. In the embodiment according to fig. 2, the normal transmission form is a continuous data transmission by a frequency higher than the limit frequency of the high-pass filter 61aAnd (5) conveying. The transmission signal with the lower frequency, which does not correspond to the transmission form of normal operation, is attenuated or blocked by the high-pass filter 81a, so that the frequency monitoring circuit 81b generates the trigger signal 84 for activating the trigger unit 9.
The trigger signals 83 and 84 of the two analysis channels 80, 81 are or-linked to activate the trigger unit 9 in the presence of at least one of the two trigger signals 83, 84. For this purpose, in the or gate 82, the first trigger signal 83 via the transistor Q3 is linked with the second trigger signal 84 via the transistor Q4 as follows to form an output signal via the trigger unit 9:
at Q3 Cut-off Or Q4 Cut-off The trigger unit is activated.
Claims (14)
1. A method for monitoring a device, wherein
a. At least one security-related parameter of the device is measured,
b. the measured safety-related parameters are analyzed in a first analysis unit for compliance with at least one predetermined limit value,
c. the first analysis unit (2) is arranged on the transmitting side of a communication interface (6), and the triggering unit is arranged on the receiving side of the communication interface (6) and performs data transmission between the transmitting side and the receiving side, and wherein in addition
d. Distinguishing between three operating states, namely normal operation, a first critical operating state and a second critical operating state, wherein
d1. The normal operation is characterized in that the at least one measured safety-related parameter corresponds to the at least one predetermined limit value and that no technical fault is present which prevents an effective data transmission via the communication interface (6),
d2. the first critical operating state is characterized in that the measured safety-related parameter exceeds the at least one predetermined limit value and in that no technical fault is present which prevents an effective data transmission via the communication interface (6), and
d3. the second critical operating state is characterized by a technical fault that prevents effective data transmission via the communication interface (6), and wherein
e. Transmitting at least information about the operating state during data transmission, and
f. a second evaluation unit (8) connected to the triggering unit is provided on the receiving side of the communication interface (6), said second evaluation unit evaluating information about the operating state in the first and second evaluation channels (80, 81) independently of one another,
g. wherein the triggering unit (9) is activated when the first critical operating state or the second critical operating state is present, in order to bring the device into a safe state.
2. Method according to claim 1, characterized in that each operating state is assigned at least one transmission form for the data transmission, which represents the determined operating state.
3. Method according to claim 1, characterized in that each error state of the communication interface (6) blocking the transmission of useful data via the communication interface (6) is assigned a transmission form for the second critical operation.
4. Method according to claim 2, characterized in that the analysis of the information about the operating state is performed in the second analysis unit (8) by analyzing the transmission form.
5. Method according to claim 2, characterized in that, for differentiation, the transmission form characterizing the normal operation is differentiated from the transmission form characterizing the first critical operating state by at least a first differentiating feature and from the transmission form characterizing the second critical operating state by at least a second differentiating feature.
6. The method of claim 5, wherein the first distinguishing feature and the second distinguishing feature have a common characteristic that enables distinguishing the normal operation from both the first critical operating state and the second critical operating state.
7. The method of claim 5, wherein the first distinguishing feature and the second distinguishing feature are the same.
8. Method according to claim 1, characterized in that the first and the second analysis channels (80, 81) are connected to the triggering unit (9) in such a way that the triggering unit (9) is activated when a triggering signal (83, 84) is generated by at least one of the two analysis channels (80, 81).
9. Method according to claim 1, characterized in that in addition to the information about the operating state, information about the measured safety-relevant parameters and/or other operating data are transmitted during the normal operation and/or during the data transmission in the first critical operating state.
10. Method according to claim 1, characterized in that the analysis in the first analysis channel (80) is based on hardware-controlled working principles, whereas the analysis in the second analysis channel (81) is based on software-controlled working principles.
11. An apparatus for performing the method of claim 1, the apparatus having:
a. at least one measuring unit (1) for measuring a safety-relevant parameter of the device,
b. a first analysis unit (2) for analyzing the measured safety-related parameter for compliance with at least one predetermined limit value,
c. a triggering unit (9) to bring the device into a safe state,
d. an operating state determining unit (3) for determining an operating state of the device, wherein a distinction is made between three operating states, namely a normal operation, a first critical operating state and a second critical operating state, wherein
d1. The normal operation is characterized in that the at least one measured safety-related parameter corresponds to the at least one predetermined limit value and that no technical fault is present which prevents an effective data transmission via the communication interface (6),
d2. the first critical operating state is characterized in that the measured safety-related parameter exceeds the at least one predetermined limit value and in that no technical fault is present which prevents an effective data transmission via the communication interface (6), and
d3. the second critical operating state is characterized in that a technical fault is present which prevents an effective data transmission via the communication interface (6),
e. a communication interface (6) for data transmission of an operating state between a transmitting side and a receiving side, wherein the first analysis unit (2) and the operating state determination unit (3) are arranged on the transmitting side of the communication interface (6), and the triggering unit (9) is arranged on the receiving side of the communication interface (6), and
f. -a second analysis unit (8) with a first and a second analysis channel (80, 81) connected to the triggering unit (9) on the receiving side of the communication interface (6), for monitoring the operating state and for controlling the triggering unit (9) in case of the presence of the first critical operating state or the second critical operating state.
12. The device according to claim 11, characterized in that the first and second analysis channels (80, 81) are connected with the trigger unit (9) via an or gate (82) to activate the trigger unit (9) when at least one of the two analysis channels (80, 81) generates a trigger signal (83, 84).
13. The device according to claim 11, characterized in that it has a signal generating unit (5) for generating an information signal to be transmitted from the transmitting side to the receiving side of the communication interface (6), wherein the information signal has a transmission form characterizing the determined operating state.
14. The apparatus according to claim 11, characterized in that the first analysis channel (80) is configured as a hardware-controlled implementation and the second analysis channel (81) is configured as a software-controlled implementation.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| DE102019117972.6A DE102019117972B4 (en) | 2019-07-03 | 2019-07-03 | Process and device for monitoring a plant |
| DE102019117972.6 | 2019-07-03 |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112187847A CN112187847A (en) | 2021-01-05 |
| CN112187847B true CN112187847B (en) | 2024-04-05 |
Family
ID=73919361
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010633480.0A Active CN112187847B (en) | 2019-07-03 | 2020-07-02 | Method and apparatus for monitoring a device |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN112187847B (en) |
| DE (1) | DE102019117972B4 (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101238536A (en) * | 2005-08-02 | 2008-08-06 | 菲尼克斯电气公司 | Safety switching unit for controlling a safety device into a safe state |
| CN102860036A (en) * | 2010-04-30 | 2013-01-02 | Abb技术有限公司 | Device and method for transmitting measurement signals in spatially extensive supply networks |
| DE102015203250A1 (en) * | 2015-02-24 | 2016-08-25 | Zf Friedrichshafen Ag | Safety device and method for transferring an actuator system to a safe state, actuator system and method for operating an actuator system |
| DE102015116100A1 (en) * | 2015-09-23 | 2017-03-23 | Phoenix Contact Gmbh & Co. Kg | Safety-related control system for the safe control of an actuator |
| CN107407919A (en) * | 2015-03-04 | 2017-11-28 | Abb股份公司 | The operation method of safety control system and safety control system |
| WO2019039971A1 (en) * | 2017-08-25 | 2019-02-28 | Закрытое акционерное общество "КБ "Проминжиниринг" | Threshold control unit for working mechanism or process equipment with input signal diagnosis function |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1967831B1 (en) * | 2007-03-07 | 2012-04-18 | Kriwan Industrie-Elektronik GmbH | Temperature release device |
| DE102014210653A1 (en) * | 2014-06-04 | 2015-12-17 | Conti Temic Microelectronic Gmbh | Device for controlling and / or monitoring a brushless DC motor |
| DE102015001741A1 (en) * | 2015-02-11 | 2016-08-11 | Kuka Roboter Gmbh | Method and system for operating a multi-axis machine, in particular a robot |
-
2019
- 2019-07-03 DE DE102019117972.6A patent/DE102019117972B4/en active Active
-
2020
- 2020-07-02 CN CN202010633480.0A patent/CN112187847B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101238536A (en) * | 2005-08-02 | 2008-08-06 | 菲尼克斯电气公司 | Safety switching unit for controlling a safety device into a safe state |
| CN102860036A (en) * | 2010-04-30 | 2013-01-02 | Abb技术有限公司 | Device and method for transmitting measurement signals in spatially extensive supply networks |
| DE102015203250A1 (en) * | 2015-02-24 | 2016-08-25 | Zf Friedrichshafen Ag | Safety device and method for transferring an actuator system to a safe state, actuator system and method for operating an actuator system |
| CN107407919A (en) * | 2015-03-04 | 2017-11-28 | Abb股份公司 | The operation method of safety control system and safety control system |
| DE102015116100A1 (en) * | 2015-09-23 | 2017-03-23 | Phoenix Contact Gmbh & Co. Kg | Safety-related control system for the safe control of an actuator |
| WO2019039971A1 (en) * | 2017-08-25 | 2019-02-28 | Закрытое акционерное общество "КБ "Проминжиниринг" | Threshold control unit for working mechanism or process equipment with input signal diagnosis function |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112187847A (en) | 2021-01-05 |
| DE102019117972A1 (en) | 2021-01-07 |
| DE102019117972B4 (en) | 2023-05-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105983972B (en) | Robot control system | |
| US20160252891A1 (en) | Safety control system having configurable inputs | |
| US9899175B2 (en) | Safety switching device with failsafe inputs | |
| JP5937665B2 (en) | Self-detection method of static electricity dissipation capability of ion generator | |
| EP3118996B1 (en) | Driving circuit of switching device for electric power control | |
| CN109256288B (en) | Electrical switching device and method for detecting relative wear | |
| CN109075553A (en) | The insurance system of at least one electrical appliance for vehicle | |
| CN112187847B (en) | Method and apparatus for monitoring a device | |
| US11119156B2 (en) | Monitoring arrangement for monitoring a safety sensor and method for monitoring a safety sensor | |
| US10109440B2 (en) | Safety switch | |
| EP2800118A1 (en) | Auto detection of guard locking device | |
| JPH0390869A (en) | Detection of melt-sticking of relay | |
| CN115657450A (en) | Safety control system, circuit and method of industrial robot | |
| JP6269512B2 (en) | Electronic control unit | |
| JP2015165237A (en) | Method and apparatus for zone selection in area monitoring device | |
| KR20150074653A (en) | Relay output module of PLC, and driving method thereof | |
| KR20190005897A (en) | Control system for electrically controlled installations | |
| US10373776B2 (en) | Switch device including dual on/off signal generation units, and numerical control system | |
| US10746610B2 (en) | Safety circuit, a safety circuit operation method and an electrically operated motor comprising a safety circuit | |
| KR20160134551A (en) | Method for monitoring an on-board electrical system | |
| EP4165673A1 (en) | Device and method for the control of safety apparatuses | |
| CN117794679A (en) | Apparatus and method for laser power monitoring | |
| US11619919B2 (en) | Circuit arrangement for switching an electrical load and method for checking a status of a safety output of a circuit arrangement | |
| JP6685466B2 (en) | Safety device position signaling method and safety switch system | |
| CN117581106A (en) | Test arc detection system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |