CN113557481A - Safety control device and safety control system - Google Patents
Safety control device and safety control system Download PDFInfo
- Publication number
- CN113557481A CN113557481A CN201980093657.8A CN201980093657A CN113557481A CN 113557481 A CN113557481 A CN 113557481A CN 201980093657 A CN201980093657 A CN 201980093657A CN 113557481 A CN113557481 A CN 113557481A
- Authority
- CN
- China
- Prior art keywords
- safety
- control
- safety control
- control device
- unit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B19/00—Programme-control systems
- G05B19/02—Programme-control systems electric
- G05B19/04—Programme control other than numerical control, i.e. in sequence controllers or logic controllers
- G05B19/05—Programmable logic controllers, e.g. simulating logic interconnections of signals according to ladder diagrams or function charts
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B9/00—Safety arrangements
- G05B9/02—Safety arrangements electric
Abstract
The safety control device (2) receives a safety input signal from an external safety input device (50) via a safety dedicated bus (8), the safety control device transmits a safety output signal to a device to be controlled to perform safety control, and transmits safety control data including a safety input signal and a safety output signal to a general control device (4) which is connected via a CPU bus (9) and performs control other than safety control, and comprises an electronic component (6), the safety control device comprises an input part (6a) to which an electric signal is input and an output part (6b) which outputs the electric signal, wherein the electronic part (6) temporarily converts safety control data into light or magnetism and then converts the light or magnetism into the electric signal, the control data is transmitted to the general control device (4) through a CPU bus (9) by an output unit (6b), and reception of the control data from the general control device (4) is cut off.
Description
Technical Field
The present invention relates to a safety control device and a safety control system that execute a safety function.
Background
In factories and the like using robots, pressing machines, and the like, control with high safety is required, and therefore, a control system having a safety function is introduced. The safety function is a fail-safe function, and for example, refers to a function of stopping control when an abnormality occurs in control of a controller or the like, and performing safety control so that a safety of a device or the like to be controlled is ensured.
In patent document 1, a safety controller, which is a safety control device for performing safety control, and a non-safety controller, which is a general device for performing control other than safety control, are bus-connected via a CPU bus, and the entire system is coordinated. The safety controller is in bus connection with other safety units through a safety special bus to realize the safety function.
Patent document 1: japanese patent laid-open publication No. 2007 & 193843
Disclosure of Invention
In the safety controller and the system described in patent document 1, since the safety controller and the non-safety controller are connected by bus connection via a CPU bus, there is a possibility that the control data of the non-safety controller is introduced into the safety controller. Since the safety controller cannot secure the safety function if the safety controller uses the control data of the non-safety controller for safety control, the safety controller and the system described in patent document 1 are set to reject the input of the control data by firmware or the like, for example. However, there is a problem that the safety function may not be ensured when the firmware or the like is broken down or the like.
The present invention has been made to solve the above-described problems, and an object of the present invention is to provide a safety control device and a safety control system that ensure a safety function without causing an influence of control data for general control on safety control when a safety control device and a general control device are connected.
In order to solve the above-described problems and achieve the object, a safety control device according to the present invention receives a safety input signal from an external safety input device via a safety dedicated bus, transmits a safety output signal to a device to be controlled to perform safety control, and transmits safety control data, which is a safety input signal and a safety output signal, to a general control device connected via a CPU bus and performing control different from the safety control. The safety control device includes an electronic component having an input portion to which an electric signal is input and an output portion that outputs the electric signal. The electronic component temporarily converts safety control data, which is an electric signal received via the safety dedicated bus by the input unit, into light or magnetism, then converts the electric signal into an electric signal, and transmits the electric signal to the general control device via the CPU bus by the output unit, thereby interrupting the reception of control data from the general control device.
Further, a safety control system according to the present invention includes: a safety control device having a safety control circuit for transmitting a safety output signal for safety control to a device to be controlled, based on a safety input signal from an external safety input device; a plurality of general control devices including a CPU unit and performing control different from safety control; a coordination control circuit for coordinating a dedicated safety bus used for transmitting safety control data, which is a safety input signal and a safety output signal, to another unit and a CPU bus for performing communication of control data in a general control device; and an electronic component provided with an input unit to which safety control data is input on the side of the safety control circuit, and an output unit for outputting the safety control data on the side of the coordination control circuit. The electronic component temporarily converts safety control data, which is an electric signal received via the safety dedicated bus by the input unit, into light or magnetism, then converts the electric signal into an electric signal, and transmits the electric signal to the general control device via the CPU bus by the output unit, thereby interrupting the reception of control data from the general control device.
ADVANTAGEOUS EFFECTS OF INVENTION
According to the safety control device and the safety control system of the present invention, the electronic component provided in the safety control device converts the safety control data, which is an electric signal, into light or magnetism once, and then into the electric signal to transmit the electric signal to the CPU bus.
Drawings
Fig. 1 is a diagram showing a configuration of a safety control system including a safety control device according to embodiment 1 of the present invention.
Fig. 2 is a diagram showing a configuration of a safety control device according to embodiment 1 of the present invention.
Fig. 3 is a diagram showing a configuration of a cooperative control circuit of a safety control device according to embodiment 1 of the present invention.
Fig. 4 is a diagram showing a configuration of a safety control system according to embodiment 2 of the present invention.
Fig. 5 is a diagram showing a configuration of a safety control system according to embodiment 3 of the present invention.
Detailed Description
Next, a safety control device and a safety control system according to an embodiment of the present invention will be described with reference to the drawings. The same reference numerals are given to the common components in the embodiments, and the description thereof is omitted. The present invention is not limited to the embodiments.
Fig. 1 is a diagram showing a configuration of a safety control system including a safety control device according to embodiment 1 of the present invention. The safety control system 100 includes power supplies 1a and 1b for supplying power, a safety CPU unit 2 serving as a safety control device for performing safety control, a safety input/output unit 3, a CPU unit 4a serving as a general control device 4 for performing control other than safety control, and a general control unit 4 b. The power supply 1a is incorporated in the safety CPU unit 2, and the power supply 1b is incorporated in the CPU unit 4 a.
In the field of mechanical safety using safety devices such as the safety CPU unit 2, the safety-related electric control systems in the entire control system are referred to as safety-related units, and the other parts are referred to as non-safety-related units, so that they are distinguished from each other. The unsafe related part is a control system part for the mechanical equipment to exhibit its performance, and is a general control device 4 in embodiment 1. Specifically, the positioning control of the movable range of the machine, the control of the motor rotation speed, and the like control important functions of the machine. On the other hand, the safety-related part is mainly a control system part that ensures safety for the operator of the mechanical equipment, and when safety is confirmed, the safety-related part receives a start command from the general control device 4, which is a non-safety-related part, and controls the operation of the equipment to be controlled.
In the safety control system 100 according to embodiment 1, the safety input device 50 and the controlled output device 60 are connected to the safety CPU unit 2 serving as a safety-related part, and the controlled output device 60 is connected to the CPU unit 4a or the general control unit 4b serving as an unsafe-related part. By these devices, a safety control system using an fa (factory automation) system in a factory is realized. The safety input device 50 is, for example, an input device such as an emergency stop button or a light curtain. The controlled object output device 60, which is a device to be controlled, is a motor or the like, and is referred to as a driving device of a mechanical device.
The safety input/output unit 3 is a device that receives a safety input signal from an external safety input device 50, that is, receives safety control data. The secure input/output unit 3 transmits the received secure control data to the secure CPU unit 2 via the secure dedicated bus 8. When there are a plurality of safety input devices 50, the safety input/output unit 3 is added to correspond to a plurality of safety inputs. In fig. 1, the configuration in which only the safety input device 50 is connected to the safety input/output unit 3 is illustrated, but a control target output device 60 may be connected thereto.
In a situation where the safety of the mechanical device is ensured, the safety input device 50 transmits an electric signal indicating a safe state to the safety CPU unit 2 and the safety input/output unit 3. The electrical signal representing the safe state is referred to herein as the safe input signal. The safety CPU unit 2 that has received the safety input signal transmits an electric signal for permitting operation to the controlled object output device 60. The electrical signal that allows operation is referred to herein as the safety output signal. In other words, the safety CPU unit 2 that has received the safety input signal outputs a safety output signal to the control target output device 60. The controlled object output device 60 that has received the safety output signal operates in accordance with the control from the general control unit 4 b.
On the other hand, in a state where safety cannot be confirmed, for example, when it is detected that an operator in the plant enters a dangerous area or when an operator of plant equipment or the like presses a mechanical stop switch, the safety input device 50 stops transmission of the safety input signal. That is, if there is an input of the security input device 50, the transmission of the security input signal is stopped. Next, the safety CPU unit 2 stops transmission of the safety output signal to the control target output device 60. Thereby, the controlled object output device 60 stops operating. In fig. 1, only 1 control target output device 60 is described, but a plurality of control target output devices may be provided.
Here, the safety input signal and the safety output signal are collectively referred to as safety control data. The safety control data is an electric signal for performing a process of a safety function, is processed by the safety control circuit 5, and is communicated between the safety CPU unit 2 and the safety input/output unit 3 via the safety dedicated bus 8. In the present embodiment, the safety control data is a safety input signal and a safety output signal, but is not limited to these, and may include information that stops transmission of the safety input signal by input of the safety input device 50, information that stops output of a safety output signal transmitted to the controlled output device 60 by the safety control circuit 5, configuration management information of the safety CPU unit 2 and the safety input/output unit 3 included in the safety control circuit 5, information in which a program of a logic circuit is described, and other so-called configuration information.
The safety CPU unit 2 and the safety input/output unit 3 of the safety control system 100 are connected to each other via a safety dedicated bus 8. The secure CPU unit 2 is connected to a CPU bus 9 via the cooperative control circuit 7. The CPU unit 4a and the general control unit 4b are bus-connected by a CPU bus 9. In the safety control system 100, the safety input/output unit 3 and the general control unit 4b may be connected to a plurality of buses.
The secure dedicated bus 8 is a bus for transmitting and receiving secure control data between the secure CPU unit 2 and the secure input/output unit 3. The safety control data ensures the reliability of safety by using the safety dedicated bus 8. The CPU bus 9 transmits and receives control data other than the safety control between the CPU unit 4a and the general control unit 4b and between the general control unit 4b and the cooperative control circuit 7.
Fig. 2 is a configuration diagram of a safety CPU unit as a safety control device according to embodiment 1 of the present invention. The safety CPU unit 2 serving as a safety control device is composed of a power supply 1a for supplying power, a safety control circuit 5, an insulating element 6, and a coordination control circuit 7. The security control circuit 5 of the secure CPU unit 2 receives security control data from the external security input device 50 via the security dedicated bus 8. The safety control circuit 5 controls the output of the safety output signal to the controlled object output device 60 in accordance with the received safety control data.
The insulating element 6 of the safety CPU unit 2 transmits the electric signal while electrically insulating the same by converting the safety control data, which is the electric signal received from the safety exclusive bus 8, into light or magnetism once and restoring the same to the electric signal again. Specifically, the insulating element 6 has an input unit 6a for inputting safety control data and an output unit 6b for outputting safety control data, and the safety control data is converted into an optical or magnetic signal by the input unit 6a, and the safety control data is restored into an electric signal again by the output unit 6b and then transmitted to the coordination control circuit 7 described later. The coordination control circuit 7 transmits the safety control data to the general control device 4 via the CPU bus 9. That is, the insulating element 6 electrically insulates the safety CPU unit 2 from a general control device 4, which is described later, that performs control other than safety control. The insulating member 6 is, for example, a photocoupler or a digital isolator.
Here, a product having a security function obtains security certification in accordance with a security standard (IEC, ISO standard, or the like) before shipment of the product, and the product assurance obtained with the security certification is controlled on the security side. However, when a general control device 4 that does not acquire the safety certification fails, if the control is performed on the safety side, the device may run away, and the safety function may not be ensured. In the above case, control data of the general control device 4 is introduced into the safety CPU unit 2 or the safety input/output unit 3, and when the introduced control data is used for safety control, the safety function cannot be ensured. Therefore, the safety CPU unit 2 or the safety input/output unit 3 needs to be turned off so as not to receive control data from the general control device 4. The control data of the general control device 4 is data for controlling the operation of the controlled object output device 60.
The insulating element 6 has an input portion 6a for an electric signal on the side of the safety control circuit 5 and an output portion 6b for an electric signal on the side of the coordination control circuit 7. The output unit 6b of the insulating element 6 transmits only the safety control data converted into the electric signal again by the output unit 6b, and does not receive the electric signal. That is, the CPU bus 9 does not receive control data, which is an electric signal, via the cooperative control circuit 7. As a result, the reception of the control data from the CPU bus 9 can be interrupted. With this configuration, the safety control data transmitted and received between the safety CPU unit 2 and the safety input/output unit 3 can be transmitted to the general control device 4, but the safety CPU unit 2 or the safety input/output unit 3 can be prevented from receiving the control data from the general control device 4.
While the safety control system 100 is operating, the safety control data is communicated in the safety dedicated bus 8 or the CPU bus 9, and the control data of the general control device 4 is always communicated in the CPU bus 9. Thus, each time the input unit 6a of the insulating element 6 receives the safety control data transmitted via the safety-dedicated bus 8, the received safety control data is transmitted to the output unit 6b while being electrically insulated as described above, and is transmitted from the output unit 6b to the cooperative control circuit 7 via the safety-dedicated bus 8.
Fig. 3 is a diagram showing a configuration of the cooperative control circuit 7 of the safety CPU unit 2. The coordination call control circuit 7 is composed of a security dedicated bus I/F (interface) 10, a security control data receiving unit 11, a security control data analyzing unit 12, a security control data forwarding unit 13, and a CPU bus I/F14. The cooperation call control circuit 7 loads the safety control data into the memory of the CPU bus I/F14 and sends the data to the CPU bus 9.
The safety control data receiving unit 11 receives safety control data for performing a process of a safety function via the safety dedicated bus I/F10, and transmits the received safety control data to the safety control data analyzing unit 12. The safety control data analysis unit 12 analyzes the safety control data received from the safety control data reception unit 11, and checks whether or not there is a data scramble code or a data error in the safety control data. If there is no data error, data corresponding to the general control device 4 is created based on the safety control data, and the created data is transmitted to the safety control data transfer unit 13. When there is a data error, the received error data itself is discarded, and a log indicating that the data error is detected is stored in a memory, not shown, included in the cooperative call control circuit 7. The user can check whether or not the referenced data is updated by checking the memory appropriately with a not-shown engineering tool connected to the CPU unit 4a of the general control device 4.
The safety control data transfer unit 13 transmits the safety control data corresponding to the general control devices 4 received from the safety control data analysis unit 12 to each of the general control devices 4 via the CPU bus I/F14 and the CPU bus 9.
The safety control data transmitted to the general control device 4 can be confirmed by an engineering tool, not shown, connected to the CPU unit 4a of the general control device 4. Here, when an error code or the like indicating that a failure or the like has occurred due to an internal factor of the safety CPU unit 2 exists in the safety control data received by the general control device 4 via the CPU bus 9, the user can check the error code with an engineering tool connected to the CPU unit 4 a. When the error code is confirmed, the safety control data received by the general control device 4 via the CPU bus 9 may not be accurate information, and therefore the user can perform processing such as stopping the control of the general control device 4. As described above, the safety control data transmitted to the general control device 4 can be used for monitoring the safety state.
The CPU unit 4a is a unit that becomes a control center of a PLC (programmable logic controller). The system mainly comprises a user program, an I/O memory, an execution engine, a program memory, an external communication I/F, CPU bus I/F and the like.
The general control unit 4b is, for example, an I/O unit, a network unit, a temperature adjustment unit, or the like. The general control unit 4b can select a device according to a purpose, by controlling the device by a user in a factory or the like.
In the safety control system 100, the safety CPU unit 2 incorporates a power supply 1a, and the CPU unit 4a incorporates a power supply 1 b. That is, the safety control side and the general control side are supplied with power through separate power supply systems.
Here, in a system in which a device for performing safety control and a general control device other than safety control cooperate, if power is supplied from the same power supply system, if one device is turned OFF or reset, the other device is similarly turned OFF or reset. For example, even in the case where only the CPU unit performs system expansion, if the CPU unit is stopped by power OFF, the secure CPU unit that does not perform system expansion must be temporarily stopped. This may cause the worker to perform work while stopping the safety CPU unit, which may result in a failure to ensure safety.
As in the safety control system 100 according to embodiment 1, if the safety CPU unit 2 and the CPU unit 4a are configured to be supplied with power from a separate power supply system, even if power is turned OFF only for the CPU unit 4a to perform system expansion or the like, the safety CPU unit 2 is not affected, and therefore, system expansion or the like can be performed while ensuring a safety function.
As described above, according to the safety control system according to embodiment 1, by providing the insulating element in the safety CPU unit serving as the safety control device, it is possible to prevent data for general control from being introduced into the safety CPU unit without setting to reject the input of control data by firmware or the like. In addition, the safety function can be ensured regardless of the failure of the firmware or the like.
Further, since the safety CPU unit serving as the safety control device for performing the safety control and the CPU unit serving as the general control device have separate power supplies, even if the power supply of one unit is turned OFF, the system can be expanded and the configuration can be changed without affecting the function of the other unit. That is, the safety control system can secure the safety function even when the power supply of the general control device is turned OFF for system expansion or configuration change.
Fig. 4 is a diagram showing a configuration of a safety control system according to embodiment 2. In the safety control system 200 of fig. 4, the insulating element 6 and the cooperative control circuit 7 of the safety CPU unit 2 are provided outside the safety CPU unit 2 as the cooperative circuit unit 15. In this case, the procedure of transmission and reception of the safety control data is also the same as that of embodiment 1. The connection between the safety CPU unit 2 and the coordinator circuit unit 15, or the connection between the general control unit 4b and the coordinator circuit unit 15 may be made by an additional connector provided on a side surface of each unit, or may be made by an additional cable or the like.
The coordination circuit unit 15 is composed of the insulating element 6 and the coordination control circuit 7. Here, since the secure CPU unit 2 has a security function, it is necessary to obtain security certification in accordance with a security standard before product shipment. The test of safety certification includes standard application expense, etc., and the cost is high. Test of safety certification in order to test the entire product, it is necessary to obtain the safety certification of the safety CPU unit 2 again even when the insulating element 6 or the cooperative control circuit 7 has a failure and is repaired in the safety CPU unit 2. Therefore, by providing the insulating element 6 and the cooperative control circuit 7 outside the safety CPU unit 2, it is not necessary to obtain the safety certification again after the repair if the insulating element 6 or the cooperative control circuit 7 has failed.
As described above, according to the safety control system of embodiment 2, the coordination control circuit 7 is provided outside the safety CPU unit 2 as the coordination circuit unit 15, and therefore, when only the substrate of the coordination circuit fails, only the substrate of the coordination circuit needs to be replaced, and therefore, repair can be performed at low cost.
Fig. 5 is a diagram showing a configuration of a safety control system according to embodiment 3. The safety control system 300 of fig. 5 includes a safety control engineering tool 16 connected to the safety CPU unit 2 and a general control engineering tool 17 connected to the CPU unit 4 a.
The safety control engineering tool 16 is connected to the safety CPU unit 2, and sets the 1 st configuration information, that is, the configuration information of the safety CPU unit 2 and the safety input/output unit 3. The 1 st configuration information is referred to as configuration management information of the safety CPU unit 2 and the safety input/output unit 3 of the safety control system 300, information in which a program of a logic circuit is described, and the like. In addition, the safety control circuit 5 has the 1 st configuration information. In the present embodiment, the 1 st configuration information is set by the safety control engineering tool 16, but may be set by a hardware component such as a switch mounted on the safety CPU unit 2.
The general control engineering tool 17 is connected to the CPU unit 4a, and sets the CPU unit 4a and the general control unit 4b as the 2 nd arrangement information. The 2 nd arrangement information is referred to as configuration management information of the CPU unit 4a and the general control unit 4b of the safety control system 300, information of a ladder program used by the general control device 4 to perform control for the control target output device 60, and the like. The CPU unit 4a or the general control unit 4b has a control circuit, not shown, having the 2 nd arrangement information. In the present embodiment, the 2 nd arrangement information is set by the general control engineering tool 17, but may be set by a hardware component such as a switch mounted on the CPU unit 4 a.
According to this configuration, since the safety control side and the general control side are divided into the engineering tool and the hardware component for setting the configuration information, the setting and the change of one configuration information are not affected.
The control circuit, not shown, of the CPU unit 4a has a function of collating the 1 st configuration information. The CPU unit 4a having the function of collating the 1 st configuration information has a safety control information storage unit, not shown. When the user inputs an instruction to read the 1 st configuration information via the general control engineering tool 17 at the time of system startup or system change, the CPU unit 4a acquires the 1 st configuration information from the received safety control data and stores the configuration information in the safety control information storage unit. Specifically, the control circuit included in the CPU unit 4a stores the 1 st configuration information in the safety control information storage unit via the CPU bus 9. In the present embodiment, the user inputs an instruction to read the 1 st arrangement information, but the user may directly input the 1 st arrangement information via the general control engineering tool 17.
The comparison with the 1 st configuration information is, specifically, the control circuit of the CPU unit 4a compares the 1 st configuration information stored in the safety control information storage unit with the 1 st configuration information acquired from the safety control data via the CPU bus 9 during the system operation at the time of system startup or system change. When the result of the comparison indicates that there is a difference, the user is notified of the fact by displaying the result on the display unit of the general control engineering tool 17.
As in the present embodiment, the user can confirm whether or not the safety CPU unit 2 or the safety input/output unit 3 operates in an unexpected arrangement by the function of comparing the 1 st configuration information at the time of system startup or system change with the 1 st configuration information during system operation.
For example, even if the arrangement of the output operation of the safety control performed by the safety CPU unit 2 or the safety input/output unit 3 is changed from the operation content set at the time of system startup or system change to an unexpected operation content, the user of the safety control engineering tool 16 can confirm whether or not the safety CPU unit 2 performs the safety control as set.
In addition, when the result of the comparison indicates that there is a difference, the user may be notified and stop the general control, or may continue the general control and notify only the abnormality. In embodiment 3, the arrangement information is collated using the general control engineering tool 17, but may be collated by firmware, not shown, in the CPU unit 4 a. In this case, if there is a difference in the result of the comparison, the error of the CPU unit 4a is displayed on a display unit, not shown, of the CPU unit 4a, and notified to the user.
As described above, according to the safety control system of embodiment 3, the general control device has a function of checking the arrangement of the safety CPU unit and the safety input/output unit, and thereby it is possible to confirm whether or not the safety CPU unit or the safety input/output unit performs safety control as set by the user at the time of system startup or system change, and it is possible to improve safety.
Description of the reference numerals
1a and 1b power supplies, 2 a safety CPU unit, 3 a safety input/output unit, 4a general control device, 4a CPU unit, 4b general control unit, 5 a safety control circuit, 6 an insulating element, 7 a coordination control circuit, 8 a safety dedicated bus, 9 CPU bus, 10 a safety dedicated bus I/F, 11 a safety control data receiving unit, 12 a safety control data analyzing unit, 13 a safety control data forwarding unit, 14 CPU bus I/F, 15 a coordination circuit unit, 16 a safety control engineering tool, 17 a general control engineering tool, 50 a safety input device, and 60 a control target output device.
Claims (13)
1. A safety control device which receives a safety input signal from an external safety input device via a safety dedicated bus, transmits a safety output signal to a device to be controlled to perform safety control, and transmits safety control data, which is the safety input signal and the safety output signal, to a general control device connected via a CPU bus and performing control different from the safety control,
the safety control device is characterized in that,
has an electronic component having an input section to which an electric signal is input and an output section which outputs the electric signal,
the electronic component temporarily converts the safety control data, which is an electrical signal received via the safety-dedicated bus via the input unit, into light or magnetism, then converts the converted electrical signal into an electrical signal, and transmits the electrical signal to the general-control device via the CPU bus via the output unit, thereby interrupting reception of control data from the general-control device.
2. The safety control device according to claim 1,
the safety control device includes:
a safety control circuit for transmitting the safety output signal to the device to be controlled, based on the safety input signal from the safety input device; and
and a coordination control circuit for coordinating a dedicated security bus used for transmitting the security control data to another unit with a CPU bus for performing communication of control data in a general control device that performs control different from the security control.
3. The safety control device according to claim 1 or 2,
the safety control device has a power supply.
4. The safety control device according to claim 2,
the safety control circuit controls the plurality of other units.
5. The safety control device according to any one of claims 1 to 4,
the electronic component is an insulating element.
6. A safety control system, comprising:
a safety control device having a safety control circuit for transmitting a safety output signal for safety control to a device to be controlled, based on a safety input signal from an external safety input device;
a plurality of general control devices including a CPU unit and performing control different from safety control;
a coordination control circuit for coordinating a dedicated safety bus used for transmitting safety control data, which is the safety input signal and the safety output signal, to another unit and a CPU bus for performing communication of control data in the general control device; and
an electronic component having an input unit to which the safety control data is input on the safety control circuit side and an output unit for outputting the safety control data on the coordination control circuit side,
the electronic component temporarily converts the safety control data, which is an electrical signal received via the safety-dedicated bus via the input unit, into light or magnetism, then converts the converted electrical signal into an electrical signal, and transmits the electrical signal to the general-control device via the CPU bus via the output unit, thereby interrupting reception of control data from the general-control device.
7. The safety control system according to claim 6,
the safety control device and the general control device each have a power supply.
8. The safety control system according to claim 6 or 7,
the safety control device stores the 1 st configuration information, and the general control device stores the 2 nd configuration information.
9. The safety control system according to claim 8,
the security control data includes the 1 st configuration information.
10. The safety control system according to claim 8,
the 1 st configuration information is set by an engineering tool connected to the safety control device, and the 2 nd configuration information is set by an engineering tool connected to the general control device.
11. The safety control system according to claim 8,
the safety control device sets the 1 st configuration information by a hardware component mounted on the device, and the general control device sets the 2 nd configuration information by a hardware component mounted on the device.
12. The safety control system according to claim 8,
the general control device includes a safety control information storage unit that stores the 1 st configuration information set at system startup or system change, and has a function of comparing the 1 st configuration information stored in the safety control information storage unit with the 1 st configuration information in the safety control data acquired via the CPU bus during system operation.
13. The safety control system according to any one of claims 6 to 12,
the electronic component is an insulating element.
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| PCT/JP2019/009653 WO2020183559A1 (en) | 2019-03-11 | 2019-03-11 | Safety control device and safety control system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113557481A true CN113557481A (en) | 2021-10-26 |
| CN113557481B CN113557481B (en) | 2022-09-23 |
Family
ID=69166770
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201980093657.8A Active CN113557481B (en) | 2019-03-11 | 2019-03-11 | Safety control device and safety control system |
Country Status (3)
| Country | Link |
|---|---|
| JP (1) | JP6635238B1 (en) |
| CN (1) | CN113557481B (en) |
| WO (1) | WO2020183559A1 (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040210326A1 (en) * | 2001-05-31 | 2004-10-21 | Yasuo Muneta | Safety unit controller system, controller concatenation method, controller system control method, and controller system monitor method |
| CN202205077U (en) * | 2011-03-30 | 2012-04-25 | 北京四利通控制技术有限公司 | Self-adaptive PID (Proportion Integration Differentiation) control system applied to active front end |
| JP2012150618A (en) * | 2011-01-18 | 2012-08-09 | Fuji Electric Co Ltd | Safety control system |
| CN204794951U (en) * | 2015-07-29 | 2015-11-18 | 广州一康医疗设备实业有限公司 | Urgent arresting stop |
| CN108073139A (en) * | 2016-11-16 | 2018-05-25 | 发那科株式会社 | Safety switching apparatus, operating terminal and Machinery Control System |
| CN108724223A (en) * | 2017-04-14 | 2018-11-02 | 罗普伺达机器人有限公司 | Robot controller |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2528225Y2 (en) * | 1993-11-09 | 1997-03-05 | 株式会社京三製作所 | Electronic interlocking device |
| JP4492635B2 (en) * | 2001-05-31 | 2010-06-30 | オムロン株式会社 | SAFETY CONTROLLER, CONTROLLER SYSTEM, CONTROLLER CONNECTION METHOD, AND CONTROLLER SYSTEM CONTROL METHOD |
| JP2008009794A (en) * | 2006-06-30 | 2008-01-17 | Hitachi Ltd | Programmable electronic controller, and communication control method for programmable electronic apparatus |
| JP2010262432A (en) * | 2009-05-01 | 2010-11-18 | Mitsubishi Electric Corp | Safety controller |
| DE102010025675B3 (en) * | 2010-06-25 | 2011-11-10 | Pilz Gmbh & Co. Kg | Safety circuit arrangement for fail-safe switching on and off of a dangerous system |
| WO2017122297A1 (en) * | 2016-01-13 | 2017-07-20 | 三菱電機株式会社 | Electronic device and fa device |
-
2019
- 2019-03-11 JP JP2019547531A patent/JP6635238B1/en active Active
- 2019-03-11 CN CN201980093657.8A patent/CN113557481B/en active Active
- 2019-03-11 WO PCT/JP2019/009653 patent/WO2020183559A1/en active Application Filing
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040210326A1 (en) * | 2001-05-31 | 2004-10-21 | Yasuo Muneta | Safety unit controller system, controller concatenation method, controller system control method, and controller system monitor method |
| JP2012150618A (en) * | 2011-01-18 | 2012-08-09 | Fuji Electric Co Ltd | Safety control system |
| CN202205077U (en) * | 2011-03-30 | 2012-04-25 | 北京四利通控制技术有限公司 | Self-adaptive PID (Proportion Integration Differentiation) control system applied to active front end |
| CN204794951U (en) * | 2015-07-29 | 2015-11-18 | 广州一康医疗设备实业有限公司 | Urgent arresting stop |
| CN108073139A (en) * | 2016-11-16 | 2018-05-25 | 发那科株式会社 | Safety switching apparatus, operating terminal and Machinery Control System |
| CN108724223A (en) * | 2017-04-14 | 2018-11-02 | 罗普伺达机器人有限公司 | Robot controller |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113557481B (en) | 2022-09-23 |
| WO2020183559A1 (en) | 2020-09-17 |
| JPWO2020183559A1 (en) | 2021-03-18 |
| JP6635238B1 (en) | 2020-01-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8887000B2 (en) | Safety device | |
| JP4893931B2 (en) | Safety controller | |
| EP3588208B1 (en) | Servo system | |
| US10969759B2 (en) | Safety controller module | |
| EP2228699B1 (en) | I/O unit and industrial controller | |
| US20110098830A1 (en) | Safety Controller | |
| EP3364258B1 (en) | Control system | |
| US7844865B2 (en) | Bus module for connection to a bus system and use of such a bus module in an AS-i bus system | |
| US20110215896A1 (en) | Safety apparatus having a configurable safety controller | |
| KR101735919B1 (en) | Inverter controlling method | |
| CN113557481B (en) | Safety control device and safety control system | |
| US10520910B2 (en) | I/O expansion for safety controller | |
| US20120123562A1 (en) | Control system for controlling a process | |
| US10599117B2 (en) | Safety-oriented automation system | |
| CN112711238B (en) | Data replacement method, device, equipment and storage medium | |
| CN110389567B (en) | Industrial equipment | |
| US20240053717A1 (en) | Modular control apparatus | |
| US20230281076A1 (en) | Data processing procedure for safety instrumentation and control (i&c) systems, i&c system platform, and design procedure for i&c system computing facilities | |
| CN115004540A (en) | Device and method for operating a drive system | |
| KR20140060073A (en) | Fly-by-wire flight control system having an executing data verification function and controlling method therefor |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |