CN113682347B - Train control and management system and train system - Google Patents
Train control and management system and train system Download PDFInfo
- Publication number
- CN113682347B CN113682347B CN202111013609.9A CN202111013609A CN113682347B CN 113682347 B CN113682347 B CN 113682347B CN 202111013609 A CN202111013609 A CN 202111013609A CN 113682347 B CN113682347 B CN 113682347B
- Authority
- CN
- China
- Prior art keywords
- main control
- train
- control board
- different
- management system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 101000879675 Streptomyces lavendulae Subtilisin inhibitor-like protein 4 Proteins 0.000 claims description 28
- 101000879673 Streptomyces coelicolor Subtilisin inhibitor-like protein 3 Proteins 0.000 claims description 20
- 101000880160 Streptomyces rochei Subtilisin inhibitor-like protein 2 Proteins 0.000 claims description 20
- 238000004891 communication Methods 0.000 claims description 16
- 238000012544 monitoring process Methods 0.000 claims description 3
- 230000003137 locomotive effect Effects 0.000 claims 1
- 230000005540 biological transmission Effects 0.000 description 4
- 238000000034 method Methods 0.000 description 4
- 238000004378 air conditioning Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 1
Images
Classifications
-
- B—PERFORMING OPERATIONS; TRANSPORTING
- B61—RAILWAYS
- B61L—GUIDING RAILWAY TRAFFIC; ENSURING THE SAFETY OF RAILWAY TRAFFIC
- B61L15/00—Indicators provided on the vehicle or train for signalling purposes
- B61L15/0018—Communication with or on the vehicle or train
- B61L15/0036—Conductor-based, e.g. using CAN-Bus, train-line or optical fibres
Landscapes
- Engineering & Computer Science (AREA)
- Mechanical Engineering (AREA)
- Electric Propulsion And Braking For Vehicles (AREA)
- Train Traffic Observation, Control, And Security (AREA)
Abstract
The invention provides a train control and management system and a train system, which relate to the technical field of network control of urban rail transit trains, and the train control and management system comprises: the system comprises a first central control unit and an input/output unit; the first central control unit comprises a plurality of main control boards, different main control boards are mutually independent, and functional modules running on different main control boards have different safety levels; the input and output unit is connected with each main control board respectively. The technical scheme provided by the invention can greatly reduce the authentication workload, thereby reducing the authentication cost.
Description
Technical Field
The invention relates to the technical field of network control of urban rail transit trains, in particular to a train control and management system and a train system.
Background
In the urban rail transit field, the requirement on the safety of the vehicle-mounted equipment is higher and higher, and the vehicle-mounted equipment is required to obtain a certificate (including software and hardware) of safety certification. A Control program of an existing Train Control and Management System (TCMS) generally runs in only one CPU, that is, various functional modules in the existing TCMS all run in the same CPU, and once software is changed, all contents of the program need to be changed to analyze influences, for example, when the TCMS communicates with other subsystems on a vehicle, once contents of a port, a protocol, and the like of a certain subsystem are modified, functional modules in the TCMS related to the subsystem need to be authenticated, tested, and confirmed again.
Therefore, the conventional train control and management system is complex in operation, large in workload and high in authentication cost in the aspect of safety authentication of functional modules of the conventional train control and management system.
Disclosure of Invention
In view of the above problems in the prior art, the present application provides a train control and management system and a train system, which can greatly reduce the workload of authentication, thereby reducing the authentication cost.
In order to achieve the purpose, the technical scheme of the invention is realized as follows:
in a first aspect, an embodiment of the present invention provides a train control and management system, where the system includes: the system comprises a first central control unit and an input/output unit; the first central control unit comprises a plurality of main control boards, different main control boards are mutually independent, and functional modules running on different main control boards have different safety levels; the input and output unit is connected with each main control board respectively.
Furthermore, the functional modules running on the same main control board have the same security level.
Preferably, the security level of the functional module comprises: SIL4 level, SIL3 level, SIL2 level, and SIL0 level with successively reduced safety; the main control board operating the functional module with the safety level sequentially comprises the following steps: SIL4 main control board, SIL3 main control board, SIL2 main control board and SIL0 main control board;
the SIL4 main control board, the SIL3 main control board and the SIL2 main control board are used for sending respective state information to the SIL0 main control board;
and the SIL0 main control panel is used for receiving the state information and monitoring the whole train state based on the state information.
Preferably, the SIL4 main control board, the SIL3 main control board, and the SIL2 main control board all send the respective status information to the SIL0 main control board through ethernet or MVB.
Preferably, different said master boards have different communication ports; the input and output unit is connected with the main control board through the communication port of each main control board.
Optionally, the plurality of main control boards are located in the same chassis; or, each main control board is respectively located in different cabinets.
Furthermore, the input/output unit comprises a plurality of input/output board cards, different input/output board cards are independent of each other, and functional modules running on different input/output board cards have different security levels; the input and output board cards are connected to each main control board.
Optionally, the plurality of input/output board cards are located in the same chassis; or, each input/output board card is respectively located in different chassis.
Further, the system further comprises: a second central control unit; the second central control unit is a redundant configuration of the first central control unit.
Preferably, the first central control unit is installed at the head of the train, and the second central control unit is installed at the tail of the train.
In a second aspect, an embodiment of the present invention provides a train system, including: the train control and management system of any of the preceding embodiments, and a plurality of subsystems; each subsystem is connected to the train control and management system; each subsystem is used for realizing different train control functions.
Preferably, each of the subsystems is connected to the train control and management system through an ethernet or MVB.
According to the train control and management system and the train system provided by the embodiment of the invention, the central control unit in the train control and management system is divided into the plurality of main control boards, different main control boards are mutually independent, and the functional modules running on different main control boards have different safety levels, namely the functional modules with different safety levels in the train control and management system are placed in different main control boards for processing, so that the change of the functional module with one safety level cannot influence the functional modules with other safety levels, the authentication workload can be greatly reduced, and the authentication cost is reduced.
Drawings
The scope of the present disclosure will be better understood from the following detailed description of exemplary embodiments, which is to be read in connection with the accompanying drawings. Wherein the included drawings are:
FIG. 1 is a block diagram of a train control and management system in an embodiment of the present invention;
fig. 2 is a diagram of a train system according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the following will describe in detail an implementation method of the present invention with reference to the accompanying drawings and embodiments, so that how to apply technical means to solve the technical problems and achieve the technical effects can be fully understood and implemented.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention, however, the present invention may be practiced in other ways than those specifically described herein, and therefore the scope of the present invention is not limited by the specific embodiments disclosed below.
Example one
According to an embodiment of the present invention, there is provided a train control and management system, as shown in fig. 1, the system according to this embodiment includes:
the system comprises a first central control unit and an input/output unit; the first central control unit comprises a plurality of main control boards, different main control boards are mutually independent, and functional modules running on different main control boards have different safety levels; the input and output unit is connected with each main control board respectively.
Specifically, the hardware of the first central control unit is composed of a plurality of independent main control boards, i.e., a plurality of independent CPUs. The first central control unit comprises a plurality of functional modules, each functional module has a respective safety level, each functional module operates in different main control boards according to the own safety level, and the main control boards are mutually independent. And the functional modules running on the same main control board have the same security level, so that the software authentication operation is further simplified.
In this embodiment, the train control and management system may include not only the first central control unit and the input/output unit, but also a switching relay unit, a display, and other functional modules.
In this embodiment, the security level of the functional module in the first central control unit includes: SIL4, SIL3, SIL2, and SIL0, which are successively reduced in safety, i.e., SIL4 is the highest in safety, with the highest safety level; SIL0 level safety is the lowest, and has the lowest safety level, and the corresponding functional module is a non-safety functional module. And the functional modules corresponding to the SIL4 level, the SIL3 level and the SIL2 level are safety functional modules. For example, the safety function module in the first central control unit includes: the system comprises a traction locking module, an electric brake management module, a speed limit module and the like; the non-safety function module in the first central control unit comprises: control air conditioning modules, lighting modules, etc.
It should be noted that which function modules in the first central control unit are safety function modules, which function modules are non-safety function modules, and how to set the safety levels of the safety function modules can be defined and set according to actual business requirements.
Based on the division of the security level, in this embodiment, the main control board running the functional module with the security level sequentially comprises: the system comprises an SIL4 main control board, an SIL3 main control board, an SIL2 main control board and an SIL0 main control board, wherein the SIL4 main control board runs a function module with the SIL4 level of safety grade, the SIL3 main control board runs a function module with the SIL3 level of safety grade \8230, the function module \8230, and by analogy, all the function modules in the first central control unit are respectively run on different main control boards, so that the function modules do not interfere with each other during software authentication, and the authentication operation is greatly simplified.
In practical application, if the functional module a and the functional module B are set to SIL4 level, the functional module C and the functional module D are set to SIL2 level, and the functional module E and the functional module F are set to SIL0 level (i.e., set to a non-safety functional module), then the functional module a and the functional module B are placed on a main control board, which is an SIL4 main control board, to operate; putting the functional module C and the functional module D on another main control board for operation, wherein the main control board is an SIL2 main control board; and putting the functional module E and the functional module F on another main control board for operation, wherein the main control board is an SIL0 main control board.
In this embodiment, there is no mutual control logic between the SIL4 main control board, the SIL3 main control board, and the SIL2 main control board, and there is no execution sequence. The SIL4 main control board, the SIL3 main control board and the SIL2 main control board are used for sending respective state information to the SIL0 main control board; and the SIL0 main control panel is used for receiving the state information and monitoring the whole train state based on the state information.
In this embodiment, the SIL4 main control board, the SIL3 main control board, and the SIL2 main control board all send the respective status information to the SIL0 main control board through Ethernet (ETH) or MVB (Multifunction Vehicle Bus).
In this embodiment, different main control boards have different communication ports, that is, the SIL4 main control board, the SIL3 main control board, the SIL2 main control board, and the SIL0 main control board have respective communication ports, and these communication ports are different from each other based on the above safety classes, and the input/output unit is connected to the main control board through the communication port of each main control board.
Taking ethernet communication as an example, the SIL4 main control board, the SIL3 main control board, the SIL2 main control board, and the SIL0 main control board have different communication ports, specifically, different ethernet communication ports are provided, that is, the trdp port numbers are different. For example, the first central control unit is to implement a function a and a function B, wherein the function a corresponds to a functional module with a higher safety level, i.e. a functional module with a safety level of SIL4 or SIL3 or SIL2, and the function B corresponds to a functional module with a lower safety level, i.e. a functional module with a safety level of SIL 0. The two functional modules need to use the same data sent by the C equipment, and at this time, a data link for realizing the A function needs to be ensured to be safe, a safe port is defined for a main control board where the functional module corresponding to the A function is located, and a safe transmission protocol is adopted to ensure that the process of realizing the A function from the data sent by the C equipment to the first central control unit is safe. The main control board where the function module corresponding to the function B is located does not need to define a safety port, only needs to define a common communication port for the main control board, and does not need to adopt a safety transmission protocol in the data transmission process. It can be seen that, although the functional module corresponding to the function a and the functional module corresponding to the function B receive the same data source, the communication ports of the two are different, the communication protocols are different, and the two are independent and do not interfere with each other.
In the actual program running process, when the main control boards with different security levels perform control logic processing, the same signal source may be used, but the main control boards with different security levels acquire the same data from different ports to perform respective control logic processing. Different communication ports are configured for the main control boards with different security levels, and the main control boards are mutually independent.
In this embodiment, the plurality of main control boards are located in the same chassis; or, each of the main control boards is respectively located in different chassis, that is, the main control boards with different security levels may be disposed in the same chassis, or each of the main control boards may be disposed in different chassis. When each main control board is respectively located in different chassis, the different chassis may be located in the same central control unit, and those skilled in the art can understand that in practical application, a plurality of central control units may also be provided, and the different chassis are disposed in different central control units, so that each function in the TCMS is more independent. In this embodiment, the input/output unit includes a plurality of input/output board cards, different input/output board cards are independent of each other, and functional modules running on different input/output board cards have different security levels; and the plurality of input and output board cards are connected to each main control board.
Specifically, as shown in fig. 2, the hardware of the input/output unit is also divided into a plurality of independent boards (equivalent to the main control board in the first central control unit), so that the hardware of the input/output unit is also composed of a plurality of independent boards, that is, a plurality of independent CPUs. The input and output unit comprises a plurality of functional modules, and the functional modules are divided into different board cards to operate based on the types and the security levels of the functional modules, so that the software authentication operation is further simplified.
In the input/output unit, each functional module may be configured to use different boards depending on the type of data to be transmitted, instead of distinguishing between a secure function and a non-secure function, as in the case of the functional module in the first central control unit. Whether the functional modules running on the input and output board card have different security levels can be set according to actual requirements, and the setting is not limited here.
In this embodiment, the plurality of input/output board cards are located in the same chassis; or, each of the input/output board cards is located in a different chassis, that is, the plurality of input/output board cards may be disposed in the same chassis, or each of the input/output board cards may be disposed in different chassis. In practical applications, the setting can be performed according to practical requirements, and is not limited herein.
In order to ensure the safe and stable operation of the train, the system of the embodiment further comprises: a second central control unit; the second central control unit is a redundant configuration of the first central control unit.
In this embodiment, the first central control unit is installed at the head of the train, and the second central control unit is installed at the tail of the train.
Specifically, in this embodiment, a set of central control unit is deployed at each of the head and the tail of the train, so as to implement redundancy of the SIL4 main control board, the SIL3 main control board, the SIL2 main control board, and the SIL0 main control board. In the actual operation process, only one of the two sets of central control units realizes the main control function of each safety level, and when the main control function of a certain safety level fails, the safety level main control board corresponding to the other set of central control unit takes over the corresponding function control.
In addition, when the central control unit interacts with other subsystems in the train, for example, when a certain subsystem simultaneously receives data of the master control boards of corresponding levels in two sets of central control units, the subsystem only trusts the data of the master control board currently serving as the master control, ignores the data of the master control board currently serving as the standby master control (i.e., the master control board configured redundantly), and trusts the data of the standby master control board only when the master control board serving as the master control fails.
For example, the subsystem BCU (Braking Control Unit) receives Control information/data sent by the SIL4 main Control board of the first central Control Unit CCU1 and the SIL4 main Control board of the second central Control Unit CCU2 at the same time, but only trusts the Control information/data of the SIL4 main Control board of the CCU1 to perform corresponding operations. If the SIL4 main control board of the CCU1 fails, the control information/data of the SIL4 main control board of the CCU2 is trued.
According to the train control and management system provided by the embodiment of the invention, the central control unit in the train control and management system is divided into the plurality of main control boards, different main control boards are mutually independent, and the functional modules running on different main control boards have different safety levels, namely, the functional modules with different safety levels in the train control and management system are placed in different main control boards for processing, so that the change of the functional module with one safety level does not affect the functional modules with other safety levels, the authentication workload can be greatly reduced, and the authentication cost is reduced.
Example two
The present invention also provides a train system, as shown in fig. 2, the system comprising:
the train control and management system of the first embodiment, and a plurality of subsystems; each subsystem is connected to the train control and management system; each subsystem is used for realizing different train control functions.
In this embodiment, each of the subsystems is connected to the train control and management system through an ethernet or MVB.
The subsystem includes: transmission control unit TCU, traction control unit DCU, brake control unit BCU, air conditioning HVAC, logic control unit LCU, battery management system BMS, passenger information system PIS, etc. The train control and management system interacts with the subsystems to build a communication network of the train, so that the control and management functions of the train are realized.
In fig. 2, the train control and management system includes a first central control unit and a second central control unit redundantly configured with the first central control unit, and the first central control unit and the second central control unit are respectively disposed at the head and tail of the train. The train control and management system further comprises an input and output unit for performing the functions of inputting and outputting data.
The specific implementation of the train control and management system provided by the present invention can be referred to for the contents of the operation principle, the work flow, etc. of the train system described in this embodiment, and the detailed description of the same technical contents is omitted here.
According to the train control and management system and the train system provided by the embodiment of the invention, the central control unit in the train control and management system is divided into the plurality of main control boards, different main control boards are mutually independent, and the functional modules running on different main control boards have different safety levels, namely the functional modules with different safety levels in the train control and management system are placed in different main control boards for processing, so that the change of the functional module with one safety level cannot influence the functional modules with other safety levels, the authentication workload can be greatly reduced, and the authentication cost is reduced.
Although the embodiments of the present invention have been described above, the above description is only for the convenience of understanding the present invention, and is not intended to limit the present invention. It will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.
Claims (11)
1. A train control and management system, the system comprising: the system comprises a first central control unit and an input/output unit; the first central control unit comprises a plurality of main control boards, different main control boards are mutually independent, and functional modules running on different main control boards have different safety levels; the input and output unit is respectively connected with each main control board; and the functional modules running on the same main control board have the same security level.
2. The train control and management system of claim 1, wherein the safety level of the functional module comprises: SIL4 level, SIL3 level, SIL2 level, and SIL0 level with successively reduced safety; the main control board operating the functional module with the safety level sequentially comprises the following steps: SIL4 main control board, SIL3 main control board, SIL2 main control board and SIL0 main control board;
the SIL4 main control board, the SIL3 main control board and the SIL2 main control board are used for sending respective state information to the SIL0 main control board;
and the SIL0 main control panel is used for receiving the state information and monitoring the whole train state based on the state information.
3. The train control and management system according to claim 2, wherein the SIL4 main control board, the SIL3 main control board, and the SIL2 main control board each send the respective status information to the SIL0 main control board through ethernet or MVB.
4. The train control and management system of claim 1 wherein different said master control boards have different communication ports; the input and output unit is connected with the main control board through the communication port of each main control board.
5. The train control and management system of claim 1, wherein the plurality of master control boards are located in the same chassis; or each main control board is respectively positioned in different cabinets.
6. The train control and management system of claim 1, wherein the input/output unit includes a plurality of input/output boards, different input/output boards are independent of each other, and functional modules running on different input/output boards have different security levels; the input and output board cards are connected to each main control board.
7. The train control and management system of claim 6, wherein the plurality of input and output boards are located in the same chassis; or, each input/output board card is respectively located in different chassis.
8. The train control and management system according to any one of claims 1 to 7, wherein the system further comprises: a second central control unit; the second central control unit is a redundant configuration of the first central control unit.
9. The train control and management system of claim 8, wherein the first central control unit is mounted at a locomotive of the train and the second central control unit is mounted at a tail of the train.
10. A train system, comprising: the train control and management system of any of claims 1-9, and a plurality of subsystems; each subsystem is connected to the train control and management system; each subsystem is used for realizing different train control functions.
11. The train system of claim 10 wherein each of the subsystems is connected to the train control and management system via an ethernet or MVB.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111013609.9A CN113682347B (en) | 2021-08-31 | 2021-08-31 | Train control and management system and train system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111013609.9A CN113682347B (en) | 2021-08-31 | 2021-08-31 | Train control and management system and train system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113682347A CN113682347A (en) | 2021-11-23 |
| CN113682347B true CN113682347B (en) | 2023-04-07 |
Family
ID=78584488
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111013609.9A Active CN113682347B (en) | 2021-08-31 | 2021-08-31 | Train control and management system and train system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113682347B (en) |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110626387A (en) * | 2019-09-27 | 2019-12-31 | 交控科技股份有限公司 | Host controller of TCMS system |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105888432B (en) * | 2016-04-22 | 2017-07-28 | 南京康尼机电股份有限公司 | A kind of restructural door controller for meeting city rail vehicle door system functional safety demand |
| CN109040249B (en) * | 2018-06-22 | 2020-11-20 | 中车青岛四方车辆研究所有限公司 | Vehicle-mounted network system and communication method thereof |
| CN110877628B (en) * | 2018-09-06 | 2021-11-23 | 中车株洲电力机车研究所有限公司 | Train redundancy communication system and method |
| CN110008022A (en) * | 2019-03-25 | 2019-07-12 | 北京和利时系统工程有限公司 | A kind of fail-safe computer module and fail-safe computer |
| DE102019208627A1 (en) * | 2019-06-13 | 2020-12-17 | Siemens Mobility GmbH | Method for operating a safety system for a rail vehicle, a safety system for a rail vehicle and a rail vehicle |
-
2021
- 2021-08-31 CN CN202111013609.9A patent/CN113682347B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110626387A (en) * | 2019-09-27 | 2019-12-31 | 交控科技股份有限公司 | Host controller of TCMS system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113682347A (en) | 2021-11-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10589765B2 (en) | Railway safety critical systems with task redundancy and asymmetric communications capability | |
| US8714494B2 (en) | Railway train critical systems having control system redundancy and asymmetric communications capability | |
| WO2017124867A1 (en) | Automobile electrical system and isolation system for automobile electrical system | |
| EP3179674B1 (en) | Configurable gateway apparatus and method for an integrated brake control system in a railway vehicle | |
| CN103057567A (en) | Security platform beside common rail in field of railway signal | |
| CN215835412U (en) | Vehicle-mounted safety computer platform communication device | |
| CN104348715A (en) | Gateway apparatus and message routing method | |
| CN108255123A (en) | Train LCU control devices based on the voting of two from three software and hardware | |
| RU186187U1 (en) | VEHICLE CONTROL DEVICE | |
| CN106301842A (en) | Municipal rail train controls and diagnostic system communication network redundancy structure | |
| CN113665630B (en) | VOBC and TCMS integrated train control equipment | |
| US20150358199A1 (en) | Train-information management device and train-information management method | |
| CN113682347B (en) | Train control and management system and train system | |
| EP3461703B1 (en) | Integrated brake control system and method for rail vehicles | |
| CN110239575B (en) | Logic control equipment and system based on two-by-two-out-of-two | |
| EP3131804B1 (en) | Railway safety critical systems with task redundancy and asymmetric communications capability | |
| CN104176094A (en) | Control unit for train running monitoring vehicle-mounted system | |
| EP3636513B1 (en) | Control method and train control system | |
| CN114339670A (en) | Communication control server based on packet domain communication and system and method thereof | |
| CN105599709B (en) | Safety device and method for automotive bus system | |
| CN113895486A (en) | Train information transmission method and device | |
| CN117002564A (en) | Method and equipment suitable for interconnection and interworking of reconnection trains | |
| Eschermann et al. | Fail-Safe On-Board Communication for Automatic Train Protection | |
| Zhang et al. | Failure Mode Analysis of the Interface between On-Board and Region Operation Systems in the High-Speed Maglev System | |
| CN117834274A (en) | Communication system, method and computer medium of vehicle-mounted Ethernet |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |