CN117048670A - Safety control system and method beside general track - Google Patents
Safety control system and method beside general track Download PDFInfo
- Publication number
- CN117048670A CN117048670A CN202311228605.1A CN202311228605A CN117048670A CN 117048670 A CN117048670 A CN 117048670A CN 202311228605 A CN202311228605 A CN 202311228605A CN 117048670 A CN117048670 A CN 117048670A
- Authority
- CN
- China
- Prior art keywords
- unit
- message
- safety
- security
- processing unit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 28
- 238000012545 processing Methods 0.000 claims abstract description 87
- 238000004891 communication Methods 0.000 claims abstract description 31
- 238000012795 verification Methods 0.000 claims abstract description 20
- 238000004590 computer program Methods 0.000 claims description 8
- 230000007123 defense Effects 0.000 claims description 4
- 238000005516 engineering process Methods 0.000 claims description 4
- 238000012552 review Methods 0.000 claims description 2
- 238000004364 calculation method Methods 0.000 abstract description 7
- 238000010586 diagram Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 230000002159 abnormal effect Effects 0.000 description 2
- 230000005856 abnormality Effects 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- 101100498818 Arabidopsis thaliana DDR4 gene Proteins 0.000 description 1
- 101000879675 Streptomyces lavendulae Subtilisin inhibitor-like protein 4 Proteins 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000004927 fusion Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- PLAIAIKZKCZEQF-UHFFFAOYSA-N methyl 6-chloro-2-oxo-3h-1,2$l^{4},3-benzodithiazole-4-carboxylate Chemical compound COC(=O)C1=CC(Cl)=CC2=C1NS(=O)S2 PLAIAIKZKCZEQF-UHFFFAOYSA-N 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000010606 normalization Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 239000000725 suspension Substances 0.000 description 1
Classifications
-
- B—PERFORMING OPERATIONS; TRANSPORTING
- B61—RAILWAYS
- B61L—GUIDING RAILWAY TRAFFIC; ENSURING THE SAFETY OF RAILWAY TRAFFIC
- B61L27/00—Central railway traffic control systems; Trackside control; Communication systems specially adapted therefor
- B61L27/20—Trackside control of safe travel of vehicle or train, e.g. braking curve calculation
-
- B—PERFORMING OPERATIONS; TRANSPORTING
- B61—RAILWAYS
- B61L—GUIDING RAILWAY TRAFFIC; ENSURING THE SAFETY OF RAILWAY TRAFFIC
- B61L27/00—Central railway traffic control systems; Trackside control; Communication systems specially adapted therefor
- B61L27/70—Details of trackside communication
Landscapes
- Engineering & Computer Science (AREA)
- Mechanical Engineering (AREA)
- Hardware Redundancy (AREA)
Abstract
The application provides a safety control system and a method for a general trackside, comprising the following steps: the communication management unit CMU is used for receiving the message sent by the external system and sending the message to the safety processing unit VPU through the redundant network; the safety processing unit VPU is used for carrying out safety calculation and verification on the message, and if the verification is passed, the message is sent to the safety discrete IO processing unit VDU and the target controller unit OCU; the safety discrete IO processing unit VDU is used for carrying out 2-out 2 safety voting on the message, and if the voting passes, the analyzed message is sent to the safety output unit VOU and the safety input unit VIU through the internal redundancy bus; the target controller unit OCU is used for carrying out 2-out safety voting on the message, and if the voting passes, the analyzed message is sent to the electronic execution unit EEU through the internal redundant bus; each unit is a network node, is easy to expand, and has strong compatibility.
Description
Technical Field
The application relates to the technical field of rail traffic signals, in particular to a safety control system and method beside a general rail.
Background
At present, urban rail transit signal systems have been newly developed in recent years on the basis of traditional CBTC. On the one hand, "fusion" is a general trend, for example, a TACS fuses a vehicle-mounted controller, an interlocking controller and a regional controller, and a full-electronic execution unit fuses a discrete I/O unit and a relay interface, so that the trackside signal equipment is simpler from the perspective, but the processing capability of a CPU is higher; on the other hand, the signal system is diversified, such as various signal systems of a tramcar, a straddle-type monorail, a suspension type empty rail, an automatic passenger shortcut system and the like. This "few" one "more" variation, and also being compatible with existing trackside signal devices, places higher demands on the scalability and compatibility of designing a generic trackside secure computer platform.
Disclosure of Invention
In view of the above, the present application aims to provide a security control system and method beside a general track, each unit includes 2 sub-boards, and the 2 sub-boards perform data synchronization and voting through gigabit network ports; each unit is a network node, is easy to expand, and has strong compatibility.
In a first aspect, an embodiment of the present application provides a security control system beside a general track, where each unit in the system is a network node, each unit includes two sub-boards, and the system includes: a secure processing unit VPU, a communication management unit CMU, a secure discrete IO processing unit VDU, a secure output unit VOU, a secure input unit VIU, a target controller unit OCU, and an electronic execution unit EEU;
the communication management unit CMU is used for receiving a message sent by an external system and sending the message to the safety processing unit VPU through a redundant network;
the secure processing unit VPU is used for performing secure calculation and verification on the message, and if the message passes the verification, the message is sent to the secure discrete IO processing unit VDU and the target controller unit OCU;
the secure discrete IO processing unit VDU is used for carrying out 2-out 2 secure voting on the message, and if the voting is passed, the parsed message is sent to the secure output unit VOU and the secure input unit VIU through an internal redundant bus;
the target controller unit OCU is configured to perform 2-out-of-2 security voting on the message, and if the voting passes, send the parsed message to the electronic execution unit EEU through the internal redundancy bus.
In a second aspect, an embodiment of the present application provides a security control method for a universal trackside, which is applied to a security control system for a universal trackside as described above, where each unit in the system is a network node, each unit includes two sub-boards, and the system includes: a secure processing unit VPU, a communication management unit CMU, a secure discrete IO processing unit VDU, a secure output unit VOU, a secure input unit VIU, a target controller unit OCU, and an electronic execution unit EEU; the method comprises the following steps:
the communication management unit CMU receives a message sent by an external system and sends the message to the safety processing unit VPU through a redundant network;
the secure processing unit VPU performs secure computation and verification on the message, and if the message passes the verification, the message is sent to the secure discrete IO processing unit VDU and the target controller unit OCU;
the security discrete IO processing unit VDU performs 2-out 2 security voting on the message, and if the voting passes, the parsed message is sent to the security output unit VOU and the security input unit VIU through an internal redundancy bus;
the target controller unit OCU performs 2-out-of-2 security voting on the message, and if the voting passes, the parsed message is sent to the electronic execution unit EEU through the internal redundancy bus.
In a third aspect, an embodiment of the present application provides an electronic device, including a memory, and a processor, where the memory stores a computer program executable on the processor, and where the processor implements a method as described above when executing the computer program.
In a fourth aspect, embodiments of the present application provide a computer readable medium having non-volatile program code executable by a processor, the program code causing the processor to perform the method as described above.
The embodiment of the application provides a safety control system and a safety control method beside a general track, wherein each unit in the system is a network node, and each unit comprises two sub-boards, including: a secure processing unit VPU, a communication management unit CMU, a secure discrete IO processing unit VDU, a secure output unit VOU, a secure input unit VIU, a target controller unit OCU, and an electronic execution unit EEU; the communication management unit CMU is used for receiving the message sent by the external system and sending the message to the safety processing unit VPU through the redundant network; the safety processing unit VPU is used for carrying out safety calculation and verification on the message, and if the verification is passed, the message is sent to the safety discrete IO processing unit VDU and the target controller unit OCU; the safety discrete IO processing unit VDU is used for carrying out 2-out 2 safety voting on the message, and if the voting passes, the analyzed message is sent to the safety output unit VOU and the safety input unit VIU through the internal redundancy bus; the target controller unit OCU is used for carrying out 2-out safety voting on the message, and if the voting passes, the analyzed message is sent to the electronic execution unit EEU through the internal redundant bus; each unit comprises 2 sub-boards, and the 2 sub-boards perform data synchronization and voting through a gigabit network port; each unit is a network node, is easy to expand, and has strong compatibility.
Additional features and advantages of the application will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the application. The objectives and other advantages of the application will be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
In order to make the above objects, features and advantages of the present application more comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings that are needed in the description of the embodiments or the prior art will be briefly described, and it is obvious that the drawings in the description below are some embodiments of the present application, and other drawings can be obtained according to the drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic diagram of a safety control system beside a general track according to a first embodiment of the present application;
fig. 2 is a schematic configuration diagram of a daughter board and a different carrier according to a first embodiment of the present application;
fig. 3 is a flowchart of a general-purpose trackside safety control method according to a second embodiment of the present application.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present application more apparent, the technical solutions of the present application will be clearly and completely described below with reference to the accompanying drawings, and it is apparent that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
In order to facilitate understanding of the present embodiment, the following describes embodiments of the present application in detail.
Embodiment one:
fig. 1 is a schematic diagram of a safety control system beside a general track according to an embodiment of the application.
Referring to fig. 1, each unit in the system is a network node, each unit includes two sub-boards, and the system includes: a secure processing unit VPU (Vital Processor Unit), a communication management unit CMU (Communication Management Unit), a secure discrete IO processing unit VDU (Vital Discrete IO Unit), a secure output unit VOU (Vital Output Unit), a secure input unit VIU (Vital Input Unit), a target controller unit OCU (Object Controller Unit), and an electronic execution unit EEU (Electronic Execution Unit); the system is realized based on the Feiteng FT2000-4 and the ReWorks Cert operating system, wherein an FTC663 kernel is integrated in a single-core version of the Feiteng FT2000-4 industrial version, the main frequency is 2.2GHz, and the typical power consumption is 6W; the ReWorks Cert is an authentication version real-time operating system which accords with functional safety standards IEC 61508SIL/SC3 (general purpose) and EN 50128SW SIL4 (rail traffic), and the safety processing unit VPU, the communication management unit CMU, the safety discrete IO processing unit VDU and the target controller unit OCU all adopt Feiteng FT2000-4 as a CPU and use the ReWorks Cert as an operating system;
the communication management unit CMU is used for receiving the message sent by the external system and sending the message to the safety processing unit VPU through the redundant network;
the safety processing unit VPU is used for carrying out safety calculation and verification on the message, and if the verification is passed, the message is sent to the safety discrete IO processing unit VDU and the target controller unit OCU;
specifically, the secure processing unit VPU adopts a 2-out-of-2 secure architecture, and is responsible for secure logic operation and internal communication with the secure discrete IO processing unit VDU, the communication management unit CMU, the target controller unit OCU, and the like through a redundant network. The 2-out-of-2 security architecture refers to that two CPUs are integrated on a secure processing unit VPU and run synchronously.
The communication management unit CMU also adopts a 2-out-of-2 security architecture, and mainly realizes the message forwarding function of the security platform and an external system so as to enhance the communication reliability of the security platform, lighten the security load and realize the functions of security protocol package, analysis, internal and external security communication and the like of the security platform.
The safety discrete IO processing unit VDU is used for carrying out 2-out 2 safety voting on the message, and if the voting passes, the analyzed message is sent to the safety output unit VOU and the safety input unit VIU through the internal redundancy bus;
and the target controller unit OCU is used for carrying out 2-out safety voting on the message, and if the voting passes, the analyzed message is sent to the electronic execution unit EEU through the internal redundant bus.
Further, the safety output unit VOU is configured to perform 2-out-of-2 voting on the parsed packet, and if the voting passes, execute output driving of the point relay according to the data packet in the parsed packet, and send the recheck information of the output state to the safety discrete IO processing unit VDU through the internal redundancy network.
Specifically, the safety output unit VOU communicates with the safety discrete IO processing unit VDU through an internal redundant bus, and performs control of output together with the safety discrete IO processing unit VDU. The safety output unit VOU adopts a double-break safety output mode for the output of each point location, the channel 1 and the channel 2 respectively and independently control one path of output together by the FPGA, the output state is monitored periodically, and the output is cut off once the abnormality is detected.
Further, the safety input unit VIU is configured to vote for 2 out of 2 of the parsed packet, and if the vote passes, perform input acquisition according to the data packet in the parsed packet, and send the input state review information to the safety discrete IO processing unit VDU.
Specifically, the safety input unit VIU communicates with the safety discrete IO processing unit VDU through an internal redundant bus, a dual-channel redundant acquisition mode is adopted for acquiring each point position, the state of the same point position is acquired by two channels in a time-sharing manner, the state of the input point position is represented by adopting 32-bit codes, and the 32-bit codes of different channels and different point positions are different so as to ensure the acquisition safety.
Further, the secure processing unit VPU includes a first sub-board and a second sub-board, where the first sub-board and the second sub-board periodically synchronize secure data packets included in the packet through the gigabit network port;
the first daughter board is used for carrying out security defense technology processing on the security data packet to obtain a first processed security data packet, and carrying out time stamp, serial number, source identifier and CRC32 check code on the first processed security data packet to obtain a first check result;
the second daughter board is used for carrying out security defense technology processing on the security data packet to obtain a second processed security data packet, and carrying out time stamp, serial number, source identifier and CRC32 check code on the second processed security data packet to obtain a second check result;
when the first checking result is inconsistent with the second checking result, the first sub-board and the second sub-board exit the working mode.
Further, the system also includes a dynamic secure power supply unit SYSWD (System WatchDog);
a dynamic safety power supply unit SYSWD for supplying power to the output of the safety output unit VOU.
Specifically, the dynamic safety power supply unit SYSWD provides two paths of PWM (Pulse Width Modulation ) waves to the dynamic safety power supply unit SYSWD through the secure discrete IO processing unit VDU, the dynamic safety power supply unit SYSWD generates an output power supply to a relay controlling the output power of the safety output unit VOU, and when the period and amplitude of the PWM wave of any path change beyond a defined range, the driving voltage cannot be output, so that the power supply of the output loop is cut off, and the output is led to the safety side.
Further, the safety output unit VOU is configured to generate an abnormal feedback signal and send the abnormal feedback signal to the safety discrete IO processing unit VDU when an input/output feedback abnormality is detected or a fault exists;
the secure discrete IO processing unit VDU is used for controlling the dynamic secure power supply unit SYSWD to cut off the output power of the secure output unit VOU.
Further, the electronic execution unit EEU is configured to vote the parsed packet by taking 2 to 2, and if the vote passes, turn on/off the signal lamp or trip the switch according to the data packet in the parsed packet. Wherein the electronic execution unit EEU fuses the combined fail-safe, reactive fail-safe, intrinsic fail-safe into one single board.
The main control board card based on FT2000-4 and ReWorks Cert not only has autonomous and controllable core parts and strong CPU processing capacity, but also is easier to meet the requirement of combined fault safety compared with a COTS commercial board card.
Referring to fig. 2, the secure processing unit VPU, the communication management unit CMU, the secure discrete IO processing unit VDU, and the target controller unit OCU all adopt a mode of loading a board on a sub-board, the sub-board includes a CPU, a DDR4, a FPGA, PHY, flash, and other minimum systems, the CPU is guided to the carrier board by the PMC connector through the communication interfaces of the CPU and the FPGA, and the GPIO, all the hardware of the sub-board is the same, and the carrier board can be configured with different functional modules according to different products, i.e., can be configured into a 2-out 2 mode including two sub-boards, and can also be configured into a mode including only one sub-board, and the number of communication interfaces such as a network port, a serial port, and the like can be cut on the carrier board according to different products. Through the normalization of hardware design, not only material cost is reduced, but also maintenance cost is reduced.
The safety processing unit VPU, the communication management unit CMU, the safety discrete IO processing unit VDU, the target controller unit OCU and the like can be regarded as network nodes, and the traditional interlocking IO can be compatible only by adding the network nodes to the added equipment, and the full-electronic execution unit can also be compatible.
The embodiment of the application provides a safety control system beside a general track, each unit in the system is a network node, and each unit comprises two sub-boards, and the safety control system comprises: a secure processing unit VPU, a communication management unit CMU, a secure discrete IO processing unit VDU, a secure output unit VOU, a secure input unit VIU, a target controller unit OCU, and an electronic execution unit EEU; the communication management unit CMU is used for receiving the message sent by the external system and sending the message to the safety processing unit VPU through the redundant network; the safety processing unit VPU is used for carrying out safety calculation and verification on the message, and if the verification is passed, the message is sent to the safety discrete IO processing unit VDU and the target controller unit OCU; the safety discrete IO processing unit VDU is used for carrying out 2-out 2 safety voting on the message, and if the voting passes, the analyzed message is sent to the safety output unit VOU and the safety input unit VIU through the internal redundancy bus; the target controller unit OCU is used for carrying out 2-out safety voting on the message, and if the voting passes, the analyzed message is sent to the electronic execution unit EEU through the internal redundant bus; each unit comprises 2 sub-boards, and the 2 sub-boards perform data synchronization and voting through a gigabit network port; each unit is a network node, is easy to expand, and has strong compatibility.
Embodiment two:
fig. 3 is a flowchart of a general-purpose trackside safety control method according to a second embodiment of the present application.
Referring to fig. 3, applied to the safety control system beside the general track as described above, each unit in the system is a network node, each unit includes two sub-boards, and the system includes: a secure processing unit VPU, a communication management unit CMU, a secure discrete IO processing unit VDU, a secure output unit VOU, a secure input unit VIU, a target controller unit OCU, and an electronic execution unit EEU; the two sub-boards perform data synchronization and voting through the gigabit network port; the method comprises the following steps:
step S101, a communication management unit CMU receives a message sent by an external system and sends the message to a security processing unit VPU through a redundant network;
step S102, the safety processing unit VPU carries out safety calculation and verification on the message, and if the verification is passed, the message is sent to the safety discrete IO processing unit VDU and the target controller unit OCU;
step S103, the security discrete IO processing unit VDU carries out 2-out 2 security voting on the message, if the voting passes, the parsed message is sent to the security output unit VOU and the security input unit VIU through the internal redundancy bus;
in step S104, the target controller unit OCU performs 2-out-of-2 security voting on the message, and if the voting passes, the parsed message is sent to the electronic execution unit EEU through the internal redundancy bus.
The embodiment of the application provides a safety control method beside a general track, each unit in a system is a network node, and each unit comprises two sub-boards, and the method comprises the following steps: a secure processing unit VPU, a communication management unit CMU, a secure discrete IO processing unit VDU, a secure output unit VOU, a secure input unit VIU, a target controller unit OCU, and an electronic execution unit EEU; the communication management unit CMU receives a message sent by an external system and sends the message to the safety processing unit VPU through a redundant network; the safety processing unit VPU carries out safety calculation and verification on the message, and if the verification is passed, the message is sent to the safety discrete IO processing unit VDU and the target controller unit OCU; the security discrete IO processing unit VDU carries out 2-out 2 security voting on the message, if the voting passes, the parsed message is sent to the security output unit VOU and the security input unit VIU through the internal redundancy bus; the target controller unit OCU carries out 2-out safety voting on the message, and if the voting passes, the parsed message is sent to the electronic execution unit EEU through an internal redundant bus; each unit comprises 2 sub-boards, and the 2 sub-boards perform data synchronization and voting through a gigabit network port; each unit is a network node, is easy to expand, and has strong compatibility.
The embodiment of the application also provides electronic equipment, which comprises a memory, a processor and a computer program stored on the memory and capable of running on the processor, wherein the processor realizes the steps of the general-purpose trackside safety control method provided by the embodiment when executing the computer program.
The present application also provides a computer readable medium having a processor executable non-volatile program code, the computer readable medium having a computer program stored thereon, which when executed by a processor performs the steps of the general purpose trackside safety control method of the above embodiment.
The computer program product provided by the embodiment of the present application includes a computer readable storage medium storing a program code, where instructions included in the program code may be used to perform the method described in the foregoing method embodiment, and specific implementation may refer to the method embodiment and will not be described herein.
It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described system and apparatus may refer to corresponding procedures in the foregoing method embodiments, which are not described herein again.
In addition, in the description of embodiments of the present application, unless explicitly stated and limited otherwise, the terms "mounted," "connected," and "connected" are to be construed broadly, and may be, for example, fixedly connected, detachably connected, or integrally connected; can be mechanically or electrically connected; can be directly connected or indirectly connected through an intermediate medium, and can be communication between two elements. The specific meaning of the above terms in the present application will be understood in specific cases by those of ordinary skill in the art.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
In the description of the present application, it should be noted that the directions or positional relationships indicated by the terms "center", "upper", "lower", "left", "right", "vertical", "horizontal", "inner", "outer", etc. are based on the directions or positional relationships shown in the drawings, are merely for convenience of describing the present application and simplifying the description, and do not indicate or imply that the devices or elements referred to must have a specific orientation, be configured and operated in a specific orientation, and thus should not be construed as limiting the present application. Furthermore, the terms "first," "second," and "third" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance.
Finally, it should be noted that: the above examples are only specific embodiments of the present application, and are not intended to limit the scope of the present application, but it should be understood by those skilled in the art that the present application is not limited thereto, and that the present application is described in detail with reference to the foregoing examples: any person skilled in the art may modify or easily conceive of the technical solution described in the foregoing embodiments, or perform equivalent substitution of some of the technical features, while remaining within the technical scope of the present disclosure; such modifications, changes or substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present application, and are intended to be included in the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (10)
1. A universal trackside safety control system, wherein each unit in the system is a network node, each unit comprising two sub-boards, the system comprising: a secure processing unit VPU, a communication management unit CMU, a secure discrete IO processing unit VDU, a secure output unit VOU, a secure input unit VIU, a target controller unit OCU, and an electronic execution unit EEU;
the communication management unit CMU is used for receiving a message sent by an external system and sending the message to the safety processing unit VPU through a redundant network;
the secure processing unit VPU is configured to perform secure computation and verification on the packet, and if the verification is passed, send the packet to the secure discrete IO processing unit VDU and the target controller unit OCU;
the secure discrete IO processing unit VDU is used for carrying out 2-out 2 secure voting on the message, and if the voting is passed, the parsed message is sent to the secure output unit VOU and the secure input unit VIU through an internal redundant bus;
the target controller unit OCU is configured to perform 2-out-of-2 security voting on the message, and if the voting passes, send the parsed message to the electronic execution unit EEU through the internal redundancy bus.
2. The security control system beside a general track according to claim 1, wherein the security output unit VOU is configured to vote for 2 out of 2 of the parsed packet, and if the vote passes, execute output driving of the point relay according to the data packet in the parsed packet, and send the recheck information of the output state to the security discrete IO processing unit VDU through an internal redundancy network.
3. The security control system beside a general track according to claim 1, wherein the security input unit VIU is configured to vote for 2 out of 2 of the parsed packet, and if the vote passes, perform input collection according to a data packet in the parsed packet, and send input status review information to the security discrete IO processing unit VDU.
4. The universal trackside security control system of claim 1, wherein the security processing unit VPU includes a first sub-board and a second sub-board, wherein the first sub-board and the second sub-board periodically synchronize security data packets included in the message through a gigabit portal;
the first sub-board is used for carrying out security defense technology processing on the security data packet to obtain a first processed security data packet, and carrying out time stamp, serial number, source identifier and CRC32 check code on the first processed security data packet to obtain a first check result;
the second daughter board is used for performing security defense technology processing on the security data packet to obtain a second processed security data packet, and performing time stamp, serial number, source identifier and CRC32 check code on the second processed security data packet to obtain a second check result;
and when the first checking result and the second checking result are inconsistent, the first sub-board and the second sub-board exit the working mode.
5. A universal trackside safety control system according to claim 1, wherein the system further includes a dynamic safety power supply unit SYSWD;
the dynamic safety power supply unit SYSWD is configured to supply power to the output of the safety output unit VOU.
6. The safety control system beside a general track according to claim 1, wherein the safety output unit VOU is configured to generate an exception feedback signal and send the exception feedback signal to the safety discrete IO processing unit VDU in case of detecting an input/output recheck exception or a fault;
the safe discrete IO processing unit VDU is used for controlling the dynamic safe power supply unit SYSWD to cut off the output power supply of the safe output unit VOU.
7. The security control system of claim 1, wherein the electronic execution unit EEU is configured to vote the parsed message by 2-out, and if the vote passes, execute turning on/off of a signal lamp or trip a switch according to a packet in the parsed message.
8. A method of universal trackside safety control, characterized in that it is applied to a universal trackside safety control system according to any one of claims 1 to 7, each unit in the system being a network node, each unit comprising two sub-boards, the system comprising: a secure processing unit VPU, a communication management unit CMU, a secure discrete IO processing unit VDU, a secure output unit VOU, a secure input unit VIU, a target controller unit OCU, and an electronic execution unit EEU; the method comprises the following steps:
the communication management unit CMU receives a message sent by an external system and sends the message to the safety processing unit VPU through a redundant network;
the secure processing unit VPU performs secure computation and verification on the message, and if the message passes the verification, the message is sent to the secure discrete IO processing unit VDU and the target controller unit OCU;
the security discrete IO processing unit VDU performs 2-out 2 security voting on the message, and if the voting passes, the parsed message is sent to the security output unit VOU and the security input unit VIU through an internal redundancy bus;
the target controller unit OCU performs 2-out-of-2 security voting on the message, and if the voting passes, the parsed message is sent to the electronic execution unit EEU through the internal redundancy bus.
9. An electronic device comprising a memory, a processor, the memory having stored thereon a computer program executable on the processor, characterized in that the processor implements the method of claim 8 when executing the computer program.
10. A computer readable medium having non-volatile program code executable by a processor, the program code causing the processor to perform the method of claim 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311228605.1A CN117048670A (en) | 2023-09-21 | 2023-09-21 | Safety control system and method beside general track |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311228605.1A CN117048670A (en) | 2023-09-21 | 2023-09-21 | Safety control system and method beside general track |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117048670A true CN117048670A (en) | 2023-11-14 |
Family
ID=88655606
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311228605.1A Pending CN117048670A (en) | 2023-09-21 | 2023-09-21 | Safety control system and method beside general track |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117048670A (en) |
-
2023
- 2023-09-21 CN CN202311228605.1A patent/CN117048670A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN205068381U (en) | A secure computer platform for track traffic | |
| US10589765B2 (en) | Railway safety critical systems with task redundancy and asymmetric communications capability | |
| CN101694588B (en) | Double 2 vote 2 active/standby control switching system and method | |
| CN101700783B (en) | Train control center system platform | |
| CN107885695B (en) | Computer platform based on rail traffic | |
| US11420662B2 (en) | Device and method for the safe management of vital communications in the railway environment | |
| CN112714173B (en) | Platform door controller cloud platform system and control method | |
| CN117048670A (en) | Safety control system and method beside general track | |
| KR100945854B1 (en) | Fault detection circuit of railroad signal controller | |
| JP5025402B2 (en) | High safety control device | |
| CN113682347B (en) | Train control and management system and train system | |
| CA2472637C (en) | Method for determining the occupancy status of a track section in particular following a restart of an axle counting system, as well as an evaluation device and counting point forthis | |
| DURMUŞ et al. | A new bitwise voting strategy for safety-critical systems with binary decisions | |
| JP6505525B2 (en) | Level crossing control device | |
| Tan et al. | Design and reliability, availability, maintainability, and safety analysis of a high availability quadruple vital computer system | |
| KR101808618B1 (en) | High safety double structure system based railroad system | |
| CN217305726U (en) | Hot standby safety module, local control device and electrical control system | |
| JP5854962B2 (en) | Message control communication device | |
| CN111984585B (en) | Safety computer platform compatible with two-in-two and two-out-three and vehicle-mounted equipment | |
| CN117284352A (en) | Voting system for rail transit data | |
| JP2004302708A (en) | Multiple-system information processor | |
| CN109677454B (en) | State monitoring method for safety computer platform in urban rail transit signal system | |
| KR20050095071A (en) | A system for controlling railway line | |
| CN105388883A (en) | Self-check method and apparatus for operation of host plug-in element | |
| Zhao et al. | A functional safety analysis approach for analyzing CBTC system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |