DK0543820T3 - Multi-computer system with high security and with three computers - Google Patents

Multi-computer system with high security and with three computers

Info

Publication number
DK0543820T3
DK0543820T3 DK91910613.8T DK91910613T DK0543820T3 DK 0543820 T3 DK0543820 T3 DK 0543820T3 DK 91910613 T DK91910613 T DK 91910613T DK 0543820 T3 DK0543820 T3 DK 0543820T3
Authority
DK
Denmark
Prior art keywords
computer
mca
allocated
computers
mcb
Prior art date
Application number
DK91910613.8T
Other languages
Danish (da)
Inventor
Michael Gronemeyer
Original Assignee
Siemens Ag
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens Ag filed Critical Siemens Ag
Application granted granted Critical
Publication of DK0543820T3 publication Critical patent/DK0543820T3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/16Error detection or correction of the data by redundancy in hardware
    • G06F11/20Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/16Error detection or correction of the data by redundancy in hardware
    • G06F11/18Error detection or correction of the data by redundancy in hardware using passive fault-masking of the redundant circuits
    • G06F11/181Eliminating the failing redundant component
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/16Error detection or correction of the data by redundancy in hardware
    • G06F11/18Error detection or correction of the data by redundancy in hardware using passive fault-masking of the redundant circuits
    • G06F11/183Error detection or correction of the data by redundancy in hardware using passive fault-masking of the redundant circuits by voting, the voting not being performed by the redundant components
    • G06F11/184Error detection or correction of the data by redundancy in hardware using passive fault-masking of the redundant circuits by voting, the voting not being performed by the redundant components where the redundant components implement processing functionality
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0796Safety measures, i.e. ensuring safe condition in the event of error, e.g. for controlling element
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/16Error detection or correction of the data by redundancy in hardware
    • G06F11/18Error detection or correction of the data by redundancy in hardware using passive fault-masking of the redundant circuits
    • G06F11/187Voting techniques

Abstract

To each computer (MCA, MCB, MCC) are allocated two hardware comparators (VAR, VAL; VBR, VBL; VCR, VCL) to compare the data from itself with the corresponding data from the partner computers. Only if both comparators (VAR, VAL) allocated to a computer (MCA) detect differences between the data fed to it (DA and DB or DC) is the computer shut down via an AND element (UA). The comparison processes are initialised not only by the computer (MCA) allocated to the comparators (VAR, VAL) but also by a partner computer (MCB or MCC). It is thus made certain that in the event of a breakdown the comparison processes for recognising and shutting down a defective computer actually take place and are not sabotaged by the defective computer. The result of the shutdown (ASSA) of a computer (e.g. MCA) is controlled by the operative computers (MCB, MCC), triggered by the interrupt from an allocated error store (FAL, FAR). If the defective computer is not shut down, the operative computers cause the shutdown themselves (total shutdown). The safe multi-computer system is especially intended for use in railway signal systems.
DK91910613.8T 1990-08-14 1991-06-03 Multi-computer system with high security and with three computers DK0543820T3 (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
EP90115585 1990-08-14

Publications (1)

Publication Number Publication Date
DK0543820T3 true DK0543820T3 (en) 1995-03-20

Family

ID=8204331

Family Applications (1)

Application Number Title Priority Date Filing Date
DK91910613.8T DK0543820T3 (en) 1990-08-14 1991-06-03 Multi-computer system with high security and with three computers

Country Status (7)

Country Link
EP (1) EP0543820B1 (en)
AT (1) ATE110477T1 (en)
DE (1) DE59102664D1 (en)
DK (1) DK0543820T3 (en)
ES (1) ES2060389T3 (en)
FI (1) FI98572C (en)
WO (1) WO1992003787A1 (en)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH0760395B2 (en) * 1992-11-06 1995-06-28 日本電気株式会社 Fault tolerant computer system
TW320701B (en) * 1996-05-16 1997-11-21 Resilience Corp
US6141769A (en) 1996-05-16 2000-10-31 Resilience Corporation Triple modular redundant computer system and associated method
DE19740136A1 (en) * 1997-09-12 1999-03-18 Alsthom Cge Alcatel Process for isolating a defective computer in a fault-tolerant multi-computer system
DE10036598A1 (en) * 2000-07-27 2002-02-14 Infineon Technologies Ag Arrangement for monitoring the correct operation of components of an electrical system which carry out the same or corresponding actions
DE10053023C1 (en) * 2000-10-13 2002-09-05 Siemens Ag Method for controlling a safety-critical railway operating process and device for carrying out this method
DE10055424A1 (en) * 2000-11-09 2002-05-29 Alcatel Sa Method for storing a security key and multi-computer system for carrying out the method
US7209811B1 (en) 2001-11-22 2007-04-24 Siemens Aktiengesellschaft System and method for controlling a safety-critical railroad operating process
JP4102306B2 (en) * 2001-11-22 2008-06-18 シーメンス アクチエンゲゼルシヤフト Method for controlling railway operation process requiring safety and apparatus for carrying out this method
EP2835759B1 (en) * 2013-08-08 2019-03-27 GbR Oliver Oechsle, Dr. Hans-Peter Dietz Method and system for managing a defective electronic user terminal

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE3720879A1 (en) * 1987-06-24 1989-01-05 Siemens Ag Device for error-tolerant input/output of data

Also Published As

Publication number Publication date
FI98572B (en) 1997-03-27
FI930291A0 (en) 1993-01-25
WO1992003787A1 (en) 1992-03-05
DE59102664D1 (en) 1994-09-29
FI930291A (en) 1993-01-25
FI98572C (en) 1997-07-10
ES2060389T3 (en) 1994-11-16
ATE110477T1 (en) 1994-09-15
EP0543820B1 (en) 1994-08-24
EP0543820A1 (en) 1993-06-02

Similar Documents

Publication Publication Date Title
US4096990A (en) Digital data computer processing system
DK0543820T3 (en) Multi-computer system with high security and with three computers
NO942108L (en) Device for detecting the intrusion into and questionable use of computer systems and security system with such device
DK574585A (en) DEVICE COMMUNICATING WITH COMPUTERS AND A PROCEDURE FOR COMMUNICATING WITH COMPUTERS
US4215340A (en) Process for the automatic signalling of faults of a static automatic module and a module for realizing the process
GB1444513A (en) Control method using computers operating in parallel
US5008745A (en) Clock synchronized digital TV motion detector
FR2661998B1 (en) DEVICE FOR PROCESSING HIGH SECURITY DATA WITH TWO OPERATING STATES.
GB1284506A (en) Improvements in or relating to data processing systems
Frison et al. INTERACTIVE CONSISTENCY AND ITS IMPACT ON THE DESIGN IN TMR SYSTEMS
GB1373014A (en) Processor security arrangements
ATE135486T1 (en) COVER DEVICE FOR BLOCKING ACCESS TO STORAGE UNITS OF A DATA PROCESSING UNIT
KR100238174B1 (en) Parallel processor system
JPS6448152A (en) Memory write protection system
KR920015199A (en) Processor failure prevention system using redundant processor
JPH05189325A (en) Double system electronic computer
US5218606A (en) Current-spare switching control system
Zagurek Protecting the database.
ES2185131T3 (en) PROCEDURE FOR ISOLATING A DEFECTIVE COMPUTER IN A MULTI-COMPUTER SYSTEM TOLERANT TO ERRORS.
SU1721608A1 (en) Three-channel computing system failure display panel
RU1833876C (en) Device for majority signal selection
KR950029968A (en) Failover Systems in Multiprocessor Systems
GB1116877A (en) Improvements relating to radiation detectors
JPS63250753A (en) Memory access checking system
JPS6451562A (en) Multi-processor system