DK0543820T3 - Multi-computer system with high security and with three computers - Google Patents
Multi-computer system with high security and with three computersInfo
- Publication number
- DK0543820T3 DK0543820T3 DK91910613.8T DK91910613T DK0543820T3 DK 0543820 T3 DK0543820 T3 DK 0543820T3 DK 91910613 T DK91910613 T DK 91910613T DK 0543820 T3 DK0543820 T3 DK 0543820T3
- Authority
- DK
- Denmark
- Prior art keywords
- computer
- mca
- allocated
- computers
- mcb
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/16—Error detection or correction of the data by redundancy in hardware
- G06F11/20—Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/16—Error detection or correction of the data by redundancy in hardware
- G06F11/18—Error detection or correction of the data by redundancy in hardware using passive fault-masking of the redundant circuits
- G06F11/181—Eliminating the failing redundant component
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/16—Error detection or correction of the data by redundancy in hardware
- G06F11/18—Error detection or correction of the data by redundancy in hardware using passive fault-masking of the redundant circuits
- G06F11/183—Error detection or correction of the data by redundancy in hardware using passive fault-masking of the redundant circuits by voting, the voting not being performed by the redundant components
- G06F11/184—Error detection or correction of the data by redundancy in hardware using passive fault-masking of the redundant circuits by voting, the voting not being performed by the redundant components where the redundant components implement processing functionality
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/0796—Safety measures, i.e. ensuring safe condition in the event of error, e.g. for controlling element
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/16—Error detection or correction of the data by redundancy in hardware
- G06F11/18—Error detection or correction of the data by redundancy in hardware using passive fault-masking of the redundant circuits
- G06F11/187—Voting techniques
Abstract
To each computer (MCA, MCB, MCC) are allocated two hardware comparators (VAR, VAL; VBR, VBL; VCR, VCL) to compare the data from itself with the corresponding data from the partner computers. Only if both comparators (VAR, VAL) allocated to a computer (MCA) detect differences between the data fed to it (DA and DB or DC) is the computer shut down via an AND element (UA). The comparison processes are initialised not only by the computer (MCA) allocated to the comparators (VAR, VAL) but also by a partner computer (MCB or MCC). It is thus made certain that in the event of a breakdown the comparison processes for recognising and shutting down a defective computer actually take place and are not sabotaged by the defective computer. The result of the shutdown (ASSA) of a computer (e.g. MCA) is controlled by the operative computers (MCB, MCC), triggered by the interrupt from an allocated error store (FAL, FAR). If the defective computer is not shut down, the operative computers cause the shutdown themselves (total shutdown). The safe multi-computer system is especially intended for use in railway signal systems.
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP90115585 | 1990-08-14 |
Publications (1)
Publication Number | Publication Date |
---|---|
DK0543820T3 true DK0543820T3 (en) | 1995-03-20 |
Family
ID=8204331
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
DK91910613.8T DK0543820T3 (en) | 1990-08-14 | 1991-06-03 | Multi-computer system with high security and with three computers |
Country Status (7)
Country | Link |
---|---|
EP (1) | EP0543820B1 (en) |
AT (1) | ATE110477T1 (en) |
DE (1) | DE59102664D1 (en) |
DK (1) | DK0543820T3 (en) |
ES (1) | ES2060389T3 (en) |
FI (1) | FI98572C (en) |
WO (1) | WO1992003787A1 (en) |
Families Citing this family (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH0760395B2 (en) * | 1992-11-06 | 1995-06-28 | 日本電気株式会社 | Fault tolerant computer system |
TW320701B (en) * | 1996-05-16 | 1997-11-21 | Resilience Corp | |
US6141769A (en) | 1996-05-16 | 2000-10-31 | Resilience Corporation | Triple modular redundant computer system and associated method |
DE19740136A1 (en) * | 1997-09-12 | 1999-03-18 | Alsthom Cge Alcatel | Process for isolating a defective computer in a fault-tolerant multi-computer system |
DE10036598A1 (en) * | 2000-07-27 | 2002-02-14 | Infineon Technologies Ag | Arrangement for monitoring the correct operation of components of an electrical system which carry out the same or corresponding actions |
DE10053023C1 (en) * | 2000-10-13 | 2002-09-05 | Siemens Ag | Method for controlling a safety-critical railway operating process and device for carrying out this method |
DE10055424A1 (en) * | 2000-11-09 | 2002-05-29 | Alcatel Sa | Method for storing a security key and multi-computer system for carrying out the method |
US7209811B1 (en) | 2001-11-22 | 2007-04-24 | Siemens Aktiengesellschaft | System and method for controlling a safety-critical railroad operating process |
JP4102306B2 (en) * | 2001-11-22 | 2008-06-18 | シーメンス アクチエンゲゼルシヤフト | Method for controlling railway operation process requiring safety and apparatus for carrying out this method |
EP2835759B1 (en) * | 2013-08-08 | 2019-03-27 | GbR Oliver Oechsle, Dr. Hans-Peter Dietz | Method and system for managing a defective electronic user terminal |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE3720879A1 (en) * | 1987-06-24 | 1989-01-05 | Siemens Ag | Device for error-tolerant input/output of data |
-
1991
- 1991-06-03 WO PCT/EP1991/001022 patent/WO1992003787A1/en active IP Right Grant
- 1991-06-03 DE DE59102664T patent/DE59102664D1/en not_active Expired - Fee Related
- 1991-06-03 ES ES91910613T patent/ES2060389T3/en not_active Expired - Lifetime
- 1991-06-03 EP EP91910613A patent/EP0543820B1/en not_active Expired - Lifetime
- 1991-06-03 DK DK91910613.8T patent/DK0543820T3/en active
- 1991-06-03 AT AT91910613T patent/ATE110477T1/en not_active IP Right Cessation
-
1993
- 1993-01-25 FI FI930291A patent/FI98572C/en not_active IP Right Cessation
Also Published As
Publication number | Publication date |
---|---|
FI98572B (en) | 1997-03-27 |
FI930291A0 (en) | 1993-01-25 |
WO1992003787A1 (en) | 1992-03-05 |
DE59102664D1 (en) | 1994-09-29 |
FI930291A (en) | 1993-01-25 |
FI98572C (en) | 1997-07-10 |
ES2060389T3 (en) | 1994-11-16 |
ATE110477T1 (en) | 1994-09-15 |
EP0543820B1 (en) | 1994-08-24 |
EP0543820A1 (en) | 1993-06-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US4096990A (en) | Digital data computer processing system | |
DK0543820T3 (en) | Multi-computer system with high security and with three computers | |
NO942108L (en) | Device for detecting the intrusion into and questionable use of computer systems and security system with such device | |
DK574585A (en) | DEVICE COMMUNICATING WITH COMPUTERS AND A PROCEDURE FOR COMMUNICATING WITH COMPUTERS | |
US4215340A (en) | Process for the automatic signalling of faults of a static automatic module and a module for realizing the process | |
GB1444513A (en) | Control method using computers operating in parallel | |
US5008745A (en) | Clock synchronized digital TV motion detector | |
FR2661998B1 (en) | DEVICE FOR PROCESSING HIGH SECURITY DATA WITH TWO OPERATING STATES. | |
GB1284506A (en) | Improvements in or relating to data processing systems | |
Frison et al. | INTERACTIVE CONSISTENCY AND ITS IMPACT ON THE DESIGN IN TMR SYSTEMS | |
GB1373014A (en) | Processor security arrangements | |
ATE135486T1 (en) | COVER DEVICE FOR BLOCKING ACCESS TO STORAGE UNITS OF A DATA PROCESSING UNIT | |
KR100238174B1 (en) | Parallel processor system | |
JPS6448152A (en) | Memory write protection system | |
KR920015199A (en) | Processor failure prevention system using redundant processor | |
JPH05189325A (en) | Double system electronic computer | |
US5218606A (en) | Current-spare switching control system | |
Zagurek | Protecting the database. | |
ES2185131T3 (en) | PROCEDURE FOR ISOLATING A DEFECTIVE COMPUTER IN A MULTI-COMPUTER SYSTEM TOLERANT TO ERRORS. | |
SU1721608A1 (en) | Three-channel computing system failure display panel | |
RU1833876C (en) | Device for majority signal selection | |
KR950029968A (en) | Failover Systems in Multiprocessor Systems | |
GB1116877A (en) | Improvements relating to radiation detectors | |
JPS63250753A (en) | Memory access checking system | |
JPS6451562A (en) | Multi-processor system |