EP1853979A1 - Commande machine comportant une fonction de securite - Google Patents

Commande machine comportant une fonction de securite

Info

Publication number
EP1853979A1
EP1853979A1 EP06707010A EP06707010A EP1853979A1 EP 1853979 A1 EP1853979 A1 EP 1853979A1 EP 06707010 A EP06707010 A EP 06707010A EP 06707010 A EP06707010 A EP 06707010A EP 1853979 A1 EP1853979 A1 EP 1853979A1
Authority
EP
European Patent Office
Prior art keywords
standard
safety
controller
bus
security
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
EP06707010A
Other languages
German (de)
English (en)
Inventor
Thomas Staab
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Bosch Rexroth AG
Original Assignee
Bosch Rexroth AG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bosch Rexroth AG filed Critical Bosch Rexroth AG
Publication of EP1853979A1 publication Critical patent/EP1853979A1/fr
Ceased legal-status Critical Current

Links

Classifications

    • BPERFORMING OPERATIONS; TRANSPORTING
    • B23MACHINE TOOLS; METAL-WORKING NOT OTHERWISE PROVIDED FOR
    • B23QDETAILS, COMPONENTS, OR ACCESSORIES FOR MACHINE TOOLS, e.g. ARRANGEMENTS FOR COPYING OR CONTROLLING; MACHINE TOOLS IN GENERAL CHARACTERISED BY THE CONSTRUCTION OF PARTICULAR DETAILS OR COMPONENTS; COMBINATIONS OR ASSOCIATIONS OF METAL-WORKING MACHINES, NOT DIRECTED TO A PARTICULAR RESULT
    • B23Q35/00Control systems or devices for copying directly from a pattern or a master model; Devices for use in copying manually
    • B23Q35/04Control systems or devices for copying directly from a pattern or a master model; Devices for use in copying manually using a feeler or the like travelling along the outline of the pattern, model or drawing; Feelers, patterns, or models therefor
    • B23Q35/08Means for transforming movement of the feeler or the like into feed movement of tool or work
    • B23Q35/12Means for transforming movement of the feeler or the like into feed movement of tool or work involving electrical means
    • B23Q35/127Means for transforming movement of the feeler or the like into feed movement of tool or work involving electrical means using non-mechanical sensing
    • B23Q35/128Sensing by using optical means
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/72Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/85Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/30Nc systems
    • G05B2219/36Nc in input of data, input key till input tape
    • G05B2219/36248Generate automatically machining, stitching points from scanned contour
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/30Nc systems
    • G05B2219/37Measurements
    • G05B2219/37379Profile, diameter along workpiece
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/30Nc systems
    • G05B2219/45Nc applications
    • G05B2219/45044Cutting

Definitions

  • the invention relates to a programmable control for machine and / or plant automation with a standard controller with standard control functions and a .
  • Safety control based on a personal computer (PC) with a PC CPU and a PC bus, the PC being operated with a standard operating system and the standard functions being provided on the PC or a standard PC plug-in module. Control are realized.
  • PC personal computer
  • the invention further relates to a method for operating such a programmable controller.
  • Control systems based on automation and drive bus systems are today used in large numbers, in particular in automated manufacturing processes.
  • manufacturing machines are controlled by means of one or more mostly programmable controllers via the bus systems.
  • data can be passed from the production devices to the controller, for example via the respective process and machine parameters, via the bus systems.
  • control system is subject to increased requirements regarding fault and failure safety.
  • Design guidelines for such control systems are laid down in standards such as EN 954 and EN 61508.
  • desired Safety category or the desired safety integrity level Measures such as dual-channel redundant design, cyclical diagnosis in operation with sufficient coverage or sufficiently low error and probability of failure prescribed.
  • Safety controllers approved today are therefore more likely to be assigned to the single control area. Due to their safety overhead, they are not economically viable for standard tasks and are less suitable for demanding automation tasks because of their simplicity. Their use is therefore generally limited to safety applications.
  • DE 199 27 635 discloses an automation system which has at least one bus system, I / O bus users connected thereto and a standard control device and at least one safety analyzer, wherein the safety analyzer overhears the data flow via the bus system and is designed to execute at least safety-related functions.
  • the standard control device controls at least one safety-related output and the The safety analyzer is set up to check and / or process safety-related data in the bus data stream.
  • Process control is performed with the processing of process-bound I / O data and a safety-related control with the processing of safety-related data and further processing of safety-related data is performed on at least one safety analyzer, wherein in the safety analyzer safety-related data, in particular safety-related link data in
  • the system allows the implementation of standard functions based on a PC solution.
  • the separation between standard function and safety function occurs at fieldbus level.
  • the object of the invention relating to the device of the programmable controller is achieved in that the safety controller consists of one or more with the PC- Bus-related security modules exists and that security-certified firmware is provided in the security modules.
  • the control according to the invention thus offers a separation between the non-safety-related ⁇ standard function and the safety function through modular division within the control unit.
  • the standard function is subject to this division no safety-related restrictions and can be correspondingly complex, for example, based on a standard PC processor and a standard operating system, realized.
  • the tasks of the security modules are limited to the. safety applications of the system and are designed and certified for its requirements. They are designed in such a way that, in the event of a fault, they can autonomously achieve the attainment of a secure state on their own.
  • the safety-related units can monitor each other and thus ensure the achievement of a secure state for the entire system.
  • Standard functions and safety-related functions can thus be integrated on a PC-based hardware platform.
  • the programmable controller is designed as a feedback-free combination of standard control functions and at least one safety module.
  • the freedom from retroactivity must be proven during certification. It prevents malfunctioning of the standard controller from affecting the safety features of the safety controller. If the freedom from feedback is guaranteed, PC-based solutions or even software control on a standard PC are possible for standard functions.
  • the at least one security module is designed as a PC plug-in module with at least one interface to a PC bus.
  • the plug-in module can be adapted directly to the PC-PCI bus or it can be connected via a separate PCI Interface to be connected to the standard controller.
  • the infrastructure of the PC such as the power supply, can be used.
  • the standard control functions are implemented in a running in the PC-CPU under control of the PC operating system software and the security module has an interface to the PC bus.
  • the connection between the standard controller and the safety module is made via the PC-PCI bus. It thus existing units of the PC are used as PC-CPU 3 PC operating system and PC-PCI bus and ' no additional components are needed for the realization of the standard control functions.
  • the standard control functions are implemented in a PC plug-in module and this PC plug-in module has an interface 'for connection to the safety controller.
  • the PC serves as the controller of the functional unit control (safety and standard control) and provides the infrastructure (power supply unit, operating and display function, etc.) required to operate this control.
  • the programming and configuration software can be available as an application on the PC.
  • the control function itself, represented by the application program, runs independently of the PC and its operating system on the PC plug-in module, under the control of a runtime system and a separate real-time operating system.
  • a particularly variable architecture of the programmable controller with regard to the usable interfaces provides that the communication interfaces of the programmable controller are part of the.
  • PC plug-in modules of the standard controller are and / or designed as additional interface modules in the form of plug-in cards.
  • control of plant parts or manufacturing equipment and machines is made possible by one or more decentralized digital and / or analog outputs via an automation bus and / or designed for the drive communication Drive bus within the programmable controller can be controlled.
  • the programmable controller is connected via the automation bus and / or the drive bus to drives which can be controlled via the respective bus, a large number of commercially available drives can be connected to the programmable controller.
  • Simplified programming of the standard and safety functions can be achieved by providing a standard engineering and programming interface for programming standard functions and safety functions.
  • the programmer will combine the engineering and programming software for the standard and for the safety functions before and does not have different systems as a consistent unified user interface for '.
  • the object relating to the method is achieved by the fact that security functions are executed exclusively in security modules. This ensures that a clear separation of safety-related functions and standard functions is possible, which allows separate certification of the safety-relevant modules.
  • the standard controller realizes a master function for the data transmission via the PC bus when implementing the standard control functions in the PC CPU as well as in the form of a PC plug-in module, it can be achieved that the standard controller is the safety-relevant one as well as non-security-relevant data can be distributed to the respectively associated interfaces.
  • the security module at least temporarily performs the master function for the security-related data transmission via the PC bus, it is possible to achieve that the security module connected to the PC bus of the PC plug-in module It is preferable to handle high-priority data without interfering with the traffic on the PC-PCI bus.
  • safety controller can access interfaces and / or the standard controller directly, safety-relevant processes can be triggered without the standard controller initiating a data transfer.
  • FIG. 1 shows a schematic representation of the basic system architecture
  • FIG. 2 shows an embodiment with a security module on the PC-PCI bus
  • FIG. 3 shows an embodiment with the security module on the bus of a standard controller in the form of a PC plug-in module.
  • FIG. 1 shows an overview of the system architecture of a safety controller with a function module for safety functions.
  • the programmable controller 1 consists of a personal computer (PC) 10 and with it via an automation bus 40, a drive bus 50 and other non-secure communication links 60 connected external devices.
  • the PC 10 is constructed of a standard controller 20 and a safety controller 30 connected thereto via a PC bus 12.
  • the standard controller 20 is loaded via a programming 70 with programs for the operating system, standard functions and also security functions. Over all system levels, a mixed operation of safe and non-safe control functions and components is provided.
  • the automation bus 40 connects the standard controller 20 to a decentralized standard input / output (I / O) 41, a decentralized safety input / output (I / O) 42 and one or more drives 43, each consisting of a drive controller 44 and an integrated safety function 45 are constructed.
  • the safety function 45 autonomously ensures that a safe state is reached in the event of an error.
  • the distributed standard I / O 41 and the distributed safety I / O 42 can process digital and analog signals.
  • the data transmission between the safety controller 30 and the decentralized safety I / O 42 takes place via the transmission paths used also for the non-secure communication, but is additionally secured by the error models known from the standards and the literature.
  • checksums For this purpose, methods such as the formation of checksums, numbering, time monitoring and redundancy can be used. These procedures are used to create data packets that are transported intact via the standard components and standard channels ("gray channels"), and only in the respective communication end users who check the data packets for safety integrity.
  • further drives 51 are connected via the drive bus 50 to the standard controller 20. Like the drives 43, they have drive controllers 52 and integrated safety functions 53, which autonomously ensure the achievement of a safe condition in the event of a fault.
  • the non-secure functional units execute the standard functions.
  • the safety-related functional units are designed so that the standard functions have no direct influence on the safety functions.
  • the non-secure functional units are therefore not subject to safety-related restrictions. In the development of hardware and software therefore no need security-specific rules are applied. In particular. As a result, changes to these functional units have no effect on the safety functions.
  • Each of the safety - related functional units has the required safety category (Cat. 3 or Cat. 4 according to EN 954-1) or the safety class
  • To program 70 of the programmable controller 1 is an engineering suite can be provided • includes the programming and parameterization of safety-related functional units.
  • the tools provided for this purpose are certified in accordance with the desired security categories or security integrity levels.
  • the advantage here is that the user can use a consistent programming interface for standard and safety functions.
  • FIG. 2 shows an embodiment of the PC 10 in which the standard controller 20 acts on the PC bus 12 either as a PC CPU 11 or as a PC plug-in module 21 with an interface 22.
  • the standard controller may be implemented as pure software when using the PC-CPU 11.
  • the safety controller 30 is connected directly to the PC bus 12 in the form of one or more security modules 31, 32.
  • the PC bus 12 can be designed as a standard PCI bus. Interface modules 23 are acted upon by the PC-CPU 11 via the PC bus 12 with data and queried.
  • the PC 10 provides the infrastructure of power supply, control and display function and also interface modules 23 for both the standard controller 20 and the security controller 30 available.
  • FIG. 3 shows an embodiment in which, in addition to the safety controller 30 directly connected to the PC bus 12 shown in FIG.
  • another safety controller 30 is connected to a PC bus 13 of the standard controller 20 embodied as a functional module is.
  • the security of the data transmission is maintained during the data transmission between the safety controller 30 arranged on the PC bus 13 and the decentralized safety I / O 42 and / or the drives 43, 51 not shown here.
  • the master functionality for data transfer over the PC bus 12 is perceived by the standard controller 20. It initiates and monitors the data transfer and distributes the data to the interfaces 23. For data transfer via the PC bus .
  • the standard controller 20 embodied as a PC plug-in module 21
  • the standard controller 20 generally also assumes the master functionality.
  • PC bus 13 is temporarily or permanently assigned to the safety controller 30, the master functionality and can access the interfaces 23 and the standard controller 20 directly. Furthermore, it is conceivable that in this embodiment, the safety controller

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Automation & Control Theory (AREA)
  • Mechanical Engineering (AREA)
  • Programmable Controllers (AREA)

Abstract

L'invention concerne une commande programmable destinée à l'automatisation de machines et/ou d'installations, comportant une commande standard présentant des fonctions de commande standard, et une commande de sécurité présentant des commandes de sécurité, sur la base d'un ordinateur personnel (PC) pourvu d'une unité centrale de PC et d'un bus de PC. Le PC est exploité au moyen d'un système d'exploitation standard et les fonctions standard sont réalisées sur le PC ou sur un module d'insertion de PC pour la commande standard. Selon l'invention, la commande de sécurité est composée d'un ou plusieurs modules de sécurité connectés au bus de PC, et un micrologiciel à sécurité certifiée est prévu dans les modules de sécurité. Par ailleurs, la commande permet de séparer la fonction standard non sécurisée et la fonction de sécurité par répartition modulaire au sein de l'appareil de commande. La fonction standard n'est soumise à aucune restriction de sécurité lors de cette répartition et peut ainsi être réalisée de façon complexe, par exemple sur la base d'un processeur de PC standard et d'un système d'exploitation standard.
EP06707010A 2005-02-17 2006-02-16 Commande machine comportant une fonction de securite Ceased EP1853979A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102005007477.4A DE102005007477B4 (de) 2005-02-17 2005-02-17 Programmierbare Steuerung zur Maschinen-und/oder Anlagenautomatisierung mit Standard-Steuerungs- und Sicherheitsfunktionen und Kommunikation mit einer Sicherheits-EA sowie Verfahren zum Betrieb der programmierbaren Steuerung
PCT/EP2006/001409 WO2006087191A1 (fr) 2005-02-17 2006-02-16 Commande machine comportant une fonction de securite

Publications (1)

Publication Number Publication Date
EP1853979A1 true EP1853979A1 (fr) 2007-11-14

Family

ID=36202171

Family Applications (1)

Application Number Title Priority Date Filing Date
EP06707010A Ceased EP1853979A1 (fr) 2005-02-17 2006-02-16 Commande machine comportant une fonction de securite

Country Status (3)

Country Link
EP (1) EP1853979A1 (fr)
DE (1) DE102005007477B4 (fr)
WO (1) WO2006087191A1 (fr)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE202012013193U1 (de) 2012-06-26 2015-05-06 INTER CONTROL Hermann Köhler Elektrik GmbH & Co KG Vorrichtung für eine sicherheitskritische Anwendung
RU2638000C1 (ru) * 2017-02-08 2017-12-08 Акционерное общество "Лаборатория Касперского" Способ контроля системы исполнения программируемого логического контроллера
DE102019125867B4 (de) 2019-09-25 2022-05-05 Keba Industrial Automation Germany Gmbh Programmierbarer elektronischer Leistungssteller

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0671030A1 (fr) * 1992-11-30 1995-09-13 Base 10 Systems, Inc. Processeur et methode a securite intrinseque pour systeme de traitement de donnees
EP0742498A3 (fr) * 1995-05-11 1998-01-14 Siemens Aktiengesellschaft Implantation d'un programme code monocanal dans un système à structure à double canaux orienté sûreté
DE29824062U1 (de) * 1998-07-30 2000-04-20 Bosch Gmbh Robert Sicherheitsvorrichtung für eine speicherprogrammierbare Steuerung
US6647301B1 (en) * 1999-04-22 2003-11-11 Dow Global Technologies Inc. Process control system with integrated safety control system
DE19927635B4 (de) * 1999-06-17 2009-10-15 Phoenix Contact Gmbh & Co. Kg Sicherheitsbezogenes Automatisierungsbussystem
US7289861B2 (en) * 2003-01-28 2007-10-30 Fisher-Rosemount Systems, Inc. Process control system with an embedded safety system
US7565660B2 (en) * 2002-09-26 2009-07-21 Siemens Energy & Automation, Inc. System and method for universal extensibility that supports a plurality of programmable logic controllers

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO2006087191A1 *

Also Published As

Publication number Publication date
WO2006087191A1 (fr) 2006-08-24
DE102005007477A1 (de) 2006-08-24
DE102005007477B4 (de) 2015-06-11

Similar Documents

Publication Publication Date Title
DE10353950C5 (de) Steuerungssystem
EP2315088B1 (fr) Commande de sécurité
DE102009054157B3 (de) Steuerungssystem zum Steuern von sicherheitskritischen und nichtsicherheitskritischen Prozessen
DE102009042368B4 (de) Steuerungssystem zum Steuern von sicherheitskritischen Prozessen
EP1923759B1 (fr) Procédé et système de transmission de données sécurisée
EP0742500A2 (fr) Fonctions de commutateur simple et à contact à sûreté intégrée avec évitement d'erreur
DE19928517A1 (de) Steuerungssystem zum Steuern von sicherheitskritischen Prozessen
EP2246756B1 (fr) Procédé et appareil de commande destinés à commander un composant d'automatisation industriel lié à la sécurité
DE102017109886A1 (de) Steuerungssystem zum Steuern von sicherheitskritischen und nichtsicherheitskritischen Prozessen mit Master-Slave-Funktionalität
DE102008044018A1 (de) Verfahren zum Bestimmen einer Sicherheitsstufe und Sicherheitsmanager
WO2010060573A2 (fr) Commande de sécurité et procédé pour commander une installation automatisée comprenant une pluralité de composants matériels
EP3098673A1 (fr) Procede et dispositif de validation automatique de fonctions de securite sur un systeme de securite construit de façon modulaire
EP3100121A1 (fr) Procédé et dispositif pour déconnecter en toute sécurité une charge électrique
EP2835699A1 (fr) Dispositif et procédé de configuration et/ou de programmation d'un contrôleur de sécurité
DE102005007477B4 (de) Programmierbare Steuerung zur Maschinen-und/oder Anlagenautomatisierung mit Standard-Steuerungs- und Sicherheitsfunktionen und Kommunikation mit einer Sicherheits-EA sowie Verfahren zum Betrieb der programmierbaren Steuerung
EP2701019B1 (fr) Procédé de paramétrage d'un appareil de terrain, appareil de terrain correspondant et système de paramétrage
EP3470939B1 (fr) Procédé et système de surveillance de l'intégrité de sécurité d'une fonction de sécurité fournie par un système de sécurité
EP2013731B1 (fr) Agencement de circuit et procédé permettant de faire fonctionner un agencement de circuit
EP1248168A2 (fr) Appareil et procédé pour obtenir des informations de diagnostic
DE102011005239B4 (de) Sicherheitssystem sowie Verfahren zum Austauschen von sicherheitsgerichteten Daten in einem Sicherheitssystem
WO2011113405A1 (fr) Groupement d'appareils de commande
WO2017144176A1 (fr) Aéronef
DE102021123596A1 (de) Technik zur Bereitstellung einer Diagnosefunktionalität für eine auf einer speicherprogrammierbaren Steuerung basierenden Anwendung
DE202013103586U1 (de) Vorrichtung zum Konfigurieren und/oder Programmieren einer Sicherheitssteuerung
EP2482154A1 (fr) Procédé et appareil de commande destinés à commander un composant d'automatisation industriel orienté vers la protection

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20070917

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC NL PL PT RO SE SI SK TR

17Q First examination report despatched

Effective date: 20080103

DAX Request for extension of the european patent (deleted)
APBK Appeal reference recorded

Free format text: ORIGINAL CODE: EPIDOSNREFNE

APBN Date of receipt of notice of appeal recorded

Free format text: ORIGINAL CODE: EPIDOSNNOA2E

APBR Date of receipt of statement of grounds of appeal recorded

Free format text: ORIGINAL CODE: EPIDOSNNOA3E

APAF Appeal reference modified

Free format text: ORIGINAL CODE: EPIDOSCREFNE

REG Reference to a national code

Ref country code: DE

Ref legal event code: R003

APBT Appeal procedure closed

Free format text: ORIGINAL CODE: EPIDOSNNOA9E

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN REFUSED

18R Application refused

Effective date: 20130412