FI3776098T3 - System and method for operating a system - Google Patents

System and method for operating a system Download PDF

Info

Publication number
FI3776098T3
FI3776098T3 FIEP19712511.5T FI19712511T FI3776098T3 FI 3776098 T3 FI3776098 T3 FI 3776098T3 FI 19712511 T FI19712511 T FI 19712511T FI 3776098 T3 FI3776098 T3 FI 3776098T3
Authority
FI
Finland
Prior art keywords
unit
electrical device
logic unit
switch
logic
Prior art date
Application number
FIEP19712511.5T
Other languages
Finnish (fi)
Inventor
Jens Onno Krah
Original Assignee
Sew Eurodrive Gmbh & Co
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sew Eurodrive Gmbh & Co filed Critical Sew Eurodrive Gmbh & Co
Application granted granted Critical
Publication of FI3776098T3 publication Critical patent/FI3776098T3/en

Links

Classifications

    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B9/00Safety arrangements
    • G05B9/02Safety arrangements electric
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B19/00Programme-control systems
    • G05B19/02Programme-control systems electric
    • G05B19/18Numerical control [NC], i.e. automatically operating machines, in particular machine tools, e.g. in a manufacturing environment, so as to execute positioning, movement or co-ordinated operations by means of programme data in numerical form
    • G05B19/406Numerical control [NC], i.e. automatically operating machines, in particular machine tools, e.g. in a manufacturing environment, so as to execute positioning, movement or co-ordinated operations by means of programme data in numerical form characterised by monitoring or safety
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/10Plc systems
    • G05B2219/14Plc safety
    • G05B2219/14116Safe, emergency shutdown, esd of system
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/20Pc systems
    • G05B2219/24Pc safety
    • G05B2219/24003Emergency stop
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/30Nc systems
    • G05B2219/50Machine tool, machine tool null till machine tool work handling
    • G05B2219/50198Emergency stop
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/02Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Automation & Control Theory (AREA)
  • Human Computer Interaction (AREA)
  • Manufacturing & Machinery (AREA)
  • Safety Devices In Control Systems (AREA)
  • Selective Calling Equipment (AREA)
  • Molding Of Porous Articles (AREA)
  • Control And Safety Of Cranes (AREA)

Claims (15)

  1. System, and method for operating a system Description: The invention relates to a system and to a method for operating a system.
    It is generally known that, in an emergency stop switch with two mutually independent contacts, the two contacts are actuated simultaneously when the switch is actuated.
    WO2004059812A1 discloses a motor controller comprising a control unit and a safety device for safely switching off an electric motor.
    WO 2017 / 064 565 A1 discloses a system comprising electrical devices connected via a data bus.
    US 2017 / 0 324 515 A1 discloses a flight safety system.
    EP 1 866 712 B1, as the closest prior art, discloses a method for the safe, systematic and exclusive assignment of the command authorization of an operator to a controllable technical installation.
    The problem addressed by the invention is therefore that of developing a drive system that has a high degree of safety, while using as few additional parts as possible.
    According to the invention, the problem is solved by the features specified in claim 1 in the case of the system and by the features specified in claim 11 in the case of the method.
    The data bus therefore connects two electrical devices and at least one apparatus in which a two-channel emergency stop switch can be provided or to which a two- channel emergency stop switch can be connected.
    However, the data bus itself is only single-channel.
    Preferably, each channel of the switch is transmitted via the data bus in a safety- oriented manner.
    The first channel is transmitted to the first electrical device, in particular to the first logic unit, and the other channel is transmitted to the second logic unit of the second electrical device.
    The transmission of the information packets on the data bus is likewise carried out in a safety-oriented manner.
    To this end, for each channel, first signal electronics of the emergency stop switch are used to generate the data of a respective information packet, and the CRC of the information packet is generated by second signal electronics.
    When the information packet is received in the first electrical device, a check is again carried out, in a safety-oriented manner, to ascertain whether the CRC matches the data of the information packet.
    In the event of a discrepancy, a switch-off signal is generated.
    To increase the degree of safety, a redundant transmission of the information packets can also be carried out, wherein the two signal electronics of the emergency stop switch determine the CRC in a crosswise manner, and a crosswise check is accordingly performed at the receiver.
    In any event, the data transmission is thus carried out in a safety-oriented manner.
    The advantage here is that the electrical device can be switched off via two channels and thus satisfies a higher safety category, even though only an inexpensive single-channel data bus is used.
    This is because the two channels are actuated by the logic units.
    These logic units, in particular FPGAs, are customary in electrical devices and are usually present even without a safety function.
    According to the invention, a computing capacity of the second logic unit is now used to establish the higher degree of safety.
    The electronics of two electrical devices therefore monitor each other reciprocally.
    There is therefore no need for a higher-level safety controller in addition to the central controller.
    However, the logic units, and also the computer units, are preferably designed as bus subscribers.
    This means that each logic unit has an address and each computer unit likewise has an address.
    Alternatively, however, it is also possible for just one single bus address to be assigned to each electrical device, and the data streams can then be routed via two ports of a bus subscriber unit.
    In any event, an electrical device can be switched off in a safety-oriented manner not only by the first logic unit, which is arranged on the electrical device itself, but also by a second logic unit, which is arranged on the other electrical device.
    In one advantageous embodiment, a second circuit part of the second electrical device is designed in such a way as to be able to be redundantly switched off, in particular is designed in such a way as to be able to be redundantly switched off by the second logic unit and by the first logic unit.
    The advantage here is that a high safety category can be achieved.
    This is because the second electrical device is constructed in a manner corresponding to the first electrical device.
    However, the main difference between the two electrical devices is that the software of the first logic unit has diversity in relation to the software of the second logic unit.
    To facilitate manufacture, two software packages are provided in each of the electrical devices.
    In the first electrical device, the first of the software packages is then used for the first logic unit, and the other, i.e. the second, is used for the first computer unit.
    Conversely, in the second electrical device, the second of the software packages is used for the second logic unit, and the first is used for the second computer unit.
    In one advantageous embodiment, a first switch-off signal voltage can be generated by the first logic unit,
    and a switch-off command generated by the second logic unit can be received by the first computer unit, and a second switch-off signal voltage can be generated as a function thereof, wherein the two switch-off signal voltages are routed to the first circuit part, in particular via separate conductor tracks of a printed circuit board of the first electrical device, in order to redundantly switch off the first circuit part.
    The advantage here is that, like the first logic unit, the second channel also uses a safety-oriented computer unit, but the software is selected with diversity in relation to each other.
    The first logic unit and the first computer unit monitor each other reciprocally and are preferably both designed in lockstep technology.
    In one advantageous embodiment, a third switch-off signal voltage can be generated by the second logic unit,
    and a switch-off command generated by the first logic unit can be received by the second computer unit, and a fourth switch-off signal voltage can be generated as a function thereof,
    wherein the third and the fourth switch-off signal voltage are routed to the second circuit part, in particular via separate conductor tracks of a printed circuit board of the second electrical device, in order to redundantly switch off the second circuit part.
    The advantage here is that safety can be established by using a structurally identical second electrical device.
    If the electrical devices are designed as converters, the computing capacities available on the converter can therefore be used for the reciprocal monitoring and to provide two-channel safety.
    In one advantageous embodiment, the first logic unit, the second logic unit, the first computer unit and the second computer unit are each designed as a lockstep unit, in particular as an FPGA with a lockstep microcontroller,
    in particular wherein results of the first and second logic unit are exchanged with each other in a cyclically recurring manner and are compared, wherein, as a function of the result of the comparison, in particular in the event of a discrepancy, the first logic unit generates a signal voltage for switching off the switching unit and the first computer unit likewise generates a signal voltage for switching off
    — the switching unit, in particular wherein results of the first logic unit and first computer unit are exchanged with each other in a cyclically recurring manner and are compared, wherein, as a function of the result of the comparison, in particular in the event of adiscrepancy, the first logic unit generates a signal voltage for switching off the switching unit and the first computer unit likewise generates a signal voltage for switching off the switching unit, in particular wherein results of the second logic unit and second computer unit are exchanged with each other in a cyclically recurring manner and are compared, wherein, as a function of the result of the comparison, in particular in the event of a discrepancy, the first logic unit generates a signal voltage for switching off the switching unit and the first computer unit likewise generates a signal voltage for switching off the switching unit.
    The advantage here is that a high safety category can be achieved.
    Only a low manufacturing effort is 5 necessary since each electrical device contains two different software packages, which are assigned to the respective logic unit and computer unit.
    The hardware of the two units is designed in such a way that each of the two software packages can run on the respective hardware of each of the units.
    Two units with diversity therefore work to monitor each other within the electrical device.
    However, the units of the two electrical devices that monitor each other, i.e. the first and the second logic unit, are also designed with diversity in relation to each other.
    In this way, a high safety category can be achieved.
    In one advantageous embodiment, the respective logic unit is composed of a plurality of sub-units, which are connected to each other in each case by means of a respective communication link for exchanging data.
    The advantage here is that an even higher safety category can be achieved.
    In one advantageous embodiment, in each of the electrical devices, a further computer unit, in particular having a microcontroller, is provided for generating pulse-width-modulated actuation signals for the switching unit of the respective electrical device, wherein the further computer unit is connected to an angle sensor, in particular in order to feed the sensor signals of the angle sensor to the further computer unit.
    The advantage here is that the non-safety-oriented parts of the electrical devices can be operated in a simple manner, in particular in a non-safety-oriented manner, even though the system of electrical devices as a whole satisfies a high safety category.
    In one advantageous embodiment, the first logic unit and the first computer unit are designed with diversity in relation to each other, in particular wherein the first logic unit has first software and the first computer unit has second software different from the first software, and the second logic unit and the second computer unit are designed with diversity in relation to each other,
    in particular wherein the second logic unit has the second software and the second computer unit has the first software.
    The advantage here is that a high safety category can be achieved.
    The safety-oriented design of the system as a whole is thus inexpensive and can be implemented without particular additional effort.
    In one advantageous embodiment, the first and the second electrical device are spaced apart from each other.
    The advantage here is that the electrical devices can be assigned different drives.
    In one advantageous embodiment, each of the electrical devices has a watchdog unit which monitors whether the respective logic unit and computer unit are or are not exchanging the results in a cyclically recurring manner, wherein, as a function of the result of the monitoring, a signal voltage for switching off the switching unit is generated.
    The advantage here is that safety is increased.
    This is because, in this way, it is independently checked that the two units are executing their locksteps.
    In the case of the method, one advantage is that a high degree of safety can easily be achieved.
    In particular, no additional safety devices are necessary.
    In one advantageous embodiment, the two-channel control command is generated by a switch with two mutually independent, mechanically coupled, jointly actuated contacts, in particular wherein the first channel of the control command is generated by the first of the two contacts, and wherein the second channel of the control command is generated by the second of the two contacts.
    The advantage here is that a — safety-oriented switch can be used.
    In one advantageous embodiment, the first and the second logic unit are each designed as a lockstep unit, wherein results of the two logic units are reciprocally transmitted via the data bus in a cyclically recurring manner and are compared, wherein, in the event of a discrepancy, the first logic unit generates the signal voltage and the second logic unit forwards a switch-off command via the data bus to the first computer unit, the latter generating, as a function of this switch-off command, a signal voltage, in particular a switch-off signal voltage, which is electrically, in particular galvanically, forwarded to the first circuit part.
    The advantage here is that a high degree of safety can be achieved.
    In one advantageous embodiment, the first and/or second computer unit are each designed as a lockstep unit,
    wherein results of the first computer unit and the first logic unit are reciprocally transmitted via a data exchange line of the first electrical device in a cyclically recurring manner and are compared, wherein, in the event of a discrepancy, both the first logic unit and the first computer unit generates the signal voltage, in — particular the switch-off signal voltage, which is electrically, in particular galvanically, forwarded to the first circuit part, and/or wherein results of the second computer unit and the second logic unit are reciprocally transmitted via a data exchange line of the second electrical device in a cyclically recurring manner and are compared, wherein, in the event of a discrepancy, both the second logic unit and the second computer unit generates the signal voltage, in particular the switch-off signal voltage, which is electrically, in particular galvanically, forwarded to the second circuit part.
    The advantage here is that a high safety category can be achieved, even though only an inexpensive single-channel data bus is used.
    In one advantageous embodiment, in each of the electrical devices, a further computer unit, in particular having a microcontroller, generates pulse-width- modulated actuation signals for the switching unit of the respective electrical device as a function of sensor signals of an angle sensor of an electric motor powered by the respective electrical device.
    The advantage here is that the further computer unit can be designed as a microcontroller for the controlled operation of the electric motor.
    The electrical devices are therefore then converters which power a respective electric motor.
    The electric motor can therefore be controlled as a function of the angle sensor signal.
    Further advantages emerge from the dependent claims. The invention will now be explained in greater detail with reference to schematic drawings:
    Fig. 1 shows a system according to the invention, comprising a controller 1 and two electrical devices, in particular converters, which are connected to the controller 1 via a data bus 6.
    Fig. 2 illustrates another embodiment. As shown in the figures, the first electrical device 7 has a computer unit 4 and a first logic unit 2. Similarly, the second electrical device 8 has a computer unit 5 and a second logic unit 3. The computer units (4, 5) are preferably designed as FPGAs, in particular as lockstep FPGAs. It is advantageous if the two logic units (2, 3) are each designed with a microcontroller. However, it is also advantageous if said logic units are each designed as an electronic circuit with a microcontroller or with an FPGA that has a microcontroller. The two logic units (2, 3) are preferably designed as FPGAs, in particular as lockstep FPGAs. It is advantageous if the two logic units (2, 3) are each designed with a microcontroller. The data bus 6 is designed as a safety data bus. To this end, two-channel safety is achieved on a single-channel communication channel in that each information packet contains data and a checksum, wherein, at the sender, a first logic generates the data and a second logic generates the checksum for an information packet of the first channel, and vice versa for an information packet of the second channel. The controller is connected to an emergency stop switch which has two mutually independent contacts, so that the actuation of the switch is transmitted from the controller 1 via both channels of the data bus 6 to the electrical devices (7, 8).
    The first and the second logic unit (2, 3), as bus subscribers, are connected via the data bus 6 for information exchange purposes and compare their respective results.
    The emergency stop command sent by the controller via the first channel is recognized by the first logic unit 2, and the latter generates a control signal as a function thereof, which causes at least one switch of the first electrical device 7 to be switched off.
    The emergency stop command sent by the controller via the second channel is recognized by the second logic unit 3, and this command is forwarded via the data bus 6 to the first computer unit 4, which recognizes this command and generates a control signal as a function thereof, which causes the at least one switch of the first electrical device 7 to be switched off.
    This redundant switching-off of the switch of the first electrical device 7 can be achieved by a series connection of two controllable semiconductor switches, wherein the series connection controls a supply voltage or an actuation voltage for the switch of the first electrical device, and wherein the first of the two controllable semiconductor switches is actuated by the first logic unit 2 and the second is actuated by the first computer unit 4.
    The first electrical device 7 can therefore be switched off via two channels.
    The second electrical device 8 is likewise designed in such a way as to be able to be switched off via two channels.
    In terms of hardware, the second electrical device 8 is preferably structurally identical to the first electrical device 7.
    If the electrical devices (7, 8) as designed as converters, the respective switch is part of an inverter of the respective converter, the respective inverter taking a unipolar voltage and providing a respective AC voltage to a respective electric motor.
    The first computer unit 4 executes a control or regulation process so that the electric motor powered by the first converter 7 is operated accordingly.
    The second computer unit 5 executes a control or regulation process so that the further electric motor powered by the second converter 8 is operated accordingly. In further exemplary embodiments according to the invention, the two logic units (2, 3) are designed as lockstep units. In this case, a respective current result of the first logic unit 2 is compared with the respective current result of the second logic unit 3 in a temporally recurring manner and, in the event of a discrepancy, likewise triggers the two-channel switch-off. The data bus 6 is used for the data exchange, that is to say for the reciprocal transmission of the respective results. In a further exemplary embodiment according to the invention, as illustrated in
    Fig. 2, each electrical device has only a single bus address. The data streams intended for the respective logic unit (2, 3) and the respective computer unit (4, 5) are in this case forwarded by a bus subscriber unit (20, 21) of the electrical device (7, 8), which has the bus address and is connected to the data bus 6, to the respective logic unit (2, 3) of the electrical device (7, 8) via a first connection of the bus subscriber unit and to the respective computer unit (4, 5) of the electrical device via a second connection of the bus subscriber unit. The bus address of the first electrical device 7 is thus assigned to the bus subscriber unit 20. The data stream from or to the first logic unit 2 is routed to or from the logic unit 2 via a first connection of the bus subscriber unit 20. The data stream to the first computer unit 4 is routed to or from the logic unit 2 via a second connection of the bus subscriber unit 20. The mode of operation is the same in the second converter. The first, in particular upper, controllable semiconductor switch can be switched off by the first logic unit 2 by means of a control line, in particular a conductor track of the printed circuit board. The second, in particular lower, controllable semiconductor switch can be switched off by the first computer unit 4 by means of another control line, in particular likewise a conductor track of the printed circuit board.
    The series connection formed of the first and the second controllable semiconductor switch is supplied from a DC link voltage, which can be provided by a mains-fed rectifier. Atwo-channel switch-off of the first electrical device 7 can therefore be executed, and thus a high safety category can be achieved. In the second electrical device 8, the first, in particular upper, controllable semiconductor switch can be switched off by the second logic unit 3 by means of a control line, in particular a conductor track of the printed circuit board. The second, in particular lower, controllable semiconductor switch can be switched off by the second computer unit 5 by means of another control line, in particular likewise a conductor track of the printed circuit board. The series connection formed of the first and the second controllable semiconductor switch of the second electrical device 8 is supplied from a DC link voltage, which can be provided by a mains-fed rectifier of the second electrical device 8. A two-channel switch-off of the second electrical device 8 can therefore be executed, and thus a high safety category can be achieved. As shown in Fig. 2, the emergency stop switch 22 is also designed as a bus subscriber and is connected to the data bus 6. The emergency stop switch 22 therefore has a bus subscriber unit 25 with a bus address. The emergency stop switch 22 has two electrically independently arranged contacts, the actuation of which is mechanically coupled. The actuation of the first, in particular upper, contact for connection to an upper potential U1+ of a DC voltage is detected by first signal electronics 23 and is forwarded to the bus subscriber unit 25, which forwards the information about the actuation of the first contact via the data bus 6, in particular to the first logic unit
  2. 2.
    The actuation of the second, in particular lower, contact of the emergency stop switch 22 for connection to the upper potential U1+ of the DC voltage is detected by second signal electronics 24 and is forwarded to the bus subscriber unit 25,
    which forwards the information about the actuation of the second contact via the data bus 6, in particular to the second logic unit 3, which then in turn forwards this information to the first computer unit 4.
    The lower potential U1- of the DC voltage is not shown in the figures.
    InFig. 2, afurther computer unit, in particular having a microcontroller, is provided in each of the electrical devices (7, 8) in order to generate pulse-width-modulated actuation signals for the switching unit of the respective electrical device, wherein the further computer unit is connected to an angle sensor, in particular in order to feed the sensor signals of the angle sensor to the further computer unit.
    List of reference signs 1 controller 2 first logic unit 3 second logic unit
    4 computer unit 5 computer unit 6 data bus 7 first electrical device
    8 second electrical device 20 bus subscriber unit of the first electrical device 7 21 bus subscriber unit of the second electrical device 8 22 emergency stop switch 23 first signal electronics
    24 second signal electronics 25 bus subscriber unit UZ+ upper DC link potential UZ- upper DC link potential
    U1+ upper potential of a DC voltage U1- lower potential of a DC voltage
FIEP19712511.5T 2018-04-13 2019-03-18 System and method for operating a system FI3776098T3 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
DE102018003023 2018-04-13
DE102018003296 2018-04-23
PCT/EP2019/025071 WO2019197057A1 (en) 2018-04-13 2019-03-18 System and method for operating a system

Publications (1)

Publication Number Publication Date
FI3776098T3 true FI3776098T3 (en) 2023-05-05

Family

ID=65861238

Family Applications (1)

Application Number Title Priority Date Filing Date
FIEP19712511.5T FI3776098T3 (en) 2018-04-13 2019-03-18 System and method for operating a system

Country Status (5)

Country Link
EP (1) EP3776098B1 (en)
DE (1) DE102019001852A1 (en)
DK (1) DK3776098T3 (en)
FI (1) FI3776098T3 (en)
WO (1) WO2019197057A1 (en)

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE19920299B4 (en) * 1999-05-03 2008-01-03 Siemens Ag Method and device for detecting, transmitting and processing safety-related signals
DE10261452B4 (en) 2002-12-31 2011-02-03 Danfoss Drives A/S Motor control with a control device and a safety device for safe shutdown of an engine
AT501688B1 (en) * 2005-04-08 2008-02-15 Keba Ag METHOD AND DEVICE FOR THE SAFE, UNLIMITED AND EXCLUSIVE ALLOCATION OF COMMAND POWER FOR A CONTROLLER TO A CONTROLLABLE TECHNICAL EQUIPMENT
JP6321590B2 (en) 2015-07-29 2018-05-09 東芝テック株式会社 Order reception system
WO2017064554A1 (en) 2015-10-13 2017-04-20 Schneider Electric Industries Sas Method for arranging workloads in a software defined automation system

Also Published As

Publication number Publication date
WO2019197057A1 (en) 2019-10-17
DE102019001852A1 (en) 2019-10-17
EP3776098A1 (en) 2021-02-17
EP3776098B1 (en) 2023-03-08
DK3776098T3 (en) 2023-05-01

Similar Documents

Publication Publication Date Title
JP4295514B2 (en) Control and energy supply system for seats of at least two aircraft
US5917249A (en) Apparatus for driving electrical loads provided at a vehicle
US9577424B2 (en) Parallel motor drive disable verification system and method
AU2011343126B2 (en) Interface unit, conveying system and method
JP4741620B2 (en) Control and power system for at least two aircraft seats
US20130154529A1 (en) Motor drive component verification system and method
JP2008245521A (en) Electric vehicle control unit
JP2020104528A (en) On-vehicle control system
JP4661251B2 (en) Power conversion control system
JP6071859B2 (en) Power converter
KR20130115776A (en) Redundancy control apparatus for hvdc system
US10965225B2 (en) Motor control device
FI3776098T3 (en) System and method for operating a system
KR20180132078A (en) Switch device for electric motors, control device and steering system
US11749485B2 (en) Modular switch apparatus for controlling at least one electric drive
CN105432008A (en) Power supply multiplexing system and power supply receiving unit
US10879891B2 (en) Power supply voltage monitoring circuit and control device
US20100133921A1 (en) Communication Interface Between A Control Unit And A High Voltage Unit
US10067573B2 (en) Device for control/command of a plurality of man-machine dialogue facilities
EP4345548A1 (en) Safety i/o module with multi-channel high side switch
JP2020150697A (en) Power conversion device
JP5278013B2 (en) Uninterruptible power supply system
WO2023105584A1 (en) Electric power conversion system, power module, and control module
JP2022550281A (en) A system including a controller, an actuator, and an assembly for providing functional safety
JPH10234104A (en) Electric car control device