FI91335C - Method and apparatus for input of information into signal-technically safe counter devices - Google Patents
Method and apparatus for input of information into signal-technically safe counter devices Download PDFInfo
- Publication number
- FI91335C FI91335C FI874817A FI874817A FI91335C FI 91335 C FI91335 C FI 91335C FI 874817 A FI874817 A FI 874817A FI 874817 A FI874817 A FI 874817A FI 91335 C FI91335 C FI 91335C
- Authority
- FI
- Finland
- Prior art keywords
- signal
- secure
- safe
- technically
- input
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/0796—Safety measures, i.e. ensuring safe condition in the event of error, e.g. for controlling element
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Quality & Reliability (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
- Safety Devices In Control Systems (AREA)
- Test And Diagnosis Of Digital Computers (AREA)
- Input From Keyboards Or The Like (AREA)
Abstract
Description
i 91335i 91335
Menetelmå ja laite tietojen syottåmiseksi signaalitekni-sesti varmoihin laskinlaitteisiinA method and apparatus for inputting data into signal-technically secure calculators
Keksinto koskee menetelmåå tietojen syottåmiseksi 5 signaaliteknisesti varmoissa laskentalaitteistoissa, kuten patenttivaatimuksen 1 johdannossa on tarkemmin mååritelty.The invention relates to a method for inputting data in signal-technically secure computing devices, as further defined in the preamble of claim 1.
Turvallisuusteknisisså laitteistoissa (esim. ase-tuslaitteet, voimalaitokset, sotilaalliset laitteistot) tåytyy kåyton ohjauspaikoilla olla aikaansaatuna, ettå mi-10 tåån syotteitå ei pååse kontrolloimattomasti jårjestelmåån ja ettå kåyttåjå voi antaa turvallisuuden kannalta merkit-tåviå komentoja ja tietoja ainoastaan varmasti signaali-tekniseltå kannalta.In safety-related equipment (eg setting devices, power plants, military equipment), it must be provided at the control stations that the mi-10 cannot enter these inputs uncontrollably from the point of view of the system and that the user can only provide information from the point of view of safety.
Turvallisuuden kannalta relevanttien syotteiden 15 ohella on kuitenkin myos ei-turvallisuuden kannalta rele-vantteja syotteitå, jolloin juuri nåmå syotteet ovat mer-kittåvåsti yleisempiå. Suuri osa tållaisista tiedoista koskevat esimerkiksi tietojen ennaltatyostoå monimutkaisia jårjestelmiå vårten.However, in addition to safety-relevant baits 15, there are also non-safety-relevant baits, in which case these baits are significantly more common. Much of such data concerns, for example, the pre-acquisition of data for complex systems.
20 Tunnetaan useita menettelytapoja signaaliteknisesti varmoilla laskimilla (tietokoneilla) varustettuja elekt-ronisia asetuslaitteita vårten (esim. ETR 34 (1985), nro 11, s. 789-796). Kaikille on yhteistå kåyttåjåsyote signaaliteknisesti varmoihin laskimiin, jossa turvallisuuden 25 kannalta relevanttien syotteiden todentamiseksi kåytetåån julkaisun "Pflichtenheft flir Fernsteuerzentralen bei der DB" mukaista menetelmåå. Tålloin tåytyy olla kåytettåvisså signaaliteknisesti varma painin (komentopainin) ja signaaliteknisesti varma vårigrafiikkanåytto (vårimonitori).Several procedures are known for electronic setting devices with signal-safe calculators (computers) (e.g. ETR 34 (1985), No. 11, pp. 789-796). The user interface is common to all signal-safe calculators, in which the method according to the publication "Pflichtenheft flir Fernsteuerzentralen bei der DB" is used to verify inputs relevant to safety. In this case, a signal-safe printer (command button) and a signal-safe color graphics display (color monitor) must be available.
30 Syotteiden tyostoon kåytetyt signaaliteknisesti varmat laskimet on rakennettu joko kaksikanavaisiksi tai periaatteen kaksi kolmesta mukaisesti.30 The signal-proof calculators used to process the inputs are constructed either in two channels or in accordance with the principle of two out of three.
Sekå laskimia ettå myos niisså ajettavia ohjelmia tåytyy mååråysten mukaan jatkuvasti tarkistaa niiden sig-35 naaliteknisen turvallisuuden suhteen ja myos laskimeen 2 liitetty syotto- ja tulostusympåristo taytyy mahdollisesti alistaa vastavaikutusvapautta koskevaan tarkastukseen. Nåmå tarkastukset eivåt ole ainoastaan erittåin kalliita ja aikaavieviå, vaan ne eståvåt myos uudenaikaisempiin 5 laitteisiin ja menetelmiin siirtymisen ja tållaisten kåyt-toonoton ihmisen ja koneen vålistå kommunikointia vårten.Both the calculators and the programs running on them must, according to the regulations, be constantly checked for the safety of their sig-35 signals, and the input and output environment connected to the calculator 2 may also have to be subjected to a non-interference check. These inspections are not only very expensive and time-consuming, but also prevent the transition to more modern equipment and methods and the introduction of such use between human-machine communication.
Tåten on esimerkiksi suurempien tietomåårien tyos-tåminen - jollaisia esiintyy esimerkiksi valmisteltaessa syottotietoja monimutkaisia jårjestelmiå vårten (esim. 10 puoliautomaattiset junaraideasetukset tai tekstinkåsitte-lyn yhteensidonta) - ja joiden ei tarvitse vålttåmåttå ol-la låpikotaisin signaaliteknisesti varmoja - teknisesti ja tiettyjen turvallisuusteknisten nåkokohtien johdosta epå-kåytånnollistå.This is the case, for example, with the production of larger amounts of data - such as those which occur, for example, when preparing input data for complex systems (e.g. 10 semi-automatic train track settings or word processing interconnection) kåytånnollistå.
15 Keksinnon tehtåvånå on loytåå menetelmå, jolla tåtå tarkistustyotå voidaan våhentåå ja joka luo mahdollisuuden toteuttaa muutetun tyyppinen syotto- ja tulostusmenetelmå siihen liittyvine laitteineen ja varusteineen ilman, ettå tåtå vårten tarvittaisiin ylimååråinen tarkistus signaali-20 teknisen turvallisuuden suhteen, ei ensimmåisesså asennuk-sessa eikå muutosten yhteydesså.It is an object of the invention to provide a method by which this inspection work can be reduced and which makes it possible to implement a modified type of input and output method with associated equipment and accessories without the need for an additional check for signal-to-technical safety. Connected to.
Tåmå tehtåvå ratkaistaan jo mainitun tyyppistå me-netelmåå vårten patenttivaatimuksen 1 tunnusmerkkiosan mukaisesti. Edullisia suoritusmuotoja laitteelle keksinnon 25 mukaisen menetelmån toteuttamiseksi on esitetty alivaati-muksissa.This problem is solved by a method of the type already mentioned, according to the characterizing part of claim 1. Preferred embodiments of the device for carrying out the method according to the invention are set out in the subclaims.
Kaaviollisen suoritusmuotoesimerkin avulla keksin-toå valaistaan låhemmin seuraavassa.By means of a schematic exemplary embodiment, the invention will be further illustrated in the following.
Kuvio esittåå syottolaitteen elektronista asetin-30 laitetta vårten. Siinå on signaaliteknisesti varma laskin 1 liitetty våylåliitånnån 2 kautta varsinaiseen asetinlai-telogiikkaan 3. Laskimeen 1 on liitetty signaaliteknisesti varma nåytto 4, signaaliteknisesti varma komentopainin 5 ja ei-varma laskin 6. Tåmå ei-varma laskin 6 on lisåksi 35 liitetty syotto- ja tulostuslaitteisiin - syottolaitteis- 91335 3 toon 7, esimerkiksi nåppåimistoon ja nåyttoon 8.The figure shows the feeder for the electronic applicator-30. It has a signal-safe calculator 1 connected via the bus connection 2 to the actual interlocking device logic 3. A signal-safe display 4, a signal-safe command button 5 and an uncertain calculator 6 are connected to the calculator 1. This uncertain calculator 6 - input devices 91335 3, for example a keyboard and a display 8.
Syottolaitteen 7 avulla kåyttajå antaa kaiken in-fonnaation ainoastaan syottolaitteen ei-varmaan osaan. Hån tarkistaa tåsså syotteenså oikeudellisuuden nåyton 8 avul-5 la ja pååttåå syotteenså pååtosfunktion avulla. Informaa-tio tai myos tyostetyt komennot piirretåån tåmån jålkeen signaaliteknisesti varmaan osaan, ts. signaaliteknisesti varmaan laskimeen 1. Tåsså komento tarkistetaan turvalli-suusteknisen relevanssinsa suhteen ja, kun se ei ole tur-10 vallisuusteknisesti relevantti, johdetaan suoraan asetin-laitteelle 3. Jos sitå vastoin komento on turvallisuuden kannalta relevantti, niin laskin 1 siirretåån komennonvar-mistusmenetelmåån ja komento vasta mahdollisen varmistus-tyoston jålkeen johdetaan edelleen turvallisuustekniseen 15 laitteistoon. Turvallisuustyosto kåsittåå informaation mukaanlukien mahdollisesti vaadittavan lisåinformaation nåyton signaaliteknisesti varmalla nåytollå 4 (ei vålttå-måttå vårigrafiikka) viitaten siihen, ettå kyseesså on turvallisuusteknisesti relevantti syote. Vasta signaali-20 teknisesti varman nåppåimen 5 kåyton (mukaanlukien irti-pååston) jålkeen komento annetaan edelleen asetinlaitteel-le 3. Ei-varmaa laskinta 6 voidaan ympåryslaitteineen kåyttåå lisåksi myos esittåmåån tai tuomaan julki epåvar-masti asetinlaitteelta tulevaa informaatiota. Tållaisia 25 aluevalvontanåyttojå seka protokolla- ja håirioilmoituksia vårten eivåt mitkåån signaaliteknisesti varmat laitteet ole vålttåmåttomiå.By means of the feeding device 7, the user provides all information only to the uncertain part of the feeding device. In this case, he checks the legality of the display 8 avul-5 la and concludes the case with the decision function. The information or also the processed commands are then plotted in a signal-safe part, i.e. in a signal-safe calculator 1. Here the command is checked for safety-relevant relevance and, when it is not safety-relevant, is passed directly to the applicator device 3. If on the other hand, the command is relevant from the point of view of security, so the calculator 1 is transferred to the command verification method and the command is only passed to the safety-related hardware 15 after a possible backup operation. The safety work includes information, including the display of any additional information that may be required, on a signal-technically secure display 4 (not necessarily color graphics), indicating that this is a safety-relevant input. Only after the use of the technically certain key 5 of the signal-20 (including the release) is the command further passed to the interlocking device 3. The uncertain calculator 6 can also be used with its peripheral devices to present or disclose uncertain information from the interlocking device. For such 25 area monitoring displays as well as protocol and fault notifications, no signal-safe devices are necessary.
Signaaliteknisesti varmana nåyttonå tåsså kuvatun menetelmån kannalta voidaan pitåå esimerkiksi myos ei-var-30 maa nåyttoå, kun informaation saanti, siirto, tyosto ja esitys ovat riippumattomia nåytollå 8 esitetystå informaa-tiosta. Kåyttåjå tarkistaa nåyttojen 4 ja 8 sisåltojen yhtålåisyyden.For example, a non-variable display can also be considered a signal-technically secure display for the method described herein when the acquisition, transmission, processing and presentation of information are independent of the information displayed on display 8. The user checks the uniformity of the contents of screens 4 and 8.
Erityisen edullisessa suoritusmuodossa syottolait-35 teiston ei-varma osa voidaan toteuttaa henkilokohtaisella 4 tietokoneella (PC).In a particularly preferred embodiment, the insecure part of the input device 35 can be implemented with a personal computer (PC).
Erityismuodossa voidaan myos useita kåyttåjiå useampine ei-varmoine laskimineen 6, esim. henkilokohtai-sine tietokoneineen liittåå signaaliteknisesti ei-varmaan 5 laskimeen 1 siten, etta myos useampia palvelupisteitå vårten tarvitaan ainoastaan yksi varma laskin 1. Kaikkien turvallisuuden kannalta relevanttien syotteiden kontrolli tapahtuu tarkoituksenmukaisesti vain yhden kåyttåjån toi-mesta.In a special form, it is also possible to connect several users with several insecure calculators 6, e.g. their personal computers, to a signal-insecure 5 calculator 1 in such a way that only one secure calculator 1 is required for several service points. Only one security-relevant input is controlled. user action.
10 Keksinnon kautta saavutetaan signaaliteknisten var- mennuskulujen minimoinnin ohella mahdollisuus kåyttåå ei-varmoja henkilokohtaisia tietokoneita (PC). Nåmå henkilo-kohtaiset tietokoneet ovat halpoja, yksinkertaisia ohjel-moida ja niiden kåytettåvisså on kattavampi oheislaiteva-15 likoima kuin korkeat vaatimusten tåyttåvien varmojen las-kimien kåytettåvisså. Henkilokohtaisella tietokoneilla ajettavissa olevien ohjelmien suoran soveltuvuuden johdos-ta esimerkiksi simuloinneista tai kaupallisista ohjelmapa-keteista saavutetaan lyhyemmåt kehitys- ja kåyttoonotto-20 ajat sekå korkeampi kåyttomukavuus.The invention achieves the possibility of using insecure personal computers (PCs) in addition to minimizing the costs of signal verification. These PCs are inexpensive, simple to program, and have a more comprehensive range of peripherals than the high-end, secure calculators. Due to the direct suitability of programs that can be run on a personal computer, for example from simulations or commercial software packages, shorter development and commissioning times as well as higher user comfort are achieved.
Claims (3)
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE3639788A DE3639788C1 (en) | 1986-11-21 | 1986-11-21 | Method and arrangement for input of information into computer systems with secure signalling |
DE3639788 | 1986-11-21 |
Publications (4)
Publication Number | Publication Date |
---|---|
FI874817A0 FI874817A0 (en) | 1987-11-02 |
FI874817A FI874817A (en) | 1988-05-22 |
FI91335B FI91335B (en) | 1994-02-28 |
FI91335C true FI91335C (en) | 1994-06-10 |
Family
ID=6314448
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
FI874817A FI91335C (en) | 1986-11-21 | 1987-11-02 | Method and apparatus for input of information into signal-technically safe counter devices |
Country Status (5)
Country | Link |
---|---|
AT (1) | AT398952B (en) |
DD (1) | DD262930A5 (en) |
DE (1) | DE3639788C1 (en) |
FI (1) | FI91335C (en) |
NL (1) | NL8702610A (en) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE3938501A1 (en) * | 1989-11-20 | 1991-05-23 | Siemens Ag | METHOD FOR OPERATING A MULTI-CHANNEL FAILSAFE COMPUTER SYSTEM AND DEVICE FOR IMPLEMENTING THE METHOD |
GB2267984A (en) * | 1992-06-16 | 1993-12-22 | Thorn Emi Electronics Ltd | Multiplexing bus interface. |
DE102006037153A1 (en) * | 2006-08-02 | 2008-02-07 | Siemens Ag | Method for controlling and monitoring a moving vehicle along a route, in particular for signal-safe train control |
DE102012211273A1 (en) * | 2012-06-29 | 2014-01-02 | Siemens Aktiengesellschaft | Method and arrangement for controlling a technical installation |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE3238843C2 (en) * | 1982-10-20 | 1985-12-19 | Siemens AG, 1000 Berlin und 8000 München | Device for controlling a signal box |
-
1986
- 1986-11-21 DE DE3639788A patent/DE3639788C1/en not_active Expired
-
1987
- 1987-11-02 NL NL8702610A patent/NL8702610A/en not_active Application Discontinuation
- 1987-11-02 FI FI874817A patent/FI91335C/en not_active IP Right Cessation
- 1987-11-16 DD DD30902287A patent/DD262930A5/en not_active IP Right Cessation
- 1987-11-20 AT AT0306887A patent/AT398952B/en not_active IP Right Cessation
Also Published As
Publication number | Publication date |
---|---|
DD262930A5 (en) | 1988-12-14 |
FI874817A (en) | 1988-05-22 |
AT398952B (en) | 1995-02-27 |
ATA306887A (en) | 1994-07-15 |
NL8702610A (en) | 1988-06-16 |
FI91335B (en) | 1994-02-28 |
FI874817A0 (en) | 1987-11-02 |
DE3639788C1 (en) | 1988-03-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10452111B2 (en) | Enhanced re-hosting capability for legacy hardware and software | |
CN101876928B (en) | Synchronization method and device of double 2-vote-2 system | |
EP0575150B1 (en) | Method for controlling window displays in an open systems windows environment | |
US8290601B2 (en) | Plant control system | |
US9697513B2 (en) | User terminal and payment system | |
CN110442073B (en) | Logical judgment method for redundant airplane management computer MIO board channel fault | |
FI91335C (en) | Method and apparatus for input of information into signal-technically safe counter devices | |
KR102651714B1 (en) | Nuclear power plant safety system-linked instrumentation and control device, method and system applying communication encryption and cyber detection engine | |
CN109032867A (en) | A kind of method for diagnosing faults, device and equipment | |
US7447819B2 (en) | Information processing apparatus and SMI processing method thereof | |
MX2015001900A (en) | Methods and apparatuses for reducing common mode failures of nuclear safety-related software control systems. | |
US9372478B2 (en) | Control system for a power application | |
CN104007944A (en) | Debugging printing method and system | |
CN107797921A (en) | The acquisition methods of embedded software universal safety demand | |
AU750613B2 (en) | Synchronisation and/or data exchange method for secure, fault-tolerant computers and corresponding device | |
CN103778366B (en) | Security maintenance method oriented to operating system and peripheral equipment | |
US20190367081A1 (en) | Method and system for testing of systems | |
EP0575145B1 (en) | Open distributed digital control system | |
CN111209571A (en) | Communication method of safe world and non-safe world based on ARM processor | |
KR102640045B1 (en) | Apparatus for detecting common cause failure in nuclear power plant and method for operating thereof | |
Mason et al. | Device drivers in time and space partitioned operating systems | |
CN116954133A (en) | Function safety monitoring system, method, device and medium | |
JPH02126350A (en) | Monitoring system for terminal peripheral equipment | |
CN113835914A (en) | Debugging system, method, device and equipment of firmware support package | |
JPH0540666A (en) | Interruption monitoring device for integrated circuit microprocessor |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
BB | Publication of examined application | ||
MM | Patent lapsed |
Owner name: LICENTIA PATENT-VERWALTUNGS-GMBH |