FI91335C - Method and apparatus for input of information into signal-technically safe counter devices - Google Patents

Method and apparatus for input of information into signal-technically safe counter devices Download PDF

Info

Publication number
FI91335C
FI91335C FI874817A FI874817A FI91335C FI 91335 C FI91335 C FI 91335C FI 874817 A FI874817 A FI 874817A FI 874817 A FI874817 A FI 874817A FI 91335 C FI91335 C FI 91335C
Authority
FI
Finland
Prior art keywords
signal
secure
safe
technically
input
Prior art date
Application number
FI874817A
Other languages
Finnish (fi)
Swedish (sv)
Other versions
FI874817A (en
FI91335B (en
FI874817A0 (en
Inventor
Reinhard Liepelt
Original Assignee
Licentia Gmbh
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Licentia Gmbh filed Critical Licentia Gmbh
Publication of FI874817A0 publication Critical patent/FI874817A0/en
Publication of FI874817A publication Critical patent/FI874817A/en
Application granted granted Critical
Publication of FI91335B publication Critical patent/FI91335B/en
Publication of FI91335C publication Critical patent/FI91335C/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0796Safety measures, i.e. ensuring safe condition in the event of error, e.g. for controlling element

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Quality & Reliability (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)
  • Safety Devices In Control Systems (AREA)
  • Test And Diagnosis Of Digital Computers (AREA)
  • Input From Keyboards Or The Like (AREA)

Abstract

For simpler and more flexible input of information into computer systems with secure signalling via input devices with secure signalling, in which, for verification, displays with secure signalling and command-enabling keys with secure signalling are operated, according to the invention it is proposed that the input device is divided into a part with secure signalling and a part without secure signalling which is connected in series before it, that all information passes through the insecure part, whether input via it or processed into commands, and that all information and commands are automatically tested in the part with secure signalling for secure signalling relevance. If they are not relevant to security, they are passed directly to a control logic unit of the system, and the additional command security procedure is only required if they are relevant to security. A particular advantage is that modifications of the input and output processes can be implemented while minimising the part with secure signalling, using modifiable devices with insecure structure, without requiring additional testing. <IMAGE>

Description

i 91335i 91335

Menetelmå ja laite tietojen syottåmiseksi signaalitekni-sesti varmoihin laskinlaitteisiinA method and apparatus for inputting data into signal-technically secure calculators

Keksinto koskee menetelmåå tietojen syottåmiseksi 5 signaaliteknisesti varmoissa laskentalaitteistoissa, kuten patenttivaatimuksen 1 johdannossa on tarkemmin mååritelty.The invention relates to a method for inputting data in signal-technically secure computing devices, as further defined in the preamble of claim 1.

Turvallisuusteknisisså laitteistoissa (esim. ase-tuslaitteet, voimalaitokset, sotilaalliset laitteistot) tåytyy kåyton ohjauspaikoilla olla aikaansaatuna, ettå mi-10 tåån syotteitå ei pååse kontrolloimattomasti jårjestelmåån ja ettå kåyttåjå voi antaa turvallisuuden kannalta merkit-tåviå komentoja ja tietoja ainoastaan varmasti signaali-tekniseltå kannalta.In safety-related equipment (eg setting devices, power plants, military equipment), it must be provided at the control stations that the mi-10 cannot enter these inputs uncontrollably from the point of view of the system and that the user can only provide information from the point of view of safety.

Turvallisuuden kannalta relevanttien syotteiden 15 ohella on kuitenkin myos ei-turvallisuuden kannalta rele-vantteja syotteitå, jolloin juuri nåmå syotteet ovat mer-kittåvåsti yleisempiå. Suuri osa tållaisista tiedoista koskevat esimerkiksi tietojen ennaltatyostoå monimutkaisia jårjestelmiå vårten.However, in addition to safety-relevant baits 15, there are also non-safety-relevant baits, in which case these baits are significantly more common. Much of such data concerns, for example, the pre-acquisition of data for complex systems.

20 Tunnetaan useita menettelytapoja signaaliteknisesti varmoilla laskimilla (tietokoneilla) varustettuja elekt-ronisia asetuslaitteita vårten (esim. ETR 34 (1985), nro 11, s. 789-796). Kaikille on yhteistå kåyttåjåsyote signaaliteknisesti varmoihin laskimiin, jossa turvallisuuden 25 kannalta relevanttien syotteiden todentamiseksi kåytetåån julkaisun "Pflichtenheft flir Fernsteuerzentralen bei der DB" mukaista menetelmåå. Tålloin tåytyy olla kåytettåvisså signaaliteknisesti varma painin (komentopainin) ja signaaliteknisesti varma vårigrafiikkanåytto (vårimonitori).Several procedures are known for electronic setting devices with signal-safe calculators (computers) (e.g. ETR 34 (1985), No. 11, pp. 789-796). The user interface is common to all signal-safe calculators, in which the method according to the publication "Pflichtenheft flir Fernsteuerzentralen bei der DB" is used to verify inputs relevant to safety. In this case, a signal-safe printer (command button) and a signal-safe color graphics display (color monitor) must be available.

30 Syotteiden tyostoon kåytetyt signaaliteknisesti varmat laskimet on rakennettu joko kaksikanavaisiksi tai periaatteen kaksi kolmesta mukaisesti.30 The signal-proof calculators used to process the inputs are constructed either in two channels or in accordance with the principle of two out of three.

Sekå laskimia ettå myos niisså ajettavia ohjelmia tåytyy mååråysten mukaan jatkuvasti tarkistaa niiden sig-35 naaliteknisen turvallisuuden suhteen ja myos laskimeen 2 liitetty syotto- ja tulostusympåristo taytyy mahdollisesti alistaa vastavaikutusvapautta koskevaan tarkastukseen. Nåmå tarkastukset eivåt ole ainoastaan erittåin kalliita ja aikaavieviå, vaan ne eståvåt myos uudenaikaisempiin 5 laitteisiin ja menetelmiin siirtymisen ja tållaisten kåyt-toonoton ihmisen ja koneen vålistå kommunikointia vårten.Both the calculators and the programs running on them must, according to the regulations, be constantly checked for the safety of their sig-35 signals, and the input and output environment connected to the calculator 2 may also have to be subjected to a non-interference check. These inspections are not only very expensive and time-consuming, but also prevent the transition to more modern equipment and methods and the introduction of such use between human-machine communication.

Tåten on esimerkiksi suurempien tietomåårien tyos-tåminen - jollaisia esiintyy esimerkiksi valmisteltaessa syottotietoja monimutkaisia jårjestelmiå vårten (esim. 10 puoliautomaattiset junaraideasetukset tai tekstinkåsitte-lyn yhteensidonta) - ja joiden ei tarvitse vålttåmåttå ol-la låpikotaisin signaaliteknisesti varmoja - teknisesti ja tiettyjen turvallisuusteknisten nåkokohtien johdosta epå-kåytånnollistå.This is the case, for example, with the production of larger amounts of data - such as those which occur, for example, when preparing input data for complex systems (e.g. 10 semi-automatic train track settings or word processing interconnection) kåytånnollistå.

15 Keksinnon tehtåvånå on loytåå menetelmå, jolla tåtå tarkistustyotå voidaan våhentåå ja joka luo mahdollisuuden toteuttaa muutetun tyyppinen syotto- ja tulostusmenetelmå siihen liittyvine laitteineen ja varusteineen ilman, ettå tåtå vårten tarvittaisiin ylimååråinen tarkistus signaali-20 teknisen turvallisuuden suhteen, ei ensimmåisesså asennuk-sessa eikå muutosten yhteydesså.It is an object of the invention to provide a method by which this inspection work can be reduced and which makes it possible to implement a modified type of input and output method with associated equipment and accessories without the need for an additional check for signal-to-technical safety. Connected to.

Tåmå tehtåvå ratkaistaan jo mainitun tyyppistå me-netelmåå vårten patenttivaatimuksen 1 tunnusmerkkiosan mukaisesti. Edullisia suoritusmuotoja laitteelle keksinnon 25 mukaisen menetelmån toteuttamiseksi on esitetty alivaati-muksissa.This problem is solved by a method of the type already mentioned, according to the characterizing part of claim 1. Preferred embodiments of the device for carrying out the method according to the invention are set out in the subclaims.

Kaaviollisen suoritusmuotoesimerkin avulla keksin-toå valaistaan låhemmin seuraavassa.By means of a schematic exemplary embodiment, the invention will be further illustrated in the following.

Kuvio esittåå syottolaitteen elektronista asetin-30 laitetta vårten. Siinå on signaaliteknisesti varma laskin 1 liitetty våylåliitånnån 2 kautta varsinaiseen asetinlai-telogiikkaan 3. Laskimeen 1 on liitetty signaaliteknisesti varma nåytto 4, signaaliteknisesti varma komentopainin 5 ja ei-varma laskin 6. Tåmå ei-varma laskin 6 on lisåksi 35 liitetty syotto- ja tulostuslaitteisiin - syottolaitteis- 91335 3 toon 7, esimerkiksi nåppåimistoon ja nåyttoon 8.The figure shows the feeder for the electronic applicator-30. It has a signal-safe calculator 1 connected via the bus connection 2 to the actual interlocking device logic 3. A signal-safe display 4, a signal-safe command button 5 and an uncertain calculator 6 are connected to the calculator 1. This uncertain calculator 6 - input devices 91335 3, for example a keyboard and a display 8.

Syottolaitteen 7 avulla kåyttajå antaa kaiken in-fonnaation ainoastaan syottolaitteen ei-varmaan osaan. Hån tarkistaa tåsså syotteenså oikeudellisuuden nåyton 8 avul-5 la ja pååttåå syotteenså pååtosfunktion avulla. Informaa-tio tai myos tyostetyt komennot piirretåån tåmån jålkeen signaaliteknisesti varmaan osaan, ts. signaaliteknisesti varmaan laskimeen 1. Tåsså komento tarkistetaan turvalli-suusteknisen relevanssinsa suhteen ja, kun se ei ole tur-10 vallisuusteknisesti relevantti, johdetaan suoraan asetin-laitteelle 3. Jos sitå vastoin komento on turvallisuuden kannalta relevantti, niin laskin 1 siirretåån komennonvar-mistusmenetelmåån ja komento vasta mahdollisen varmistus-tyoston jålkeen johdetaan edelleen turvallisuustekniseen 15 laitteistoon. Turvallisuustyosto kåsittåå informaation mukaanlukien mahdollisesti vaadittavan lisåinformaation nåyton signaaliteknisesti varmalla nåytollå 4 (ei vålttå-måttå vårigrafiikka) viitaten siihen, ettå kyseesså on turvallisuusteknisesti relevantti syote. Vasta signaali-20 teknisesti varman nåppåimen 5 kåyton (mukaanlukien irti-pååston) jålkeen komento annetaan edelleen asetinlaitteel-le 3. Ei-varmaa laskinta 6 voidaan ympåryslaitteineen kåyttåå lisåksi myos esittåmåån tai tuomaan julki epåvar-masti asetinlaitteelta tulevaa informaatiota. Tållaisia 25 aluevalvontanåyttojå seka protokolla- ja håirioilmoituksia vårten eivåt mitkåån signaaliteknisesti varmat laitteet ole vålttåmåttomiå.By means of the feeding device 7, the user provides all information only to the uncertain part of the feeding device. In this case, he checks the legality of the display 8 avul-5 la and concludes the case with the decision function. The information or also the processed commands are then plotted in a signal-safe part, i.e. in a signal-safe calculator 1. Here the command is checked for safety-relevant relevance and, when it is not safety-relevant, is passed directly to the applicator device 3. If on the other hand, the command is relevant from the point of view of security, so the calculator 1 is transferred to the command verification method and the command is only passed to the safety-related hardware 15 after a possible backup operation. The safety work includes information, including the display of any additional information that may be required, on a signal-technically secure display 4 (not necessarily color graphics), indicating that this is a safety-relevant input. Only after the use of the technically certain key 5 of the signal-20 (including the release) is the command further passed to the interlocking device 3. The uncertain calculator 6 can also be used with its peripheral devices to present or disclose uncertain information from the interlocking device. For such 25 area monitoring displays as well as protocol and fault notifications, no signal-safe devices are necessary.

Signaaliteknisesti varmana nåyttonå tåsså kuvatun menetelmån kannalta voidaan pitåå esimerkiksi myos ei-var-30 maa nåyttoå, kun informaation saanti, siirto, tyosto ja esitys ovat riippumattomia nåytollå 8 esitetystå informaa-tiosta. Kåyttåjå tarkistaa nåyttojen 4 ja 8 sisåltojen yhtålåisyyden.For example, a non-variable display can also be considered a signal-technically secure display for the method described herein when the acquisition, transmission, processing and presentation of information are independent of the information displayed on display 8. The user checks the uniformity of the contents of screens 4 and 8.

Erityisen edullisessa suoritusmuodossa syottolait-35 teiston ei-varma osa voidaan toteuttaa henkilokohtaisella 4 tietokoneella (PC).In a particularly preferred embodiment, the insecure part of the input device 35 can be implemented with a personal computer (PC).

Erityismuodossa voidaan myos useita kåyttåjiå useampine ei-varmoine laskimineen 6, esim. henkilokohtai-sine tietokoneineen liittåå signaaliteknisesti ei-varmaan 5 laskimeen 1 siten, etta myos useampia palvelupisteitå vårten tarvitaan ainoastaan yksi varma laskin 1. Kaikkien turvallisuuden kannalta relevanttien syotteiden kontrolli tapahtuu tarkoituksenmukaisesti vain yhden kåyttåjån toi-mesta.In a special form, it is also possible to connect several users with several insecure calculators 6, e.g. their personal computers, to a signal-insecure 5 calculator 1 in such a way that only one secure calculator 1 is required for several service points. Only one security-relevant input is controlled. user action.

10 Keksinnon kautta saavutetaan signaaliteknisten var- mennuskulujen minimoinnin ohella mahdollisuus kåyttåå ei-varmoja henkilokohtaisia tietokoneita (PC). Nåmå henkilo-kohtaiset tietokoneet ovat halpoja, yksinkertaisia ohjel-moida ja niiden kåytettåvisså on kattavampi oheislaiteva-15 likoima kuin korkeat vaatimusten tåyttåvien varmojen las-kimien kåytettåvisså. Henkilokohtaisella tietokoneilla ajettavissa olevien ohjelmien suoran soveltuvuuden johdos-ta esimerkiksi simuloinneista tai kaupallisista ohjelmapa-keteista saavutetaan lyhyemmåt kehitys- ja kåyttoonotto-20 ajat sekå korkeampi kåyttomukavuus.The invention achieves the possibility of using insecure personal computers (PCs) in addition to minimizing the costs of signal verification. These PCs are inexpensive, simple to program, and have a more comprehensive range of peripherals than the high-end, secure calculators. Due to the direct suitability of programs that can be run on a personal computer, for example from simulations or commercial software packages, shorter development and commissioning times as well as higher user comfort are achieved.

Claims (3)

1. Forfarande for inmatning av information i signal-tekniskt såkra råknare via signaltekniskt såkra inmatnings- 5 anordningar, i vilka for verifiering anvånds signaltekniskt såkra visningar och signaltekniskt såkra instruktionstangenter, kånnetecknat dårav att inmatnings-anordningen år uppdelad i en signaltekniskt såker del och en framfor denna kopplad, signaltekniskt icke-såker del, 10 att all information matas via den icke-såkra delen eller går via den bearbetad som instruktioner, och att all information och alla instruktioner provas automatiskt i den signaltekniskt såkra delen med avseende på signaltekniskt såker relevans, varvid, då de inte år såkerhetsrelevanta, 15 foljer en direkt vidareforing till anordningens stållogik och enbart då de år såkerhetsrelevanta, kråvs ett ytterli-gare instruktionssåkringsforfarande.1. A method for entering information into signal-technically safe counters via signal-technically secure input devices, in which signal-technically safe displays and signal-technically safe instruction keys are used, characterized in that the input device is divided into a signal-technically secure part and a forward this coupled, signal-non-secure part, that all information is fed through the non-secure part or passes through the processed as instructions, and that all information and instructions are automatically tested in the signal-safe part for signal-technical relevance, whereby , when they are not security relevant, a direct forwarding to the steel logic of the device follows and only when they are security relevant, an additional instruction security procedure is required. 2. Anordning for forverkligande av forfarandet enligt patentkrav 1, kånnetecknad dårav att den 20 signaltekniskt såkra delen består av en såker råknare (1), en signaltekniskt såker instruktionstangent (5) och even-tuellt en signaltekniskt såker bildskårn (4), och att den signaltekniskt icke-såkra delen år kopplad till den såkra råknaren eventuellt via den icke-såkra råknaren (6) och 25 dess in/utmatningsomgivning (7, 8).Apparatus for realizing the method according to claim 1, characterized in that the signal technically safe part consists of a sucker counter (1), a signal technical sucker instruction key (5) and optionally a signal technical sucker image cutter (4), and The signal technically non-secure part is connected to the secure counter possibly through the non-secure counter (6) and its input / output environment (7, 8). 3. Anordning enligt patentkrav 2, kånnetecknad dårav att den såkra råknaren (1) år via en bussanslutning ansluten till den icke-såkra råknaren (6), som i sin tur anvånder icke-såkra visningar (8) och kan 30 styras via inmatningsanordningen (7) och ett grånsnitt (9) for externa instruktioner.3. Device according to claim 2, characterized in that the safe counter (1) is connected via a bus connection to the non-safe counter (6), which in turn uses non-secure displays (8) and can be controlled via the input device ( 7) and an interface (9) for external instructions.
FI874817A 1986-11-21 1987-11-02 Method and apparatus for input of information into signal-technically safe counter devices FI91335C (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE3639788A DE3639788C1 (en) 1986-11-21 1986-11-21 Method and arrangement for input of information into computer systems with secure signalling
DE3639788 1986-11-21

Publications (4)

Publication Number Publication Date
FI874817A0 FI874817A0 (en) 1987-11-02
FI874817A FI874817A (en) 1988-05-22
FI91335B FI91335B (en) 1994-02-28
FI91335C true FI91335C (en) 1994-06-10

Family

ID=6314448

Family Applications (1)

Application Number Title Priority Date Filing Date
FI874817A FI91335C (en) 1986-11-21 1987-11-02 Method and apparatus for input of information into signal-technically safe counter devices

Country Status (5)

Country Link
AT (1) AT398952B (en)
DD (1) DD262930A5 (en)
DE (1) DE3639788C1 (en)
FI (1) FI91335C (en)
NL (1) NL8702610A (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE3938501A1 (en) * 1989-11-20 1991-05-23 Siemens Ag METHOD FOR OPERATING A MULTI-CHANNEL FAILSAFE COMPUTER SYSTEM AND DEVICE FOR IMPLEMENTING THE METHOD
GB2267984A (en) * 1992-06-16 1993-12-22 Thorn Emi Electronics Ltd Multiplexing bus interface.
DE102006037153A1 (en) * 2006-08-02 2008-02-07 Siemens Ag Method for controlling and monitoring a moving vehicle along a route, in particular for signal-safe train control
DE102012211273A1 (en) * 2012-06-29 2014-01-02 Siemens Aktiengesellschaft Method and arrangement for controlling a technical installation

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE3238843C2 (en) * 1982-10-20 1985-12-19 Siemens AG, 1000 Berlin und 8000 München Device for controlling a signal box

Also Published As

Publication number Publication date
DD262930A5 (en) 1988-12-14
FI874817A (en) 1988-05-22
AT398952B (en) 1995-02-27
ATA306887A (en) 1994-07-15
NL8702610A (en) 1988-06-16
FI91335B (en) 1994-02-28
FI874817A0 (en) 1987-11-02
DE3639788C1 (en) 1988-03-03

Similar Documents

Publication Publication Date Title
US10452111B2 (en) Enhanced re-hosting capability for legacy hardware and software
CN101876928B (en) Synchronization method and device of double 2-vote-2 system
EP0575150B1 (en) Method for controlling window displays in an open systems windows environment
US8290601B2 (en) Plant control system
US9697513B2 (en) User terminal and payment system
CN110442073B (en) Logical judgment method for redundant airplane management computer MIO board channel fault
FI91335C (en) Method and apparatus for input of information into signal-technically safe counter devices
KR102651714B1 (en) Nuclear power plant safety system-linked instrumentation and control device, method and system applying communication encryption and cyber detection engine
CN109032867A (en) A kind of method for diagnosing faults, device and equipment
US7447819B2 (en) Information processing apparatus and SMI processing method thereof
MX2015001900A (en) Methods and apparatuses for reducing common mode failures of nuclear safety-related software control systems.
US9372478B2 (en) Control system for a power application
CN104007944A (en) Debugging printing method and system
CN107797921A (en) The acquisition methods of embedded software universal safety demand
AU750613B2 (en) Synchronisation and/or data exchange method for secure, fault-tolerant computers and corresponding device
CN103778366B (en) Security maintenance method oriented to operating system and peripheral equipment
US20190367081A1 (en) Method and system for testing of systems
EP0575145B1 (en) Open distributed digital control system
CN111209571A (en) Communication method of safe world and non-safe world based on ARM processor
KR102640045B1 (en) Apparatus for detecting common cause failure in nuclear power plant and method for operating thereof
Mason et al. Device drivers in time and space partitioned operating systems
CN116954133A (en) Function safety monitoring system, method, device and medium
JPH02126350A (en) Monitoring system for terminal peripheral equipment
CN113835914A (en) Debugging system, method, device and equipment of firmware support package
JPH0540666A (en) Interruption monitoring device for integrated circuit microprocessor

Legal Events

Date Code Title Description
BB Publication of examined application
MM Patent lapsed

Owner name: LICENTIA PATENT-VERWALTUNGS-GMBH