US20090184211A1 - Method to Monitor a Plurality of Control Centers for Operational Control and Backup Purposes - Google Patents

Method to Monitor a Plurality of Control Centers for Operational Control and Backup Purposes Download PDF

Info

Publication number
US20090184211A1
US20090184211A1 US12356387 US35638709A US2009184211A1 US 20090184211 A1 US20090184211 A1 US 20090184211A1 US 12356387 US12356387 US 12356387 US 35638709 A US35638709 A US 35638709A US 2009184211 A1 US2009184211 A1 US 2009184211A1
Authority
US
Grant status
Application
Patent type
Prior art keywords
control center
train
control
territory
signal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US12356387
Inventor
Robert B. Groves, JR.
Richard A. Allshouse
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Lockheed Martin Corp
Original Assignee
Lockheed Martin Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date

Links

Images

Classifications

    • BPERFORMING OPERATIONS; TRANSPORTING
    • B61RAILWAYS
    • B61LGUIDING RAILWAY TRAFFIC; ENSURING THE SAFETY OF RAILWAY TRAFFIC
    • B61L27/00Central traffic control systems ; Track-side control or specific communication systems
    • B61L27/0061Track-side multiple control systems, e.g. switch-over between different systems, "2 out of 3"-systems
    • B61L27/0066Backup systems, e.g. switching when failures occur
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B61RAILWAYS
    • B61LGUIDING RAILWAY TRAFFIC; ENSURING THE SAFETY OF RAILWAY TRAFFIC
    • B61L27/00Central traffic control systems ; Track-side control or specific communication systems
    • B61L27/0038Track-side control of safe travel of vehicle or vehicle train, e.g. braking curve calculation

Abstract

The present invention provides a way to automate the hand-off of train control in a rail system and handle failover.

Description

    STATEMENT OF RELATED CASES
  • This case claims priority of U.S. Provisional Patent Application Ser. No. 61/021,855, which was filed on Jan. 17, 2008 and is incorporated by reference herein.
  • FIELD OF THE INVENTION
  • The present invention relates to railways in general, and, more particularly, to a method for controlling train transitions between regional control centers.
  • BACKGROUND OF THE INVENTION
  • Large networks, be they transportation networks or telecommunications networks, often span great distances (e.g., across the U.S., etc.). Due to their size, these networks typically comprise multiple instances of control centers, each of which has a specific geographic or regional zone of influence. A given regional controller is responsible for controlling traffic (e.g., airplane, train, wireless handset, etc.) that is within its zone of influence.
  • An issue that arises in all such networks is the transfer or “hand-off” of control responsibilities from one regional control center to the next in conjunction with the migration of the traffic.
  • Due to the nature of wireless communications and our very mobile society, hand-off from one wireless “base station” to the next must be computer-controlled and seamless. In transportation networks, the nature of the problem is somewhat different and hand-off is handled with far more operator intervention. In fact, in rail systems, hand off from one controller to the next involves virtually no automation. Furthermore, in rail systems, failover to a redundant system has been handled manually.
  • SUMMARY OF THE INVENTION
  • The present invention provides a way to automate the hand-off of control in a rail system and handle failover.
  • The inventors recognized that the issues of hand-off and failover are best treated as a single problem; that is, how does a vehicle vitally know with which control center it should be communicating?
  • The methods disclosed herein operate within the transportation server of each control center. In other words, the method is implemented as software suitable for running on the processor of a transportation server. In accordance with the illustrative embodiment, all relatively static data is stored redundantly at each control center, such that every center has a complete view of the transportation network. This reduces downtime and increases the probability that data is not corrupted in transit. This data is periodically validated between control centers and any modification of the data is immediately transferred to the others, with a positive acknowledgement required.
  • Dynamic data that is shared between the control center and train is stored only at the responsible control center and on the train itself. If the division between control centers is geographically based, any data that spans the border between control centers is tagged appropriately (e.g., an authority can be granted to a vehicle which exceeds the nominal territory handled by the control center, but it is tagged as “suspect” until validated by the next control center). Any valid control center can send a train the dynamic data so that the train acts independently of the control center with which it communicates. As a consequence, if control moves to a different center, the train will not be affected. An aspect of the illustrative embodiment is to embed information in the messages that are transmitted between a train and control centers so that positive identification is inherent to the messaging (prevents spoofing).
  • In case of a failure of a control center, the other control centers will notice the failure during periodic validation. Once failure is noticed, the other control centers take over control (upon human confirmation, if so configured). The control centers first determine which vehicles are affected (the vehicles will start to look for another control center when it's health check fails) and then by uploading all the dynamic data from those vehicles.
  • BRIEF DESCRIPTION OF THE DRAWINGS
  • FIG. 1 depicts a portion of a railway network including two network control centers operating in accordance with the illustrative embodiment of the present invention.
  • FIG. 2 depicts a method in accordance with the illustrative embodiment of the present invention.
  • FIG. 3 depicts the portion of the railway network depicted in FIG. 1, wherein one of the network control centers is communicating with the train.
  • FIG. 4 depicts a method pertaining to ascertaining the operational status of the two network control centers.
  • FIG. 5 depicts the portion of the railway network depicted in FIG. 1, wherein both of the network control centers are communicating with the train.
  • FIG. 6 depicts the portion of the railway network depicted in FIG. 1, wherein one of the network control centers is taking control of the territory that is normally controlled by the other network control center.
  • DETAILED DESCRIPTION
  • The terms below are defined for use in this disclosure and the appended
      • “Vital” means that a function must be done correctly, or the failure to do so must result in a safe state. Vital is synonymous with “safety-critical.” A safety-critical system is defined when at least one identified hazard can lead directly to a mishap (accident). Standard 1483 (http://shop.ieee.org/ieeestore/) defines a safety-critical system as one where the correct performance of the system is critical to the safety, and the incorrect performance (or failure to perform the function) may result in an unacceptable hazard. According to most standards, hazards that have risk ratings of “Unacceptable” or “Undesirable” must be mitigated (i.e., reduce the risk, which is generally done by decreasing the frequency of occurrence) through system and equipment design. In order to do this, all of the functions that are necessary to implement the system must be identified. Functions that have to be implemented so that they are both (1) performed and (2) performed correctly are implemented fail-safely and are identified as “vital” functions. The fail-safely implementation means that all credible failures that could occur are examined and the occurrence of any one of them (or combination of failures in the event that the first failure is not self-evident) maintains the system in a safe state. That can be done either by forcing the system to a stop (or other safe state such as a less-permissive signal) or by transferring control to a secondary system, such as a redundant computer.
  • FIG. 1 depicts portion 100 of a railway network. Two territories 102 and 106 are defined within portion 100. Territory 102 is controlled by network control center 104 and territory 106 is controlled by network control center 108. Train 110 is traveling through territory 102 on tracks 112 heading toward territory 106.
  • Each network control center 104 and 108 stores all relatively static data, such as the track database, etc. The purpose for this is to minimize downtime and increase the probability that such data is not corrupted in transit (i.e., if the data were not redundantly stored as described herein). This data is periodically synchronized and validated between the control centers (and other control centers that are not depicted in FIG. 1). Any modification of such data is immediately propagated to all network control centers. A positive acknowledgment of the update is required.
  • Train 110 is provided with identifying codes for network control centers 104 and 108 (e.g., at installation, etc.). Likewise, the network control centers are provided with an identifying code for train 110. Imbedding the identifying codes in messages between the train and network control centers (or between network control centers) prevents spoofing.
  • Dynamic data that is shared between the control center and train is stored only at the responsible control center and on the train itself. This is distinct from the treatment of relatively static data, which is stored at all control centers, as disclosed above. If the division between control centers is geographically based, any data that spans the border between control centers is tagged appropriately. That is, an authority can be granted to a vehicle by a control center for territory that exceeds the nominal territory handled by that control center. But if such authority is granted, it is tagged as “suspect” until validated by nominal control center for the territory in question. Any valid control center can send a train the dynamic data so that the train acts independently of the control center with which it communicates. As a consequence, if control moves to a different center, the train will not be affected.
  • If and when a control center fails, other control centers will notice the failure during a periodic validation process. Once failure is noticed, the other control centers take over control (upon human confirmation, if so configured) what would otherwise be the failed controller's territory. The control centers first determine which particular vehicles are affected and then upload all the dynamic data from those vehicles. Identification of the affected vehicles is based on the fact that it is those vehicles that will start to look for another control center when its health check of the formerly-controlling control center fails.
  • FIG. 2 depicts method 200 for controlling a train through a rail network accordance with the illustrative embodiment of the present invention. In accordance with operation 202 of the method, “dynamic” data is transmitted between a train and a first control center. The first control center is nominally responsible for controlling train traffic within a first territory in which the train is present. “Dynamic” data is defined herein as data that is liable to change on a regular basis, such as authorizations, etc. Dynamic data is distinguished from “static” data, which is defined herein as data that is not likely to change on a regular basis, such as a track map, etc. Also, in contrast to static data, which is stored at all control centers, dynamic data is shared only between (and stored only at) the train and the controlling control center.
  • The dynamic data is stored on both the train and at the first control center, as per operation 204. In accordance with operation 206, a second control center is notified that the train is in the first territory, wherein the second control center is responsible for controlling traffic within a second territory that is adjacent to the first territory. In the illustrative embodiment, the first control center notifies the second control center of the presence of the train in the first territory.
  • In operation 208, the first control center issues a grant of provisional authority to enter the second territory. This grant is considered suspect until validated by the second control center, which nominally controls the second territory.
  • In operation 210, the second control center grants the train full authority to enter the second territory when it is determined that it is safe to do so. At this point, the train will still be in the first territory. The second control center issues no other control messages until the train enters the second territory.
  • FIGS. 3, 5, and 6 depict the practice of method 200 in the context of portion 100 of the railway system of FIG. 1.
  • FIG. 3 depicts communication between network control center 104 and train 110. The train verifies that all messages come from a control center having a known identification code. Likewise, network control center 104 verifies that all messages it receives come from a train having a known identification code. Additionally, network control center 104 verifies the crew of the train via a logon or password.
  • Furthermore, network control centers 104 and 106 communicate. In particular, and among any other messages, control center 104 advises control center 106 of the existence of train 110 in territory 102. Furthermore, control center 104 sends a message to control center 106 advising that it (control center 104) granted provisional authority to train 110 to enter territory 106. The purpose for the provisional grant is to reduce the likelihood that train 110 will be forced to stop before the “handoff” to control center 106 occurs.
  • Additional communications between the control centers 104 and 106, and between the control centers and a train, include the transmission of a “heart beat.” The heart beat is intended to gauge the health of the control center. FIG. 4 depicts this process.
  • In accordance with operation 402, a first signal is transmitted from a first control center to a second control center, wherein the first signal is indicative of the operational status of the first control center.
  • A second signal is transmitted from the first control center to a train, wherein the second signal is indicative of the operational status of the first control center, as per operation 404.
  • A third signal is transmitted from the second control center to the first control center, wherein the third signal is indicative of the operational status of the second control center, in accordance with operation 406.
  • A fourth signal is transmitted from the second control center to the train, wherein the fourth signal is indicative of the operational status of the second control center, as per operation 408.
  • Using this method, it can be determined which, if any, of the first or second control center is having operational difficulties. This is discussed further in conjunction with FIGS. 5 and 6.
  • FIG. 5 depicts train 110 nearing territory 106. Control centers 104 and 108 send and receive heartbeats, as per method 400. Furthermore, train 110 sends location reports to both of the control centers. Train 110 will enforce the limits of its authority (i.e., it will stop) unless any control center (other than control center 104) validates the provisional authority granted by control center 104.
  • In FIG. 5, network control center 108 communicates with approaching train 110 and grants full authority for the train to enter territory 106 as long as it is safe to do so.
  • FIG. 6 depicts a scenario in which control center 104 fails. Network control center 108 loses the heartbeat from control center 104. Control center 108 then communicates with train 110 to verify their loss of contact with control center 104. Once verified, control center 108 takes control over territory 102, which was formerly controlled by control center 104. Control center 108 continues to use its own copy of static data, but retrieves all dynamic data from any trains that were under the control of control center 104 at the time the heartbeat was lost.
  • It is notable that train 110 might not be directly aware of the failover of control center 104 since the train simply validates messages that come from valid control centers; it does not have knowledge, per se, of the control center that originates the message.
  • It is to be understood that the disclosure teaches just one example of the illustrative embodiment and that many variations of the invention can easily be devised by those skilled in the art after reading this disclosure and that the scope of the present invention is to be determined by the following claims.

Claims (5)

  1. 1. A method for controlling the movement of a train through a rail network, wherein the rail network comprises a plurality of territories, and wherein a respective plurality of control centers control traffic within the territories, wherein the method comprises:
    transmitting dynamic data between the train and a first control center that is responsible for controlling traffic within a first territory in which the train is present;
    storing the dynamic data on the train and at the first control center;
    notifying a second control center that the train is in the first territory, wherein the second control center is responsible for controlling traffic within a second territory that is adjacent to the first territory;
    granting the train provisional authority to enter the second territory, wherein the first control center issues the grant of provisional authority; and
    granting the train full authority to enter the second territory when it is determined that it is safe to enter the second territory, wherein the second control center issues the grant of full authority and wherein the second control center issues no other control messages until the train is within the second territory.
  2. 2. The method of claim 1 and further comprising:
    transmitting a first signal from the first control center to the second control center, wherein the first signal is indicative of the operational status of the first control center;
    transmitting a second signal from the first control center to the train, wherein the second signal is indicative of the operational status of the first control center;
    transmitting a third signal from the second control center to the first control center, wherein the third signal is indicative of the operational status of the second control center; and
    transmitting a fourth signal from the second control center to the train, wherein the fourth signal is indicative of the operational status of the second control center.
  3. 3. The method of claim 2 and further comprising verifying, with the train, loss of contact with the first control center when the second control center does not receive the first signal.
  4. 4. The method of claim 3 and further comprising assuming control of the first territory when loss of contact is verified, wherein the second control center assumes control.
  5. 5. The method of claim 4 and further comprising retrieving dynamic data from the train at the second control center once control is assumed thereby.
US12356387 2008-01-17 2009-01-20 Method to Monitor a Plurality of Control Centers for Operational Control and Backup Purposes Abandoned US20090184211A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
US2185508 true 2008-01-17 2008-01-17
US12356387 US20090184211A1 (en) 2008-01-17 2009-01-20 Method to Monitor a Plurality of Control Centers for Operational Control and Backup Purposes

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US12356387 US20090184211A1 (en) 2008-01-17 2009-01-20 Method to Monitor a Plurality of Control Centers for Operational Control and Backup Purposes
PCT/US2009/031492 WO2009092088A1 (en) 2008-01-17 2009-01-21 Method to monitor a plurality of control centers for operational control and backup purposes

Publications (1)

Publication Number Publication Date
US20090184211A1 true true US20090184211A1 (en) 2009-07-23

Family

ID=40875695

Family Applications (1)

Application Number Title Priority Date Filing Date
US12356387 Abandoned US20090184211A1 (en) 2008-01-17 2009-01-20 Method to Monitor a Plurality of Control Centers for Operational Control and Backup Purposes

Country Status (2)

Country Link
US (1) US20090184211A1 (en)
WO (1) WO2009092088A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012024895A1 (en) * 2010-08-24 2012-03-01 北京交通大学 Movement authority calculating method based on train control system
US20140204906A1 (en) * 2013-01-20 2014-07-24 Eci Telecom Ltd. Method and apparatus for providing communication services to a moving platform
CN106184297A (en) * 2015-07-10 2016-12-07 海能达通信股份有限公司 Track traffic dispatching method, server and system
US20170279636A1 (en) * 2014-09-04 2017-09-28 Alstom Transport Technologies Radiocommunication infrastructure for a railway signalling system of the cbtc type
US10091024B2 (en) * 2014-09-04 2018-10-02 Alstom Transport Technologies Radiocommunication infrastructure for a railway signalling system of the CBTC type

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US2447497A (en) * 1941-05-29 1948-08-24 Int Standard Electric Corp Block entrance initiated train signaling system
US2632844A (en) * 1946-10-09 1953-03-24 Gen Railway Signal Co Automatic train control system for railroads having coded and noncoded track circuitterritory
US3060311A (en) * 1959-09-30 1962-10-23 Gen Railway Signal Co Train order enforcement system
US3403634A (en) * 1964-07-22 1968-10-01 Docutel Inc Automatically controlled railway passenger vehicle system
US5420883A (en) * 1993-05-17 1995-05-30 Hughes Aircraft Company Train location and control using spread spectrum radio communications
US5533695A (en) * 1994-08-19 1996-07-09 Harmon Industries, Inc. Incremental train control system
US5785283A (en) * 1996-11-25 1998-07-28 Union Switch & Signal Inc. System and method for communicating operational status of a railway wayside to a locomotive cab
US5947423A (en) * 1995-04-28 1999-09-07 Westinghouse Brake And Signal Holdings Limited Vehicle control system

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE2722396C2 (en) * 1977-05-17 1984-06-20 Siemens Ag, 1000 Berlin Und 8000 Muenchen, De
EP0970868A4 (en) * 1997-03-19 2002-10-16 Hitachi Ltd Method and system for controlling train by radio
DE10336022B4 (en) * 2003-08-01 2006-02-02 Db Netz Ag A process for the flexible allocation of responsibilities of centralized track control stations
GB0700080D0 (en) * 2007-01-04 2007-02-07 Westinghouse Brake & Signal Signalling system

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US2447497A (en) * 1941-05-29 1948-08-24 Int Standard Electric Corp Block entrance initiated train signaling system
US2632844A (en) * 1946-10-09 1953-03-24 Gen Railway Signal Co Automatic train control system for railroads having coded and noncoded track circuitterritory
US3060311A (en) * 1959-09-30 1962-10-23 Gen Railway Signal Co Train order enforcement system
US3403634A (en) * 1964-07-22 1968-10-01 Docutel Inc Automatically controlled railway passenger vehicle system
US5420883A (en) * 1993-05-17 1995-05-30 Hughes Aircraft Company Train location and control using spread spectrum radio communications
US5533695A (en) * 1994-08-19 1996-07-09 Harmon Industries, Inc. Incremental train control system
US5947423A (en) * 1995-04-28 1999-09-07 Westinghouse Brake And Signal Holdings Limited Vehicle control system
US5785283A (en) * 1996-11-25 1998-07-28 Union Switch & Signal Inc. System and method for communicating operational status of a railway wayside to a locomotive cab

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012024895A1 (en) * 2010-08-24 2012-03-01 北京交通大学 Movement authority calculating method based on train control system
US20140204906A1 (en) * 2013-01-20 2014-07-24 Eci Telecom Ltd. Method and apparatus for providing communication services to a moving platform
US9648531B2 (en) * 2013-01-20 2017-05-09 Eci Telecom Ltd. Communication services to a moving platform
US20170279636A1 (en) * 2014-09-04 2017-09-28 Alstom Transport Technologies Radiocommunication infrastructure for a railway signalling system of the cbtc type
US10091024B2 (en) * 2014-09-04 2018-10-02 Alstom Transport Technologies Radiocommunication infrastructure for a railway signalling system of the CBTC type
CN106184297A (en) * 2015-07-10 2016-12-07 海能达通信股份有限公司 Track traffic dispatching method, server and system

Also Published As

Publication number Publication date Type
WO2009092088A1 (en) 2009-07-23 application

Similar Documents

Publication Publication Date Title
US6456674B1 (en) Method and apparatus for automatic repetition rate assignment in a remote control system
US6759951B2 (en) Method and system for communicating among a plurality of mobile assets
US20050288832A1 (en) Method and apparatus for run-time incorporation of domain data configuration changes
US5420883A (en) Train location and control using spread spectrum radio communications
US20110172856A1 (en) Short Headway Communications Based Train Control System
US7269487B2 (en) Method for train positioning
EP0341826A2 (en) A railway signalling system
US20150375764A1 (en) Methods and systems for data communications
US6505104B2 (en) Routing method and system for railway brake control devices
US6400281B1 (en) Communications system and method for interconnected networks having a linear topology, especially railways
WO2000052851A1 (en) Communication system for mobile networks
US20140059534A1 (en) Method and system for software management
US20150217790A1 (en) Data communication system and method
EP1942041A2 (en) Signalling system
US20060195236A1 (en) Signaling system
US20070192668A1 (en) Implicit message sequence numbering for locomotive remote control system wireless communications
US8264330B2 (en) Systems and method for communicating data in a railroad system
JP2012131324A (en) Operation security method and operation security system
US20120248261A1 (en) Communications based crossing control for locomotive-centric systems
CN102358334A (en) Train collision prevention warning system
US6959168B2 (en) Ground control of forward link assignments
US20100074160A1 (en) Message repeater and method of operation
US20150142225A1 (en) Railroad Interlocking System with Distributed Control
US6230085B1 (en) Train detection system and a train detection method
JPH05167565A (en) Data transmission method using satellite communication

Legal Events

Date Code Title Description
AS Assignment

Owner name: LOCKHEED MARTIN CORPORATION, MARYLAND

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:GROVES, ROBERT B., JR.;ALLSHOUSE, RICHARD A.;REEL/FRAME:022328/0173

Effective date: 20090210