Data processing: generic control systems or specific application – Generic control system – apparatus or process – Having protection or reliability feature
Reexamination Certificate
2000-01-20
2004-12-14
Voeltz, Emanuel Todd (Department: 2121)
Data processing: generic control systems or specific application
Generic control system, apparatus or process
Having protection or reliability feature
Reexamination Certificate
active
06832121
ABSTRACT:
BACKGROUND OF THE INVENTION
FIELD OF THE INVENTION
The invention relates to a device for monitoring safety-relevant processes in machines.
In the field of machine construction, in particular, printing machine construction, professional societies and trade associations require that safety-relevant processes in machines be performed in an intrinsically failsafe manner. In this regard, a control or part thereof is considered to be intrinsically failsafe if a single fault in the control does not lead to any danger. In circuitry technology, what is called for is that specific functions must be duplicated, i.e., they must be present in redundant form.
With regard to the control known as CP-Tronic from the firm Heidelberger Druckmaschinen AG of Heidelberg, Germany, this is accomplished by providing, in the control, a central safety module into which conditions of safety-relevant processes are read, in parallel, to the control modules. In this regard, to initiate a safety-relevant process, a switch having, respectively, a one break contact and a one make contact in two separate systems is read in and monitored, respectively. Accordingly, one cable leads to the control module, and a second redundant cable leads to a central safety module. The safety-relevant process is initiated only when simultaneous initiation of both contacts is identified both in the control module and in the safety module.
The main drive of the machine is likewise monitored by two systems of redundant construction and, if any safety-relevant conditions do not match, the drive is switched off. Redundant construction includes two computers, one of which is used to control the main drive, while the other is the actual machine control. If the actual main drive computer fails, the computer for machine control takes over the control function from the drive computer and shuts the main drive down in a controlled manner. In addition, various protective contacts, emergency-stop buttons, and so forth are read in via a safety module and are passed, on the one hand, via an input card indirectly to the drive computer and, in a redundant manner relative thereto, likewise to the drive computer, via direct pin inputs in the drive computer. Furthermore, the actual values of the main drive element are read in via two separate incremental transmitters, one of which is fitted directly to the motor and the other is fitted to a rotating part of the printing machine, for example to the plate cylinder. The signals from the first incremental transmitter in the motor are passed via separate signal cables to the drive computer, and the signals from the incremental transmitter on the plate cylinder are passed, likewise via separate signal cables, both to the drive computer and to the computer for machine control.
A disadvantageous feature of this technology is that a respective cable must be passed from each of the safety-relevant devices to the actual control modules, and an additional cable must be passed to the central safety module, in order to ensure that the condition is read in a redundant manner. This construction is, on the one hand, complex and expensive, and offers, on the other hand, only limited expansion options. The expansion options are likewise linked to high cable complexity, and expansion is possible only for as long as the central safety module has free inputs for reading in the safety-relevant condition.
Further known in the state of the prior art is the published German Patent Document DE 195 29 430 A1, which proposes so-called safety modules for monitoring electrical drive systems, particularly in printing machines having a plurality of drives. These safety modules are generally implemented as software and, overall, have three components. These three components are fault identification and diagnosis, decision making based upon the fault type and magnitude, and reaction or measure initiation. These safety modules have access to signals in the area of the functional parts, such as rotating cylinders in the printing machine, in the area of electric motors, electronics, the signal processing unit and the power supply units, and are constructed to compare or evaluate them for plausibility.
A disadvantageous feature of the prior art according to the aforementioned published German Patent Document DE 195 29 430 A1 is that, apart from monitoring the drives, no other monitoring functions are taken into account for other safety-relevant processes. Thus, no safety-relevant inputs can be read in, and no redundant safety outputs can be set.
SUMMARY OF THE INVENTION
Based upon the foregoing state of the prior art, it is accordingly an object of the invention to provide a device for monitoring safety-relevant processes in machines that offers a more cost-effective solution, by which expansion of safety-relevant functions is possible without additional cable complexity. Furthermore, it is an object of the invention to comply with the conditions specified by the professional societies and trade associations while at the same time providing simplification.
With the foregoing and other objects in view, there is provided, in accordance with a first aspect of the invention, a device for monitoring safety-relevant processes in actuating/drive elements in machines having at least one operation control for safety-relevant and other than safety-relevant processes, at least one safety monitoring control, at least one safety input/output device and a redundantly constructed input/output system for safety-relevant processes, comprising at least one field bus system connecting the operation control, the at least one safety input/output device and the at least one safety monitoring control to one another, at least one of the safety input/output device and the safety monitoring control being disposed in a distributed manner on an actuating/drive element for, respectively, initiating and performing a safety-relevant process.
In accordance with another feature of the invention, the at least one safety input/output device is arranged in a decentralized manner close to the respective actuating/drive element, and the at least one safety input/output device is connected by the field bus system to at least one safety monitoring control.
In accordance with a further feature of the invention, the safety input/output device is serviceable as an input/output device for other than safety-relevant processes.
In accordance with an added feature of the invention, the safety input/output device and the input/output device for other than safety-relevant processes are mutually interchangeable.
In accordance with an additional feature of the invention, at least one of the safety monitoring control and the safety input/output device is configurable in accordance with the application thereof.
In accordance with yet another feature of the invention, the monitoring device includes a bus coupler for coupling the one field bus system and at least another field bus system of different machine components to one another for safety purposes.
In accordance with yet a further feature of the invention, the field bus system is a CAN-bus.
In accordance with a second aspect of the invention, there is provided a method for monitoring safety-relevant processes in actuating/drive elements of machines having at least one operational computer, at least one control for safety-relevant processes, at least one safety monitoring control, at least one safety input/output device and a redundantly constructed input/output system for safety-relevant processes, which comprises applying to the bus system information read in by the at least one safety input/output device, and accepting, by the at least one safety monitoring control, the information applied to the bus system, only if this information is relevant for the safety monitoring control.
In accordance with another mode, the method of the invention includes performing a consistency check in one of the operation control, the safety monitoring control and a bus coupler.
In accordance with a further mode, the method of the invention includes def
Albrecht Kai
Grimm Ulrich
Janzer Reinhard
Pritschow Michael
Rössler Georg
Greenberg Laurence A.
Heidelberger Druckmaschinen AG
Locher Ralph E.
Stemer Werner H.
Todd Voeltz Emanuel
LandOfFree
Device for monitoring safety-relevant processes in machines does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Device for monitoring safety-relevant processes in machines, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Device for monitoring safety-relevant processes in machines will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3317349