Induced nuclear reactions: processes – systems – and elements – With control of reactor – By electronic signal processing circuitry
Reexamination Certificate
2000-10-05
2003-02-04
Carone, Michael J. (Department: 3641)
Induced nuclear reactions: processes, systems, and elements
With control of reactor
By electronic signal processing circuitry
C376S215000, C376S216000, C376S245000, C376S259000, C702S183000, C702S185000, C345S001300, C345S002200, C345S003100, C340S524000, C340S525000, C340S517000, C340S870030, C340S870030
Reexamination Certificate
active
06516041
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
This invention relates generally to control systems for nuclear reactor power generation systems. More particularly, this invention relates to such a control system that functionally isolates safety and non-safety controls by using a soft control design concept, thus eliminating confirmation switches and channel demultiplexers. Still more particularly, this invention relates to such a control system that improves the man-machine (MMI) interface while permitting use of data encryption for command control data received by a control channel gateway.
2. Brief Description of the Prior Art
Complex control schemes are in place for nuclear reactor power generation systems to prevent component failures that could lead to catastrophic failure. Such control schemes have as their design basis the use of a human operator controlling continuous and discrete control functions from a single display device cooperating with an associated information processing system (IPS) and cathode ray tube (CRT) or flat panel display (FPD) and a display processor (DP). In current systems, controllers are provided on each operator workstation and remote shutdown control panel. The controllers are linked to safety-related engineered safety features—component control system (ESF-CCS) or non-safety-related process—component controlled systems (P-CCS) by way of control channel gateways (CCGs). A priority interlock is incorporated in the CCG to block any effect from the controllers on the safety CCS when an ESF actuation is in progress.
The controller usually provides continuous display of all parameters being controlled as well as, in some cases, parameters of components associated with the component selected for control. To insure that an operator has all information necessary for optimal process control, a continuous display of all controlled parameters is provided. It has long been sought in this control art to improve the human factors and operator efficiency in the use of the controller, while reducing the amount of hardware and design necessary to implement the control functions, and while maintaining if not improving reliability.
In such systems, and from a human factors perspective, there are three steps required of the previous control design that incorporated confirmation switches to carry out a control function. The operator would first need to make a selection from the IPS display, then press a confirmation switch, and third, manipulate the selected component from the control display. For certain control actions, these steps proved to be very monotonous and time-consuming. Accordingly, it is an aim of those making improvements on nuclear power plant control systems to reduce the number of hardware controls, such as by reducing or eliminating the confirmation switches without sacrificing reliability or safety.
When considering hardware/software implementation in such systems, certain functionalities made the prior designs complex and costly to integrate. Moreover, the multiple hardware elements needed to implement the prior designs would result in a less reliable configuration. Additionally, every software-based element in the design added development time not only to simplify implementing the function, but also to support the tasks associated with software and related safety analysis. Thus, it is an aim in improving control designs to address these kinds of issues while maintaining a defensible design from a regulatory point of view.
Data security has long been a matter of interest in assessing the functionality and efficiency of nuclear power plant safety systems. While redundancy as a concept has often been used with probability and statistical analysis to ensure data security and system integrity, it is an overall aim of this invention to introduce the latest, most secure encryption technology to the optimized control design. For simplicity, when discussing prior efforts, the term “control”, or the like, will be used, while when discussing this invention, the term “soft control” will be used as distinguishing nomenclature. Current control systems communicate with error detection protocols of various kinds that can be susceptible to undetected bit errors. Accordingly; it is expected that data encryption will provide a powerful tool to transmit data and to certify that data as received as accurate in nuclear power plant control systems of the type to which this invention is primarily, but not necessarily exclusively, aimed.
Improved designs must meet current codes and standards. IEEE 603-1991, “Criteria for Safety Systems for Nuclear Power Generating Stations,” addresses specific minimum functional criteria required of safety related systems that have direct application for Power, Instrumentation and Control systems for use in a nuclear power plant (NPP) application. The single failure criterion of section 5.1 of the standard specifies that:
“The safety systems shall perform all safety functions for a design basis even in the present of 1) any single detectable failure within the safety systems concurrent with all identifiable but non-detectable failures.”
This criterion is further clarified by stating that:
“The performance of a probability assessment of the safety systems may be used to demonstrate that certain postulated failures need not be considered in the application of the criterion. A probability assessment is intended to eliminate consideration of events and failures that are not credible.”
IEEE Std. 352-1987 is cited as applicable guidance in the performance of the reliability analysis.
Additionally, IEEE 603, Section 5.6.3 states:
“The safety system design shall be such that credible failures in and consequential actions by other systems [which include non-safety systems] shall not prevent the safety systems from meeting the requirements [of the standard]”.
Thus, under this section, the classification of equipment as part of a safety system is determined by establishing that the equipment is used for both safety and non-safety functions or that the equipment is used as an isolation device in the boundary of a safety system.
Prior systems often use confirmation switches as a security mechanism to ensure the accuracy of a control command. Such switches provided a “safety break” between the safety systems and the non-safety related MMI. No control commands could pass, in a typical prior system, to the control channel gateways unless specific confirmation and channel selection had occurred. Such a task proved inefficient. Accordingly, it is an aim of this invention to provide a component control system for a nuclear power plant that eliminates a need for confirmation switches and complex multiplexer arrangements.
BRIEF SUMMARY OF THE INVENTION
It is thus an overall object of this invention to provide a component control system for a nuclear reactor power generation system that eliminates a need for confirmation or channel selection switches, while maintaining compliance with codes, standards, and regulations.
It is another general object of this invention to provide such a control system that functionally isolates safety and non-safety controls by using a soft design concept.
It is still another general object of this invention to provide such a control system that features encryption of component control action commands with decryption at the control channel gateway level.
In its main aspect, the invention relates to a control system for a nuclear power plant, comprising: means, including an information processing system and display processor (IPS-DP), for issuing an encrypted command for a selected component in a component control system (CCS) in the nuclear power plant; means, including a soft controller, for receiving the encrypted command from the IPS-DP means, matching the encrypted command with the selected component in the CCS; and issuing a control command for the selected component; and means, including a control channel gateway, for receiving the encrypted command from the IPS-DP means and the soft controll
Carone Michael J.
Richardson John
Westinghouse Electric Co. LLC
LandOfFree
Method and apparatus to eliminate confirmation switches and... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and apparatus to eliminate confirmation switches and..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus to eliminate confirmation switches and... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3118744