Multiplex communications – Channel assignment techniques – Combining or distributing information via time channels...
Reexamination Certificate
1999-03-23
2002-03-05
Cangialosi, Salvatore (Department: 2661)
Multiplex communications
Channel assignment techniques
Combining or distributing information via time channels...
Reexamination Certificate
active
06353615
ABSTRACT:
BACKGROUND OF THE INVENTION
Communications systems often operate in an environment whose disturbance potential cannot be defined precisely. This is especially the case for avionic and automotive applications, whose disturbance environment changes constantly. The communications systems [1] currently in use, which are not of a critical security nature, meet the following requirements for reliability:
It must be possible to detect communication errors.
The failure of one subscriber cannot debilitate the communications system.
The sequence of transmitter messages is retained upon reception.
It is highly probable that messages are transmitted timely.
At this time, motor vehicles contain components that administer individual critical security tasks and communicate with other components. The communication is not of a critical security nature. The focus of the research, in contrast, is components which together perform complex, critical security tasks under hard real-time conditions, so the communications system itself is of a critical security nature. Such applications impose further requirements on a communications system that can only be partially met by current systems:
The communications system must be fail-operational, that is, it must continue to perform its task regardless of any possible disturbance or possible failure. In other words, redundant communications paths must be supported.
The communications system must reliably distinguish between permanent disturbance errors, and exclude defective components—and only defective components.
Changes in the communications system (failure and restart) must be reported to the application as quickly as possible and consistently over the network.
In the messages, distortions must be reliably recognized for the maximum duration of the disturbance.
Critical messages must be transmitted within a guaranteed time frame.
Multicast messages are necessary, and must be transmitted atomically. The retention of the global sequence of certain messages from various sources must be guaranteed.
It must be possible to perform a safety verification, in which it must be precluded that the communications system can negatively impact safety functions in the individual components. If components must collectively perform a critical security task, a safety verification must be performed for the communications system, including all components.
In addition to reliability and safety requirements, communications systems are also subject to the following requirements in practice:
It is crucial that stations and functions be integrated easily into a total system. The individual stations must be simple to configure.
Dynamic termination and inclusion of communication subscribers and the ability of the network to be expanded are other important features.
A future-oriented communications system must keep pace with advancements, and be able to be advanced. It should be suitable for high transmission speeds and be able to operate on different physical media. Conceivable application architectures, particularly for redundant operation, cannot be impeded or prevented.
Finally, the communications system must be cost-effective.
The protocol of a communications system is the system's “motor.” Protocols can be roughly divided into two classes based on their access method: synchronous and asynchronous.
Asynchronous access methods have a short access time in the middle, which cannot, however, be guaranteed (or only for a specific message). The best-known protocols with asynchronous arbitration that have been developed for motor-vehicle use are CAN [2] and ABUS [3].
Synchronous access methods are more capable of assuring access. They operate according to three different fundamental principles: master/slave, token access and time-division multiple access (TDMA):
Simple master-slave protocols, such as the MIL standard protocol 1553B [12] developed for the field of military aircraft and vehicles, rely on the capability of their master, and fail in the event of an error. In other multi-master protocols, the master property can also be transferred to other network stations in the event of an error, but, in such a case, the flow of messages is interrupted and not deterministic.
Protocols operating according to the token principle, such as the token-bus protocol [9] and its variations, are also not strictly deterministic in cases of errors (timing problems in identifying token loss and matching in the new generation process), or, as in the token-ring protocol [10], an active communication path is required, which is a difficult and costly demand to meet.
TDMA-based protocols can be designed so as to operate deterministically, even in the event of an error.
Standardized protocols are often combinations of the above fundamental principles.
Hence, the TCN protocols [4] MVB and WBT are used, for example, in the railway industry. They include an alternating central master control, but otherwise function according to the TDMA principle. A non-deterministic TDMA protocol in which the subscribers are dynamically allocated time slices during operation is the protocol according to U.S. Pat. No. 4,161,786 [14]. The protocol ARINC 629 (MTDB) [13], which was developed for the field of aviation, is a TDMA protocol controlled by local clocks, but monitors the bus to prevent collisions and only operates deterministically if all subscribers abide by their time limit. The protocol ARINC 659 (SAFEbus) [7] provides a strict TDMA arbitration. It was likewise developed for reliable aviation systems, but requires a complex and costly physical embodiment, and, as a back-plane bus, is too short (42 inches) for spatially-distributed applications.
SUMMARY OF THE INVENTION
This application introduces a protocol that is based on a pure, distributed and strictly-deterministic TDMA arbitration. The protocol takes into consideration the aforementioned requirements, is extremely robust with respect to short, sustained and periodic disturbances, and encompasses all justifiable options of maintaining communication. It presupposes a synchronous, distributed time base that can be realized with continuous messages [5] and by local clocks [6]. The protocol is not biased toward any particular software architecture for the application. It is compatible with combinations ranging from redundant, critical security stations to non-critical, and simple stations, with less-stringent to hard real-time requirements. In addition to the recurring themes of error tolerance and reliability, aspects such as practicality, costs and advancement were of prime consideration in the development of the protocol.
For critical security systems, static (pre-runtime) scheduling of application processes is advantageous because they are easier to verify. An obvious concept lies in the synchronization of protocol and application, which results in a time-controlled architecture. In such a time-triggered architecture (TTA), a single global time clock, which can be realized in distributed form, controls all system activities: user functions and communication. In such an architecture, information can flow as follows: A message is produced in a predetermined time slice, transmitted and received in the subsequent time slice and further processed (delivery delay minimal, delay jitter=0) in the receiver station during the next time slice. The present protocol and the time-triggered protocol [8], also provided for applications in a motor vehicle, can be components of such a continuously time-controlled architecture.
Continuously time-controlled architectures and their static activity allocations are extremely advantageous, particularly with respect to the simplification of the safety verification and the synchronization of redundant stations. They are, however, also associated with several problems:
If, during transport, for example, messages are disturbed or lost, there is no time for a re-transmission. The TTP protocol pr
Cangialosi Salvatore
Daimler-Chrysler AG
Kunitz Norman N.
Venable
Voorhees Catherine M.
LandOfFree
Protocol for critical security applications does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Protocol for critical security applications, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Protocol for critical security applications will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2863697