Data processing: generic control systems or specific application – Generic control system – apparatus or process – Having protection or reliability feature
Reexamination Certificate
2000-09-21
2004-03-02
Patel, Ramesh (Department: 2121)
Data processing: generic control systems or specific application
Generic control system, apparatus or process
Having protection or reliability feature
C700S009000, C700S021000, C700S080000, C700S081000, C700S082000, C710S104000, C713S001000, C714S004110, C714S750000
Reexamination Certificate
active
06701198
ABSTRACT:
STATEMENT REGARDING FEDERALLY SPONSORED RESEARCH OR DEVELOPMENT
- - -
BACKGROUND OF THE INVENTION
The present invention relates to industrial controllers used for real-time control of industrial processes, and in particular to high-reliability industrial controllers appropriate for use in devices intended to protect human life and health. “High reliability” refers generally to systems that guard against the propagation of erroneous data or signals by detecting error or fault conditions and signaling their occurrence and/or entering into a predetermined fault state. High reliability systems may be distinguished from high availability systems, however, the present invention may be useful in both such systems and therefore, as used herein, high reliability should not be considered to exclude high availability systems.
Industrial controllers are special purpose computers used in controlling industrial processes. Under the direction of a stored control program, an industrial controller examines a series of inputs reflecting the status of the controlled process and changes a series of outputs controlling the industrial process. The inputs and outputs may be binary, that is, on or off, or analog, providing a value within a continuous range. The inputs may be obtained from sensors attached to the controlled equipment and the outputs may be signals to actuators on the controlled equipment.
“Safety systems” are systems intended to ensure the safety of humans working in the environment of an industrial process. Such systems may include the electronics associated with emergency stop buttons, interlock switches and machine lockouts. Traditionally, safety systems have been implemented by a set of circuits wholly separate from the industrial control system used to control the industrial process with which the safety system is associated. Such safety systems are “hard-wired” from switches and relays, some of which may be specialized “safety relays” allowing comparison of redundant signals and providing internal checking of conditions such as welded or stuck contacts. Safety systems may use switches with dual contacts providing an early indication of contact failure, and multiple contacts may be wired to actuators so that the actuators are energized only if multiple contacts close.
Hard-wired safety systems have proven inadequate, as the complexity of industrial processes has increased. This is in part because of the cost of installing and wiring relays and in part because of the difficulty of troubleshooting and maintaining the “program” implemented by the safety system in which the logic can only be changed by rewiring physical relays and switches.
For this reason, there is considerable interest in implementing safety systems using industrial controllers. Such controllers are easier to program and have reduced installation costs because of their use of a high-speed serial communication network eliminating long runs of point-to-point wiring.
Unfortunately, high-speed serial communication networks commonly used in industrial control are not sufficiently reliable for safety systems. For this reason, efforts have been undertaken to develop a “safety network” being a high-speed serial communication network providing greater certainty in the transmission of data. Currently proposed safety networks are incompatible with the protocols widely used in industrial control. Accordingly, if these new safety networks are adopted, existing industrial controller hardware and standard technologies may be unusable, imposing high costs on existing and new factories. Such costs may detrimentally postpone wide scale adoption of advanced safety technology.
What is needed is a safety network that is compatible with conventional industrial controller networks and components. Ideally such a safety network would work with a wide variety of different standard communication protocols and would allow the mixing of standard industrial control components and safety system components without compromising reliability.
BRIEF SUMMARY OF THE INVENTION
The present invention provides a high-reliability communications system that can make use of standard networks for initialization.
One requirement of a high reliability system is that messages not be mis-directed.
This ordinarily can be assure by giving each communicating device a way of identifying itself and making sure that each device establishes the identity of all other parties with whom it communicates. Ideally, the identities will be unique to a given “connection” or communication pair of one message producer and one message consumer.
Another requirement is that all parties know the parameters of communication. Errors in communication parameters can cause messages to be misinterpreted or unintelligible.
The need to notify each device of its identity and to communicate common communication parameters is best met by transmitting parameters and identities to the devices over the standard network as the high reliability communications system is initialized. Unfortunately, the distribution of identities and parameters over a standard network can work against establishing a high reliability communications system, if there is appreciable chance that the identities or parameters will be mis-directed or garbled.
The present invention allows the configuration of a highly reliable communications system over a standard network by use of a configuration tool (possibly a separate device) symmetrically communicating configuration data to two devices intended to communicate with each other during control time. The configuration data provides both identities to the communicating parties (unique to a connection or communication pair) and also coveys important parameters of the communication. After receiving the configuration data, the two intercommunicating parties may compare configuration data to ensure that they are correctly part of a connection.
Specifically, the present invention provides a method of establishing high reliability communication among components of an industrial control system exchanging control signals with a controlled process, the components communicating over a standard network. The method includes the first step of transmitting a configuration message from a configuration source to a first component and a second component over the standard network using a standard network protocol, the configuration message providing data related to a high reliability communications protocol usable on the standard network. In a next step, the configuration source receives a configuration response message from the first component and the second component, the configuration response message describing data of a configuration message previously received by the first component and the second component. Communication of control signals between the first and second component, as defined by the data of the configuration message, is enabled only if the configuration response message received by the configuration source describes the same data as the configuration message transmitted from the configuration source.
Thus it is one object of the invention to permit a standard network to be used to configure and identify devices that will be communicating as part of a high reliability communications system. The symmetrical transmission of the configuration data to the two intercommunicating devices and the need for a response message reflecting the configurations data reduces many types of errors to which standard networks are prone.
The data of the configuration message may be stored at the first component and the second component and if the configuration response message received by the configuration source describes different data from the data of the configuration message, the method may include the further step of sending a clear message from the configuration source to the first component and the second component causing the clearing of the configuration message stored at the first component and the second component.
Thus it is another object of the invention to prevent later miscommunic
Hall Kenwood H.
Lenner Joseph A.
Vandesteeg Kerry W.
Vasko David A.
Gerasimow Alexander M.
Patel Ramesh
Quarles & Brady LLP
Rockwell Automation Technologies Inc.
Shute Douglas M.
LandOfFree
Safety network for industrial controller allowing... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Safety network for industrial controller allowing..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Safety network for industrial controller allowing... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3220560