Data processing: generic control systems or specific application – Generic control system – apparatus or process – Having protection or reliability feature
Reexamination Certificate
2000-11-07
2004-11-30
Patel, Ramesh (Department: 2121)
Data processing: generic control systems or specific application
Generic control system, apparatus or process
Having protection or reliability feature
C700S021000, C700S080000, C700S081000, C700S082000, C700S003000, C714S002000, C714S003000, C714S014000
Reexamination Certificate
active
06826433
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates to a method for operating an automation system that has at least one input unit for receiving process signals and at least one output unit for driving external peripherals, the input unit and the output unit being communicatively interconnected via a bus.
BACKGROUND INFORMATION
To achieve rapid shutdown of the automated processes or individual operations in emergency situations when working with automation projects which are controlled and/or monitored by an automation system of this type, an emergency-stop arrangement in the form of an emergency-stop chain has conventionally been provided.
Emergency-stop switches, light gratings, tread mats or the like are integrated into such an emergency-stop chain. Due to the demands to be made on an emergency-stop arrangement, it is usually designed in conventional wiring. A tunnel furnace which is subdivided into a number of segments with respect to the automation process can be mentioned here as an example. At user-accessible positions on the outside of the tunnel furnace, emergency-stop buttons, for example, are provided for the emergency-stop arrangement, the operation of an emergency-stop button entailing, for example, the defined shutting-down of the entire process depending on the design of the overall automated system.
The emergency-stop buttons are field devices having an input function. Correspondingly, the devices shutting down the process are devices having an output function for driving external peripherals, thus, for example, output devices which control a motor for transport processes, a motor for ventilation, an hydraulic unit for positioning or the like.
In the event of an emergency-stop situation, the external peripherals must be disconnected immediately. For this purpose, an emergency-stop chain which conventionally had to be constructed in conventional wiring and which, in response to the operation of an emergency-stop button, effects an immediate shutdown of the motor or an immediate shutdown of the hydraulic unit, is set up between the input devices, that is to say, the emergency-stop buttons, and the output devices such as the motors or the units. The conventional wiring has been necessary till now due to the safety demands to be made on an emergency-stop arrangement.
In this connection, however, it is disadvantageous to provide the conventional wiring in the entire process field when working with large-area automation projects such as the tunnel furnaces described.
SUMMARY
An object of the present invention is to provide a method for operating an automation system in which it is possible to dispense with the conventional wiring for dealing with emergency-stop situations, and instead a communicative connection exists between the components of the emergency-stop chain via the bus of the automation system.
According to the present invention, therefore, the conventional wiring for the emergency-stop arrangement is omitted, and all field devices, i.e., thus also the emergency-stop buttons and the motors or units to be integrated into the emergency-stop chain, are communicatively connected via the process bus.
This objective is achieved for a method for operating an automation system, wherein the automation system has at least one input unit for receiving process signals and at least one output unit for driving external peripherals, and wherein the at least one input unit and the at least one output unit are communicatively interconnected via a bus, in that at least one of the input units and at least one of the output units are constructed as a failsafe input unit and as a failsafe output unit, respectively. The failsafe input unit transmits a data item to the failsafe output unit at predetermined times, that the data item includes at least one useful information item, one destination point code designating the addressed output unit and one origin code designating the transmitting input unit. The output unit interprets the continuous reception of the data item as an indication of an intact communication relationship, and otherwise shifts the connected peripherals into a safe state.
According to the present invention, the safety demands to be made on an emergency-stop arrangement are met if the input devices, i.e., for example, the emergency-stop buttons and the output devices that are to be integrated into the emergency-stop chain and are provided for driving the motors or units, are in each case constructed to be failsafe. In the event of an emergency-stop situation, the following sequence then occurs in the automated system:
In response to the operation of an emergency-stop button, a data item is placed on the bus by the data input device. According to the specifications of the bus protocol used for the physical communications link, the data item to be transmitted includes at least one useful information item, in this case therefore the information as to whether the emergency-stop button has been pressed or not, at least one destination address, i.e., the address of the communication partner to which the message is sent—a special identifier enabling the message to be sent to all communication partners —and, finally, the origin code which identifies the sender of the data item.
The present invention can then be used, on the one hand, in such a manner that the data item is sent to a quite specific communication partner, the addressee recognizing from the destination address contained in the data item that the data item is intended for it, or the data item is sent to all communication partners, each individual communication partner determining from the origin address of the data item whether the data item, i.e., the useful information in the data item, is to be evaluated by it.
On the other hand, the data item can also be sent to a higher-level unit of the automation system, e.g. the central processing unit of a programmable controller, the latter in turn recognizing from the origin code of the data item that a message, e.g., from an emergency-stop button, has arrived which needs immediate handling, so that immediately after detecting the data item, the central processing unit forwards it to the output devices so that they trigger a deceleration or shutdown of the motors or units connected to the output devices, or they themselves transmit a further data item to the output devices which leads to the same result.
In this context, the output unit interprets the continuous reception of the data item from the input unit as indication of an intact communication relationship. In the case when the output unit detects that a data item from an input unit fails to appear during a time span which is greater than a predeterminable time span, the output unit shifts the connected peripherals into a safe state and thus ensures again that the connected motors or units are shut down.
For use within the framework of the method according to the present invention for operating an automation system, provision is also made for a failsafe data input device having at least one input channel for connecting peripheral sensors, the data input device being provided with a test circuit which triggers a test procedure at predetermined times and, in so doing, effects a status change for at least one of the input channels of the failsafe input device, an internal logic monitoring the status change and, if necessary, outputting an error message, the status change effected by the test circuit being canceled again at the end of the test procedure, and the test procedure being completely transparent for reading out the affected input channel.
Furthermore or as an alternative, a failsafe data input device having at least one input channel for connecting peripheral sensors, in which the at least one input channel is designed to be antivalent, is provided for use within the framework of the method according to the invention for operating an automation system.
Due to the above-mentioned measures, i.e. due to the antivalent design of the input channel or due to the monitoring of the input channel by a test c
Barthel Herbert
Birzer Johannes
Fuchs Heiner
Schenk Andreas
Schuetz Hartmut
Patel Ramesh
Siemens Aktiengesellschaft
Staas & Halsey , LLP
LandOfFree
Failsafe data output system and automation system having the... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Failsafe data output system and automation system having the..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Failsafe data output system and automation system having the... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3338899