A programmable electronic power regulator includes a power module for controlling an actuator, a control module for actuating the power module, and an internal monitoring module for transferring the control module to an emergency operation. The internal monitoring module is configured to monitor a system state, detect a critical operating state, and output an error signal. The control module comprises: a basic controller, which is configured to output a power module control signal, and in which functions for open- and closed-loop control of the actuator are implemented, which are required for an emergency operation in a critical operating state; an additional controller, in which functions that are not needed for emergency operation are implemented; and a controller disconnection point, which connects the basic controller with the additional controller via a control connection, and which is configured to at least partially disconnect the control connection upon receipt of the error signal.

Methods and apparatus to implement safety applications associated with process control systems are disclosed. An apparatus includes a configuration controller to: provide a plurality of available safety applications for implementation by a safety trip device to a user for selection, a first one of the safety applications associated with a first set of I/O signals, a second one of the safety applications associated with a second set of I/O signals, the first safety application implemented based on first pre-programmed instructions stored in memory of the safety trip device, the second safety application implemented based on second pre-programmed instructions stored in the memory; and, in response to a user selection of the first safety application, prompt the user to specify values for configuration settings associated with the first safety application. The apparatus also includes an I/O analyzer to implement the first safety application.

A method, computer program product, and computing system for enabling usage of a conversational application by a plurality of users; gathering usage data concerning usage of the conversational application by the plurality of users; defining a visual representation of the conversational application; and overlaying the usage data onto the visual representation of the conversational application to generate visual traffic flow data.

A method and apparatus with cosmic ray fault protection is included. A method includes obtaining cosmic ray information indicating at least one cosmic ray event, determining a soft error mitigation policy based on the cosmic ray information, accessing the soft error mitigation policy by a device, and based on the soft error mitigation policy, performing, by the device, a mitigation action that mitigates for soft errors related to the cosmic ray event.

An example computing system may include computer module bays, a power subsystem to supply power to computer modules installed in the computer module bays, and a system controller. The power subsystem may also implement overcurrent protection (OCP) based on an OCP threshold parameter. The system controller may include dynamic OCP adjustment logic that repeatedly updates the OCP threshold parameter during normal operation of the computing system. The dynamic OCP adjustment logic may update the OCP threshold parameter by determining a power requirement of the computing system based on a current configuration of the computing system, determining a new OCP threshold based on the power requirement, and instructing the power subsystem to change a value of the OCP threshold parameter to a new value based on the new OCP threshold.

A log transmission controller includes a log acquirer, a priority storage, an update instruction acquirer, a priority updater and a transmitter. The log acquirer acquires a log indicating respective states of electronic control units connected to the log transmission controller, which is equipped in a moving object. The priority storage stores priority information indicating a priority for transmitting the log to a server, which is disposed at exterior of the moving object. The update instruction acquirer acquires an update instruction, which is generated by an update instructor equipped in the moving object, for instructing to update the priority information stored in the priority storage. The priority updater updates the priority information based on the update instruction. The transmitter transmits the log to the server based on the priority indicated by the updated priority information.

A method for controlling a technical system, in particular of a motor vehicle.

An in-vehicle software updating method includes: acquiring, after starting a software update, a voltage measurement value of an in-vehicle power source; and acquiring a progress rate in the software update in a case in which the voltage measurement value is equal to or less than a second threshold. In a case in which the progress rate is less than a set value, the software update is interrupted. In a case in which the progress rate is equal to or greater than the set value, an operation mode of the zone control unit is switched to a power saving mode, and a second predicted voltage value of the in-vehicle power source at the update completion time is calculated. The software update is continued in a case in which the second predicted voltage value is greater than a first threshold.

The invention is part of the field of computer technology. It describes the architecture of a secure automation system and a method for safe autonomous operation of a technical apparatus, in particular a motor vehicle. The architecture disclosed herein solves the problem that any Byzantine error in one of the complex subsystems of a distributed real-time computer system, regardless of whether the error was triggered by a random hardware failure, a design error in the software or an intrusion, must be recognized and controlled in such a way that no security-relevant incident occurs. The architecture includes four largely independent subsystems which are arranged hierarchically and each form an isolated Fault-Containment Unit (FCU). At the top of the hierarchy is a secure subsystem, which executes simple software on fault-tolerant hardware. The other three subsystems are insecure because they contain complex software executed on non-fault-tolerant hardware.

A vehicular control system includes a plurality of electronic control units (ECUs), each providing a respective quantity of computational units representative of an amount of processing power of the respective ECU. The ECUs operate a vehicle in a nominal autonomous operational mode when a sum of the quantity of computational units exceeds a threshold. The system, while the ECUs operate the vehicle in the nominal autonomous operational mode, and responsive to detecting a failure of one of the ECUs, determines whether a sum of the quantity of computational units of the remaining ECUs that do not have a failure exceeds the threshold. The ECUs, responsive to the system determining that the sum of the quantity of computational units of the remaining ECUs fails to exceed the threshold, switches from operating the vehicle in the nominal autonomous operational mode to operating the vehicle in a degraded autonomous operational mode.