A safety control system for switching on and safely switching off at least one actuator, including at least one input module for evaluating an input signal of a safety transmitter and for generating an output signal, and at least one output module for the safe actuation of the at least one actuator as a function of the output signal of the input module. The input signal has different signal parameters as a function of the type of safety transmitter. Furthermore, the safety control system includes a setting unit having a memory in which the signal parameters for the input module are stored, and the input module evaluates the input signal as a function of the signal parameters.

A safety I/O module includes a plurality of output channels and a plurality of channel output terminals. The safety module further includes a multi-channel high side switch comprising an integrated circuit including a voltage input terminal and a plurality of main switches. A plurality of discrete safety switches are also provided. Each of the output channels includes a redundant pair of switches including one of the main switches of the multi-channel high side switch and one of the safety switches arranged in series. The main switch and the safety switch are configured to: (i) operably connect the voltage input terminal of the multi-channel high side switch to a respective one of the channel output terminals when both the main switch and the safety switch are in a conductive state; and (ii) disconnect the voltage input terminal of the multi-channel high side switch from the respective one of the channel output terminals when at least one of the main switch and the safety switch are in a non-conductive state. A method of operating a safety I/O module includes operating a plurality of main switches of a high side multi-channel switch integrated circuit to selectively conduct a supply voltage from a voltage input terminal to at least one discrete safety switch and operating the safety switch to selectively conduct the supply voltage to a respective one of the channel output terminals.

A modular control apparatus comprises a central control module with a first logic unit and a second logic unit, first electronic modules connected to the first logic unit and having safety inputs and safety outputs, wherein the first electronic modules are designed to provide safety functions of a safety controller, and second electronic modules connected to the second logic unit and having inputs and outputs, wherein the second electronic modules are designed to provide standard functions of a programmable logic controller. The central control module and the first and second electronic modules are arranged in a row of modules. The safety functions of the first electronic modules are defined by positions of the first electronic modules in the row of modules and/or by fixed hardware settings, and the standard functions of the second electronic modules are programmable.

A turn-off device for a sensor, an actuator or a control unit for a vehicle or for an industrial facility, the sensor, the actuator or the control unit being connectable via a PHY interface to a communication network, via which the sensor, the actuator or the control unit is able to exchange messages with other units of the vehicle or of the industrial facility, the turn-off device including a blocker, which physically prevents the PHY interface from sending messages to the communication network. A sensor, an actuator or a control unit that includes the turn-off device, a method for functional checking, and an associated computer program are also described.

Soft error data describing soft errors predicted to affect at least a particular hardware component of a computing system are used to determine functional safety metric values. The computing system is to control at least a portion of physical functions of a machine using the particular hardware component. Respective soft error rates are determined for each of a set of classifications based on the soft errors described in the soft error data. Derating of the soft error rates are performed based on a set of one or more vulnerability factors to generate derated error rate values for each of the set of classifications. The functional safety metric value is determined from the derated error rate values to perform a functional safety analysis of the computing system.

A circuit is provided that has three clock sources, a first processing unit connected to the first clock source, a second processing unit connected to the second clock source, and an input unit. The first processing unit has a first logic circuit and a first memory circuit connected to the first logic circuit, wherein a first set of instructions, which is designed to implement a first control program when executed by the first logic circuit, is stored in the first memory circuit, wherein the first clock source specifies a clock timing of the execution of the first set of instructions. The second processing unit has a second logic circuit and a second memory circuit connected to the second logic circuit, wherein a second set of instructions, which is designed to implement a second control program when executed by the second logic circuit, is stored in the second memory circuit.

An apparatus and a method for the parallel and independent operation of a normal program and a secure program on the basis of a runtime system structure have all components that are relevant to the control integrated on a hardware component with a specific hardware architecture and be isolated from one another by a runtime system structure for two dual runtime systems for making changes to non-security-relevant components without restriction. The isolation can be provided by prioritizing one of the runtime systems. Such a runtime system structure or hardware architecture eliminates the need for follow-up certification of user-programmable controllers and the certification of the security-critical component is valid even when changes to the non-security-relevant components are made.

An electronic safety switching device comprising at least a first and a second signal processing channel to which input signals may be supplied for signal processing. The first and second signal processing channels provide processed output signals, wherein the first and the second signal processing channels process the supplied input signals redundantly with respect to one other. The first and the second signal processing channels are each formed as integrated circuits, wherein the first signal processing channel is arranged monolithically on a first semiconductor substrate, and the second signal processing channel is arranged monolithically on a second semiconductor substrate. Furthermore, the first and the second semiconductor substrates are combined into a stack to form a one-piece electronic component.

An artificial intelligence based harmful environment control system includes: a plurality of IoT sensors measuring a harmful element and an environmental element of a closed space, and whether there is a person in the closed space; a controller unit controlling to display a harmful element measurement value and an environmental element measurement value provided from the plurality of IoT sensors, comparing the harmful element measurement value with a reference range measurement value, deciding a control method corresponding to the determined harmful environment situation, selecting and controlling to output a guidance message corresponding to the harmful environment situation, and transmitting harmful element control information; a display panel displaying the harmful element measurement value and the environmental element measurement value, and displaying the guidance screen; a speaker voice-outputting the guidance message according to the control of the controller unit; and a ventilation operating device operated to resolve the harmful element.

A device for computing data models, in particular comprising the possibility to detect errors occurring during the computation, has at least two processing units, at least one of the at least two processing units being designed to compute a main data model as a function of at least one state of a system, at least one other of the at least two processing units being designed to compute, as a function of this at least one state of the system, an approximation data model associated with the main data model, the main data model comprising at least one property of the system as a first data model, the approximation data model comprising at least the same property of the system approximately as a second data model, a comparator unit being designed to compare a first result of a first computation of the main data model with a second result of a second computation of the approximation data model associated with the main data model, in order to determine information about a deviation between the first result and the second result, the comparator unit being designed to detect an error as a function of the information about the deviation if the deviation exceeds a maximum admissible deviation.