In a method for determining a threat situation for an automation component of the controller or field level, wherein the automation component has at least one essentially cyclic program behavior, a number of required program behaviors is established in a learning phase in a processor, and the determined required program behaviors are stored and compared cyclically with actual program behaviors, that are established in operation of the automation component. The result of the comparison is logically linked with results of other security components for verification as to whether a threat situation exists.

An arithmetic device and a control apparatus capable of executing a process according to an event occurring in one or more functional units connected through a communication circuit are provided. The arithmetic device configuring the control apparatus includes: a communication circuit for exchanging data with the functional units through the communication line; a processor for executing at least one of an arithmetic processing using data acquired from the functional units and a generation processing of data to be transmitted to the functional units; and a monitoring circuit connected to the communication circuit and the processor, and includes: a detection unit that detects an event occurring in the arithmetic device; a storage unit that stores a message associated with each event; and a start unit that gives an instruction to the communication circuit in accordance with the detected event to transmit a message associated with the detected event.

A semiconductor chip with functions implemented thereon in circuitry has a first region, in which a first group of safety-relevant base functions are implemented in circuitry, and a second region, which is separated from the first region using technological safety measures and in which a first group of monitoring functions that monitor the base functions are implemented in circuitry. It also contains a third region, which is formed on the semiconductor chip and is separated from the other regions using technological safety measures and in which a second group of monitoring functions that monitor the base functions are implemented in circuitry.

The present application describes a supervision and decision hardware unit compatible with redundant-based sensors architectures, targeting a fail operational sensor design. The herein disclosed invention describes a supervision and decision unit, based on a decision block embedded in a redundant sensor architecture, allowing the supervision of each isolated subsystem. Beyond that, each isolated subsystem is able to provide the full required information of sensor and indicate the operation state of each independent subsystem. This unit is developed to be incorporated in a fail operation sensor design, including supervision and circuitry independency, and promoting sharing of data through a galvanic isolated communication.

A control circuit includes a latching relay, a power loss activation circuit, and a watchdog circuit. A microcontrol unit (MCU) communicates with the watchdog circuit in a normal operation of the control circuit. As an action of a failsafe precaution in the event of a main power loss or a component failure, the MCU stops communicating with the watchdog circuit, at which point the watchdog circuit instructs the power loss activation circuit to continue operation of the control circuit. The control circuit further operates to implement mitigation operations in the event of a main power loss or component failure.

A charging control device includes a control unit and a monitoring unit. The control unit performs at least one of controlling charging to a rechargeable battery and monitoring a state of a rechargeable battery, while outputting a state signal which indicates an operation state of the control unit. The monitoring unit determines whether or not the operation state of the control unit is a predesignated specified operation state based on the state signal outputted from the control unit.