An apparatus of a System on Chip (SoC) to implement a one out of two diagnostics (1oo2D) safety system comprises a memory comprising firmware to provide monitoring of the SoC and a second SoC, and a communication interface to provide cross-monitoring between the SoC and the second SoC. The firmware and the communication interface enable the SoC and the second SoC to implement the 1oo2D safety system without significant hardware or software external to the SoC.

A method and an arrangement having redundant systems operating in parallel in a cyclic mode and reciprocally checking a result of the task of the other system on a regular basis, and wherein one system is selected or confirmed for the productive mode in the fault situation found, where a characteristic variable concerning an operating parameter is picked up for each of the systems in multiple/all cycles and used for updating statistical parameters, where at least when a disparity between results of the two systems is found, a current operating parameter is correlated with the statistical parameter for each system, and where the system for which the current operating parameter differs from the statistical parameter less is detected as the correctly operating system and used for the productive mode such that the degree of fault coverage can be increased and hence the availability of the overall system increased.

The present invention concerns a method for switching, by a local processing unit (1,2) of a flight control system of an aircraft, configured to control at least one local actuator, connected to at least one local sensor and connected via at least one link (3,4) to an opposite processing unit (2,1) configured to control at least one opposite actuator and be connected to at least one opposite sensor, said local processing unit (1,2) being further configured to be connected to backup communication means (13,14) enabling data exchanges between the local processing unit (1,2) and the opposite processing unit (2,1) in the case of failures of the links connecting same (3,4), said backup communication means comprising an array of sensors or actuators (13) and/or a secure onboard network for the avionics (14), comprising steps of: sending, to the opposite processing unit (2,1), acquisition data relative to the at least one local sensor and actuator data relative to the at least one local actuator, receiving, from the opposite processing unit (2,1), acquisition data relative to the at least one opposite sensor and actuator data relative to the at least one opposite actuator, receiving an item of opposite health data and determining an item of local health data, switching said local processing unit (1,2) from a first state to a second state chosen from an active state (15), a passive state (16) and a slave state (18), depending on the opposite health data received and the local health data determined.

A fault-tolerant industrial control system includes a redundant controller including a first process controller (CP1) including a first processor with a first associated memory, and a parallel connected second redundant process controller (CP2) including a second processor with a second associated memory. A redundancy link is between CP1 and CP2 for sharing data. CP1 and CP2 include logic gates exclusive of any conditional branching for performing data synchronization and calculations including a different logical arrangement for providing each of a digital output (DO), a digital input (DI), an analog input (AI), and an analog output (AO). At least one input/output (IO) module includes a first IO processor including a first memory coupled by a first leg to CP1 and by a second leg to CP2. The IO module is coupled to field devices that are coupled to processing equipment.

A networking device and networking method for use in industrial automation applications. The networking device includes redundant circuitry that can allow the networking device to continue normal operation in the event of a failure that occurs with hardware of the networking device. The networking device includes both primary and secondary network switch circuits, and associated components. The networking device can be an advanced physical layer (APL) switch that interfaces with APL field devices.

The invention relates to a safety sensor (1) for monitoring the operational safety of a system (2), comprising at least one safety signal input (11, 12) and at least one safety signal output (15, 16) for receiving and outputting safety signals, respectively. A first signal state of the safety signal signals a safe operating state of the system and is represented by a signal value from a first value range assigned to the first signal state, and a second signal state signals an unsafe operating state of the system and is represented by a signal value from a second value range which is assigned to the second signal state and which differs from the first value range. The safety sensor has a control unit (13) which is designed to detect the operating state of the system and output an output safety signal at the at least one safety signal output, the signal state of the safety signal signaling the detected operating state. The control unit is additionally designed to imprint the output safety signal with additional data, wherein the signal value of the output safety signal is changed within the limits of the value range assigned to the presently output signal state of the output safety signal depending on the additional data of the signal value of the output safety signal, and/or the control unit is designed to imprint the received input safety signal with additional data, wherein the signal value of the received input safety signal is changed within the limits of the value range assigned to the presently received signal state of the input safety signal depending on the additional data of the signal value of the received input safety signal.

A method and device for the open-loop/closed-loop control of a robot joint that is driven by an electric motor are provided, wherein the robot joint has a current sensor that comprises first sensor electronics for detecting a first operating current of the electric motor, a first position sensor for detecting a drive position of a drive train of the robot joint, a second position sensor for defecting an output position of an output train of the robot joint, and a first torque sensor for detecting a torque in the output train, wherein the electric motor is controlled by open-loop/closed-loop control on the basis of a pre-determined target control variable. The method comprises: providing measured values; checking for the presence of a fault by the first fault detector when the measured values and/or time derivatives thereof fail to satisfy first threshold values; and checking for a fault with further fault detectors.

An arrangement having two redundant modules that monitor one another and that each contain a current or voltage source, which is connected to a first line terminal via a first controllable switch and a first current sensor, wherein each module also has a second line terminal and a ground terminal, between which lies a second current sensor in series with a second controllable switch, where each module, when in the functioning state, closes the controllable switches contained therein, and contains a monitoring device connected to the two current sensors of the modules, the monitoring device generating a monitoring signal identifying the corresponding other module as functioning if at least one of the two current sensors detects a current flow.

A method for operating a mobile platform includes detecting a malfunction in a first sensor communicating with a sensor controller associated with the mobile platform, and switching to a second sensor communicating with the sensor controller based upon the detecting.

A method includes wirelessly connecting to one or more controllers using a BLUETOOTH communication protocol, where the one or more controllers have a BLUETOOTH adapter or transceiver. The method also includes sending a command or data to a first controller among the one or more controllers using the BLUETOOTH communication protocol. The method further includes receiving, from the first controller or a second controller among the one or more controllers using the BLUETOOTH communication protocol, a response associated with the sent command or data. Each of the one or more controllers includes a programmable logic controller (PLC) in an industrial process control and automation system.