METHOD AND SYSTEM FOR DATA MANAGEMENT IN A MEANS OF TRANSPORT
20230150557 · 2023-05-18
Inventors
Cpc classification
B61L15/0081
PERFORMING OPERATIONS; TRANSPORTING
B61L15/0072
PERFORMING OPERATIONS; TRANSPORTING
B61L15/0063
PERFORMING OPERATIONS; TRANSPORTING
B61L15/0036
PERFORMING OPERATIONS; TRANSPORTING
G06F11/1654
PHYSICS
International classification
Abstract
A method and a system are provided for data management in a transport device, in particular in a train. In a first comparison, a first count value stored in a first control device is compared with a count value stored in a second control device. In a second comparison, a count value selected from the first and second count values on the basis of a result of the first comparison is compared with a control count value stored in a safety device. On the basis of a result of the second comparison, control data stored in the safety device and associated with the control count value are acquired by the first or second control device.
Claims
1-13. (canceled)
14. A method for data management in a means of transport, which comprises the steps of: comparing a first count stored in a first control apparatus, in a first comparison, with a second count stored in a second control apparatus; comparing a count selected from the first and second counts on a basis of a result of the first comparison, in a second comparison, with a check count stored in a backup apparatus; and taking a result of the second comparison as a basis for control data linked with the check count that are stored in the backup apparatus being adopted by the first control apparatus or the second control apparatus.
15. The method according to claim 14, which further comprises: incrementally increasing the first count in the first control apparatus and storing an increased first count in the first control apparatus; and transferring the increased first count to the backup apparatus, and there the increased first count is linked with the control data as the check count and stored.
16. The method according to claim 15, which further comprises transferring current control data generated by the first control apparatus to the backup apparatus together with the increased first count, and there the current control data are linked with the count and stored.
17. The method according to claim 14, which further comprises: incrementally increasing the first count in the first control apparatus and storing an increased first count in the first control apparatus; and transferring the increased first count to the second control apparatus, and there the increased first count is stored as the second count.
18. The method according to claim 14, wherein the basis taken for the second comparison is the count that is higher.
19. The method according to claim 14, which further comprises performing the first comparison and/or the second comparison if there is a predefined operating situation.
20. The method according to claim 14, which further comprises selecting the count to be used for the second comparison on a basis of a result of a check to determine whether the count is stored in the first control apparatus and/or the second control apparatus.
21. The method according to claim 14, wherein the second comparison comprises the step of checking whether a difference between counts reaches or exceeds a predefined difference threshold.
22. The method according to claim 21, which further comprises generating an error signal if the difference between two counter readings reaches or exceeds the predefined difference threshold.
23. The method according to claim 14, which further comprises increasing cyclically the first count in the first control apparatus in a predefined time interval.
24. The method according to claim 14, wherein a storage and/or a transfer of the first count includes ascertaining and checking a checksum of a first counter reading.
25. The method according to claim 14, wherein the means of transport is a train.
26. A system for data management in a means of transport, the system comprising: a first controller; a second controller; a backup apparatus; and the system being configured to compare, in a first comparison, a count stored in said first controller with a count stored in said second controller and to compare, in a second comparison, a count selected on a basis of a result of the first comparison with a check count stored in said backup apparatus, and said first and second controllers are configured to take a result of the second comparison as a basis for adopting control data linked with the check count that are stored in said backup apparatus.
27. The system according to claim 26, wherein the means of transport is train.
28. A means of transport, comprising: said system for data management according to in claim 26.
Description
[0035] In the figures, at least in some cases schematically:
[0036]
[0037]
[0038]
[0039] In the present example, the means of transport 10 is in the form of a train that has an (internal) network 5, e.g. in the form of a bus system. The central backup apparatus 3 is connected to the decentralized control apparatuses 2a, 2b, which are e.g. arranged in a wagon of the train, via this network 5.
[0040] The backup apparatus 3 in the present example is a central (train) server that is able to coordinate the control of components of the means of transport 10, for example doors 11, the lighting, the air conditioning and/or the like, by way of control apparatuses such as the first and second control apparatuses 2a, 2b. The control apparatuses 2a, 2b are configured to generate control data for controlling the particular component(s) connected to them. In the example shown, the control apparatuses 2a, 2b are connected to a door 11.
[0041] For the purpose of component control, the control apparatuses 2a, 2b may possibly also be configured to record sensor data, for example via the network 5, and to process said data. The control apparatuses 2a, 2b are also referred to as automation devices.
[0042] In order to be able to continuously ensure that the components such as the door 11 are functional, the control apparatuses 2a, 2b are of redundant design, one of the two control apparatuses 2a, 2b operating as master and the other in standby. If for example the second control apparatus 2b, operating as the master, fails, the first control apparatus 2a, which has operated in standby up to this time, is able to jump in and undertake control of the door 11.
[0043] The system 1 is preferably configured to store at least the current control data, for example the current control signal for a door actuator, during normal operation. Storage means 4a, 4b of the first and second control apparatuses 2a, 2b do not generally have the necessary storage space for this, however, and/or are also not configured to permanently store data. The storage means 4a, 4b may be flash memory, for example, and so data stored on them are lost if the applicable control apparatus 2a, 2b is deenergized, for example as a result of a fault or during a shutdown.
[0044] The control data generated to control the door 11 may therefore be transferred from the control apparatus 2a, 2b operated as the master to the backup apparatus 3 via the network 5 and preferably permanently stored in a storage means 4c of the backup apparatus 3. When one of the control apparatuses 2a, 2b (re)starts as the master, or the master function is undertaken, the applicable control apparatus 2a, 2b is then able to use the network 5 to access the control data stored in the backup apparatus 3. Purely by way of illustration, to simplify matters, it is assumed below that the first control apparatus 2a is operated as the master.
[0045] In order to allow seamless continuation of control of the door 11 when the first control apparatus 2a is starting, e.g. when the master function is undertaken by the second control apparatus 2b, but also after the first control apparatus 2a has been deenergized and restarted (as the master) for repair and/or for the purpose of replacement, the first control apparatus 2a may be configured to initially perform the first comparison and to take a result of the first comparison as a basis for selecting the count stored for example in the storage means 4a of the first control apparatus 2a or the count stored for example in the storage means 4b of the second control apparatus 2b. The first control apparatus 2a can then use the selected count to perform the second comparison and may possibly adopt the control data stored in the backup apparatus 3.
[0046] The manner in which the first and/or the second comparison proceed is explained below in association with
[0047]
[0048] If a control apparatus of redundant design, for example designed to control a component of a means of transport, starts as the master, the control apparatus is able to adopt current control data, stored in a backup apparatus beforehand, in order to allow smooth (continued) operation of the component of the means of transport. The control apparatus starting as the master is referred to as the first control apparatus below purely by way of illustration. The redundancy is achieved by way of the provision of an identical second control apparatus.
[0049] In a method step S1, the first control apparatus performs a first comparison between a first count, which is stored in the first control apparatus, and a second count, which is stored in the second control apparatus. The counts are preferably the product of a counter of the first or second control apparatus that generates, or outputs, counts during normal operation.
[0050] The first comparison may involve the first control apparatus in particular checking which of the two counts is higher. If the first control apparatus is starting after it has been deenergized for the purpose of a repair, for example, the second count may be higher than the first count, since the first control apparatus has been temporarily out of operation. If the first control apparatus has undertaken control of the component of the means of transport from the second control apparatus, on the other hand, since the second control component has failed due to a fault, the first count may be higher than the second count.
[0051] Depending on a result of the first comparison, the first control apparatus preferably selects one of the two counts, in particular the higher of the two counts, in a further method step S2. If the two counts are equal, it does not matter which of the counts is selected. In that case, the first control apparatus may select the first count, for example.
[0052] After one of the two counts has been selected, a second comparison is performed, likewise in method step S2, between the selected count and a check count stored in the backup apparatus. In particular, this may comprise checking whether the selected count and the check count at least substantially match, or whether a difference between the selected count and the check count reaches or exceeds a predefined difference threshold.
[0053] The first control apparatus is preferably configured to request the check count from the backup apparatus via a network, for example a bus system of the means of transport, and to compare said check count with the selected count.
[0054] Depending on a result of the second comparison, the first control apparatus may then adopt the control data linked with the check count that are stored in the backup apparatus, in a further method step S3. If the difference between the selected count and the check count does not reach or exceed the predefined difference threshold, i.e. if the selected count and the check count substantially match, this is a signal that the control data stored in the backup apparatus are current, or valid. In that case, they may be adopted and e.g. taken as a basis for continuing control of a component of the means of transport.
[0055] Otherwise, an error signal may be output, for example in a further method step S4. The error signal is preferably taken as a basis for initiating an error reaction, for example starting a registration cycle for the first control apparatus.
[0056] Subsequent to method step S3 or S4, the first control apparatus preferably transitions to normal operation, the first count preferably being cyclically incrementally increased and stored by the first control apparatus in a further method step S5. Moreover, the increased count is transferred to the second control apparatus, and stored there, in a further method step S6. This means that in future, should the first or the second control apparatus start as the master, the first comparison can again be performed in method step S1.
[0057] Moreover, the increased count may also be transferred to the backup apparatus, and stored there as the (current) check count, in a further method step S7 in parallel with method step S6. The current check count is then preferably also linked with current control data in the backup apparatus. This means that in future, should the first or the second control apparatus start as the master, the second comparison can again be carried out in method step S2.
[0058] During normal operation, the control data are likewise generated by the first control apparatus and transferred to the backup apparatus, and stored there, in a method step S8 in parallel with method step S5. The increased count may be transferred to the backup apparatus, if necessary in combination with the current control data, in particular as part of the control data, for example in the form of metadata, in method step S6. This results in reliable linking of the check count with the control data in the backup apparatus.