Data Transmission Between Computation Units Having Safe Signaling Technology

Abstract

An input and output module transmits and receives data via a data line. The input and output module includes a protocol machine for a security protocol for data transfer and a clock. The protocol machine and instructions for clock processing are stored as sequence control in a read-only memory of the input and output module.

Claims

1-10 (canceled)

11. An input and output module for sending and receiving data via a data line, the module comprising: a protocol state machine for a data link protocol for data transmission; a clock; and a read only memory having stored thereon instructions for clock processing and said protocol state machine as sequence control.

12. The input and output module according to claim 11, wherein: said protocol state machine is in redundant form as a protocol state machine having safe signaling technology; and said clock is in redundant form as a clock having safe signaling technology.

13. The input and output module according to claim 12, wherein said protocol state machine is in diversely redundant form.

14. The input and output module according to claim 12, wherein said clock is in diversely redundant form.

15. The input and output module according to claim 11 being a system-on-chip component.

16. An input and output assembly, comprising: a first input and output module according to claim 11; a second input and output module according to claim 11; said first and second input and output modules being in diverse form in comparison with one another.

17. The input and output assembly according to claim 16, wherein said first input and output module is a system-on-chip component and said second input and output module is a system-on-chip component.

18. A system for transmitting data between computation units having safe signaling technology, wherein at least one of the computation units having safe signaling technology comprises: a main computer having safe signaling technology; and an input and output module according to claim 12 coupled to said main computer.

19. A system for transmitting data between computation units having safe signaling technology, wherein one of the computation units having safe signaling technology comprises: a main computer having safe signaling technology; an input and output assembly coupled to said main computer, said input and output assembly having a first input and output module according to claim 11 and a second input and output module according to claim 11, and wherein said first and second input and output modules are in diverse form compared to one another; and a comparison module configured to compare data received from said first input and output module with data received from said second input and output module.

20. A method for transmitting data between computation units having safe signaling technology, the method comprising the steps of: providing a main computer having safe signaling technology; and providing an input and output module according to claim 11 to be coupled to the main computer.

21. The method according to claim 20, wherein: the step of providing the input and output module comprises providing an input and output assembly to be coupled to the main computer, the input and output assembly having a first input and output module according to claim 11 and a second input and output module according to claim 11, and wherein the first and second input and output modules are in diverse form compared to one another; and further comprising providing a comparison module configured to compare data received from the first input and output module with data received from the second input and output module.

Description

[0024] The properties, features and advantages of this invention that are described above and the manner in which they are achieved will become clearer and more distinctly comprehensible in connection with the description of the exemplary embodiments that follows, which are explained in more detail in connection with the drawings, in which:

[0025] FIG. 1 shows a computation unit having safe signaling technology based on the prior art, which is designed for transmitting/receiving data to/from a further computation unit having safe signaling technology;

[0026] FIG. 2 shows a corresponding computation unit having safe signaling technology based on a first preferred embodiment of the invention;

[0027] FIG. 3 shows a corresponding computation unit having safe signaling technology based on a second preferred embodiment of the invention; and

[0028] FIG. 4 schematically shows steps of a preferred embodiment of an inventive method for transmitting data between computation units having safe signaling technology.

[0029] FIG. 1 shows a computation unit 10 having safe signaling technology based on the prior art, which has already been described briefly above and is designed for transmitting/receiving data to/from a further computation unit having safe signaling technology (not shown in FIG. 1). The computation unit 10 is of multichannel design and comprises a clock 16 having multichannel protection. The computation unit 10 is configured to execute the data link protocol 18 for data transmission and an application 12 in redundant fashion. Data 14 produced by the application 12 are forwarded as data 20 protected by means of the data link protocol 18 and provided with a timestamp produced by the safe clock to an input and output memory 22 and from there are transmitted by means of a conventional input and output module, for example a serial UART or an Ethernet controller, via a data line 26, such as e.g. a bus, a LAN or the like, to a further analogously designed computation unit having safe signaling technology, which is not shown in FIG. 1.

[0030] In FIG. 1, and also FIGS. 2 and 3 that follow, hardware of multichannel design and having safe signaling technology is depicted by means of a rectangle with partial hatching in the top left-hand corners, such as e.g. the computation unit 10 or the safe clock 16 in FIG. 1. Software embodied on the basis of safe signaling technology is accordingly depicted by means of an oval with partial hatching on the left, such as the application 12 or the data link protocol 18 in FIG. 1. Corresponding counterparts not having safe signaling technology (cf. FIG. 3) exhibit no hatching each time.

[0031] FIG. 2 schematically depicts a computation unit 110 having safe signaling technology that is likewise designed for transmitting/receiving data to/from a further computation unit having safe signaling technology (not shown in FIG. 2), based on a first embodiment of the invention.

[0032] Said computation unit having safe signaling technology comprises a main computer 11 having safe signaling technology. Said main computer is configured to execute the application 12 on the basis of safe signaling technology and to forward data 14 produced by the application 12 to an input and output memory 22. In contrast to FIG. 1, the functionalities of protocol protection and timestamping are no longer resident in the main computer 11, but rather have been relocated to a separate input and output module 50 coupled to the main computer 11. The input and output module 50 is in the form of a system on chip component and comprises a clock 16 having multichannel protection and safe signaling technology and a protocol state machine 118 having safe signaling technology for executing a data link protocol 18 for data transmission. Data 14 taken from the input and output memory 22 can be protected by means of the data link protocol 18 and provided with a timestamp on the basis of the clock 16. The resultant protected and timestamped data 20 can then be transmitted to the further computation unit via the data line 26.

[0033] Since the input and output module 50 has only a known and dedicated scope of functions, the instructions for clock processing and the protocol state machine 118 can be available in a read only memory 17 of the input and output module 50 in hard-encoded fashion. Various programming languages can be used for programming, such as e.g. C, assembler, orin the case of FPGAs without a CPU coree.g. VHDL.

[0034] The input and output module 50 having safe signaling technology can comprise two physically separate FPGA chips or microcontroller chips, for example, which are present with parallel redundancy and are loosely (cyclically) or permanently (lockstep) coupled to one another. In this manner, the clock 16 having safe signaling technology and the protocol state machine 18 having safe signaling technology can be provided in an input and output module 50. Each of the two physically separate chips can provide one channel of a multichannel architecture in this case.

[0035] The integration in this case can be performed based on EN 50129 SIL4 and delivers a validation report along with evidence of safety. The result of the integration at the bottommost level is then a COTS component having safe signaling technology. According to the embodiment shown in FIG. 2, a user-programmable unit based on the prior art has become a dedicated input and output module 50 having a permanent, invariable scope of functions that is available with functional capability, including safe clock, synchronization and data link protocols and evidence of safety.

[0036] FIG. 3 schematically depicts a computation unit 210 having safe signaling technology based on a second embodiment of the invention.

[0037] The main difference over the embodiment shown in FIG. 2 is that instead of the multichannel input and output module 50 having safe signaling technology there are now two diverse input and output modules 152, 154 provided, in each case not necessarily having safe signaling technology, which are combined in the input and output assembly 150 indicated.

[0038] Each of the input and output modules 152, 154 comprises a clock 116, 216 and a protocol state machine 218, 318 for executing a data link protocol 18. The instructions for clock processing and the protocol state machine 218, 318 are, as claimed in connection with FIG. 2, hard-encoded in a read only memory 117, 217 of the respective input and output module 152, 154. The first input and output module 152 is in diverse form in comparison with the second input and output module 154. Diversity can be present at the level of the hardware used. Alternatively or additionally, the implemented software (clock, protocol state machine) can also be in diverse form.

[0039] In a certain respect, the input and output assembly 150 shown in FIG. 3 can be regarded as an assembly that is obtained when the two channels of the input and output module 50 having safe signaling technology from FIG. 2 are separated, as a result of which the input and output modules 152, 154 are obtained.

[0040] In combination, the first 152 and the second 154 input and output modules can be regarded as an input and output assembly having safe signaling technology. This applies at least if the main computer 111 comprises a comparison chip 30 configured to compare input data received from the two input and output modules 152, 154.

[0041] Protected and timestamped data 120, 220 leaving the computation unit 210 in redundant fashion are compared at the level of the application data 14, 14 by a comparison chip of a receiving signal-oriented computation unit (not shown) that likewise needs to support the data link protocols implemented by the protocol state machines 218, 318. In the receiving computation unit, the respective timestamps are also checked for whether the clocks 116, 216 are in sync within prescribed limits, only run forward and have not stopped.

[0042] The input and output modules 152, 154 can also be produced in the form of system on chip components and provided as COTS components.

[0043] FIG. 4 schematically shows steps of a preferred embodiment of an inventive method for transmitting data between computation units having safe signaling technology.

[0044] The method comprises the following steps:

[0045] In step S1, a main computer having safe signaling technology is provided.

[0046] Moreover, in step S2, an input and output module of the type described above that is couplable to the main computer is provided that comprises a protocol state machine for a data link protocol for data transmission and a clock, wherein instructions for clock processing and the protocol state machine are stored as hard sequence control in a read only memory of the input and output module.

[0047] According to a first embodiment, a main computer 11 and an input and output module 50 having safe signaling technology as shown in FIG. 2 are provided.

[0048] According to a second embodiment, a main computer 111 and an input and output assembly 150 as shown in FIG. 3 can be provided, the latter comprising a first and a second input and output module 152, 154 of the type described above with reference to step S2.

[0049] Although the invention has been illustrated and described in more detail by means of preferred exemplary embodiments, the invention is not limited by the disclosed examples, and other variations can be derived therefrom by a person skilled in the art without departing from the scope of protection of the invention.