Certified generic data processing component for critical task

Abstract

A monitoring system for monitoring equipment has first data processing means for executing a primary, critical task and second data processing means for executing a secondary, non-critical task. The second data processing means receives its power supply from the first data processing means via protective circuitry so as to prevent electrical failures in the second data processing means from affecting operation of the first data processing means.

Claims

1. A data processing system for processing input data, comprising: a first data processor configured for performing a primary data processing task, wherein the first data processor comprises: a first power input for connection to a single power supply; a first power output; and a protective circuit between the first power input and the first power output, wherein the protective circuit comprises a fuse or a current limiter; and a second data processor configured for performing a secondary processing task, wherein the second data processor comprises a second power input connected to the first power output such that the first data processor and the second data processor are powered only via the single power supply during functioning or malfunctioning of the second data processor, such that the first data processor and the second data processor do not each have separate power supplies, wherein the protective circuit of the first data processor is configured for preventing operation of the second data processor from affecting operation of the first data processor via the first power input.

2. The data processing system of claim 1, wherein: the first data processor has a first data input for receiving the input data; and wherein the first data processor has a first data output for supply of output data; and wherein the second data processor has a second data input connected to the first data output; and wherein the first data processor has a further protective circuit for supply of the output data to the first data output; and the further protective circuit is configured for preventing operation of the second data processor from affecting operation of the first data processor via at least one of the first data output and the first data input.

3. The data processing system of claim 2, wherein: the output data is the input data; and the further protective circuit is connected to the first data input and to the first data output.

4. The data processing system of claim 2, wherein the first data processor is operative to generate the output data by processing the input data.

5. The data processing system of claim 2, wherein the further protective circuit comprises a buffer amplifier.

6. A data processing system for processing input data, comprising: first data processing means and second data processing means; and wherein the first and second data processing means are powered only by a single power supply during functioning or malfunctioning of the second data processing means, such that the first and second data processing means doe not each have separate power supplies; and wherein the first data processing means is configured for performing a primary data processing task; and wherein the second data processing means is configured for performing a secondary data processing task; and wherein the first data processing means has a first data input for receiving the input data; and wherein the first data processing means has a first data output for supply of output data; and wherein the second data processing means has a second data input connected to the first data output; and wherein the first data processing means has a first protective circuit that comprises a fuse or a current limiter; and wherein the first data processing means has a second protective circuit for supply of the output data to the first data output; and wherein the second protective circuit is configured for preventing operation of the second data processing means from affecting operation of the first data processing means via at least one of the first data output and the first data input.

7. The data processing system of claim 6, wherein: the output data is the input data; and the second protective circuit is connected to the first data input and to the first data output.

8. The data processing system of claim 6, wherein the first data processing means is operative to generate the output data by processing the input data.

9. The data processing system of claim 6, wherein the second protective circuit comprises a buffer amplifier.

10. A monitoring system for monitoring an operational condition of equipment, the monitoring system comprising: a sensor for generating a sensor signal indicative of the operational condition; and a data processing system comprises first data processing means and second data processing means; wherein the first data processing means is configured for performing a primary data processing task; and wherein the first data processing means has a first power input for connection to a single power supply, and a first power output; and wherein the first data processing means has a protective circuit between the first power input and the first power output, wherein the protective circuit comprises a fuse or a current limiter, and wherein the second data processing means has a second power input connected to the first power output such that the first data processing means and the second data processing means are powered only via the single power supply during functioning or malfunctioning of the second data processing means, such that the first data processing means and the second data processing means do not each have separate power supplies; and wherein the protective circuit is configured for preventing operation of the second processing means from affecting operation of the first data processing means via the first power input, and wherein the data processing system is configured for monitoring the operational condition of the equipment on the basis of the input data representative of the sensor signal.

11. The data processing system of claim 1, wherein the second data processor is not connected to a separate power supply.

12. The data processing system of claim 1, wherein the first data processor continues to be powered by the single power supply via the first power input even when the protective circuit of the first data processor prevents operation of the second data processor from affecting operation of the first data processor.

13. The data processing system of claim 1, wherein the first data processor continues to be powered by the single power supply via the first power input even when a fault occurs in the second data processor.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

(1) The invention is explained in further detail, by way of example and with reference to the accompanying drawing, wherein:

(2) FIG. 1 is a block diagram of machinery with the monitoring system in the invention; and

(3) FIG. 2 is a block diagram of first data processing means for use in the monitoring system of the invention.

(4) Throughout the Figures, similar or corresponding features are indicated by same reference numerals.

DETAILED EMBODIMENTS

(5) As used herein, the expression data processing means broadly refers to a computer, a processor, a microcontroller, a microcomputer, a programmable logic controller (PLC), an application specific integrated circuit (ASIC), another programmable or hardwired electronic circuit, or a combination thereof.

(6) FIG. 1 is a block diagram of equipment 100 according to the invention. Equipment 100 comprises, e.g., a wind turbine, a locomotive, a ship, a power plant, etc. Equipment 100 is equipped with a monitoring system 102 for monitoring a condition of the equipment 100 in operational use. To this end, the monitoring system 102 has an interface for receiving a sensor signal from a sensor 104. The sensor 104 is operative to generate the sensor signal in dependence on a physical quantity representative of the condition. An example of the operational condition of the equipment is determined on the basis of, e.g., a temperature of a bearing being monitored or an acoustic fingerprint of the bearing being monitored. The monitoring system 102 comprises a data processing system 106 configured for processing input data representative of the sensor signal in order to determine the condition.

(7) The data processing system 106 comprises first data processing means 108 and second data processing means 110. The data processor means 108 and 110 are physically separated from one another. Each of the data processing means 108 and 110 is implemented as, e.g., a microprocessor, a microcontroller, or a data processing assembly. Such an assembly is implemented as, for example, a circuit board, or a system-on-chip. The first data processing means 108 is configured for performing a first task comprising generating output data indicative of the condition as currently determined, if the current condition is critical to the operational use. The first data processing means 108 supplies the output data to, e.g., an alarm module 112. The alarm module 112 is operative to invoke an alarm procedure in order to remove the criticality of the condition. Examples of such an alarm procedure are manifold. For example, the alarm procedure stops or disables operation of the equipment 100. As another example, the alarm procedure causes the equipment 100 to idle, or reduce its load or speed so as to bring the operational condition back into a safe region of its operational parameter space. As yet another example, the alarm procedure raises an alarm with a human operator, etc. The second data processing means 110 is configured for performing a second task that is not critical to the operational use. For example, the second data processing means 110 processes data representative of the sensor signal for prognostic or diagnostic purposes, for administrative purposes, or for other purposes relevant to a longer time scale than that of a critical task mentioned above. The first data processing means 108 has a first power input connected to a power supply 114 via a connection 116.

(8) An interesting aspect of an embodiment of the invention is that the second data processing means 110 has a second power input connected to the first data processing means 108 via an electrical connection 118 for being powered from and by the first data processing means 108. In order to put this into a proper context, imagine that the second data processing means 110 were also connected directly to the power supply 116. As explained earlier, the second data processing means 110 is designed for non-critical tasks and does not necessarily have to comply with strict standards to ensure operational reliability. If the second data processing means 110 were connected directly to the power supply 114, the second data processing means 110 would be able to hamper operation of the first data processing means 108 via the power supply 116. For example, assume that a short-circuit was to develop in the second data processing means 110. The voltage or current, which the power supply 116 is capable of supplying to the first data processing means 108, would then be affected and therefore the operational reliability of the first data processing means 108. In the invention, the second data processing means 110 is powered from a protecting circuit instead, accommodated in, or at, the first data processing means 108. This protecting circuit is operative to prevent the operation of the first data processing means 108 from being affected by a short-circuit or power surge in the second data processing means 110. The preventive measure here involves electrically coupling the second data processing means 110 indirectly to the power supply 114 that also supplies the first data processing means 108. For example, the protecting circuit comprises a current limiter in the supply path to the second data processing means 110, or a fuse or another overload protection, a relay, a circuit breaker, a power converter, etc. Such protective circuitry is known in the art and is not discussed herein in further detail. Accordingly, reliable operation of the first data processing means 108 is maintained regardless of electrical faults in the second data processing means 110, owing to the second data processing means 110 being powered indirectly from the first data processing means 108.

(9) A further interesting aspect of an embodiment in the invention is that the second data processing means 110 has a second data input connected to the first data processing means 108. The second data processing means 110 receives input data, representative of the sensor signal, from the first data processing means 108 via an electrical connection 120. There is no direct electrical connection between the sensor 104 and the second data processing means 110, as the second data processing means 110 receives its input data via further protective circuitry in the first data processing means 108. The further protective circuitry electrically decouples the second data processing means 110 from the sensor 104 and from the data input to the first data processing means 108. This further protective circuitry may include, e.g., a buffer in the signal path between the sensor 104 and the second data processing means 110. The further protective circuitry may also form a functional part of the first data processing means 108, so that the second data processing means 110 receives input data that represent a result of the processing, by the first data processing means 108, of the data representative of the sensor signal from the sensor 104. As first data processing means 108 is configured for carrying out a critical task, an embodiment of the first data processing means 108 has its inputs and outputs protected, e.g., via diodes, capacitors, inductances, or active circuitry such as buffers, so as to electrically decouple the sensitive circuits of the first data processing means 108 from their electrical environment. Such protective measures are known in the art and are not discussed herein in further detail.

(10) In order to explain this further aspect of the invention, imagine that the sensor 104 has an output connected to both the first data processing means 108 and the second data processing means 110. Under such circumstances, an electrical fault developed in the second data processing means 110 may result in the output of the sensor 104 being affected. As a consequence, the first data processing means 108 may receive a sensor signal that is not representative of the actual condition of the equipment 100. For example, the affected sensor signal causes the first data processing means 108 to raise a false alarm, whereas the condition of the equipment 100 does not warrant raising the alarm. Alternatively, the affected sensor signal may cause the first data processing means 108 to assume that all is well, whereas the actual condition of the equipment 100 is indeed critical.

(11) Aspects of the invention have been discussed with reference to the first data processing means 108, the second data processing means 110, and the sensor 104. It is clear that the invention is applicable to scenarios, wherein there are further first data processing means present (not shown) in addition to the first data processing means 108. Similarly the invention is likewise applicable to scenarios, wherein there is more than one sensor present, e.g., the sensor 104 and a sensor 122, and/or wherein there are multiple second data processing means, such as the second data processing means 110 and additional second data processing means 124. The additional second data processing means 124 is then similarly powered from the first data processing means, here the first data processing means 108, via protective circuitry and a connection 126, and receives its input data from the first data processing means 124 or another first data processing means (not shown), via further protective circuitry and via a connection 128. The additional second data processing means 124 may be powered via the same protective circuitry as the second data processing means 110, or via other protective circuitry. If other protective circuitry is being used, failures in the second data processing means 110 do not affect the power supply to the additional second data processing means 124 and vice versa. Similarly, the additional second data processing means 124 may receive input data via the same further protective circuitry as the second data processing means 110, or via other further protective circuitry. If other further protective circuitry is being used, failures in the second data processing means 110 do not affect the input data to the additional second data processing means 124, and vice versa.

(12) FIG. 2 is a block diagram of an embodiment of the first data processing means 108 configured for use in the data processing system 106 of the monitoring system 102, as discussed above with reference to FIG. 1. The protective measures mentioned above with reference to FIG. 1 are discussed in further detail with reference to FIG. 2.

(13) The first data processing system 108 in this embodiment comprises data processing electronic circuitry 202 such as, for example, a data processor or a microcontroller, an array of such processors or controllers, a data processing sub-system, etc. The circuitry 202 has a data input coupled to the output of the sensor 104 via an input buffer 204 or via another circuit that serves to prevent the output of the sensor 104 from unacceptably loading the circuitry 202 and thus from interfering with the desired operation of the latter. The output of the input buffer 204, and therefore the input of the circuitry 202, is connected to an output buffer 206 for coupling to the data input of the second data processing means 110. A data output of the circuitry 202 is coupled to another data input of the second data processing means 110 via a second output buffer 208. The output buffers 206 and 208 prevent the second data processing means 110 from unacceptably loading circuitry 202.

(14) The first data processing means 108 further comprises a protective circuit 210 for supplying power to the second data processing means 110. The protective circuit 210 is connected between a power input 212 of the first data processing means 108 and a power output 214 of the first data processing means 108. The protective circuit 210 serves to prevent the second data processing means 110 from unacceptably loading the power supply 114 so as to prevent an electrical fault occurring in the second data processing means 110 from affecting the operation of the circiutry 202 via the power input 212. The circuit 210 comprises, e.g., a current limiter in the supply path to the second data processing means 110, or a fuse or another overload protection, a relay, a circuit breaker, a power converter, etc. Although not explicitly shown in order to not obscure the drawings, the buffers 204, 206 and 208 are suitably directly powered from the power supply 114.