1. Patent Search
  2. Details

CONTROL AND DATA-TRANSFER SYSTEM, GATEWAY MODULE, I/O MODULE, AND METHOD FOR PROCESS CONTROL

20170212490 ยท 2017-07-27

    Inventors

    Cpc classification

    International classification

    Abstract

    Meeting the safety requirements of automation systems in a more flexible manner, the invention provides a control and data transmission system for controlling safety-critical processes, comprising a plurality of I/O modules connected via a first communication network to a gateway module. The gateway module is connected to a second communication network hierarchically superior to the first communication network and acts as a gateway between the first and the second communication networks. At least one of the I/O modules comprises a diagnosis unit for generating status data relating to the functional state of an input and/or output and/or of a process device. The gateway module and the I/O modules communicate via the first communication network in a safe manner to transfer status data and input and/or output data. The gateway module performs safety processing of the status data and/or of the input and/or output data.

    Claims

    1. A control and data transmission system for controlling safety-critical processes, comprising a plurality of I/O modules connected via a first communication network to a gateway module; wherein the gateway module is connected to a second communication network hierarchically superior to the first communication network and acts as a gateway between the first and second communication networks; and wherein at least one of the I/O modules comprises a diagnosis unit for generating a status data relating to the functional state of an input and/or output and/or of a process device connected to an input or output; and wherein the gateway module communicates with the I/O modules in a safe manner via the first communication network to transfer the status data and the input and/or output data; and the gateway module is adapted for a safety-related processing of the status data and/or of the input and/or output data.

    2. The control and data transmission system as claimed in claim 1, wherein the input data are safety-related and are captured by a single-channel input module, and/or wherein the output data are safetly-related and are output by a single-channel output module.

    3. The control and data transmission system as claimed in claim 1, wherein the gateway module comprises a safety logic which is in particular configured so as to be redundant, for executing the safety-related processing of the status data and/or of the input and/or output data.

    4. The control and data transmission system as claimed in claim 1, wherein the safety-related processing of the status data and/or the input and/or output data comprises the execution of at least one safety function.

    5. The control and data transmission system as claimed in claim 1, wherein the first communication network is a local bus, and wherein the plurality I/O modules are configured as a modular input and a modular output devices.

    6. The control and data transmission system as claimed in claim 1, wherein process control is performed by a control unit that is connected to the second communication network, and/or by the gateway module.

    7. The control and data transmission system as claimed in claim 1, wherein the gateway module and the plurality I/O modules are adapted, for the purpose a safe communication, to exchange data telegrams which contain a checksum and/or at least one counter value, wherein the counter value is incremented after each successfully transmitted data telegram.

    8. The control and data transmission system as claimed in claim 7, wherein the respective data telegram has a different, individual counter value for each one of the plurality of I/O modules connected to the first communication network.

    9. The control and data transmission system as claimed in claim 1, wherein the diagnosis unit of at least one of the plurality of I/O modules exchanges data with an associated diagnosis unit which is arranged in a process device connected to an input or an output of said at least one of the plurality of I/O modules.

    10. The control and data transmission system as claimed in claim 1, wherein the diagnosis unit of one of the plurality of the I/O modules and/or the diagnosis unit of a process device connected to said one of the plurality of the I/O modules can be controlled by a control data transmitted from the gateway module.

    11. A gateway module for use in a control and data transmission system as claimed in claim 1, comprising: at least oneinterfaces for connection to the first and the second communication network, the gateway module being connectable to the plurality of I/O modules via the first communication network, and the gateway module adapted to communicate with the I/O modules via the first communication network in a safe manner to transmit the input and/or the output data and to receive the status data from at least one I/O module; and a safety control unit in the form of a safety logic adapted for executing safety processing of the status data and/or of the input and/or the output data.

    12. An I/O module for use in a control and data transmission system as claimed in claim 1, comprising: at least one input and/or output for connecting a process device, the processing device in the form of a sensor or actuator; a diagnosis unit for generating status data relating to the functional state of the input and/or output and/or of the process device connected to the input and/or output; and an interface for connection to a communication network; wherein the I/O module is adapted to communicate with the gateway module via the communication network in a safe manner.

    13. A method for safety-related process control in a control and data transmission system comprising: a plurality of I/O modules connected to a gateway module via a first communication network, wherein the gateway module is connected to a second communication network hierarchically superior to the first communication network and acts as a gateway between the first and second communications networks, the method comprising the steps of: generating a status data by a diagnosis unit arranged in at least one of the I/O modules, the status data comprising information relating to a functional state of an input and/or output of the I/O module and/or of a process device connected to the input and/or output of the I/O module; executing a safe communication between the gateway module and the input and/or output modules via the first communication network to transfer the status data and the input and/or output data; and safety-related processing of the status data and/or of the input and/or output data by the gateway module.

    14. The method as claimed in claim 13, further comprising the step of: remote controlling the diagnosis unit by the gateway module by transmitting a control data from the gateway module to the diagnosis unit.

    15. A safety-related process control and data transmission system comprising: a plurality of I/O modules, said I/O modules comprising a communication diagnosis unit connected to a bus interface via registers for an input and an output data; a gateway module, said gateway module and plurality of I/O modules communicable with each other through a local bus, said gateway module comprising a local bus master that generates a data telegram, the data telegram passing through the plurality of I/O modules in the manner of a shift register; and at least one diagnosis unit for generating at least one status data, the diagnosis unit active within the I/O module and transferring the status data to the gateway module and evaluating the input and the output for generating a status data.

    16. The safety-related process control and data transmission system of claim 15, wherein the gateway module further comprises a safety control unit connected to the local bus master and the safety control unit comprising at least one redundant cores capable of comparing results of a safety-related output data on the basis of a safety-related input data.

    17. The safety-related process control and data transmission system of claim 15, wherein the gateway module further comprises a network gateway for connection to a higher level network, said gateway module supporting a plurality of protocols, and the I/O modules operate independent of which of one of said plurality of protocols are employed by the higher level network.

    18. The safety-related process control and data transmission system of claim 15, wherein safety communication between a safety logic of the gateway module and the I/O modules is ensured using a CRC, each of the I/O modules using a counter of bits different from each other of the I/O modules, the counter being incremented after successful communication wherein when the counter reaches a maximum value, the counter is reset to an initial value.

    Description

    BRIEF DESCRIPTION OF THE DRAWINGS

    [0039] The invention will now be described in more detail by way of preferred exemplary embodiments and with reference to the accompanying drawings. The foregoing and other aspects of the embodiments disclosed herein are best understood from the following detailed description when read in connection with the accompanying drawings. For purposes of illustrating the embodiments disclosed, the preferred embodiments are shown in the drawings. However, the embodiments disclosed herein are not limited to the specific instrumentalities disclosed. The same reference numerals in the drawings designate the same or equivalent parts. Included in the drawings are the following figures:

    [0040] FIG. 1 shows a schematic diagram of a control and data transmission system known from prior art;

    [0041] FIG. 2 shows a schematic diagram of a preferred embodiment of a control and data transmission system according to the invention;

    [0042] FIG. 3 schematically illustrates the data exchanged with an I/O module of the control and data transmission system shown in FIG. 2; and

    [0043] FIG. 4 schematically illustrates a time profile of counter values of individual I/O modules which are transmitted within data telegrams.

    [0044] While embodiments of the present disclosure are described herein by way of example using several illustrative drawings, those skilled in the art will recognize the present disclosure is not limited to the embodiments or drawings described. It should be understood the drawings and the detailed description thereto are not intended to limit the present disclosure to the particular form disclosed, but to the contrary, the present disclosure is to cover all modification, equivalents, and alternatives falling within the spirit and scope of embodiments of the present disclosure as defined by the appended claims.

    [0045] The headings used herein are for organizational purposes only and are not meant to be used to limit the scope of the description or the claims. As used throughout this application, the word may is used in a permissive sense (i.e., meaning having the potential to), rather than the mandatory sense (i.e., meaning must). Similarly, the words include, including, and includes mean including but not limited to. To facilitate understanding, like reference numerals have been used, where possible, to designate like elements common to the figures.

    DETAILED DESCRIPTION

    [0046] Embodiments of the present disclosure will be described below in conjunction with exemplary control and data transmission systems, gateway modules, I/O modules, and methods for process control. Those skilled in the art will recognize the disclosed techniques may be used in building any railing that may be aesthetically pleasing.

    [0047] The phrases at least one, one or more, and and/or are open-ended expressions that are both conjunctive and disjunctive in operation. For example, each of the expressions at least one of A, B and C, at least one of A, B, or C, one or more of A, B, and C, one or more of A, B, or C and A, B, and/or C means A alone, B alone, C alone, A and B together, A and C together, B and C together, or A, B and C together.

    [0048] The term a or an entity refers to one or more of that entity. As such, the terms a (or an), one or more and at least one can be used interchangeably herein. It is also to be noted that the terms comprising, including, and having can be used interchangeably.

    [0049] FIG. 1 schematically shows a control and data transmission system 20 known from prior art, which comprises a plurality of I/O modules 40, 45, 50, and 55, each one connected, via a bus interface 70, to a bus master 60 that is located in a gateway module 30. Gateway module 30 further comprises a network coupler 90 for connection to a higher level network. Typically, a control unit (not shown in FIG. 1) is connected to this higher level network, which individually addresses the I/O modules 40, 45, 50, and 55, which are operating independently from each other. I/O modules 40 and 50 are configured as input modules, and I/O modules 45 and 55 are configured as output modules. I/O modules 50 and 55 are configured as special safety I/O modules in which the signals are captured twice and checked within the device for plausibility and errors, and for this purpose two cores 80 and 81, and 85 and 86, respectively, are provided, which are implemented by microprocessors.

    [0050] FIG. 2 schematically illustrates a preferred embodiment of a control and data transmission system 10 according to the invention, in which the two-channel I/O modules known from prior art for capturing safety-relevant signals have been dispensed with.

    [0051] Control and data transmision system 10 comprises a gateway module 100, and I/O modules 201 and 202 which are able to communicate with one another via a local bus 510. In the illustrated exemplary embodiment, local bus 510 is configured as a ring bus, and for communication with the I/O modules 201 and 202, local bus master 120 in the gateway module generates a data telegram which is passed through all the I/O modules connected to the bus 510, in the manner of a shift register. For the sake of simplified illustration, only two I/O modules 201 and 202 are shown. However, a significantly greater number of I/O modules may be provided. The illustrated embodiment of the local bus 510 as a ring bus is merely by way of example, any other suitable bus topology may be used as well. Furthermore, a selected bus protocol is preferably used for communication via the local bus 510, preferably a fieldbus protocol. However, in principle any suitable communication protocol can be used.

    [0052] According to the invention, the safety logic is shifted from the I/O modules into the gateway module 100. This is symbolized in FIG. 2 by the dashed arrows. The gateway module 100 accordingly comprises a safety control unit 130 which is connected to local bus master 120. Advantageously, safety control unit 130 comprises two redundant cores 131 and 132 that are implemented by means of microprocessors, the results of which are compared with each other. Safety control unit 130 is in particular adapted to execute a safety function which generates safety-related output data on the basis of safety-related input data.

    [0053] The execution of the safety function by gateway module 100 additionally occurs on the basis of status data which are generated by diagnosis units 400 in the I/O modules and are transferred to the gateway module 100.

    [0054] Communication between gateway module 100 and I/O modules 201 and 202 is effected in a safe manner, and for this purpose the I/O modules comprise a communication diagnosis unit 300 each of which is connected to a bus interface 210 via registers 220 and 225 for input and output data. Communication diagnosis unit 300 comprises a unit 310 configured for performing a safe communication. Advantageously, it may be contemplated for unit 310 to be provided in the form of a chip. Furthermore, the communication diagnosis unit 300 and the unit 310 for performing safety communication may be implemented in a common chip, optionally with registers 220 and 225 and/or with the bus interface 210. Communication diagnosis unit 300 is connected to diagnosis unit 400 which is adapted for diagnosis of an input and/or output and/or of a process device connected to an input or an output and for generating corresponding status data. Advantageously, diagnosis unit 400 may also be configured as a chip, or may also be implemented on a common chip together with communication diagnosis unit 300.

    [0055] In the illustrated exemplary embodiment, diagnosis unit 400 comprises a Serial Peripheral Interface (SPI) master 420 which is connected, via an I/O interface 410, to an I/O unit 430 comprising the inputs and outputs and optionally provided timers. I/O interface 410 is connected to the unit 310 of communication diagnosis unit 300. The inputs and/or outputs which are embodied as general purpose inputs/outputs (GP I/Os), for example, are connected to one or more process devices, i.e. to peripheral devices such as sensors or actuators, via interface 450. Interface 450 may serve to perform signal adaptations or A/D conversion, for example.

    [0056] Gateway module 100 further comprises a network gateway 110 for connection to a higher level network 520. In gateway module 100 the internal signals are translated to the network 520 which is employed. The safety protocol is adapted to the higher level network 520, so that when the same physical interface is used the gateway module is only different in terms of the network protocols or is able to support a plurality of protocols. This makes it possible to use the same gateway module 100 for different networks and safety protocols.

    [0057] Therefore, the only thing that is required according to the invention for capturing the physical signals in a safe manner and transmitting them to the gateway module is a diagnosis of the transfer path from the I/O module to the gateway module and a diagnosis of the peripherals and of the inputs/outputs.

    [0058] In the illustrated exemplary embodiment, gateway module 100 and I/O modules 201 and 202 are configured as plug-on terminals whereby their local extent is limited so that a completely developed safety protocol is not required, but only a few technical measures against data corruption and irregularities in the data transfer. Safety communication is only necessary from the gateway module 100 into the higher level network 520.

    [0059] Thus, all the I/O modules 201 and 202 are independent of which safety protocols are used in the higher level network 520, and so they can have the same configuration. The safety logic in gateway module 100 ensures safety data communication to the individual I/O modules and serves the individual diagnosis instances within the I/O modules.

    [0060] FIG. 3 illustrates, in schematic and simplified manner, which data the exemplarily selected I/O module 201 receives from gateway module 100, how these data are forwarded, and which data are returned to gateway module 100.

    [0061] Safety communication between the safety logic of gateway module 100 and the I/O modules is ensured using a CRC. Additionally, each I/O module is preferably addressed with a counter of 8 bits, for example, which is different for each local I/O module and is incremented after each successful communication connection. The I/O module responds with a mirrored counter value. This counter value represents a diagnosis procedure for addressing the individual I/O modules. Due to the dynamics produced by the change in the counter value, also referred to as count for short, it is possible to detect further faults in the data transfer.

    [0062] As shown in FIG. 4, each I/O module is addressed with a different counter. After each successful communication connection, all counters are incremented, up to a maximum value. Once the maximum value has been reached, each counter is reset to an initial value. In this manner, the counter values, or counts, for individual I/O modules differ for each data transmission, for example at time t.sub.0. The continuous characteristics shown in FIG. 4 only symbolically reflect the course of the discrete counter values.

    [0063] Referring back to FIG. 3, all the received data, including the count, output data, control data, and the CRC, are supplied to communication diagnosis unit 300 which checks the CRC and the count. The output data are directly output to the peripherals 600. The control data are supplied to diagnosis unit 400 and serve to remotely control diagnosis unit 400, i.e. for example, for defining which status data are to be provided by the diagnosis unit 400.

    [0064] The data to be sent to the gateway module 100 include the mirrored count, input data, status data, and CRC. The input data provided by the peripherals and the status data generated by diagnosis unit 400 are supplied to communication diagnosis unit 300 for generating the CRC. For generating the status data, by diagnosis unit 400, communication in particular takes place between diagnosis unit 400 and peripherals 600.

    [0065] The execution of the communication (state machine) takes place exclusively in the safety logic of gateway module 100. The individual I/O modules only use simple diagnosis instances which support the safety logic in the gateway module 100 in fault detection.

    [0066] Different diagnosis instances may be provided in diagnosis unit 400 as well as in peripherals 600, which are addressed by the safety logic of the gateway module 100 and are checked for faulty behavior by the expectations in the safety logic. Separate safeguarding and evaluation of the diagnosis in the I/O modules is therefore no longer required. The processing of the I/O data and of the diagnosis data is done exclusively in the gateway module 100.

    [0067] Since the gateway module 100 performs the logic processing and is able to process both standard data and safety-related data, it is furthermore disclosed that the gateway module 100 takes over complete control of the inputs and outputs of the local station, i.e. the local I/O modules. The gateway module 100 may be employed as a local controller in a stand-alone mode and, in addition, it provides the necessary data for the higher level network 520 or can be controlled as a local smart station. The processing in the gateway module has the advantage that it can be executed much faster than in a higher level control unit, because the local station has more efficient and faster access to the local I/O data. Thus, shorter response times can be achieved. In addition, the higher level control unit is relieved.

    [0068] The solution of the invention offers a number of advantages over the current prior art. A more flexible use of existing I/O modules for non-safety-relevant signals and a reduction in the number of different I/O modules within the system is achieved. In addition, all I/O modules can be configured independently of the higher level network. A simplification of the I/O modules moreover results because the latter need no longer be configured for safety capturing of the signals. Accordingly, few or no microprocessors are required within the station which includes the gateway module and the I/O modules, and overall complexity within the station is reduced. Furthermore, efforts in development, production, testing, and support are also reduced in this way. Moreover, depending on the local communication system, separate addressing of the modules for safety-related signals may also be omitted.

    [0069] Furthermore, only one logic processing is required in the system. The gateway module is moreover capable of completely fulfilling the safety tasks as a separate station without connection to the higher level network, that is to say, not only detection of the inputs and outputs but also control within the local station can be realized. Both the safety signals and the standard signals can be used. Processing of the local I/O data in the gateway module is much faster than in a higher level control unit. Furthermore, it is conceivable that the centralized safety processing is performed not exclusively in the gateway module, but also at a different location, such as e.g. in a higher level safety control unit, or anywhere within the local station, and that the gateway module only functions as a gateway. In this case, the gateway module provides the data transfer to the devices and various services that are necessary to control the diagnosis units and the I/O data of the individual local devices.

    [0070] Although the invention has been described with reference to exemplary embodiments, it is not limited thereto. Those skilled in the art will appreciate that numerous changes and modifications may be made to the preferred embodiments of the invention and that such changes and modifications may be made without departing from the true spirit of the invention. It is therefore intended that the appended claims be construed to cover all such equivalent variations as fall within the true spirit and scope of the invention.

    [0071] The exemplary embodiments of this present invention have been described in relation to a railing system. However, to avoid unnecessarily obscuring the present invention, the preceding description omits a number of known structures and devices. This omission is not to be construed as a limitation of the scope of the present invention. Specific details are set forth by use of the embodiments to provide an understanding of the present invention. It should however be appreciated that the present invention may be practiced in a variety of ways beyond the specific embodiments set forth herein.

    [0072] A number of variations and modifications of the present invention can be used. It would be possible to provide for some features of the present invention without providing others.

    [0073] The present invention, in various embodiments, configurations, and aspects, includes components, methods, processes, systems and/or apparatus substantially as depicted and described herein, including various embodiments, sub-combinations, and subsets thereof. Those of skill in the art will understand how to make and use the present invention after understanding the present disclosure. The present invention, in various embodiments, configurations, and aspects, includes providing devices and processes in the absence of items not depicted and/or described herein or in various embodiments, configurations, or aspects hereof, including in the absence of such items as may have been used in previous devices or processes, e.g., for improving performance, achieving ease and/or reducing cost of implementation.

    [0074] The foregoing discussion of the present invention has been presented for purposes of illustration and description. It is not intended to limit the present invention to the form or forms disclosed herein. In the foregoing Detailed Description, for example, various features of the present invention are grouped together in one or more embodiments, configurations, or aspects for the purpose of streamlining the disclosure. The features of the embodiments, configurations, or aspects may be combined in alternate embodiments, configurations, or aspects other than those discussed above. This method of disclosure is not to be interpreted as reflecting an intention the present invention requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment, configuration, or aspect. Thus, the following claims are hereby incorporated into this Detailed Description, with each claim standing on its own as a separate embodiment of the present invention.

    [0075] Moreover, though the description of the present invention has included description of one or more embodiments, configurations, or aspects and certain variations and modifications, other variations, combinations, and modifications are within the scope of the present invention, e.g., as may be within the skill and knowledge of those in the art, after understanding the present disclosure. It is intended to obtain rights that include alternative embodiments, configurations, or aspects to the extent permitted, including alternate, interchangeable and/or equivalent structures, functions, ranges or steps to those claimed, whether or not such alternate, interchangeable and/or equivalent structures, functions, ranges or steps are disclosed herein, and without intending to publicly dedicate any patentable subject matter.