CA2052926A1 - Control and monitoring method in an electrical automation system for a technical installation - Google Patents
Control and monitoring method in an electrical automation system for a technical installationInfo
- Publication number
- CA2052926A1 CA2052926A1 CA002052926A CA2052926A CA2052926A1 CA 2052926 A1 CA2052926 A1 CA 2052926A1 CA 002052926 A CA002052926 A CA 002052926A CA 2052926 A CA2052926 A CA 2052926A CA 2052926 A1 CA2052926 A1 CA 2052926A1
- Authority
- CA
- Canada
- Prior art keywords
- subsystems
- control
- safety
- monitoring method
- automation system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
- 238000000034 method Methods 0.000 title claims abstract description 30
- 238000012544 monitoring process Methods 0.000 title claims abstract description 26
- 238000009434 installation Methods 0.000 title claims abstract description 24
- 230000001960 triggered effect Effects 0.000 claims abstract description 4
- 238000012545 processing Methods 0.000 claims description 4
- 238000012360 testing method Methods 0.000 claims description 3
- 230000003111 delayed effect Effects 0.000 claims description 2
- 241000237519 Bivalvia Species 0.000 claims 1
- 235000020639 clam Nutrition 0.000 claims 1
- 230000003455 independent Effects 0.000 description 3
- 238000009826 distribution Methods 0.000 description 2
- 230000035484 reaction time Effects 0.000 description 2
- XUKUURHRXDUEBC-KAYWLYCHSA-N Atorvastatin Chemical compound C=1C=CC=CC=1C1=C(C=2C=CC(F)=CC=2)N(CC[C@@H](O)C[C@@H](O)CC(O)=O)C(C(C)C)=C1C(=O)NC1=CC=CC=C1 XUKUURHRXDUEBC-KAYWLYCHSA-N 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 230000002349 favourable effect Effects 0.000 description 1
- 230000007257 malfunction Effects 0.000 description 1
- 238000005065 mining Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B9/00—Safety arrangements
- G05B9/02—Safety arrangements electric
- G05B9/03—Safety arrangements electric with multiple-channel loop, i.e. redundant control systems
Landscapes
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Engineering & Computer Science (AREA)
- Automation & Control Theory (AREA)
- Safety Devices In Control Systems (AREA)
Abstract
Abstract Control and monitoring method in an electrical automation system for a technical installation Control and monitoring method in an electrical automation system for a technical installation, in which safety-relevant input signals are triggered at least twice and are transmitted constantly on at least two mutually independent signal paths (15, 15') to at least two redundant subsystems of the automation system which process the safety-relevant input signals, and are con-stantly evaluated by both subsystems and converted into control and monitoring signals.
Description
20~2~2~
Siemens Aktiengesellschaf~
Control and monitoring method in an electrical automation system for a technical installation The invention relates to a control and monitoring method in an electrical automation system for a technical installationl preferably a shaft installation, in which signals are transmitted on at least two mutually indepen-dent signal paths of the automation system and are evaluated in a subunit.
An automation system of this type is known from the German journal "Energie und Automation", Vol. 11 (1989); Issue 3, page~ 8 to 10. The arrangement described therein already iunctions very reliably, but when an automation device fails no more messages can be sent or received by the failed automation device despite the redundancy of the bus system. Particularly when the main device fails or in the event of triggering errors, control of the installation is no longer ensured.
A method for the safe operation of a redundant control system is known from ~erman Offenlegungsschrift 3,225,455, in which a technical installation is con-trolled by one of several computers connected in paral-lel, and if thi~ computer malfunction~ control is switched over to another computer.
A doubly redundant automation unit in mining is known from the German journal "et~, Volume 10~ (1981), Issue 18, pages 973-977, the redundant subunits of which jointly control th~ installation. With this automation unit, the output signals are monitored for non-equivalence. However, the signal generators and their outputs are not redundant, so that if the signal gener ator fails reliable control of the installation i~ no longer ensured.
The ob~ect of the present invention is to dis-close a method in which all types of impermissible operating s~ates are reliably detected and rectified as quickly as possible despite the failure of subunits.
, .
.:
.
Siemens Aktiengesellschaf~
Control and monitoring method in an electrical automation system for a technical installation The invention relates to a control and monitoring method in an electrical automation system for a technical installationl preferably a shaft installation, in which signals are transmitted on at least two mutually indepen-dent signal paths of the automation system and are evaluated in a subunit.
An automation system of this type is known from the German journal "Energie und Automation", Vol. 11 (1989); Issue 3, page~ 8 to 10. The arrangement described therein already iunctions very reliably, but when an automation device fails no more messages can be sent or received by the failed automation device despite the redundancy of the bus system. Particularly when the main device fails or in the event of triggering errors, control of the installation is no longer ensured.
A method for the safe operation of a redundant control system is known from ~erman Offenlegungsschrift 3,225,455, in which a technical installation is con-trolled by one of several computers connected in paral-lel, and if thi~ computer malfunction~ control is switched over to another computer.
A doubly redundant automation unit in mining is known from the German journal "et~, Volume 10~ (1981), Issue 18, pages 973-977, the redundant subunits of which jointly control th~ installation. With this automation unit, the output signals are monitored for non-equivalence. However, the signal generators and their outputs are not redundant, so that if the signal gener ator fails reliable control of the installation i~ no longer ensured.
The ob~ect of the present invention is to dis-close a method in which all types of impermissible operating s~ates are reliably detected and rectified as quickly as possible despite the failure of subunits.
, .
.:
.
- 2 ~ 2 ~ 2 ~
The objPct is achieved in that ~afety-relevant input signals ~re triggered at least twice and are transmitted constantly on a~ least two mutually indepen-dent signal paths ~o at leas~ two redundant subsystems of S the autom~tion system which process the safety-relevant input signals, and are evaluated by ~he subsystems and converted in~o control and monitoring signals.
It i~ advantageous in this arrangement if the safety-relevant input signals are constantly checked for equivalence. This enables complete and/or partial fail-ures of the subsystems to be detected in good time.
It is advantageous if the at least two subsystems monitor one another constantly so tha~ other faults of the at least two subsystems can be detected. The mon.itor-ins can be performed, for examplel by cyclically checkingthe individual components of the a~ least two sub~ystems, for example the memory units or the processors.
If one of the at least two subsystems fails, it is advantageous if at least a limited operation can be allowed by means of a special command, the special command being preferably manually issued.
With ~ view to the economy of the installation, it i8 furthexmore advantageous if only one of the at least two subsystems processes t;he normal, non-safety-relevant signal~. This makes it possible for the othersubsystems which process only safety-relevant data ~o have ~mall dimensions. ~his makes the automation system as a whole more cost effective. Moreover, an alarm reaction time of le~s than 500 ms, usually even of around 200 m , can consequently be achieved even when the automation system is operating at full load. Such a short reaction time is not possible with two identical ~ubsystems each monitoring the complete installation control, even with priority processing, for example by means of an interrupt.
After a comparatively long standstill of th~
technical installation, it is advantageous if the in~tal-lation start-up i.s delayed by a self-test interval of the automation system so that the at least ~wo subsystems can ~. ~, :,.............. . .
The objPct is achieved in that ~afety-relevant input signals ~re triggered at least twice and are transmitted constantly on a~ least two mutually indepen-dent signal paths ~o at leas~ two redundant subsystems of S the autom~tion system which process the safety-relevant input signals, and are evaluated by ~he subsystems and converted in~o control and monitoring signals.
It i~ advantageous in this arrangement if the safety-relevant input signals are constantly checked for equivalence. This enables complete and/or partial fail-ures of the subsystems to be detected in good time.
It is advantageous if the at least two subsystems monitor one another constantly so tha~ other faults of the at least two subsystems can be detected. The mon.itor-ins can be performed, for examplel by cyclically checkingthe individual components of the a~ least two sub~ystems, for example the memory units or the processors.
If one of the at least two subsystems fails, it is advantageous if at least a limited operation can be allowed by means of a special command, the special command being preferably manually issued.
With ~ view to the economy of the installation, it i8 furthexmore advantageous if only one of the at least two subsystems processes t;he normal, non-safety-relevant signal~. This makes it possible for the othersubsystems which process only safety-relevant data ~o have ~mall dimensions. ~his makes the automation system as a whole more cost effective. Moreover, an alarm reaction time of le~s than 500 ms, usually even of around 200 m , can consequently be achieved even when the automation system is operating at full load. Such a short reaction time is not possible with two identical ~ubsystems each monitoring the complete installation control, even with priority processing, for example by means of an interrupt.
After a comparatively long standstill of th~
technical installation, it is advantageous if the in~tal-lation start-up i.s delayed by a self-test interval of the automation system so that the at least ~wo subsystems can ~. ~, :,.............. . .
3 ~ 9 2 6 first check each other.
For the sake of simplification and to increase safety, it is advantageous if the safety-relevant input signals are first forwarded to at least two redundant 5 automation subsystems or electronic terminators which preprocess the safety-relevant input signals and are assigned to at least two subsystems, are preprocessed in these, and are then tran~mit~ed via an at least doubly redundant bus system to at least two uperordinate redundant main automation unit~ which proce~s the safety-relevant input signals. With this arrangement the signal paths and the bus system of the automation system can be cyclically checked, for example by injected signals, for line breakaga, f2ults to ground, etc.
The automation ~ystem which is favourable for carrying out the method consists of at least two redun-dant subsystems which proces~ the safety-rel~vant input signals and are connected to one another via a data line for mutual monitoring, with at least ~wo mutually inde-pendent si~nal pa~hs ~or transmitting safety-relevant input signals and with signal triggers for the safety-relevant input si~nals which have at least two mutually independent signal gen~rator~.
For reasons of cost it is advantageous if one subsystem is designed as the main system for proces~ing all signals and the other subsystems are designed as subsidiary systems for processillg all safe~y-relevant signals.
Furth~r advantage~ and details emerge from the description of an exemplary embodiment below, in connec-tion with the fur~her subclaims and with reference to the drawings, in whichs FIG 1 shows a block circuit diagram of an automation system, and FIG 2 shows the connection of an emergency stop switch to the automation system.
In accordance with FIG 1~ the automation system of a shaft installation consists of two main automation units l, l~ which are connected to one another vi~ a data 2~2926 line 2. The two main automation units l, 1' have sp~cial communication processors 3, 3' for communicating with each other. The automation units 1, 1' and hence the subsystems can monitor one another via the processors 3, 3'. This makes Lt possible, inter alia, for the incoming safety-relevant input signals to be checked constantly for equivalence.
Branching off from each of the main automation units 1, 1' is a bus 4l 4', to which further automation unit or electronic terminators 5 to 8, 5' to 8' are connected in each case. In each case one automation unit or one terminator is connected here to one of the buses 4, 4' in each case at each distribution node of the automation system. The automation subsystems or elec-tronic terminators 5 to 8, 5' to 8' are located in partabove ground and in part below ground, for example on the various floor levels of a mine. The automation subsystems or electronic terminators 5 to 8, 5' to 8' are here, ~ust liks the main automation units 1, 1', redundant at least with respect to the processing o the safety-relevant signals. Power is supplied to the automation subsystems or electronic terminators S to 8, 5' to 8' in ea~h case in pairs by powex supply units 5" to 8".
Also connected to the ma:in automation unit 1 is a line 9, via which the acoustic: signal generators 10, for example horns or loudspeakers, at the various dis-tribution node~ are activated. The signal generators 10 sexve to acknowledge commands entered via the automation units or electronic terminators S to 8, 5' to 8', and/or the warning, for example before starting up the hoist.
For monitoring and logging the installation control, the main automation units 1, 1' are furthermore connected to a printer 11 and a registration unit 12, for example a magnetic memoxy, and, for displaying the current operating state~ to a monitor 13. The main automation unLts 1, 1' are furthermore connected to the hoist console 14 for issuLng instructions.
As a result of the construction of the automation system with buses 4, 4', the number of lines to be laid 9 2 ~
i~ independent of the degree of automation of the instal-lation or of a change in the configura~ion of the instal~
lation. In the present case, the automation system is de~igned in such a way that the automation units 1 and 5 al50 5 to 8 process all the signals occurring, while the automation units 1' and also 5' to 8~ monitor and process only safety-relevant signals, for example emergency stop requests.
FIG 2 shows a preferred circuit for detecting safety-relevant input signal~ using the example of the automation units 6, 6'. According to FIG 2, the two automation uni~s 6, 6' are connected via signal paths 15, 15' to two signal generators 16, 16' of the emergency stop switch 17. When the emergency stop switch 17 i~
activated, as indicated by arrow A, the two signal generators 16, 16' are triggered. The automation units 6, 6' consequently detect a signal change and report an emergency stop request to the main automation units 1, 1' via the buse~ 4, 4'. The main automation units 1, 1' evaluate the incoming signals in such a way that the hoist (not illustrated) is immediately halted. The monitoring of other safety-relevant oparations, for example the closing of access gates to the hoisting shaft, which is designed analogously to the emergency stop switch 17 described, is not illustrated in FIG 2. AS
l~ng a8 only one of the automation units or el~ctronic terminator~ 5 to 8, 5' to 8' report~ an open gat~, the hoist is not started up. The hoist is consequently driven depending on the evaluation re~ults of the automation units 1, 1' in such a way that the state of the shaft hoisting system is alway~ safe.
The signal path 15, lS~ and likewise the buses 4, 4' are cyclically checked, for example every 10 seconds, for line breakage, faults to ground, etc. The checking may be carried out by applying a te~t signal to the signal paths lS, 15' or the bu~e~ 4, 4' and checking that it is received correctly.
The safety of the automation system can be further increased in th~t the redundant automation units - 6 - 2~ 2~
1, 1' monitor ona another and the monitoring result is output, for example on the monitor 13 and the printer 11.
If, for instance, the automation unit 1~ detects a failure of the automation unit 1~ this i~ indicated on the printer 11 and the monitor 13 and the hoi~t i9 halted. It is possible, for example, to allow operation of the shaft installation to continue only once either both main automation units 1, 1' are functioning again, or else to allow the operation of the shaft hoisting installation only by the automation unit 1' by means of a non preprogrammable special command to be entered manually.
The functioning of the main automation units 1) 1' can be checked here, for example, by cyclically checking ~he memory units (not illustrated) of the automation units 1, 1' for their basic response capabil-ity, possibly even for their memory oontents. It is also possible to check further components of the main automa-tion units 1, 1' cyclically, for example the processor~
(likewise not illustrated). Such self-testing of the automation system is always carried out after a compara-tively long standstill of the ins,tallation, preferably before the installation is started up again, 50 that any faults which have occurred in the msantLme can be immedi-ately detected and reported.
A further measure for increasing operational safety is the protection of at least the main automation units 1, 1' again~t a power failure by means of a battery ~not illustrated).
The automation system de~cribed above can of course also be employed for monitoring and/or controlling other technical installations with increased s~fety requirements.
For the sake of simplification and to increase safety, it is advantageous if the safety-relevant input signals are first forwarded to at least two redundant 5 automation subsystems or electronic terminators which preprocess the safety-relevant input signals and are assigned to at least two subsystems, are preprocessed in these, and are then tran~mit~ed via an at least doubly redundant bus system to at least two uperordinate redundant main automation unit~ which proce~s the safety-relevant input signals. With this arrangement the signal paths and the bus system of the automation system can be cyclically checked, for example by injected signals, for line breakaga, f2ults to ground, etc.
The automation ~ystem which is favourable for carrying out the method consists of at least two redun-dant subsystems which proces~ the safety-rel~vant input signals and are connected to one another via a data line for mutual monitoring, with at least ~wo mutually inde-pendent si~nal pa~hs ~or transmitting safety-relevant input signals and with signal triggers for the safety-relevant input si~nals which have at least two mutually independent signal gen~rator~.
For reasons of cost it is advantageous if one subsystem is designed as the main system for proces~ing all signals and the other subsystems are designed as subsidiary systems for processillg all safe~y-relevant signals.
Furth~r advantage~ and details emerge from the description of an exemplary embodiment below, in connec-tion with the fur~her subclaims and with reference to the drawings, in whichs FIG 1 shows a block circuit diagram of an automation system, and FIG 2 shows the connection of an emergency stop switch to the automation system.
In accordance with FIG 1~ the automation system of a shaft installation consists of two main automation units l, l~ which are connected to one another vi~ a data 2~2926 line 2. The two main automation units l, 1' have sp~cial communication processors 3, 3' for communicating with each other. The automation units 1, 1' and hence the subsystems can monitor one another via the processors 3, 3'. This makes Lt possible, inter alia, for the incoming safety-relevant input signals to be checked constantly for equivalence.
Branching off from each of the main automation units 1, 1' is a bus 4l 4', to which further automation unit or electronic terminators 5 to 8, 5' to 8' are connected in each case. In each case one automation unit or one terminator is connected here to one of the buses 4, 4' in each case at each distribution node of the automation system. The automation subsystems or elec-tronic terminators 5 to 8, 5' to 8' are located in partabove ground and in part below ground, for example on the various floor levels of a mine. The automation subsystems or electronic terminators 5 to 8, 5' to 8' are here, ~ust liks the main automation units 1, 1', redundant at least with respect to the processing o the safety-relevant signals. Power is supplied to the automation subsystems or electronic terminators S to 8, 5' to 8' in ea~h case in pairs by powex supply units 5" to 8".
Also connected to the ma:in automation unit 1 is a line 9, via which the acoustic: signal generators 10, for example horns or loudspeakers, at the various dis-tribution node~ are activated. The signal generators 10 sexve to acknowledge commands entered via the automation units or electronic terminators S to 8, 5' to 8', and/or the warning, for example before starting up the hoist.
For monitoring and logging the installation control, the main automation units 1, 1' are furthermore connected to a printer 11 and a registration unit 12, for example a magnetic memoxy, and, for displaying the current operating state~ to a monitor 13. The main automation unLts 1, 1' are furthermore connected to the hoist console 14 for issuLng instructions.
As a result of the construction of the automation system with buses 4, 4', the number of lines to be laid 9 2 ~
i~ independent of the degree of automation of the instal-lation or of a change in the configura~ion of the instal~
lation. In the present case, the automation system is de~igned in such a way that the automation units 1 and 5 al50 5 to 8 process all the signals occurring, while the automation units 1' and also 5' to 8~ monitor and process only safety-relevant signals, for example emergency stop requests.
FIG 2 shows a preferred circuit for detecting safety-relevant input signal~ using the example of the automation units 6, 6'. According to FIG 2, the two automation uni~s 6, 6' are connected via signal paths 15, 15' to two signal generators 16, 16' of the emergency stop switch 17. When the emergency stop switch 17 i~
activated, as indicated by arrow A, the two signal generators 16, 16' are triggered. The automation units 6, 6' consequently detect a signal change and report an emergency stop request to the main automation units 1, 1' via the buse~ 4, 4'. The main automation units 1, 1' evaluate the incoming signals in such a way that the hoist (not illustrated) is immediately halted. The monitoring of other safety-relevant oparations, for example the closing of access gates to the hoisting shaft, which is designed analogously to the emergency stop switch 17 described, is not illustrated in FIG 2. AS
l~ng a8 only one of the automation units or el~ctronic terminator~ 5 to 8, 5' to 8' report~ an open gat~, the hoist is not started up. The hoist is consequently driven depending on the evaluation re~ults of the automation units 1, 1' in such a way that the state of the shaft hoisting system is alway~ safe.
The signal path 15, lS~ and likewise the buses 4, 4' are cyclically checked, for example every 10 seconds, for line breakage, faults to ground, etc. The checking may be carried out by applying a te~t signal to the signal paths lS, 15' or the bu~e~ 4, 4' and checking that it is received correctly.
The safety of the automation system can be further increased in th~t the redundant automation units - 6 - 2~ 2~
1, 1' monitor ona another and the monitoring result is output, for example on the monitor 13 and the printer 11.
If, for instance, the automation unit 1~ detects a failure of the automation unit 1~ this i~ indicated on the printer 11 and the monitor 13 and the hoi~t i9 halted. It is possible, for example, to allow operation of the shaft installation to continue only once either both main automation units 1, 1' are functioning again, or else to allow the operation of the shaft hoisting installation only by the automation unit 1' by means of a non preprogrammable special command to be entered manually.
The functioning of the main automation units 1) 1' can be checked here, for example, by cyclically checking ~he memory units (not illustrated) of the automation units 1, 1' for their basic response capabil-ity, possibly even for their memory oontents. It is also possible to check further components of the main automa-tion units 1, 1' cyclically, for example the processor~
(likewise not illustrated). Such self-testing of the automation system is always carried out after a compara-tively long standstill of the ins,tallation, preferably before the installation is started up again, 50 that any faults which have occurred in the msantLme can be immedi-ately detected and reported.
A further measure for increasing operational safety is the protection of at least the main automation units 1, 1' again~t a power failure by means of a battery ~not illustrated).
The automation system de~cribed above can of course also be employed for monitoring and/or controlling other technical installations with increased s~fety requirements.
Claims (14)
1. Control and monitoring method in an electrical automation system for a technical installation, in which safety-relevant input signals are triggered at least twice and are transmitted constantly on at least two mutually independent signal paths (15, 15') to at least two redundant subsystems of the automation system which process the safety-relevant input signals, and are con-stantly evaluated by both subsystems and converted into control and monitoring signals.
2. Control and monitoring method according to Claim 1, characterised in that the safety-relevant input signals are constantly checked for equivalence in the at least two subsystems.
3. Control and monitoring method according to Claim 1 or 2, characterised in that the at least two subsystems monitor one another constantly.
4. Control and monitoring method according to Claim 3, characterised in that the individual components of the at least two subsystems are cyclically checked.
5. Control and monitoring method according to one of Claims 1 to 4, characterised in that if one of the at least two subsystems fails, at least a limited operation of the technical installation can be allowed by means of a special command.
6. Control and monitoring method according to Claim 5, characterised in that the special command is issued manually.
7. Control and monitoring method according to one of Claims 1 to 6, characterised in that one of the at least two subsystems processes further, non-safety-relevant signals.
8. Control and monitoring method according to one of the above claims, characterised in that, after a compara-tively long standstill of the technical installation, the start-up of the technical installation is delayed by a self-test of the automation system so that the at least two subsystems can first check each other.
9. Control and monitoring method according to one of the above claims, characterised in that the safety-relevant input signals are first forwarded to at least two redundant automation subsystems or electronic termin-ators (5 to 8, 5' to 8') which preprocess the safety-relevant input signals and are assigned to the at least two subsystems, are preprocessed in these, and are then transmitted via an at least doubly redundant bus system (4, 4') to at least two superordinate redundant main automation units (1, 1') which process the safety-relevant input signals.
10. Control and monitoring method according to Claim 9, characterised in that the signal paths (15, 15') and the bus system (4, 4') of the automation system are cyclically checked for line breakage, faults to ground, etc.
11. Electrical automation system for carrying out the method according to one of Clams 1 to 10, with at least two redundant subsystems which process the safety-relevant input signals and are connected to one another via a data line (2) for mutual monitoring, with at least two mutually independent signal paths (15, 15') for transmitting safety-relevant input signals and with signal triggers (17) for the safety-relevant input signals which have at least two mutually independent signal generators (16, 16').
12. Electrical automation system according to Claim 11, characterised in that one subsystem is designed as the main system for processing all signals and the other subsystems are designed as subsidiary systems for pro-cessing all safety-relevant signals.
13. Electrical automation system according to Claim 11 or 12, characterised in that it has a battery for emergency power supply.
14. Control and monitoring method according to one of Claims 1 to 10, characterised in that it can be employed in an electrical automation system for a shaft installa-tion.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| DEP4032033.2 | 1990-10-09 | ||
| DE4032033A DE4032033A1 (en) | 1990-10-09 | 1990-10-09 | CONTROL AND MONITORING METHOD AND ELECTRICAL AUTOMATION SYSTEM FOR A TECHNICAL PLANT, ESPECIALLY A SHAFT PLANT |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CA2052926A1 true CA2052926A1 (en) | 1992-04-10 |
Family
ID=6415945
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA002052926A Abandoned CA2052926A1 (en) | 1990-10-09 | 1991-10-07 | Control and monitoring method in an electrical automation system for a technical installation |
Country Status (4)
| Country | Link |
|---|---|
| CA (1) | CA2052926A1 (en) |
| DE (1) | DE4032033A1 (en) |
| PL (1) | PL167413B1 (en) |
| ZA (1) | ZA918029B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7751906B2 (en) | 2004-10-18 | 2010-07-06 | Siemens Ag | Method and automation system for operation and/or observing at least one field device |
| EP1792864B1 (en) | 2004-09-24 | 2017-10-25 | Mitsubishi Denki Kabushiki Kaisha | Elevator apparatus |
| CN113264162A (en) * | 2021-03-31 | 2021-08-17 | 招商局金陵船舶(南京)有限公司 | Safety control system for returning to port of passenger rolling ship |
Families Citing this family (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| DE4312305C5 (en) * | 1993-04-15 | 2004-07-15 | Abb Patent Gmbh | Safety-related programmable logic controller |
| DE19758993B3 (en) * | 1997-09-26 | 2014-04-10 | Phoenix Contact Gmbh & Co. Kg | Control and data transmission installation |
| DE19758848B4 (en) * | 1997-09-26 | 2012-10-18 | Phoenix Contact Gmbh & Co. Kg | Control and data transmission installation |
| DE19742716C5 (en) | 1997-09-26 | 2005-12-01 | Phoenix Contact Gmbh & Co. Kg | Control and data transmission system and method for transmitting safety-related data |
| DE19840562B4 (en) * | 1998-09-07 | 2007-06-28 | Phoenix Contact Gmbh & Co. Kg | Security-related control and data transmission system |
| US6173814B1 (en) * | 1999-03-04 | 2001-01-16 | Otis Elevator Company | Electronic safety system for elevators having a dual redundant safety bus |
| DE19925693B4 (en) * | 1999-06-04 | 2007-05-16 | Phoenix Contact Gmbh & Co | Circuit arrangement for secure data transmission in an annular bus system |
| DE19934513B4 (en) * | 1999-07-22 | 2006-05-24 | Siemens Ag | Control procedure for a technical plant |
| DE10036573C2 (en) * | 2000-07-27 | 2002-06-27 | Bosch Gmbh Robert | Anti-theft alarm system with a control unit for controlling a siren |
| IL153936A0 (en) † | 2000-08-07 | 2003-07-31 | Inventio Ag | Monitoring device for an elevator |
| US6267219B1 (en) * | 2000-08-11 | 2001-07-31 | Otis Elevator Company | Electronic safety system for escalators |
| DE10141044B4 (en) * | 2001-08-22 | 2004-07-01 | Kruno Pranjic | Safety device for drive unit coupled to a face conveyor |
| DE10249592A1 (en) * | 2002-10-24 | 2004-06-17 | Abb Research Ltd. | Fail-silent data processing node configuration design for a replicated data network, whereby each partial node only transmits if all other partial nodes transmit at the same time |
| US6975966B2 (en) * | 2003-01-28 | 2005-12-13 | Fisher-Rosemount Systems, Inc. | Integrated diagnostics in a process plant having a process control system and a safety system |
| DE10353950C5 (en) | 2003-11-18 | 2013-10-24 | Phoenix Contact Gmbh & Co. Kg | control system |
| WO2005124562A1 (en) * | 2004-06-22 | 2005-12-29 | Mitsubishi Denki Kabushiki Kaisha | System for elevator electronic safety device |
| DE102004037486B4 (en) * | 2004-07-27 | 2006-08-10 | ThyssenKrupp Aufzüge GmbH | Signal band and system for determining a state of motion of a moving body, and apparatus for speed limiting the moving body, in particular an elevator car, using the same |
| DE102005014233A1 (en) * | 2005-03-30 | 2006-04-06 | Daimlerchrysler Ag | Automated production line operating method, involves controlling high-speed retaining function of production line by using software, where access to function takes place by control unit, which is provided in line |
| EA012739B1 (en) * | 2007-07-09 | 2009-12-30 | Руп Завод "Могилевлифтмаш" | Elevator system |
| CN103601049B (en) * | 2013-12-06 | 2016-01-20 | 北京金自天正智能控制股份有限公司 | A kind of equipment and method showing the location status of boost container |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US3483393A (en) * | 1966-09-01 | 1969-12-09 | Sybron Corp | Power supply system for process control instrumentation |
| DE3003291C2 (en) * | 1980-01-30 | 1983-02-24 | Siemens AG, 1000 Berlin und 8000 München | Two-channel data processing arrangement for railway safety purposes |
| ZA816748B (en) * | 1980-10-01 | 1982-10-27 | Hoechst Ag | Process for the preparation of an ethyl ester |
| DE3225455C2 (en) * | 1982-07-07 | 1986-07-17 | Siemens AG, 1000 Berlin und 8000 München | Method for the safe operation of a redundant control system |
| DE3276598D1 (en) * | 1982-12-07 | 1987-07-23 | Ibm Deutschland | Fail-safe data processing equipment |
| JPS62299435A (en) * | 1986-06-19 | 1987-12-26 | Isuzu Motors Ltd | Control device for vehicle with malfunction detecting device |
-
1990
- 1990-10-09 DE DE4032033A patent/DE4032033A1/en active Granted
-
1991
- 1991-10-07 CA CA002052926A patent/CA2052926A1/en not_active Abandoned
- 1991-10-08 ZA ZA918029A patent/ZA918029B/en unknown
- 1991-10-09 PL PL91291977A patent/PL167413B1/en unknown
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1792864B1 (en) | 2004-09-24 | 2017-10-25 | Mitsubishi Denki Kabushiki Kaisha | Elevator apparatus |
| US7751906B2 (en) | 2004-10-18 | 2010-07-06 | Siemens Ag | Method and automation system for operation and/or observing at least one field device |
| CN113264162A (en) * | 2021-03-31 | 2021-08-17 | 招商局金陵船舶(南京)有限公司 | Safety control system for returning to port of passenger rolling ship |
| CN113264162B (en) * | 2021-03-31 | 2022-10-04 | 招商局金陵船舶(南京)有限公司 | Safety control system for returning passenger ship to port |
Also Published As
| Publication number | Publication date |
|---|---|
| PL291977A1 (en) | 1992-06-01 |
| ZA918029B (en) | 1992-06-24 |
| DE4032033C2 (en) | 1992-08-27 |
| PL167413B1 (en) | 1995-09-30 |
| DE4032033A1 (en) | 1992-04-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CA2052926A1 (en) | Control and monitoring method in an electrical automation system for a technical installation | |
| US4823914A (en) | Status line monitoring system and method of using same | |
| JP2002538061A (en) | Elevator safety system | |
| CA1258115A (en) | System for indicating track sections in an interlocking area as unoccupied or occupied | |
| US5920715A (en) | System architecture permitting verified and unverified programs to execute safely on one processor | |
| KR102034894B1 (en) | Management system for circuit breakers in switchboard | |
| CN117785614A (en) | Fault monitoring and switching method for dual-redundancy computer | |
| JP4116099B2 (en) | Safety device for drive unit | |
| EP3555871B1 (en) | Fire-prevention control unit | |
| US6832331B1 (en) | Fault tolerant mastership system and method | |
| US7209811B1 (en) | System and method for controlling a safety-critical railroad operating process | |
| CA2467972A1 (en) | Method for controlling a safety-critical railroad operating process and device for carrying out said method | |
| CN111788138B (en) | Elevator control device and elevator control method | |
| RU2453858C2 (en) | Device and method to simulate power supply system failure at air craft | |
| JPH04275740A (en) | On-vehicle multiplex transmission device | |
| US6807514B2 (en) | Apparatus for monitoring the proper operation of components of an electrical system carrying out the same or mutually corresponding actions | |
| WO2012081838A1 (en) | System and method for network equipment monitoring and recovering | |
| CN108965314B (en) | Network communication device based on Feiteng processor | |
| JPH0371217A (en) | Power supply control system | |
| JPH01279301A (en) | Computer decentralizing system | |
| JP2004334548A (en) | Fault monitoring system for distributed monitoring and control system | |
| JPH0928097A (en) | Controller for hydroelectric power plant | |
| JP3528825B2 (en) | Redundant line switching device and redundant line switching system | |
| JPS61136355A (en) | Remote control system | |
| JPS622746A (en) | On-line system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| FZDE | Dead |