Note: Descriptions are shown in the official language in which they were submitted.
CA 021488160 2004-11-23
2003P12271
Description
Two-channel unit with input-side digital signaling
stages or output-side digital command stages
The invention relates to a two-channel unit with input-
side digital signaling stages or output-side digital
command stages, as claimed in the precharacterizing
clauses of claims 1 and 7.
Safety devices which operate in the safe mode are
known. These may be signal lamps, railroad switch
drives, axle counters, notification devices and the
like in the outdoor section of a signal box. The indoor
section of a signal box such as this nowadays has a
higher-level safe computer, which is connected to a
large number of other components in the indoor section.
These components may be two-channel units either with
digital signaling stages or command stages. For safety
reasons, the serviceability of these units must be
tested cyclically. For this purpose, the unit has a
controller for each channel, and each controller can be
controlled by the safe computer. The signaling or
command stages are implemented on the basis of two
channels for safety reasons, with the two controllers
each being connected to one input and one output of the
two signaling or command stages in a pair.
An electronic test circuit may be provided in order to
test the signaling stages and is controlled by the
controllers such that all of the inputs of the
signaling stages can be connected to ground. Bit
patterns which are predetermined by the controller are
then passed to the inputs of the signaling stages in
order to simulate digital input signals, and the
signaling stages then react with appropriate output
signals, to which the higher-level computer in turn has
acce-ss via the controllers.
CA 021488160 2004-11-23
2003P12271
- 2 -
In order to test the command stages, the controllers
can each pass a pulse, which lasts for a short time, to
the inputs of the command stages, to be precise
sequentially, that is to say one pulse in each case
being applied successively to one input. The pulses are
designed such that they result in a brief state
inversion at the inputs. The brief changes in the
output signals resulting from this are in turn recorded
and are made available to the associated safe computer.
For safety reasons, potential isolation is provided
between the safe computer and the signaling and command
stages. For this purpose, each signaling and command
stage in the known unit is provided with its own
potential isolation; this is done by means of
appropriate optocouplers.
The known unit has the disadvantage that it is
relatively physically large and expensive, owing to the
large number of optocouplers.
Furthermore, DE 198 13 389 C2 has already disclosed a
safety drive circuit having two transceivers A and B,
which form the two channels of the circuit. Signaling
stages in digital form are provided at the input of the
drive circuit. A higher-level master controls two
stations or controllers CPU A and CPU B; these are each
connected to one input and to one output of the
signaling stages, which are designed with two channels.
For testing, the inputs of the signaling stages can be
set to a defined state by the controllers CPU A, CPU B,
and simulated input signals can be passed to the
inputs. These output signals which are produced in this
way are recorded by means of user software and are made
available to the higher-level master. The controllers
CPU A, CPU B communicate with the master via
independent serial buses which are separated from one
CA 021488160 2004-11-23
2003P12271
- 3 -
another. In this case, each serial bus has potential
isolation, which is provided by means of optocouplers.
The signaling and command stages at the input/output
level are designed such that they can be used both as
inputs and outputs as well as for connections to
further serial bus systems. This makes it possible to
interconnect the input/output pairs, to test them with
the aid of test patterns, and to switch the connections
to defined states. In consequence, the signaling and
command stages can be connected via a dual redundant
bus system to a higher-level safe master such that all
the reference potentials are isolated from one another.
With regard to the isolation voltage, two isolation
levels are provided, one in the bus at the master and
the other in the output stages.
The latter means that safe isolation, which is an
essential requirement here, is lost in the event of a
fault.
The object of the invention is to ensure potential
isolation by means of optocouplers even in the event of
a fault.
This object is achieved by the features specified in
claims 1 and 7. The characterizing features of the
dependent claims contain corresponding advantageous
refinements.
With regard to the unit with digital signaling stages,
the solution provides for power loss limiting to be
provided for the optocouplers. The use of a serial bus
in this case advantageously allows the incorporation of
potential isolation in the bus, which results in
physically small configuration despite there being a
greater number of signaling or command stages, owing to
CA 021488160 2004-11-23
2003P12271
- 4 -
the saving of a large number of optocouplers and,
furthermore, this is also cost-effective. However, the
potential isolation even in the event of a fault is
ensured only by limiting the power losses of the
optocouplers. This is achieved by simple means by
operating the optocouplers below the rated operating
voltage, for power loss limiting, and by applying the
operating voltage to the optocouplers via series
resistors of appropriate resistance.
It is technically simple to set all of the inputs to
the zero state.
In particular, the testing is simplified if the inputs
of the current-sensitive signaling stages are connected
to ground.
A simple safety circuit provides for the provision of a
switching unit which is controlled by the computer and
switches off the supply voltage for the connected
peripherals in the event of a fault.
The test quality is improved if the simulated digital
input signals which are passed to the inputs are
predetermined bit patterns, to be precise those which
have been proven for the testing of signaling stages.
With regard to the two-channel unit with digital
command stages, the solution also provides for power
loss limiting to be provided for the optocouplers.
In a technically simple unit, the state inversion is
carried out in the form of pulses, with the logic state
of the command stages thus being changed in a pulsed
form.
In particular, the testing is simplified if the
optocouplers are operated below the rated operating
CA 021488160 2004-11-23
2003P12271
- 5 -
voltage for power loss limiting, and the operating
voltage is applied to the optocouplers via series
resistors.
Safety disconnection is ensured by the provision of a
switching unit which is controlled by the computer and
which switches off the supply voltage for the connected
peripherals in the event of a fault.
The invention will be described in more detail in the
following text with reference to a drawing, in which:
Figure 1 shows a two-channel unit with four signaling
stage pairs, and
Figure 2 shows a two-channel unit with four digital
command stage pairs.
Figure 1 shows a two-channel unit 1 with digital
signaling stages MS which, for safety reasons, are in
the form of signaling stage pairs and are part of a
process connection circuit, which is not shown, for
safe operation of a safety device in the indoors
section, that is to say, for example, for driving
signal lamps, railroad switch drives, axle counters,
notification devices, speed measurement devices and
automatic stop devices, as well as for safe contact
checks.
Four signaling stage pairs MSO, MS4; MS1, MS5; MS2, MS6
and MS3, MS7 are provided on the input side in
Figure 1; the signaling stages (MSO-MS7) are thus in a
two-channel form. Each signaling stage MSO-MS7 is
connected to two controllers 2a, 2b, and each
controller 2a, 2b is in each case connected to one
input and to one output of the signaling stage pairs.
Thus, at each signaling stage pair, the controller 2a
is connected to the input of one signaling stage MS and
to the output of the other signaling stage MS. In this
CA 021488160 2004-11-23
2003P12271
- 6 -
case, the arrows 3 in Figure 1 which lead away from the
signaling stages MSO-MS7 represent the outputs, and the
arrows 4 which lead to the signaling stages MSO-MS7
represent the inputs of the signaling stages MSO-MS7.
In Figure 1, the controller 2a is connected to the
inputs of the signaling stages MS4-MS7 and to the
outputs of the signaling stages MSO-MS3, and,
conversely, the controller 2b is connected to the
outputs of the signaling stages MS4-MS7 and to the
inputs of the signaling stages MSO-MS3.
A test circuit 5 is used to test the current-sensitive
signaling stages MSO-MS7 and connects all of the inputs
of the signaling stages MSO-MS7 to ground in response
to a command from the controller 2b (test the signaling
stages) (the through access of the test circuit 5 is
represented by the arrows 5a, 5b), which represents a
simple capability for setting the signaling stages MSO-
MS7 to the zero state. The zero state is one of two
defined input states of the signaling stages MSO-MS7.
The two controllers 2a, 2b then pass simulated input
signals to the inputs of all eight signaling stages
MSO-MS7 (test the signaling stages), to be precise as
predetermined bit patterns, preferably using those bit
patterns which have already been proven for tests such
as these. The output signals of the bit patterns are
recorded by the controllers 2a, 2b (read the messages),
and are made available via the controllers 2 to the
higher-level safe computer (not shown).
The controllers 2a, 2b communicate with the computer
via a serial bus 6 which - as is indicated in Figure 1
by the two diagonal lines - has potential isolation 6a,
in this case by means of two optocouplers (not shown) .
In this case, power loss limiting is provided for the
optocouplers by operating the optocouplers below the
rated operating voltage and by applying the operating
voltage to the optocouplers via series resistors.
CA 021488160 2004-11-23
2003P12271
_ 7 _
The higher-level computer is connected via a connection
7 to a switching unit ASS, which switches off the
supply voltage to the connected peripherals controlled
by the safe computer, in response to a switching-off
command from said safe computer (through access is
represented schematically by the arrows 7a, 7b).
Figure 2 shows a two-channel unit with output-side
digital command stages KS instead of the signaling
stages MS. As will be immediately evident from a
comparison of Figure 1 and Figure 2, there is no test
circuit 5 in Figure 2, that is to say the command
stages KS need not be set to a defined state in advance
for testing.
For testing, the controllers 2a, 2b each pass a state
inversion sequentially to the inputs of the command
stages KS, to be precise from the controller 2b to the
command stages KSO-KS3 and from the controller 2a to
the command stages KS4-KS7, as is indicated as control
of the commands in Figure 2. The state inversion is
carried out in the form of short pulses, for example
voltage pulses, during any given current state at each
input of the command stages. The output signals (pulsed
signals) produced in this way are recorded (read back
the commands) and are made available to the safe
computer.
In this case as well, a serial bus 6 is provided for
communication with the safe computer, which once again
has potential isolation 6a by means of optocouplers.
Power loss limiting is likewise provided for the
optocouplers by operating the optocouplers below the
rated operating voltage and by applying the operating
voltage to the optocouplers via series resistors.
CA 02488160 2004-11-23
2003P12271
_ g _
If necessary, the safe computer can switch off the
supply voltage to the connected peripherals, that is to
say all of the loads which can be connected to the
command stages, for example relays etc., via the
switching unit ASS, which is represented by the arrows
7a and 7b, with the arrows 7a and 7b being intended to
indicate the through access of the switching unit ASS.
