• 专利附录
  • 专利说明
  • 权利要求
  • 类似技术
  • 同族专利
  • 引用文献
  • 法律状态
  • 优先权
    • 专利摘要:
    Shown and described is a safety network with a plurality of safety sensors (21, 21 ', 21 ", 21' ''), which are connected to each other via a first and a second data bus (23, 25), wherein the first data bus (23) is designed for the transmission of non-security-relevant data and the second data bus (25) is designed for the transmission of security-relevant data. In addition, it is provided that at least one of the safety sensors has an interface to a third data bus (31) and is connected thereto, wherein the data bus (31) is designed to ensure a fail-safe transmission of data from this safety sensor to a control unit.
    公开号:CH714542A1
    申请号:CH00014/18
    申请日:2018-01-09
    公开日:2019-07-15
    发明作者:Steiner Roman;R Zöschg Dietmar;Geges Norbert;Guntli Andreas;Klima Andreas;Lukas Verena;Möhr Raphael;Rodoni Daniele
    申请人:Elesta Gmbh Ostfildern De Zweigniederlassung Bad Ragaz;
    IPC主号:
    专利说明:

    Description: The invention relates to a security network for security sensors. In addition, the invention relates to a security sensor and the use of a security sensor in a security network and a production system with a security network according to the invention. The invention further relates to a method for transmitting data from security sensors in a security network.
    In order to protect people from injuries or material from damage, safety sensors are used very often in the automation of machines, which can detect and report a dangerous situation with a certain safety standard. For example, such safety sensors can be used on safety doors for machine tools, for industrial production plants, for dangerous machines such as sagas or for industrial robots, etc. With such systems, it is a safety requirement that no one is in the danger zone of the machine or system during their operation. For this purpose, the area in which, for example, a machine operator for setting up, adjusting or maintaining the system must be fenced by protective walls and access is via the safety doors mentioned. If there are several security doors, a security sensor is usually installed for each door. The safety sensors are connected to a readout unit, which is usually part of a control device that controls the system, and thus form a safety network.
    [0003] For example, safety sensors can be understood in particular as sensors which, in the manner of proximity sensors, can detect the proximity of an object without contact. It is known to use so-called RFID (radio frequency identification) elements for this. These consist of a mostly passive RFID transponder, also called an RFID tag, and an RFID read and write device, hereinafter referred to as an RFID reader. When the RFID transponder approaches the RFID reader, the RFID transponder is excited and supplied with energy by an electromagnetic alternating field emitted by the RFID reader. The microcontroller of the RFID transponder is then able to decode the commands from the RFID reader and take appropriate actions, such as outputting its stored information or writing new memory contents.
    Security doors are now secured, for example, by attaching a first door element, e.g. on the door frame, an RFID transponder and on a second door element, e.g. an RFID reader is attached to the door leaf. If the security door is closed, the RFID transponder is located in the reception area of the RFID reader, the RFID transponder and RFID reader are coupled with it, and commands and information can be exchanged. If the security door is opened, the RFID reading device can no longer detect or read the REID transponder and the RFID reading device can then transmit a corresponding information to a higher-level control device of a production plant, which prevents the machine from starting and possibly in the danger area injured person. Control units can be formed from relatively simple safety relays up to complex programmable logic controllers (PLC).
    For safety devices of this type, a safety integration level 3 (SIL3) according to the standard IEC 61508 must be observed; These facilities have to ensure double security, i.e. an error that occurs, for example in data transmission or data processing, is redundant insofar as this does not yet lead to a malfunction of the safety device. It is therefore known, for example, to read in and process the data determined by security sensors in a first data processing unit and then to re-read the data in a second data processing unit. process or check the processed data. As a result, these two data processing units compare their results and, in particular, pass safety-related information, such as the information “Door is closed” (which can mean that the machine may start up for a higher-level control unit), only to a higher-level control unit of a machine or system continue if the results of the check match and it can therefore be assumed that there is data consistency. As a rule, the separate data processing units are constructed differently, for example by using different electronic components, although both data processing units still produce the same results if they function correctly.
    Various standards have also been created to enable communication between safety sensors or actuators and control and monitoring devices. One of these is the so-called IO-Link standard in accordance with IEC61131-9 or in accordance with IO-Link System Description - Technology and Application, Version July 2013, Order number 4,392, which has been expanded to also be used in security-relevant applications. This extension is known as IO-Link Safety Standard in accordance with IO-Link Safety System Extensions Specification, Version 1.0, April 2017, Order No: 10.092. Other known standards for safety-relevant applications are, for example: the AS-i bus standard or the CANopen safety standard.
    The reporting of safety-related states from a safety sensor to a control unit can thus be via a secure serial master-slave connection, e.g. IO-Link Safety done. For this, however, it is necessary that each safety sensor is connected as a slave to the evaluation unit, which functions as the master, and is evaluated using a defined protocol. The disadvantage here is that a separate master is required in the evaluation unit for each safety sensor required. Each sensor unit must therefore be connected to the master assigned to it via a separate data line, which of course increases the complexity in terms of circuitry and wiring, and thus the costs, massively.
    CH 714 542 A1 It is therefore an object of the invention to design a safety network in such a way that the circuitry and wiring outlay is minimized without lowering the safety standards compared to previously known systems. In addition, the object of the invention is to design security sensors accordingly and to create a method for a security network according to the invention.
    This object is achieved by a security network with the features of claim 1. Advantageous refinements are described in the dependent claims 2 to 10. This object is further achieved by a security sensor according to claim 11 and by the use of a security sensor in a security network according to the invention and by a production system with a security network according to the invention. Further advantageous configurations can be found in the remaining subclaims.
    The security network according to the invention has a plurality of security sensors which are connected to one another via a first and a second data bus, the first; Data bus is designed for the transmission of non-safety-relevant data and the second data bus is designed for the transmission of safety-related data, at least one of the safety sensors having an interface to a third data bus and being connected to it, the data bus being designed to provide fail-safe transmission of data from this safety sensor to an evaluation device.
    According to the invention, a subnetwork is thus formed from a plurality of safety sensors which are connected to one another via two data buses, safety-relevant data being transmitted via a correspondingly securely configured bus and non-safety-relevant data being transported via a simpler bus. Security-relevant data include, for example, information about the closed status of security doors. Non-security-relevant information can relate to address information or information on the identification number of the security sensor. This ensures that safety-relevant information is properly transmitted to the safety sensor that is connected to the control unit of the production system or to an evaluation unit that is part of the control unit.
    The advantageous embodiment variants listed below lead, alone or in combination with one another, to further improvements in the security network.
    The fail-safe transmission of data via the third data bus can be ensured in a first embodiment of the invention by the formation of check sums, the assignment of sequence numbers and the monitoring of the response times. Likewise, the third data bus can be implemented as a secure serial master-slave connection, which is advantageously designed in accordance with the IO-Link safety standard. Compliance with this safety standard ensures safe communication between the safety sensor and control unit. Compliance with the IO-Link safety standard means that safety-relevant communication between the control unit and the safety sensor is fail-safe, even though the data is only sent via a single transmission path. The redundancy is therefore not given by the double implementation of circuit arrangements, transmission lines or the like, but is guaranteed by compliance with the IO-Link safety standard.
    In a further embodiment of the invention, the first data bus is designed as a bidirectional, serial bus and the second data bus can be designed as a unidirectional, serial bus. These different bus topologies are preferably used for the transmission of the data, which are of different relevance for security, and represent a sub-network.
    Advantageously, the second data bus can be designed redundantly and have two separate data lines in order to transmit the same information about them. Furthermore, the second data bus can be designed as a point-to-point connection, i.e. the data bus connects only one safety sensor to the next safety sensor.
    According to an advantageous embodiment of the invention, the security sensors can be designed to transmit received security-relevant data from a security sensor, which signal a hazard situation, directly to the next security sensor and received security-relevant data, which signal that there is no hazard situation with the user's own security-relevant data to be compared and only forwarded to a next safety sensor if the comparison shows that the data are identical.
    In a further development of the invention, a corresponding security sensor can be designed to transmit received security-relevant data from a security sensor, which signals a hazard situation, directly to a next security sensor via the second data bus (23) and security-relevant data, which signal that no hazard situation, to compare with your own safety-relevant data and only forward it to a next safety sensor if the comparison shows that the. Data are identical. The can continue. Safety sensor be designed to transmit received or self-generated safety-relevant data which signal a dangerous situation directly to a control device via a fail-safe third data bus.
    The object of the present invention is also achieved by a safety sensor with a first interface for connection to a first data bus in order to send and receive non-safety-relevant data, with a second interface for connection with a second data bus to safety-relevant data to send and receive, and with a third interface to a third data bus, wherein the safety sensor is designed for this
    CH 714 542 A1 is to ensure a fail-safe transmission of data to a control unit of a production plant via the third interface.
    [0019] In a preferred embodiment, the security sensor has an RFID write and read device - in short an RFID reader and an RFID transponder.
    According to the design of the safety sensors, a method is specified in claim 18, which also solves the problem, claim 19 describes an advantageous development of this method.
    The above-mentioned embodiment variants lead, alone or in combination with one another, to further improvements of the invention. Further advantages and features of the invention result from the following description of the invention with reference to schematic representations.
    [0022] It shows:
    1: shows a schematic representation of a security network as is known from the prior art;
    2: a schematic representation of a security network according to the invention.
    1 shows a security network as is known from the prior art. A safety sensor 17 with a single data interface can be seen here, which is connected as a slave to a master 11 via a data line 15. The master 11 is part of an evaluation unit 13, which in turn is part of a control device, not shown, of a production system, also not shown. Because four sensor units are provided, four masters 11 and four data lines must also be present. In order to be able to properly transmit the safety-relevant sensor information to the master 11, the data lines 15 must be made fail-safe. It is therefore necessary with four sensor units 17 to route four data lines 15 between each master 11 and each sensor unit 17, which is correspondingly complex and expensive.
    A security network according to the invention is shown in FIG. It consists of a plurality of sensor units 21, 21 ', 21, 21, a first unidirectional data bus 23 and a second bidirectional data bus 25 and a third data bus 31. The safety sensor 21 is via the fail-safe data bus 31, which preferably corresponds to the IO Link Safety Standard , connected to a master 11. The master 11 is part of an evaluation unit 13, which in turn is part of a control device, not shown, of a production system, also not shown. The sensor unit 21 has three interfaces, the safety sensor 21 preferably establishing the connection to the fail-safe data bus 31 as an IO link device 27 and the master 11 functioning as a 10 link master.
    The remaining interfaces of the sensor unit 21 are connected to the further sensor units 21 ', 21, 21' via a unidirectional data bus 23 and a second bidirectional data bus 25. Here, the unidirectional data bus 23 is used to transmit safety-relevant information, that is to say information that signals a dangerous situation. For example, this could be an indication that a security door of a manufacturing plant is open. In the simplest, but by no means insignificant, the information regarding the existence of a dangerous situation can be transmitted via the data bus 23 with a simple yes / no or zero / one transmission. This means that only in the form of voltage (e.g. for yes) or voltage not applied (e.g. for no) it is signaled whether there is a dangerous situation or not. In order to redundantly carry out this simple data transmission of the data bus 23 transmit the information over two bus lines and only if it is signaled over both lines that there is no danger, will a production system be released for commissioning.
    [0026] Non-security-relevant information is transmitted via the bidirectional data bus 25. This can be, for example, address information, information on the identification number of a sensor unit 21, 21 ', 21, 21' or control commands, etc. A sensor unit 29 can be assigned to the sensor unit 21, which acts as a master for the data bus 25. Accordingly, the remaining sensor units 21 ', 21, 21' are designed as slaves. However, an embodiment is preferably selected in which all sensor units 21, 21 ', 21, 21' are constructed as identically as possible, with only one sensor unit 21 ultimately having to be connected to master 11 according to the invention.
    According to the invention, the data transmission takes place as follows: a first security sensor 21, 21 ', 21, 21' receives, via the first data bus 25, security-relevant data of a second security sensor 21, 21 ', 21, 21 and signals this immediately and routes this data directly to the next safety sensor 21, 21 ', 21, 21' via the second data bus 23. Security-relevant data, which signal that there is no danger situation, compares the second security sensor 21, 21 ', 21, 21' with its own security-related data and only forwards it to a third security sensor 21, 21 ', 21, 21' if the Comparison shows that the data are identical. That safety sensor, which is connected to the fail-safe data bus 31, forwards received or self-generated safety-relevant data, which signal a dangerous situation, directly to the master 11.
    [0028] While the invention has been described above with reference to a specific embodiment, it is apparent that changes, modifications, variations and combinations can be made without departing from the spirit of the invention.
    CH 714 542 A1
    REFERENCE SIGN LIST [0029]
    master
    control unit
    bus
    Safety sensor with a data interface
    security sensor
    Bi-directional data bus
    Unidirectional data bus
    IO-Link device
    IO-Link device
    Fail-safe data bus
    权利要求:
    Claims (19)
    [1]
    claims
    1. Safety network with a plurality of safety sensors (21, 21, 21 ') which are connected to one another via a first and a second data bus (23, 25), the first data bus (25) being designed for the transmission of non-safety-relevant data and the second data bus (23) is designed for the transmission of safety-relevant data /, at least one of the safety sensors (21, 21 ', 21, 21') having an interface to a third data bus (31) and being connected to it, the Data bus (31) is designed to ensure a fail-safe transmission of data from this safety sensor (21, 21 ', 21, 21') to a control unit.
    [2]
    2. Security network according to claim 1, characterized in that the fail-safe transmission of data via the third data bus (31) is ensured by the formation of check sums, the assignment of run numbers and the monitoring of the response times.
    [3]
    3. Security network according to claim 1 or 2, characterized in that the third data bus (31) is designed as a secured serial master-slave connection.
    [4]
    4. Safety network according to claim 1, 2 or 3, characterized in that the master-slave connection is designed in accordance with the IO-Link safety standard.
    [5]
    5. Security network according to one of the preceding claims, characterized in that the free data bus (25) is designed as a bidirectional, serial bus.
    [6]
    6. Security network according to one of the preceding claims, characterized in that the second data bus (23) is designed as a unidirectional, serial bus.
    [7]
    7. Security network according to claim 6, characterized in that the second data bus (23) is designed redundantly and has two separate data lines in order to transmit the same information via them.
    [8]
    8. Security network according to one of the preceding claims, characterized in that the second data bus (23) is designed as a point-to-point connection and in each case only one security sensor (21, 21 ', 21, 21') with a next security sensor (21,21 ', 21, 21') connects.
    [9]
    9. Security network according to one of the preceding claims, characterized in that the security sensors (21, 21 ', 21, 21') are designed to receive security-relevant data received from a security sensor (21, 21 ', 21, 21'), which represents a dangerous situation signal directly to the next safety sensor (21, 21 ', 21, 21') and to forward safety-relevant data which signal that there is no danger situation with the own safety-relevant data and only then to a next safety sensor (21, 21 ', 21 , 21 ') if the comparison shows that the data are identical.
    [10]
    10. Safety sensor (21, 21 ', 21, 21') with a first interface for connection to a first data bus (25) in order to send and receive non-safety-relevant data, with a second interface for connection to a second data bus (23) in order to send and receive safety-relevant data and with a third interface to a third data bus (31), the safety sensor being designed to ensure fail-safe transmission of data to a control unit via the third interface.
    CH 714 542 A1
    [11]
    11. Safety sensor according to claim 10, characterized in that the safety sensor (21, 21 ', 21, 21') is designed to receive safety-relevant data received from a safety sensor (21, 21 ', 21, 21') which signal a dangerous situation directly to pass on to the next safety sensor (21, 21 ', 21, 21') via the second data bus (23) and safety-relevant data, which signal that there is no danger situation: to be compared with your own safety-relevant data and only then to a next safety sensor ( 21, 21 ', 21, 21') if the comparison shows that the data are identical.
    [12]
    12. Safety sensor according to claim 10, characterized in that the safety sensor (21, 21 ', 21, 21') is designed to receive or self-generated safety-relevant data which signal a dangerous situation directly to a control device via a fail-safe third data bus (31 ) forward.
    [13]
    13. Security sensor according to claim 10, 11 or 12, characterized in that the security sensor (21, 21 ', 21, 21') is designed to establish a secure serial master-slave connection to the third data bus via the third interface.
    [14]
    14. Safety sensor according to claim 13, characterized in that the master-slave connection is designed in accordance with the IO-Link safety standard.
    [15]
    15. Security sensor for use in a security network according to one of the preceding claims.
    [16]
    16. Security sensor according to claim 10 or 11, characterized in that the security sensor (21, 21 ', 21, 21') has an RFID reader and an RFID transponder.
    [17]
    17. Manufacturing plant with a control device controlling the manufacturing plant and with a protective fence surrounding the manufacturing plant with at least two security doors, each security door being assigned a security sensor (21, 21 ', 21, 21') to monitor the closed state of the security door, the Control unit and the security sensors (21, 21 ', 21, 21') are part of a security network according to one of the preceding claims.
    [18]
    18. A method for transmitting data from security sensors in a security network, characterized in that a first security sensor (21, 21 ', 21, 21') receives security-relevant data of a second security sensor (21, 21 ', 1) via a first data bus (25). 21, 21 '), which signal a danger situation directly to the next safety sensor (21, 21', 21, 21 ') via a second data bus (23) and safety-relevant data which signal that there is no danger situation with the own safety-relevant data compares and only forwards to a next safety sensor (21, 21 ', 21, 21) if the comparison shows that the data are identical.
    [19]
    19. The method for transmitting data according to claim 18, characterized in that the security sensor (21), which with. connected to the fail-safe data bus (31) is to forward received or self-generated safety-relevant data, which signal a dangerous situation, directly to a control unit via this data bus (31).
    类似技术:
    公开号 | 公开日 | 专利标题
    EP3069202B1|2019-07-24|Safety control system having configurable inputs
    EP2637067B1|2018-09-05|Sensor assembly for detecting the safe condition of an automatically operated system
    EP1870839B1|2011-03-02|Detection system and detection method
    EP2302472B1|2019-11-20|Control system for safety critical processes
    EP1923759B1|2016-01-27|Secure data transfer method and system
    EP0972389A2|2000-01-19|Security control system, method for the operation thereof
    DE10330916A1|2005-02-03|Device and method for the automated control of an operating procedure in a technical installation
    EP1816487A1|2007-08-08|Light barrier
    DE19904893A1|2000-08-10|Method for suppressing controller errors with an intelligent monitoring unit includes a controller to control a process, a local network and local units allowing data to be transported from the controller to sensors and actuators
    DE102013100159A1|2014-05-28|Field device for determining or monitoring a process variable in automation technology
    EP1619565B1|2012-03-21|Method and apparatus for safe switching of a bus- based automation system
    EP2876510A1|2015-05-27|Safety control for safely switching on and off an electrical device
    EP3509316A1|2019-07-10|Security network and security sensor
    EP3474564A1|2019-04-24|Sensor and method for serial transmission of data relating to the sensor
    EP0473834B1|1994-06-22|Electronic interlocking control system, set up according to the local processor control principle
    EP2219089A1|2010-08-18|Method for operating an automation system, corresponding computer program and automation device in an automation system
    EP2667304B1|2018-09-26|Input/Output Modul
    EP3048498B1|2018-06-27|Method for reading diagnostic data from a safety control device
    EP3470939B1|2021-09-15|Method and system for monitoring the security integrity of a security function provided by a security system
    EP3474578A1|2019-04-24|Method and system for a security sensor
    DE102008045314A1|2010-03-04|Method for operating a device of process automation technology
    DE102017123222A1|2019-04-11|Method for operating a plant of automation technology
    EP2173062A1|2010-04-07|Passive monitoring communication device
    DE102015116100A1|2017-03-23|Safety-related control system for the safe control of an actuator
    EP2059885B1|2010-11-24|Apparatus for communication using a cryptic code table
    同族专利:
    公开号 | 公开日
    CH714542A9|2020-01-15|
    EP3509316A1|2019-07-10|
    引用文献:
    公开号 | 申请日 | 公开日 | 申请人 | 专利标题
    DE3715733A1|1987-05-12|1988-11-24|Licentia Gmbh|Method and arrangement for data transmission between subscriber stations which are connected to a common bus system|
    EP2099163A1|2008-03-03|2009-09-09|Sick Ag|Redundant field bus system|
    DE102012014681A1|2012-05-29|2013-12-05|Balluff Gmbh|Use of an IO link for connecting field devices|
    WO2017119089A1|2016-01-07|2017-07-13|三菱電機株式会社|Sensor apparatus, data transmission processing device, and data transmission processing method|
    法律状态:
    2020-01-15| PK| Correction|Free format text: BERICHTIGUNG A9 |
    优先权:
    申请号 | 申请日 | 专利标题
    CH00014/18A|CH714542A9|2018-01-09|2018-01-09|Security network and security sensor.|CH00014/18A| CH714542A9|2018-01-09|2018-01-09|Security network and security sensor.|
    EP19150875.3A| EP3509316A1|2018-01-09|2019-01-09|Security network and security sensor|
    [返回顶部]