System and method for testing insulated joints in track systems
US-2016252563-A1 · Sep 1, 2016 · US
Railway safety critical systems with task redundancy and asymmetric communications capability
US9233698B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9233698-B2 |
| Application number | US-201414254332-A |
| Country | US |
| Kind code | B2 |
| Filing date | Apr 16, 2014 |
| Priority date | Sep 10, 2012 |
| Publication date | Jan 12, 2016 |
| Grant date | Jan 12, 2016 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A railway safety critical application system substitutes commercial off-the-shelf (COTS) hardware and/or software for railway-domain specific product components, yet is validated to conform to railway safety critical system failure-free standards. The safety critical system uses a pair of tasks executed on a controller of a COTS personal computer or within a virtual environment with asymmetric communications capability. Both tasks receive and verify safety critical systems input message data and security code integrity and separately generate output data responsive to the input message. The first task has sole capability to send complete safety critical system output messages, but only the second task has the capability of generating the output security code. A failure of any of systems hardware, software or processing capability results failure to transmit a safety critical system output message or an output message that cannot be verified by other safety critical systems.
First claim
Opening claim text (preview).
What is claimed is: 1. A control system for a railway safety critical application system, comprising: at least one controller executing first and second tasks; the first task having an external bilateral communications interface capable of sending and receiving a safety critical systems message within a railway safety critical application system, the message including a security code and safety critical data; the second task having an external communications interface capable of receiving a safety critical systems message, but incapable of sending a safety critical systems message that is generated within the second task, the second task having a security code generator; and an inter-task communications pathway coupling the first and second tasks; wherein the first and second tasks respectively receive an input safety critical systems message including input safety critical systems data and an input security code, verify the input message integrity and generate output safety critical systems data, the second task generates an output security code and sends it to the first task, and the first task sends an output safety critical systems message including the output safety critical systems data and the second task output security code for use within the railway safety critical application system. 2. The system of claim 1 , wherein the first and second tasks compare their respective input message integrity verifications prior to generating respective output safety critical systems data. 3. The system of claim 2 , wherein the first and second tasks compare their respective output safety critical systems data. 4. The system of claim 3 , wherein the first and second tasks compare their respective output safety critical systems data prior to generation of the output security code. 5. The system of claim 1 , wherein the first task verifies output safety critical systems data integrity before sending the output safety critical systems message. 6. The system of claim 1 , wherein the first and second tasks are executed on at least one personal computer, the tasks further executed by at least one of different operating systems or software instruction sets. 7. The system of claim 1 wherein the functions of at least one of the tasks is executed virtually. 8. A railway safety critical application system comprising the control system of claim 1 . 9. A railway safety critical application system comprising the control system of claim 6 . 10. A railway system comprising: a plurality of control systems for controlling railway safety critical systems, the control systems communicatively coupled to each other for receipt and transmission of safety critical systems messages respectively having safety critical data and a security code, the respective control systems comprising: at least one controller executing first and second tasks; the first task having an external bilateral communications interface capable of sending and receiving a safety critical systems message that is generated within the railway system; the second task having an external communications interface capable of receiving a safety critical systems message, but incapable of sending a safety critical systems message that is generated within the second task, the second task having a security code generator; and an inter-task communications pathway coupling the first and second tasks; wherein the first and second tasks respectively receive an input safety critical systems message including input safety critical systems data and an input security code, verify the input message integrity and generate output safety critical systems data, the second task generates an output security code and sends it to the first task, and the first task sends an output safety critical systems message including the output safety critical systems data and the second task output security code, for use within the railway system. 11. The railway system of claim 10 , wherein the first and second tasks compare their respective input message integrity verifications prior to generating respective output safety critical systems data. 12. The railway system of claim 11 , wherein the first and second tasks compare their respective output safety critical systems data. 13. The railway system of claim 12 , wherein the first and second tasks compare their respective output safety critical systems data prior to generation of the output security code. 14. The railway system of claim 10 , wherein the first task verifies output safety critical systems data integrity before sending the output safety critical systems message. 15. The railway system of claim 10 , wherein within each respective control system the first and second tasks are executed on at least one personal computer, the tasks further executed by at least one of different operating systems or software instruction sets. 16. The railway train of claim 15 , wherein each respective control system the first and second tasks are executed on computers have different hardware construction and different operating systems. 17. A method for controlling a railway safety critical application control system, comprising: receiving with respective first and second tasks that are executed on at least one controller a safety critical systems input message that is generated within a railway safety critical application system that includes a security code and safety critical data, and independently verifying the input message integrity; independently generating output safety critical systems data in response to the input message with the respective first and second tasks; generating an output security code only with the second task and sending the generated output security code to the first task; and assembling and sending an output safety critical systems message including the output safety critical systems data and second task output security code with the first task. 18. The method of claim 17 , further comprising comparing first and second tasks respective input message integrity verifications prior to generating respective output safety critical systems data. 19. The method of claim 18 , further comprising comparing first and second tasks respective output safety critical systems data. 20. The method of claim 19 , further comprising comparing first and second tasks respective output safety critical systems data prior to generating the output security code.
Assignees
Inventors
Classifications
Time redundant execution of software on a single processing unit · CPC title
Control methods · CPC title
Generic software techniques for error detection or fault masking · CPC title
- B61L23/00Primary
Control, warning or like safety means along the route or between vehicles or trains · CPC title
- G06F11/0796Primary
Safety measures, i.e. ensuring safe condition in the event of error, e.g. for controlling element · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9233698B2 cover?
- A railway safety critical application system substitutes commercial off-the-shelf (COTS) hardware and/or software for railway-domain specific product components, yet is validated to conform to railway safety critical system failure-free standards. The safety critical system uses a pair of tasks executed on a controller of a COTS personal computer or within a virtual environment with asymmetric …
- Who is the assignee on this patent?
- Siemens Industry Inc
- What technology area does this patent fall under?
- Primary CPC classification B61L23/00. Mapped technology areas include Operations & Transport.
- When was this patent published?
- Publication date Tue Jan 12 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).