EP0503336A2 - Système de commande à distance d'une sous-station d'une manière fiable dans une installation de chemin de fer - Google Patents

Système de commande à distance d'une sous-station d'une manière fiable dans une installation de chemin de fer Download PDF

Info

Publication number
EP0503336A2
EP0503336A2 EP19920102996 EP92102996A EP0503336A2 EP 0503336 A2 EP0503336 A2 EP 0503336A2 EP 19920102996 EP19920102996 EP 19920102996 EP 92102996 A EP92102996 A EP 92102996A EP 0503336 A2 EP0503336 A2 EP 0503336A2
Authority
EP
European Patent Office
Prior art keywords
substation
computer
central station
security code
command
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
EP19920102996
Other languages
German (de)
English (en)
Other versions
EP0503336B1 (fr
EP0503336A3 (fr
Inventor
Alan C. Knight
Helmut Uebel
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alcatel Lucent Deutschland AG
Original Assignee
Alcatel SEL AG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alcatel SEL AG filed Critical Alcatel SEL AG
Publication of EP0503336A2 publication Critical patent/EP0503336A2/fr
Publication of EP0503336A3 publication Critical patent/EP0503336A3/xx
Application granted granted Critical
Publication of EP0503336B1 publication Critical patent/EP0503336B1/fr
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Classifications

    • BPERFORMING OPERATIONS; TRANSPORTING
    • B61RAILWAYS
    • B61LGUIDING RAILWAY TRAFFIC; ENSURING THE SAFETY OF RAILWAY TRAFFIC
    • B61L27/00Central railway traffic control systems; Trackside control; Communication systems specially adapted therefor
    • B61L27/30Trackside multiple control systems, e.g. switch-over between different systems

Definitions

  • the invention relates to a device according to the preamble of patent claim 1.
  • the known remote control requires a special, signal-technically secure command line for transmitting the execution command.
  • the invention has for its object to provide a remote control device that enables a transmission of commands to be carried out safely by signaling without a special command line that is safe by signaling.
  • a device that solves this problem is represented by the features of claim 1.
  • the device according to the invention enables the use of commercially available, non-secure computers, e.g. Personal computer, in the central station.
  • Special security measures are limited to checking the redundantly received report image data by comparison. All test and security measures can be carried out in the substation using the two computer channels.
  • Special, signal-safe circuit parts, such as those e.g. would be necessary to receive a safe execution coming.
  • claim 3 protects the transmitted message information from corruption by bit lines that have become static at parallel computer inputs and outputs.
  • the manual switching of the screen required according to claim 4 to the computer system capable of displaying the security code prevents a thoughtless routine confirmation of requested auxiliary operations.
  • the figure schematically shows a central station Z and a substation UST1 with their most important devices and a transmission link U connecting both stations. Additional substations UST2 can also be connected to the transmission link.
  • the central station contains two computer systems R1, R2, e.g. Personal computer, which can be alternately connected to a display device M via a changeover switch MS to display a stored message image. Only the computer system R1 has a manual input T and a printer D for recording actions that are required to be recorded. Data output on the transmission link Ü via a modem MZ is also only possible from the computer system R1.
  • R1, R2, e.g. Personal computer which can be alternately connected to a display device M via a changeover switch MS to display a stored message image.
  • Only the computer system R1 has a manual input T and a printer D for recording actions that are required to be recorded.
  • Data output on the transmission link Ü via a modem MZ is also only possible from the computer system R1.
  • the substation UST1 has a computer system which is secure in terms of signal technology and has two computer channels, each of which consists of a main computer UR1, UR2 and a front-end computer VR1, VR2.
  • the two main computers are connected to one another via a neighboring computer connection NRB and via a control and message bus SMB to the hardware STW of the substation to be controlled.
  • connection to the transmission path runs here via the upstream computer of the computer channels. These are connected to a substation modem MU with separate outputs in the output direction. In contrast, inputs of both upstream computers are acted upon in parallel from a common output of the modem.
  • Control commands which are entered in the central station and are intended to result in an actuating action without special security responsibility in the substation, enter the computer system R1 from the input T.
  • the computer system develops the command corresponding to the control command and outputs it to the modem MZ, from where it is, e.g. as a serial, frequency-modulated data telegram, which is transmitted on the transmission link.
  • the substation modem MU converts the data telegram into the originally entered command and feeds it to the pre-computers of the computer channels parallel to.
  • Both computer channels now decode the control command contained in the received command. They exchange interim results and the end result via the neighboring computer connection NRB and compare their own result with that of the neighboring computer channel. If the results are determined by both computer channels, the control command is output on the control and message bus and the actuating action is thus triggered.
  • reporting lines of the control and reporting bus These are queried at regular intervals and after each actuation by both computer channels for their switching status.
  • the result of the query is sent to the substation modem MU separately from both primary computers and transmitted to the central station as a reporting data telegram.
  • One of the upstream computers outputs its data in inverted form to the modem.
  • both computer systems receive the reporting data transmitted from both computer channels of the substation in parallel and compare the simply transmitted data with the inverted transmitted data. If there is a match, the transmitted current switching states are saved and taken into account in the display of the message image. From the change in the message screen, the operator can see whether the control command entered by him has been carried out.
  • a control command for this is likewise entered into the computer system R1 via the operating device T and transmitted as a command to the substation.
  • a command with security responsibility is identified as such by an addition or a special form of input. But it can also only be in the substation, e.g. by comparing the received command with pre-stored lists of safety-relevant and non-safety-relevant commands, it can be determined whether the command to be executed has safety meaning.
  • the computer channels of the substation determine when a command transmitted from the central station relates to an actuating action that is to be carried out with security responsibility.
  • the control command contained in the transmitted command is first stored in the substation in terms of signal technology.
  • the associated actuating action has not yet been carried out.
  • a specially marked message data telegram is transmitted to the central station via the signaling-safe signaling path, which simulates the actuation that has not yet been carried out.
  • the computer controlling the display device displays this anticipated actuation action in a special shape or color on the display device.
  • the actuation action to be carried out is thus "reflected" back into the central station.
  • the operator can check again whether the mirrored command corresponds to the originally entered command and can finally decide whether the command should be executed.
  • the computer channels of the substation contain a program for generating a special security code.
  • This program is processed when a command triggering an actuating action with security responsibility is recognized and the determined security code is transmitted to the central station together with the data required to mirror the actuating action to be performed.
  • the security code can now be displayed in the central station and, after being entered again, can be transferred back to the substation as an execution command. There it is compared with the originally generated security code stored there. If there is agreement, the execution command is given. The prepared actuation is carried out.
  • the computer system R2 In the central station, only the computer system R2 that is not used for command transmission contains a program for receiving and displaying the security code. The computer system R1 is unable to record and display the security code or to transmit it back to the substation.
  • the security code can only be retransmitted if the computer system R2 uses e.g. manually operable switch MS connected to the display device and thus enabled to display the security code to the operator.
  • the operator is forced to enter the displayed security code into the computer system R1 by means of the operating device T if he wants to effect its transmission to the subordinate station and thus the execution of the prepared actuating command.
  • the security code can also be transmitted to the central station in encrypted form, decrypted in a decrypted form in the second computer with the aid of a decryption program contained only there, and after re-entering it Substation be transferred back.

Landscapes

  • Engineering & Computer Science (AREA)
  • Mechanical Engineering (AREA)
  • Selective Calling Equipment (AREA)
  • Remote Monitoring And Control Of Power-Distribution Networks (AREA)
  • Electric Propulsion And Braking For Vehicles (AREA)
EP92102996A 1991-03-09 1992-02-22 Système de commande à distance d'une sous-station d'une manière fiable dans une installation de chemin de fer Expired - Lifetime EP0503336B1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE4107639A DE4107639A1 (de) 1991-03-09 1991-03-09 Einrichtung zur signaltechnisch sicheren fernsteuerung einer unterstation in einer eisenbahnanlage
DE4107639 1991-03-09

Publications (3)

Publication Number Publication Date
EP0503336A2 true EP0503336A2 (fr) 1992-09-16
EP0503336A3 EP0503336A3 (fr) 1994-02-23
EP0503336B1 EP0503336B1 (fr) 1996-01-31

Family

ID=6426903

Family Applications (1)

Application Number Title Priority Date Filing Date
EP92102996A Expired - Lifetime EP0503336B1 (fr) 1991-03-09 1992-02-22 Système de commande à distance d'une sous-station d'une manière fiable dans une installation de chemin de fer

Country Status (4)

Country Link
EP (1) EP0503336B1 (fr)
AT (1) ATE133620T1 (fr)
DE (2) DE4107639A1 (fr)
ES (1) ES2085505T3 (fr)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1038752A1 (fr) * 1999-03-17 2000-09-27 Westinghouse Brake And Signal Holdings Limited Système d'enclenchement ferroviaire
EP1197418A1 (fr) * 2000-10-13 2002-04-17 Siemens Aktiengesellschaft Pocédé de commande pour un processus à sécurité critique dans le service ferroviaire et dispositif pour mettre en oeuvre ce procédé
WO2003047937A1 (fr) * 2001-11-22 2003-06-12 Siemens Aktiengesellschaft Procede de commande d'un processus d'exploitation ferroviaire critique et dispositif destine a la mise en oeuvre de ce procede
US7209811B1 (en) 2001-11-22 2007-04-24 Siemens Aktiengesellschaft System and method for controlling a safety-critical railroad operating process
TWI817164B (zh) * 2020-07-21 2023-10-01 德商世創電子材料公司 從工件同時切割多個切片的方法和設備

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE19745994A1 (de) * 1997-10-20 1999-04-22 Cit Alcatel Verfahren zum Austausch von Daten zwischen Applikationsprozessen in einem sicheren Mehrrechnersystem
DE10309200A1 (de) 2003-02-25 2004-09-16 Siemens Ag Verfahren zur Sicherung der Zugfolge im Zugleitbetrieb
EP1596517B1 (fr) 2004-05-10 2008-03-05 Siemens Aktiengesellschaft Procédé de transmission sur un seul canal de données fournies sous forme redondante
DE102007061807A1 (de) 2007-12-19 2009-07-09 Db International Gmbh Sicheres Verfahren zum Steuern von Elementen der Leit- und Sicherungstechnik mit kabelloser Datenübertragung über große Stellentfernungen hinweg
DE102008012953B4 (de) * 2008-03-06 2022-01-27 Bombardier Transportation Gmbh Überprüfung von Anzeigesystemen in Schienenfahrzeugen
DE102019208924A1 (de) * 2019-06-19 2020-12-24 Siemens Mobility GmbH Eingabeverfahren für sicherheitskritische Bedienkommandos und Bediensystem

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE2549197A1 (de) * 1975-11-03 1977-05-05 Siemens Ag Einrichtung zur funktionskontrolle in fernmelde-, fernbedienungs-, insbesondere eisenbahnsicherungsanlagen
SU557367A1 (ru) * 1975-12-25 1977-05-05 Предприятие П/Я В-8117 Система дублированных цифровых вычислительных машин (цвм)
US4368534A (en) * 1979-01-29 1983-01-11 General Signal Corporation Keyboard controlled vital digital communication system
DE2912928C2 (de) * 1979-03-31 1986-10-23 Standard Elektrik Lorenz Ag, 7000 Stuttgart Einrichtung zur Übermittlung binär kodierter Information zur Fernsteuerung von Eisenbahnsignalanlagen
DE2921860C2 (de) * 1979-05-25 1986-07-31 Licentia Patent-Verwaltungs-Gmbh, 6000 Frankfurt Einrichtung zur Ortung und Steuerung eines spurgebundenen Fahrzeuges mit Linearmotorantrieb
DE2934039A1 (de) * 1979-08-23 1981-03-26 Robert Bosch Gmbh, 70469 Stuttgart Warn- und sicherheitseinrichtung fuer ein fernstuerungssystem
DE3211977A1 (de) * 1982-03-31 1983-10-06 Siemens Ag Betriebsueberwachung von uebertragungsstrecken fuer digitale signale
DE3232167C1 (de) * 1982-08-30 1983-10-20 Siemens AG, 1000 Berlin und 8000 München Gesicherte Datenübertragungseinrichtung für paarweise antivalente Informationen in Eisenbahnsicherungsanlagen
DE3310975A1 (de) * 1983-03-25 1984-09-27 Siemens AG, 1000 Berlin und 8000 München Einrichtung zur sicheren prozesssteuerung
DE3412049A1 (de) * 1984-03-30 1985-10-17 Licentia Patent-Verwaltungs-Gmbh, 6000 Frankfurt Signaltechnisch sichere datenverarbeitungseinrichtung
DE3513357A1 (de) * 1985-04-15 1986-10-16 Fernsprech- und Signalbau KG Schüler & Vershoven, 4300 Essen Schaltungsanordnung, insbesondere fuer einen sicherheitskoppelschalter im untertagebergbau
DE3742118A1 (de) * 1987-12-11 1989-06-22 Siemens Ag Signaltechnisch sichere datenuebertragungseinrichtung

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1038752A1 (fr) * 1999-03-17 2000-09-27 Westinghouse Brake And Signal Holdings Limited Système d'enclenchement ferroviaire
US6308117B1 (en) 1999-03-17 2001-10-23 Westinghouse Brake & Signal Holdings Ltd. Interlocking for a railway system
EP1197418A1 (fr) * 2000-10-13 2002-04-17 Siemens Aktiengesellschaft Pocédé de commande pour un processus à sécurité critique dans le service ferroviaire et dispositif pour mettre en oeuvre ce procédé
WO2003047937A1 (fr) * 2001-11-22 2003-06-12 Siemens Aktiengesellschaft Procede de commande d'un processus d'exploitation ferroviaire critique et dispositif destine a la mise en oeuvre de ce procede
US7209811B1 (en) 2001-11-22 2007-04-24 Siemens Aktiengesellschaft System and method for controlling a safety-critical railroad operating process
TWI817164B (zh) * 2020-07-21 2023-10-01 德商世創電子材料公司 從工件同時切割多個切片的方法和設備

Also Published As

Publication number Publication date
EP0503336B1 (fr) 1996-01-31
EP0503336A3 (fr) 1994-02-23
ATE133620T1 (de) 1996-02-15
ES2085505T3 (es) 1996-06-01
DE59205198D1 (de) 1996-03-14
DE4107639A1 (de) 1992-09-10

Similar Documents

Publication Publication Date Title
DE69718754T2 (de) Kombiniertes Fernzugriffs- und Sicherheitssystem
EP0503336B1 (fr) Système de commande à distance d'une sous-station d'une manière fiable dans une installation de chemin de fer
WO1997035282A1 (fr) Dispositif de transmission de donnees situe dans un vehicule, compose d'un generateur d'impulsions et d'un appareil de controle, et generateur d'impulsions approprie a l'appareil de controle
DE2154018B2 (de) Anordnung zur digitalen Datenver- und Entschlüsselung
DE102007032805A1 (de) Verfahren und Systemarchitektur zur sicheren einkanaligen Kommunikation zum Steuern eines sicherheitskritischen Bahnbetriebsprozesses
DE2701925A1 (de) Fahrzeugsteuerungssystem mit hoher zuverlaessigkeit
DE102012221714A1 (de) Verfahren zur Fehleroffenbarung bei einem Stellwerksrechnersystem und Stellwerksrechnersystem
EP0978775B1 (fr) Méthode de transmission sûre de données entre une commande numérique et un appareil à distance
AT402909B (de) Verfahren zur gewährleistung der signaltechnischen sicherheit der benutzeroberfläche einer datenverarbeitungsanlage
WO2009135512A1 (fr) Contrôle de la liaison de communication entre des appareils de terrain
DE3125724C2 (fr)
DE19826875A1 (de) Numerische Steuerung mit einem räumlich getrennten Eingabegerät
EP1498836A1 (fr) Procédé de transmission de données entre lecteur/enregistreur RFID et son unité fonctionnelle, lecteur/enregistreur et unité fonctionnelle
EP0392328B1 (fr) Mèthode pour le contrôle permanent des signaux pour l'affichage des informations sur un écran
EP1133096B1 (fr) Procédé et système de transmission de données a sûreté intégrée entre des ordinateurs à sécurité intrinsèque
DE3742118C2 (fr)
EP3167641A1 (fr) Procédé et dispositif de communication sécurisé entre un premier abonné et un second abonné
DE10330115B4 (de) Einrichtung zum Steuern eines von einer Bedienperson gesteuerten Systems, insbesondere eines Stellwerks eines Eisenbahnsystems
EP2941738A1 (fr) Procédé de découverte d'erreurs dans un système informatique de poste d'aiguillage et système informatique de poste d'aiguillage
CH649744A5 (en) Device for transmitting information for remotely controlling railway signalling systems
DE4125812C2 (de) Verfahren zur signaltechnisch sicheren Datenübertragung
DE3529056C2 (fr)
DE102022211587B4 (de) Sicherer Betrieb von redundanten, einfehlertoleranten Steuergeräten im Fahrzeug mit signierten Signalen
DE102019208925A1 (de) Verfahren zur generischen Anzeigesicherung und Bediensystem
DE10040866A1 (de) Rechnersystem

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

AK Designated contracting states

Kind code of ref document: A2

Designated state(s): AT CH DE ES FR GB LI NL

RAP3 Party data changed (applicant data changed or rights of an application transferred)

Owner name: ALCATEL SEL AKTIENGESELLSCHAFT

PUAL Search report despatched

Free format text: ORIGINAL CODE: 0009013

AK Designated contracting states

Kind code of ref document: A3

Designated state(s): AT CH DE ES FR GB LI NL

17P Request for examination filed

Effective date: 19940712

17Q First examination report despatched

Effective date: 19950120

GRAA (expected) grant

Free format text: ORIGINAL CODE: 0009210

AK Designated contracting states

Kind code of ref document: B1

Designated state(s): AT CH DE ES FR GB LI NL

REF Corresponds to:

Ref document number: 133620

Country of ref document: AT

Date of ref document: 19960215

Kind code of ref document: T

REF Corresponds to:

Ref document number: 59205198

Country of ref document: DE

Date of ref document: 19960314

GBT Gb: translation of ep patent filed (gb section 77(6)(a)/1977)

Effective date: 19960222

ET Fr: translation filed
REG Reference to a national code

Ref country code: ES

Ref legal event code: FG2A

Ref document number: 2085505

Country of ref document: ES

Kind code of ref document: T3

PLBE No opposition filed within time limit

Free format text: ORIGINAL CODE: 0009261

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT

26N No opposition filed
REG Reference to a national code

Ref country code: GB

Ref legal event code: IF02

REG Reference to a national code

Ref country code: CH

Ref legal event code: NV

Representative=s name: JUERG ULRICH C/O ALCATEL STR AG

Ref country code: CH

Ref legal event code: EP

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: FR

Payment date: 20110218

Year of fee payment: 20

Ref country code: AT

Payment date: 20110126

Year of fee payment: 20

Ref country code: NL

Payment date: 20110216

Year of fee payment: 20

Ref country code: DE

Payment date: 20110216

Year of fee payment: 20

Ref country code: CH

Payment date: 20110214

Year of fee payment: 20

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: GB

Payment date: 20110216

Year of fee payment: 20

Ref country code: ES

Payment date: 20110315

Year of fee payment: 20

REG Reference to a national code

Ref country code: DE

Ref legal event code: R071

Ref document number: 59205198

Country of ref document: DE

REG Reference to a national code

Ref country code: DE

Ref legal event code: R071

Ref document number: 59205198

Country of ref document: DE

REG Reference to a national code

Ref country code: CH

Ref legal event code: PL

Ref country code: NL

Ref legal event code: V4

Effective date: 20120222

REG Reference to a national code

Ref country code: GB

Ref legal event code: PE20

Expiry date: 20120221

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: DE

Free format text: LAPSE BECAUSE OF EXPIRATION OF PROTECTION

Effective date: 20120223

REG Reference to a national code

Ref country code: ES

Ref legal event code: FD2A

Effective date: 20120509

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: GB

Free format text: LAPSE BECAUSE OF EXPIRATION OF PROTECTION

Effective date: 20120221

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: ES

Free format text: LAPSE BECAUSE OF EXPIRATION OF PROTECTION

Effective date: 20120223

REG Reference to a national code

Ref country code: AT

Ref legal event code: MK07

Ref document number: 133620

Country of ref document: AT

Kind code of ref document: T

Effective date: 20120222