EP3617111A1 - Téléchargement de mises à jour de logiciel de contrôle sur des systèmes de transport de passagers - Google Patents

Téléchargement de mises à jour de logiciel de contrôle sur des systèmes de transport de passagers Download PDF

Info

Publication number: EP3617111A1
Authority: EP; European Patent Office
Prior art keywords: instance; control; update; passenger transport; transport system
Prior art date: 2018-08-30
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.): Withdrawn

Application number

EP18191709.7A

Other languages

German (de)

English (en)

Inventor

Daniel Arnold

David Frey

Matthias Sager

Patrick Bürgisser

Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)

Inventio AG

Original Assignee

Inventio AG

Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)

2018-08-30

Filing date

2018-08-30

Publication date

2020-03-04

2018-08-30 Application filed by Inventio AG filed Critical Inventio AG

2018-08-30 Priority to EP18191709.7A priority Critical patent/EP3617111A1/fr

2020-03-04 Publication of EP3617111A1 publication Critical patent/EP3617111A1/fr

Status Withdrawn legal-status Critical Current

Links

238000000034 method Methods 0.000 claims abstract description 44
238000012545 processing Methods 0.000 claims description 16
230000003993 interaction Effects 0.000 claims description 9
230000007246 mechanism Effects 0.000 claims description 5
230000000977 initiatory effect Effects 0.000 claims description 3
230000007704 transition Effects 0.000 claims description 3
230000001960 triggered effect Effects 0.000 claims description 2
230000008901 benefit Effects 0.000 description 9
230000008569 process Effects 0.000 description 8
238000004590 computer program Methods 0.000 description 5
238000012423 maintenance Methods 0.000 description 4
238000010586 diagram Methods 0.000 description 3
230000009471 action Effects 0.000 description 2
230000004913 activation Effects 0.000 description 2
230000000694 effects Effects 0.000 description 2
230000006870 function Effects 0.000 description 2
238000012546 transfer Methods 0.000 description 2
101001094649 Homo sapiens Popeye domain-containing protein 3 Proteins 0.000 description 1
101000608234 Homo sapiens Pyrin domain-containing protein 5 Proteins 0.000 description 1
101000578693 Homo sapiens Target of rapamycin complex subunit LST8 Proteins 0.000 description 1
102100027802 Target of rapamycin complex subunit LST8 Human genes 0.000 description 1
238000013459 approach Methods 0.000 description 1
230000005540 biological transmission Effects 0.000 description 1
230000015556 catabolic process Effects 0.000 description 1
238000004891 communication Methods 0.000 description 1
230000002860 competitive effect Effects 0.000 description 1
238000012937 correction Methods 0.000 description 1
238000009434 installation Methods 0.000 description 1
230000007257 malfunction Effects 0.000 description 1
230000000116 mitigating effect Effects 0.000 description 1
238000012544 monitoring process Methods 0.000 description 1

Images

Classifications

- B—PERFORMING OPERATIONS; TRANSPORTING
- B66—HOISTING; LIFTING; HAULING
- B66B—ELEVATORS; ESCALATORS OR MOVING WALKWAYS
- B66B1/00—Control systems of elevators in general
- B66B1/34—Details, e.g. call counting devices, data transmission from car to control system, devices giving information to the control system
- B66B1/3407—Setting or modification of parameters of the control system

Definitions

the present invention relates to updating control software for passenger transport systems, like elevator and/or escalator systems.
WO 2016/180484 discloses a method to allow a service technician to update safety related software in a passenger transport system. This document shows to load an update in a local download memory and to only execute the update in case a service technician has activated a local switch in order to make sure that a service person is attendant at the passenger transport system. Executing the update requires rebooting the local software system as a whole or at least in parts.
this object is achieved by a method for updating control software for a passenger transport system, like elevators and escalators.
At least two instances of a control application are provided in parallel, wherein at any specific point in time one of the at least two instances acts as master and is active (with respect to control) and is thus used for control of the passenger transport system while the other one of the at least two instances is passive and is not used for control (and thus is inactive with respect to the control) but instead is used for being updated.
the method comprises:
the present invention provides an option to flexibly upload software patches for control of passenger transport systems, like elevators and escalators with continuous operability and without impairing safety.
the patches may be deployed at any point of time and the transport system is available for customers also in this time period. Due to the automatic execution, it is not necessary to provide any interaction with a service technician. This saves costs and improves availability.
each of the patches is provided on every instance of the control application. This means that after the inactive instance is used to load the patch, while the active instance is used to control the transport system, a mirroring is executed. This means that the formerly active and now inactive instance is also provided with the same (mirrored) patch version as the other instance. This has the technical effect that redundant control may be provided. In case one instance becomes corrupted, the other one may immediately take over control, because the latest update versions are always loaded on both of the two instances. With this, availability of the system may be assured and improved. In this embodiment, in particular after switching from the active instance to the passive instance of the control application, updating the formerly active instance is automatically triggered, in particular with the same update which is currently used on the formerly passive instance. This improves security as a redundant instance of the control application may be provided and instantly used.
the method may also be operated in a single-load mode.
the patches are only loaded on one instance of the application.
the subsequent patch numbers or versions are loaded in an alternating manner on the first and second instance, respectively. This improves efficiency and saves processing resources for redundant loading of patches on both of the instances.
updating the passive instance comprises to reset and start up from the provided software update and to synchronize with the other instance (previously being the active instance and acting as a master instance) concerning I/O-states, service transitions, parameters settings and/or other configurations.
the method steps are executed iteratively for successive updates or patches.
updating control software is executed as a hidden service and fully autonomously without any user interaction. This has the effect that not service operator needs to be provided in the field to deploy a new software update.
the update is usable and will become operational without rebooting the software system. This improves availability of the elevator or transport system.
updating control software is executed without interruption of the passenger transport system. This improves availability of the elevator or transport system, too.
the invention in another aspect relates to an update module for updating control software for a passenger transport system, wherein at least two instances of a control application are provided in parallel, wherein at any point in time one of the at least two instances is active and is used for control of the passenger transport system while the other one of the at least two instances is passive and is not used for control but instead is used for being updated.
the update module comprises:
the update module is adapted to execute the method as described above.
the invention relates to a passenger transport system with an update module as mentioned above.
the invention relates to an update system for a passenger transport system with:
the system may additionally comprise a field control device which is responsible for controlling and updating a group of passenger transport systems. This has the advantage of being able to uniformly control a set of passenger transport systems for example in one building. Then, the server may provide a patch to be downloaded on the field control device, acting as intermediary node, to control the local update modules of the passenger transport systems.
the update module is adapted to perform all steps as claimed in connection with the corresponding method which is to be performed in the corresponding module.
the module is preferably provided as hardware module and/or as software module.
the module may be embedded in a computing environment with a processing unit or a microprocessor and memory instances and a bus system may serve as interface with external devices.
a control software platform can run two instances of a software control application in parallel.
One instance is running as operating master, a second instance is running passively. Due to this architecture, each of the instances "knows" its state (being active or passive). Both of the instances notice the presence of a new patch or update.
the passive one is adapted to automatically initiate a self-reset for the purpose of being updated.
RTEMS- and/or Linux-based control systems are used.
RMTEMS is an abbreviation for Real-Time Executive for Multiprocessor Systems and is a is a real-time operating system (RTOS) designed for embedded systems.
RTOS real-time operating system
the main benefit of the proposed solution is a software update procedure that does not decrease the elevators availability. This in turn, increases customer satisfaction and reduces maintenance costs. By having the elevator(s) in continuous operation and executing invisible updates, the elevator system remains available to the outside without any interruption. Silent software update creates optimal customer benefit due to seamless service.
the control application serves to control the passenger transport system.
the control application is a computer program which is in data exchange with actors and/or electronically controllable modules of the transport system.
the control application is executed on a software platform and may be controlled by an operating system.
the control application and/or the update module are preferably provided as embedded system.
the properties of an embedded system interacting with the electrical and mechanical parts of the passenger transport system are low power consumption, small size, robust and rugged operating ranges, and low per-unit cost.
the control application has no user interface.
the control application may be adapted to notice, store and provide its state and in particular the update version being currently used.
the state may be provided as a message to a user interface and/or to the server.
An instance of the application is to be construed as the creation of a realized application execution. Each time a program runs, it is an instance of that program. Thus, the application is executed twice, in a passive and in an active instance, wherein both of the instances are used for different purposes: one is used for updating while the other is used for controlling the elevator system.
each program instance will generally load in a separate runtime environment that contains the program's details, states etc. that are to be managed during program execution. If another, second instance of this program is executed, the second instance runs alongside the first instance, so each can be quit and managed and controlled independently.
the passenger transport system may be an elevator, escalator, a moving walkway or any other kind of people conveyer system.
the term software update is construed to be a synonym to the term patch.
the patch may be a binary file or an application program code or a part thereof (e.g. only comprising the amendments to the former version).
the software update is initiated by the server only. Usually, there is no data sent form the control application to the server, informing the server which kind of update should be loaded.
the server is the sole instance, which decides on the updated to be used. Therefore, the patch interface may be adapted to be one directional, namely for receiving the patch.
Providing the software update means to download it via the patch interface and/or may comprise to unpack (if the update is provided in a packed format), to decrypt (if the update is provided in encrypted form) and/or to store the update locally.
the compatibility with the control application may be checked automatically. In case of non-compliance an error signal may be issued and reported to the server.
the trigger signal is a digital signal, which may be provided as flag or binary electronic signal in order to reflect completion of an update procedure.
Switching refers to an electronic action. Switching may be done by the software platform or operating system. Switching refers to define the master (instance) which is responsible for control of the elevator.
the network for server interaction may be based on a wireless data transmission.
an encrypted protocol for example SSL/TLS
an unencrypted protocol may be used, like HTTP, IMAP or POP3.
the update procedure may be provided as background service without any manual support or interaction. Updates are loaded as a hidden service without interruption of the elevator system.
the update procedure may be based on a script.
the sensor element is a functional element and serves to detect the completion of the update procedure.
the sensor element may be part of the control application.
the sensor element also be part of the central processing unit and/or the software platform.
the sensor element may be implemented as a software function and the result may binary (flag, indicating completion or still-running process).
the method may be implemented as a computer program.
the invention is furthermore embodied in a computer program loadable into a processing unit of a control unit for a passenger transport system, the computer program comprising code adapted to perform the steps of a method for updating control software as described above when processed by the processing unit.
the computer program may be stored in a computer readable memory.
Fig. 1 shows in a schematic overview an elevator system E with an elevator EL which is in data connection with an update module 100.
the update module 100 is integrated into the elevator E and the data connection is a wired connection, e.g. bus system. Alternatively, it may be a wireless connection and the update module 100 may be provided as a separate instance, for example locally at the site of the elevator system E but apart from the elevator EL.
the update module 100 is embedded in an electronic device which acts as control unit CU and comprises a processing entity (microcontroller, processor) for data processing.
the update module 100 serves for updating control software for the elevator EL or any other passenger transport system.
the control unit CU is adapted to controlling the elevator EL.
control signals are transferred between the control unit CU and respective actors in the elevator EL.
the control unit CU may be implemented in hardware and a control application A may be run thereon for executing control functions.
the control application A is required to be updated.
the update or patch P is provided in the form of digital code from a central server S, which is in data connection with the field system to control the elevator E.
the data connection is a wireless connection (over the air - OTA) or may be internet-based and may be based e.g. on a http protocol. Other protocols may also be used, like for example TCO/IP or others like CANOpen, DCP or proprietary protocols.
Fig. 2 shows the update module 100 in more detail.
the update module 100 receives the software patch P for updating the control application A via a patch interface PI.
the patch P may be a binary file.
a computing runtime environment or a software update platform with a central processing unit CPU is provided for running at least two instances I of the control application A in parallel. An operating system will control the at least two instances so that at any point in time only one of the at least two instances is used for active control. Control is executed by transferring control signals via a control interface CI to the elevator EL.
the central processing unit CPU additionally comprises a sensor element 101, which is adapted for monitoring the update load process. In case the update on the inactive instance is completed, a trigger signal t is issued in order to inform that the respective instance to take over control is to be switched.
the instance which is active and is (actively) used for control of the elevator EL is defined as active instance aI of the control application A.
the other one of the at least two instances, which is passive and is not used for control but instead is used for being updated, is defined as passive instance pI.
the active instance aI there is exactly one instance active (the active instance aI) while the other one is passive.
the passive instance pI is used for being updated.
the roles of the instances (active/passive) continuously alternate during the course of operation with several successive updates. For example, for a first patch P 1 a first instance aI 1 is active, whereas for a second patch P 2 a second instance AI 2 is active, which was the passive one during executing the first patch P 1 . For a subsequent third patch P 3 the first instance aI 1 will become active again and so on.
Fig. 3 shows a sequence diagram for explaining the signal and message transfer between the respective computing entities.
the server S issues and provides the patches P.
the server S may rely on a pre-defined update scheme, so that e.g. updates are provided at pre-defined time intervals or only for a set of elevator systems EL or in a configurable manner.
the server interacts with the update module 100.
the update module in particular, is equipped with the memory MEM, the two instances I 1 , I 2 of the control applications A and a computing environment with an operating system, in the figures depicted with CPU. Other entities may also be part of the update module 100, but are not further mentioned here, for the sake of clarity.
the elevator EL is controlled by one of the two instances I 1 , I 2 , and in particular with the very instance currently being active.
a first patch P1 is provided on the server S and is transferred to the memory MEM.
the second instance I 2 which is currently actively controlling the elevator EL
the first patch P 1 is deployed on the first instance I 1 , being currently passive.
the first instance I 1 issues a trigger signal t in order to inform that the update procedure on the first instance I 1 is fully completed. This is used by the operating system or by another control instance in the update module 100 to switch between the two instances, so that now, the first instance I 1 becomes active and the second instance I 2 becomes inactive. Control of the elevator EL is taken over by the first instance I 1 .
a second patch P 2 If a second patch P 2 is to be processed, it will be provided locally on the memory MEM.
the second instance I 2 will load this second update P 2 , because it is the one which is currently inactive.
the trigger signal t After the download and update procedure is completed and the second instance I 2 is in fully operational state again for taking over control, the trigger signal t will be issued in order to trigger a switch again between the two instances I 1 , I 2 , so that the second instance I 2 will become active and take over control of the elevator system EL.
the elevator EL is controlled by the second instance I 2 , based on the former patch, depicted in Fig. 3 with P 0 .
the elevator EL is controlled by the first instance I 1 , based on the first patch P 1 .
the elevator EL is controlled by the second instance I 2 , based on the second patch P 2 and so on. It can be seen that the sequences of patches are used to control the elevator EL successively.
the two instances I 1 , I 2 are only loaded with every second patch (n -> n+2 -> n+4 ->..., wherein n refers to the patch version or number).
the second instance I 2 for example, is provided with patch P 0 and P 2
the first instance I 1 is provided with the first patch P 1 and a third patch P 3 (not explicitly shown in Fig. 3 .) and so on and so forth.
This has the advantage that additional updates on the other instances may be skipped. This saves local processing resources.
each of the patches is provided and loaded on all of the instances I (i.e. n -> n+1 -> n+2 -> n+3 -> n+4 ->..).
the second instance I 2 will also be provided with the first patch P 1 .
This loading will be executed in the phase during which the second instance is in the inactive state.
This embodiment has the advantage that security may be improved, as both instances I do process the same patch version.
the respective other instance may take over control and may act as redundancy fall back control instance.
Fig. 4 is a flow chart of the update method according to a preferred embodiment.
a (new) patch P is loaded on the local update module 100.
the received update patch P is stored in the local memory MEM.
the inactive instance is selected and used for processing and loading the patch P.
the update process is monitored and after end of the update procedure, the inactive instance issues a trigger signal t in step S4.
the trigger signal t may e.g.be provided to the operating system in order to trigger a switch between the instances in step S5, so that the active instance aI becomes inactive and in turn the inactive one will become the active one.
Step 6 should reflect a control of the elevator system EL by the active instance.
the method may end or may continue (if no further patches are received, the state remains stable) or may be re-iterated by branching back to step 1, if new patches are to be received.
the elevator system continuously monitors states of input devices. Since operability remains unchanged during the software update this process is not interrupted. Therefore, the system is still able to recognize activation of critical inputs for e.g. emergency modes.
the update actions will be canceled immediately.
Emergency Operation Modes of any kind (Fire, Hospital, Earthquake etc.) do not allow neither manual nor automatic software updates. Therefore, the invention provides an internal locking mechanism, which will actively prevent update attempts or requests in case an emergency mode has been detected.
the internal locking mechanism leads to an additional and significant advantage over today's situation.
an elevator taken out of service for update is not available to execute tasks in sudden Emergency Mode.
An elevator under silent software update according to this solution - which will be canceled in these situations - is still operable and may support building evacuation etc.
This internal locking mechanism is in particular of relevance for elevator environments being critical, e.g. hospitals.
the hidden or silent control software update relates to all kind of updates (patches, releases, new versions etc.).
a preferred embodiment relates to Linux-based elevator control systems.
the proposed method may thus be used as Linux "live patch” mechanism. This approach allows complete transparency of operational availability both from internal technical and customer point of view.

Landscapes

Engineering & Computer Science (AREA)
Automation & Control Theory (AREA)
Computer Networks & Wireless Communication (AREA)
Indicating And Signalling Devices For Elevators (AREA)
Maintenance And Inspection Apparatuses For Elevators (AREA)

EP18191709.7A 2018-08-30 2018-08-30 Téléchargement de mises à jour de logiciel de contrôle sur des systèmes de transport de passagers Withdrawn EP3617111A1 (fr)

Priority Applications (1)

Application Number	Priority Date	Filing Date	Title
EP18191709.7A EP3617111A1 (fr)	2018-08-30	2018-08-30	Téléchargement de mises à jour de logiciel de contrôle sur des systèmes de transport de passagers

Applications Claiming Priority (1)

Application Number	Priority Date	Filing Date	Title
EP18191709.7A EP3617111A1 (fr)	2018-08-30	2018-08-30	Téléchargement de mises à jour de logiciel de contrôle sur des systèmes de transport de passagers

Publications (1)

Publication Number	Publication Date
EP3617111A1 true EP3617111A1 (fr)	2020-03-04

Family

ID=63449373

Family Applications (1)

Application Number	Title	Priority Date	Filing Date
EP18191709.7A Withdrawn EP3617111A1 (fr)	2018-08-30	2018-08-30	Téléchargement de mises à jour de logiciel de contrôle sur des systèmes de transport de passagers

Country Status (1)

Country	Link
EP (1)	EP3617111A1 (fr)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number	Priority date	Publication date	Assignee	Title
EP3915912A1 (fr) *	2020-05-29	2021-12-01	KONE Corporation	Système de transport de personnes et procédé de mise à jour de logiciel d'un composant de transport de personnes dans un système de transport de personnes
WO2024252056A1 (fr) *	2023-06-07	2024-12-12	Kone Corporation	Mise à jour logicielle pour une flotte de transporteurs de passagers
EP4538212A1 (fr) *	2023-10-13	2025-04-16	Ziehl-Abegg SE	Unité électronique d'ascenseur ainsi qu'installation d'ascenseur correspondante, procédé de vérification de sécurité autonome d'une unité électronique d'ascenseur

Citations (4)

* Cited by examiner, † Cited by third party
Publication number	Priority date	Publication date	Assignee	Title
JP2002020052A (ja) *	2000-07-11	2002-01-23	Toshiba Corp	エレベータ制御装置の保守方法
JP2014218326A (ja) *	2013-05-08	2014-11-20	三菱電機ビルテクノサービス株式会社	エレベータの制御システムおよび制御方法
CN104973466A (zh) *	2015-05-25	2015-10-14	广州日滨科技发展有限公司	电梯控制程序的远程更新方法和系统
WO2016180484A1 (fr)	2015-05-12	2016-11-17	Otis Elevator Company	Procédé de mise à jour d'un logiciel lié à la sécurité

2018
- 2018-08-30 EP EP18191709.7A patent/EP3617111A1/fr not_active Withdrawn

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number	Priority date	Publication date	Assignee	Title
JP2002020052A (ja) *	2000-07-11	2002-01-23	Toshiba Corp	エレベータ制御装置の保守方法
JP2014218326A (ja) *	2013-05-08	2014-11-20	三菱電機ビルテクノサービス株式会社	エレベータの制御システムおよび制御方法
WO2016180484A1 (fr)	2015-05-12	2016-11-17	Otis Elevator Company	Procédé de mise à jour d'un logiciel lié à la sécurité
CN104973466A (zh) *	2015-05-25	2015-10-14	广州日滨科技发展有限公司	电梯控制程序的远程更新方法和系统

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number	Priority date	Publication date	Assignee	Title
EP3915912A1 (fr) *	2020-05-29	2021-12-01	KONE Corporation	Système de transport de personnes et procédé de mise à jour de logiciel d'un composant de transport de personnes dans un système de transport de personnes
EP3915913A1 (fr) *	2020-05-29	2021-12-01	KONE Corporation	Système de transport de personnes et procédé de mise à jour de logiciel d'un composant de transport de personnes dans un système de transport de personnes
CN113788376A (zh) *	2020-05-29	2021-12-14	通力股份公司	人员输送机系统和更新人员输送机部件的软件的方法
US11733995B2 (en)	2020-05-29	2023-08-22	Kone Corporation	People conveyor system and a method for updating software of a people conveyor component in a people conveyor system
WO2024252056A1 (fr) *	2023-06-07	2024-12-12	Kone Corporation	Mise à jour logicielle pour une flotte de transporteurs de passagers
EP4538212A1 (fr) *	2023-10-13	2025-04-16	Ziehl-Abegg SE	Unité électronique d'ascenseur ainsi qu'installation d'ascenseur correspondante, procédé de vérification de sécurité autonome d'une unité électronique d'ascenseur

Legal Events

Date	Code	Title	Description
2020-01-31	PUAI	Public reference made under article 153(3) epc to a published international application that has entered the european phase	Free format text: ORIGINAL CODE: 0009012
2020-03-04	AK	Designated contracting states	Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR
2020-03-04	AX	Request for extension of the european patent	Extension state: BA ME
2020-03-06	STAA	Information on the status of an ep patent application or granted ep patent	Free format text: STATUS: THE APPLICATION HAS BEEN WITHDRAWN
2020-04-08	18W	Application withdrawn	Effective date: 20200305

Publication	Publication Date	Title
EP3617111A1 (fr)	2020-03-04	Téléchargement de mises à jour de logiciel de contrôle sur des systèmes de transport de passagers
JP2004192602A (ja)	2004-07-08	ホームネットワークシステムおよびその運用方法
WO2021035867A1 (fr)	2021-03-04	Procédé de commande de redondance pour des dispositifs de commande principal et de secours
US11848889B2 (en)	2023-12-19	Systems and methods for improved uptime for network devices
GB2397661A (en)	2004-07-28	Redundant application stations for process control systems
CN101777020A (zh)	2010-07-14	一种用于分布式程序的容错方法和系统
EP3635547B1 (fr)	2022-04-27	Systèmes et procédés pour empêcher une perturbation de service pendant des mises à jour logicielles
CN108217350B (zh)	2022-05-27	电梯、自动扶梯和自动门的远程配置
CN116264548B (zh)	2025-11-21	具有主动服务监控的服务中软件升级
CN107465756B (zh)	2021-07-16	一种服务请求处理的方法和装置
CN100377083C (zh)	2008-03-26	启动控制方法、双平台系统以及信息处理器
US20070270984A1 (en)	2007-11-22	Method and Device for Redundancy Control of Electrical Devices
JP2004355446A (ja)	2004-12-16	クラスタシステム及びその制御方法
KR101750673B1 (ko)	2017-06-23	리던던트 시스템 및 통신 유닛
US20240378045A1 (en)	2024-11-14	Mobile industrial system embedded content unlocking and new content installation
US20190250687A1 (en)	2019-08-15	Method for Monitoring, Control and Graceful Shutdown of Control and/or Computer Units
JP2004157767A (ja)	2004-06-03	ソフトウェア更新システム
US20250079821A1 (en)	2025-03-06	Method for updating electronic circuit breaker firmware to avoid load de-energization
TWI913757B (zh)	2026-02-01	基於網路的ｈｍｉ子系統及用戶端安裝器
WO2012177597A1 (fr)	2012-12-27	Éléments de mise en réseau utilisés en tant que plate-forme de distribution de correctifs pour domaines d'automatisation et de commande distribués
US12007733B2 (en)	2024-06-11	Floating master controller
US11474804B2 (en)	2022-10-18	Device management system
JP7454919B2 (ja)	2024-03-25	情報記憶装置、ソフトウェア更新方法、および、冗長化システム
JP6424134B2 (ja)	2018-11-14	計算機システム及び計算機システムの制御方法
WO2025134276A1 (fr)	2025-06-26	Sous-système ihm basé sur le web et installateur client