[go: up one dir, main page]

CN100545981C - Signaling devices for safety circuits - Google Patents

Signaling devices for safety circuits Download PDF

Info

Publication number
CN100545981C
CN100545981C CN 200580010039 CN200580010039A CN100545981C CN 100545981 C CN100545981 C CN 100545981C CN 200580010039 CN200580010039 CN 200580010039 CN 200580010039 A CN200580010039 A CN 200580010039A CN 100545981 C CN100545981 C CN 100545981C
Authority
CN
China
Prior art keywords
signalling
safety
switch unit
input
output
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN 200580010039
Other languages
Chinese (zh)
Other versions
CN1938806A (en
Inventor
J·普尔曼
C·青泽尔
G·霍尔农
J·弗来那
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Pilz GmbH and Co KG
Original Assignee
Pilz GmbH and Co KG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Family has litigation
First worldwide family litigation filed litigation Critical https://patents.darts-ip.com/?family=35456106&utm_source=google_patent&utm_medium=platform_link&utm_campaign=public_patent_search&patent=CN100545981(C) "Global patent litigation dataset” by Darts-ip is licensed under a Creative Commons Attribution 4.0 International License.
Application filed by Pilz GmbH and Co KG filed Critical Pilz GmbH and Co KG
Publication of CN1938806A publication Critical patent/CN1938806A/en
Application granted granted Critical
Publication of CN100545981C publication Critical patent/CN100545981C/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B9/00Safety arrangements
    • G05B9/02Safety arrangements electric
    • G05B9/03Safety arrangements electric with multiple-channel loop, i.e. redundant control systems
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B9/00Safety arrangements
    • G05B9/02Safety arrangements electric
    • HELECTRICITY
    • H01ELECTRIC ELEMENTS
    • H01HELECTRIC SWITCHES; RELAYS; SELECTORS; EMERGENCY PROTECTIVE DEVICES
    • H01H47/00Circuit arrangements not adapted to a particular application of the relay and designed to obtain desired operating characteristics or to provide energising current
    • H01H47/002Monitoring or fail-safe circuits
    • H01H47/004Monitoring or fail-safe circuits using plural redundant serial connected relay operated contacts in controlled circuit

Landscapes

  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Engineering & Computer Science (AREA)
  • Automation & Control Theory (AREA)
  • Safety Devices In Control Systems (AREA)

Abstract

一种用于安全电路的信号装置,具有用于接收外部状态变量的输入部分(52)、至少一个切换单元(34、36)和控制部分(30、32)。控制部分(30、32)被设计为根据所述外部变量控制所述至少一个切换单元(34、36),使得施加于所述输入端(38)的信号被传送到所述输出端(42)。根据本发明的一个方面,切换单元(34、36)的输入端(38)内部连接到固定电位,优选地,固定高电位UB。在用于关闭危险设备的安全电路中,这样的信号装置互相串联地连接到安全控制器。在该设备中,第二信号装置(18b)的控制部分根据第一信号装置启动其相关的切换单元。

Figure 200580010039

A signaling device for a safety circuit has an input part (52) for receiving an external state variable, at least one switching unit (34, 36) and a control part (30, 32). The control part (30, 32) is designed to control said at least one switching unit (34, 36) according to said external variable, so that a signal applied to said input (38) is transmitted to said output (42) . According to an aspect of the invention, the input (38) of the switching unit (34, 36) is internally connected to a fixed potential, preferably a fixed high potential UB . In safety circuits for shutting down hazardous installations, such signaling devices are connected in series with each other to a safety controller. In this device, the control part of the second signaling means (18b) activates its associated switching unit in dependence on the first signaling means.

Figure 200580010039

Description

The signalling of safety circuit
Technical field
The present invention relates to a kind of signalling (other title: inductor, signal generator) that is used for safety circuit, described signalling comprises the importation that is used to receive the external status variable, comprise at least one switch unit with input and output, and comprise the control section that is designed for according to described at least one switch unit of described external variable control, like this, the signal that puts on input is sent to output.
The invention still further relates to a kind of safety means that are used for closing safely hazardous equipment, described safety means comprise and are designed for the safety governor of cutting out described hazardous equipment in the failure safe mode, and comprise the above-mentioned type, be connected in series first and at least one secondary signal device of safety governor mutually.
Background technology
Can understand such signalling and such safety circuit from EP 1 363 306A2.
The operational cycle of the modern technologies equipment full automation that becomes gradually, described equipment such as the equipment of industrial product and assembly line, transmission and conversion equipment, as the amusement equipment of roller-coaster etc.The adjustment point and the process variables of operation control receiving equipment, and use the control program of appointment to form control signal are come driver in the operating equipment according to this signal.Except controlling predetermined operational cycle, secure context is promptly avoided being positioned at the equipment region personnel and is caused danger, and comes into one's own day by day.For instance, the equipment that executes fully automatic operation generally waits and protects by safety enclosure wall, light curtain, reinforcement foundation net.For technical equipment equipment emergency cut-off button also is a general custom, when the described button of operation, should triggers this device shutdown (its part at least) or be placed on safe condition in certain other modes.Typically; do not adopt " standard " operation control of equipment to assess such and security-related signalling; but providing " safety switching apparatus " under " safety governor " or the simple scenario to safety means, wherein said safety device produces and only provides the status signal relevant with the protection of equipment merely.For simplicity, hereinafter no longer the safety governor and the better simply safety switching apparatus of complexity are done further to distinguish, that is to say that term " safety governor " has covered the trade (brand) name of for example being sold by the applicant
Figure C20058001003900061
Better simply safety switching apparatus and such as the applicant based on PLC's
Figure C20058001003900062
The safety governor of complexity.
Yet safety governor is different from " standard " operation control, and reason is that they are indigenous fault Safety Design as measurement result, such as detection or the like certainly of redundant signals processing channel, rule.Measure although the operation control of standard also may have some Fault Identification and fault-avoidances to a certain degree, typically, these are not enough for the safety shutdown of guaranteeing equipment in all cases.In order to distinguish " standard " controller and " standard " signalling, the safety circuit structure that the present invention relates to signalling, safety governor and obtain thus, described circuit structure is observed European standard EN 954-1 rank 3 at least, preferably has highest level 4 or similar safety requirements.
EP 1 363 306A2 that begin to quote disclose " safety switch ", i.e. signalling is used to monitor safe enclosure wall, emergency exit, machine cover layer part and the similar position of safety device.Such safety switch has control unit, and this unit can be used for determining opening or closing of emergency exit position in the failure safe mode.Up to the present, the normally dynamo-electric design of such safety switch, and essential functional test and such as the failure monitoring operation of interconnection identification by or adopt the advanced security controller to carry out at least.Therefore, have only usually when being used in combination with safety governor, such safety switch could obtain the approval based on EN 954-1 or similar standard.
In order to provide higher level of security to safety switch itself, EP 1 363 306A2 propose security logic is attached in the safety switch, and from light curtain, light curtain and other " intelligence " signalling, this has been known.In the exemplary embodiment of describing, the safety switch of proposition has two electronics switch units redundant mutually, that started by the failure safe control section.Switch unit has the outside enable signal that carries out articulating by them, and described outside enable signal finally offers the advanced security controller.Therefore enable signal can Be Controlled partly suppress, and this equipment of being monitored to the safety governor signal must be set to safe condition.Enable signal can also be carried out articulating with safety switch that be connected in series mutually by a plurality of, and each of these safety switches can both suppress described enable signal like this.
The series circuit that comprises signalling like this adopts dynamo-electric signalling to realize for a long time, have the enable signal that produces by safety governor in these cases, and come the described enable signal of loopback by the relay contact of the signalling that is connected in series.
Even the signalling in quite a lot of quantity is connected in series mutually under the situation of safety governor, the safety switch design of describing among EP 1 363 306A2 also allows the fast reaction of advanced security controller.On the other hand, the articulating of enable signal has been limited the maximum space distribution of the signalling that is connected in series.In addition, angle from the advanced security controller, if no matter one of signalling is because the situation of control unit (opening emergency exit or like that) changes or owing to inner detected failure condition has suppressed enable signal, then whole series connection is " dead ".The flexibility of the safety switch of describing and performance can not exceed the corresponding flexibility and the performance that may have for a long time based on the signalling of relay.
Summary of the invention
With respect to this background, the purpose of this invention is to provide the signalling of the sort of type of at first mentioning, this signalling particularly provides in series connection more flexibly and has used.
According to an aspect of the present invention, these purposes are to realize by the signalling of the sort of type of at first mentioning, and in described signalling, the input of switch unit is connected internally to fixing current potential, preferably Gu Ding high potential.
This purpose also realizes by corresponding safety circuit, wherein the input of at least one switch unit is connected internally to fixing current potential in each signalling, wherein the output of at least one switch unit also offers the control section of secondary signal device in first signalling, and wherein the control section of secondary signal device has started at least one switch unit of secondary signal device according to first signalling.
Therefore, with regard to circuit, new signalling is different with the safety switch known to EP 1 363 306A2, because enable signal no longer passes through at least one switch unit by articulating.But enable signal produces in each signalling repeatedly.Yet in this case, the control section in downstream, the consideration of secondary signal device are arranged in the output signal of the signalling of its upstream of series circuit.Therefore, it is simple question that the reproduction enable signal carries out articulating by a plurality of signallings, and like this from the angle of advanced security controller, it is impossible distinguishing.On the other hand, if the stream signal device has suppressed enable signal, then each signalling in the arranged in series is not " dead ".Owing to the present invention, especially, the downstream signal device is possible to signalling and/or advanced security controller transmission data-message subsequently, and this provides reaction more flexibly by whole safety circuit., will can adopt existing connection to transmit with reference to the data-message shown in the preferred embodiment subsequently herein, that is to say, very low although flexibility has increased the complexity of distribution.
In addition, as the result of novel circuit design, each signalling is provided with repeater function, therefore might produce obviously bigger distance between the signalling of mutual arranged in series.This also provides erection schedule more flexibly.Consider the new functionalized of signalling, group is closed and also is easy to realize, produces signaling-information because each signalling of arranged in series can be independent of the signalling of upstream at its output.
Therefore, fully realized above-mentioned purpose.
In a kind of improvement, new signalling has at least one input that is used for outside enable signal, preferably redundant safety input, described enable signal offers control section, and control section has also been controlled at least one switch unit according to described enable signal.Enable signal offers first signalling from safety governor in preferred safety circuit.
New flexibility has advantageously been used in this improvement.Although meaning, the repeater function of having described even do not need the new signalling of this improvement also to have the advantage that is better than known safety switch.Yet, only consider that in control section the outside enable signal that provides allows new signalling to carry out independent reaction according to event outside the signalling.
In further improving, the signal that sends the output of at least one switch unit to is provided for the control section in the signalling.
In other words, the output signal (being the output signal of signalling at least indirectly therefore) from switch unit is fed to control section.
Control section therefore can the interior failure condition of checkout equipment.Such characteristic learns from EP 1363 306A2 in essence, and learns from light curtain and other " intelligence " signallings and safety switching apparatus for a long time.Yet, unless based on the present invention, otherwise this improved advantage can not come into effect fully, transmits the internal fault situation because each signalling in the arranged in series can both be independent of the state of stream signal device.
In further improving, the control section in the signalling is designed to checkout gear internal fault situation and uses at least one switch unit to produce data-message at its output.
Special advantage is that new signalling can connect to advanced security controller transmission diagnostic data by existing signal, that is to say, extra connection and circuit needn't be set be used to send diagnostic data.Therefore, distribution is simplified, and under the situation of signalling and under the situation at safety governor, extra physical space and the cost that connects can both be saved.
In preferred the improvement, data-message is a pulse message, and promptly control section makes at least one switch unit opening and closing in the mode of pulse.
Like this, having the message of some bit information contents can be with low-down cost and send on existing signal line erratically.This provides effective forwarding of very detailed diagnostic message.This improvement also allows the address relevant with signalling to transmit to the Advanced Control device no trouble at all, this means that safety governor can discern each signalling in the series circuit independently.
In further improving, each signalling has the switch unit of two redundancies at least, and each switch unit all has input and output, and each of the switch unit of at least two redundancies all has the fixed potential that is applied to its input.
Combine with the present invention, this improvement of learning from safety governor in essence has such advantage: signalling can be on existing signal line, to advanced security controller reporting internal fault situation, even if one of switch unit has caused failure condition.In this case, therefore the redundancy that typically is provided with in known safety switching apparatus for reasons of safety also causes the availability of higher level.
In further improving, signalling has the input that is used to provide operating voltage, and this operating voltage is used as fixed potential and offers at least one switch unit.
This improvement has special advantage aspect the repeater function of above-mentioned new signal device.Because the input that at least one switch unit has the operating voltage of being connected to, the long distance between a plurality of signallings can easily be bridged.
In further improving, signalling comprise can first and at least one second locus between the removable control unit that moves, the external status variable is a current spatial position.In a special advantageous embodiment, control unit is transponder (transponder).
In this improvement, new signalling is emergency exit switch, emergency cut-off button, spacing or position switch, the inductor that is used for foot mat or manually-operated unlatching or order button preferably.In this case, control unit can be incorporated in the signalling, otherwise is independent of signalling and makes, and for example, this is typical for the emergency exit switch.Control unit can be optically, inductive ground, capacitively or in any other mode be linked to signalling.This improvement is preferred, because described signalling is simple relatively assembly, they do not carry out the signal of oneself in fact and handle.Under the situation of these signallings, the envelop of function of enhancing is visible for king-sized advantage.In addition, because signalling adopts its output to start driver and without any need for the safety governor that inserts, use the present invention to be used for such " simply " signalling, also can use redundant advanced security controller to smaller applications.
In another kind improved, if new signalling has the feedback input that is used for providing from driver external feedback signal, then this was preferred.
Therefore, the signalling in this improvement had combined before independently the function of " recording status variable " (inductor) and " closing device " (signal processing).Small-sized relevant safe application thereby can realize with low-down cost.
In another kind improved, the importation was designed to obtain the variable of physical measurement, and rotary speed, voltage and/or electric current specifically are as the external status variable.
The inductor that is used to receive such state variable is installed in the control cabinet usually, and emergency cut-off button, spacing or position switch, emergency exit switch and similarly signalling be installed on the equipment usually.Yet above-mentioned advantage also can be transferred in the same way as this class of signalling and measure inductor.For instance, a plurality of rotary speed controllers can be connected in series by mode described herein, so that cost is not monitored a plurality of shifting axles in the highland.
Undoubtedly, under the prerequisite that does not depart from the scope of the invention, These characteristics and following those characteristics that will illustrate can not only be used according to the compound mode of describing respectively, also can use according to other combination or its mode alone.
Description of drawings
Exemplary embodiment of the present invention is shown in the drawings, and for a more detailed description in the following description.Wherein:
Fig. 1 is the rough schematic view of equipment, wherein is used for protection based on signalling of the present invention,
Fig. 2 is the schematic diagram of the exemplary embodiment of new signal device,
Fig. 3 illustrates has two safety circuits of the signalling of the arranged in series of type as shown in Figure 2,
Fig. 4 illustrates the sequential chart with signal profile, and described signal profile is used to start the safety circuit shown in Fig. 3, and
Fig. 5 illustrates the further exemplary embodiment of new signal device.
Embodiment
Among Fig. 1, entirely indicate with Reference numeral 10 with the equipment of the present invention's protection.
In this embodiment, equipment 10 comprises manipulator 12, and the automatic running meeting of manipulator 12 causes danger to the personnel in its moving region (not shown) herein.Therefore the moving region of manipulator 12 is protected by emergency exit 14 and security fence, and this itself is known.Emergency exit 14 has the control unit 16 that is mounted thereon.Have safety switch 18 on fixing framework, bear against this fixed frame when emergency exit is closed, more generally, described safety switch 18 is just based on the standing part of signalling of the present invention.Safety switch 18 is connected to safety governor 20 by many circuits.Two contactors 22,24 of output control of safety governor 20, the power supply 26 to manipulator 12 can be interrupted in its contact.
Equipment 10 illustrates here in simplified form.As is known to the person skilled in the art, emergency exit 14 is equipped with at least two safety switches 18 and suitable control unit 16 usually, and one of safety switch is often installed with hidden form, handles difficulty more so that make.In addition, such equipment also comprises signalling, for example emergency cut-off button or other emergency exit switch (not shown herein).In addition, in order to simplify, the standard operation controller of manipulator 12 does not show here.When emergency exit was opened, in order to realize restricted operation, one or more rotary speed controllers (not shown herein) can be connected to the kinematic axis of drive unit and/or manipulator.
Under situation about simplifying, safety governor 20 can be to be called as the trade mark that the applicant sells
Figure C20058001003900111
Safety switching apparatus.Yet,, use the trade mark of selling such as the applicant by name if for protection equipment 10 needs a plurality of and security-related signalling
Figure C20058001003900112
More complicated safety governor be favourable.At least in the back in this situation, safety governor 20 has fieldbus usually and connects and be used for other interface of communicating and/or be used for communicating with senior master computer with standard operation controller (not shown) herein.
In preferred illustrative embodiment as shown in Figure 2, safety switch 18 is twin-channel Redundancy Design.Correspondingly, safety switch in this case has two redundant microcontrollers 30,32 of monitoring mutually, shown in the double-head arrow between the microcontroller.In preferred exemplary embodiment, microcontroller is different, that is to say that safety switch 18 is diversity designs.
Reference numeral 34,36 shows two electronics switch units, and in this case, described electronics switch unit is illustrated as field-effect transistor.Yet alternatively, it also is possible using bipolar transistor or other preferred electronics switch unit.
The control joint (grid) of switch unit 34 is connected to microcontroller 30.Input 38 (source electrode) is connected to circuit 40, and this circuit has the operating voltage U that is applied on it at safety switch 18 duration of works BOutput 42 (drain electrode) is connected to joint 44, can carry out external cabling to safety switch 18 on this joint.As a result, the output of switch unit 34 has formed the output signal of safety switch 18.
Second switch unit 36 has the control joint (grid) that is connected to microcontroller 32.Equally, its input 38 (source electrode) is in operating voltage U by circuit 40 BIts output 42 offers second out splice going splice 46 of safety switch 18.
Signal on switch unit 34,36 outputs 42 is fed to microcontroller 30,32 by two voltage dividers 48,50.This means that microcontroller 30,32 can monitor each switching state of switch unit 34,36.
Reference numeral 52 shows that microcontroller 30,32 is used for the importation of the current state of definite control unit 16, and current state in this case is the locus.In the preferred embodiment shown here, control unit 16 is the transponders that have signal generating circuit 54 and transmit and receive coil 56.The unique code 58 of signal generating circuit 54 storages.Importation 52 have be used to launch request signal transmit and receive coil 56 (only symbolically illustrating) here.Transponder 16 1 be positioned at importation 52 (emergency exit of closing) near, the signal generating circuit 54 in the control unit just is activated.Control unit 16 returns the code 58 of storage to importation 52 then.In the importation 52, code 58 is come out by demodulation from the signal that receives, and can be used for microcontroller 30,32.
On the other hand, if emergency exit 14 is opened, then control unit 16 is positioned at transmitting and receiving outside the scope of importation 52, and this position 16 ' in Fig. 2 is located to illustrate.In this case, do not communicate by letter between control unit 16 and the importation 52.Therefore microcontroller 30,32 does not receive code, and this is because emergency exit 14 has been opened.If have the second emergency exit switch or at least the second control unit (not shown), confirm that then the failure condition in control unit 16 or the importation 52 also is possible.
In other embodiments, can be at the control unit of other type and designs in importation 52.In this case, control unit also can be integrated in the safety switch 18.For example, safety switch 18 can be an emergency cut-off button, and control unit in this case can be the striker of this button.In other embodiments, importation 52 comprises inductance type, condenser type, optics or other inductor, is used for determining the current location of the mechanical control unit that moves.In addition, the present invention also is applicable to light curtain and other signallings that change basically between at least two states.In other exemplary embodiment, the importation is designed to obtain the physical state variable through measuring, and the back will be described in detail with reference to figure 5.
The input of safety switch 18 in this case has three joints 60,62,64, and described joint adopts the form of safety input respectively and is connected to two microcontrollers 30,32 redundantly.Joint 60 to 64 can be used for providing outside enable signal to microcontroller 30,32.In addition, joint 66 is used to provide operating voltage U B, earth connection point 68 is provided with in original, known mode.Undoubtedly, described joint all obtains respectively outside the casing 70 of safety switch 18 easily.
Among Fig. 3, the safety circuit with two described safety switches 18 is entirely indicated with Reference numeral 80.In addition, same reference symbol shows foregoing same unit.Two safety switches are indicated with 18a and 18b so that distinguish mutually.
Safety switch 18a has the terminal 60,62 of the output that is connected to safety governor 20.Preferably, these are safety governor 20 " clock output ", and it produces two different frequencies and/or clock signals, and therefore the interconnection identification in safety switch 18a and (by feedback, not shown herein) safety governor 20 is possible.In addition, safety switch 18a has the operating voltage of being connected to U BOr the terminal 66,68 of the output on ground.At outlet side, terminal 44,46 routes (route) of safety switch 18a are to the terminal 60,62 of downstream safety switch 18b.Therefore, safety switch 18a, 18b in series arrange mutually.In the arrangement that illustrates, safety switch 18b receives operating voltage from safety switch 18a.Alternatively, safety switch 18b can be connected to operating voltage U BIndependent current source.
From two output signals of safety switch 18b, promptly appear at the safe input that signal on the terminal 44,46 is provided for safety governor 20.The output of safety governor 20 be connected to power supply 26 and will pent drive unit 82 between, described drive unit is the servo drive in the manipulator 12 for example.In addition, roughly illustrate here, safety governor 20 is connected to the operation control 86 and/or the senior master computer of manipulator 12 by fieldbus 84.For the purpose of simplifying, the control unit that belongs to safety switch 18a, 18b is not shown in Fig. 3.
Safety circuit 80 work are as follows:
After the startup, safety governor 20 produces two clock signals 88,90 and they is offered safety switch 18a as enable signal at its output.Microcontroller 30,32 in the safety switch 18a uses importation 52 to monitor the current state of relevant control unit.If control unit is positioned near the importation 52, and if enable signal 88,90 correctly received, then microcontroller 30,32 uses two output signals that switch units 34,36 produce as the regeneration of enable signal 88,90.Yet these two signals also can be for example different on frequency with clock signal 88,90.If the definite equally emergency exit of the second safety switch 18b is closed and be working properly, then for it, it receives the enable signal of regeneration and at output they is regenerated.Safety governor 20 receives the enable signal of regeneration by circuit 92,94.
If safety switch 18a detects relevant emergency exit now and opens, if promptly Xiang Guan control unit has changed its state, then microcontroller 30,32 is opened switch unit 34,36.Therefore safety of downstream switch 18b no longer receives the enable signal of regeneration.Because switch unit 34,36 is closed, this obtains confirming by the microcontroller in the safety switch 18b, and is reported to safety governor 20.Then, safety governor 20 can be closed drive unit 82.
When safety switch 18a detected failure condition, flowing of signal took place according to identical mode, and described failure condition for example one of the interconnection, switch unit 34,36 of input or output end connector breaks down or any other failure condition.After the brief stand-by period, safety switch 18a mode with pulse on of its output at least produces data-messages 96 by closing and open at least one switch unit 34,36, and the wherein said stand-by period is stored in the microcontroller of all safety switch 18a, 18b and safety governor 20.Safety of downstream switch 18b receives this data-message and forwards it to safety governor 20 according to identical mode.If desired, also can be in conjunction with other information in data-message 96.
In one embodiment, if under the situation of Asynchronous Serial Interface, that is to say that data-message 96 begins and finishes with the bit that stops that defining from the initial bits of definition, then produces data-message 96.In the centre, exist arbitrarily or the data bit of predetermined number.In another embodiment, each data-message 96 comprises the pulse of the predetermined number with predetermined pulse duration.The validity of each independent pulse depends on the agreement of regulation between safety switch 18 and the safety governor 20.
If safety switch 18b oneself finds failure condition, then it produces independent data-message 96 in an identical manner.Opposite with known equipment, whether safety switch 18b can produce the data-message of oneself to switch unit 34,36, and open or close irrelevant with safety switch 18a.
In a preferred embodiment, comprise the address information item from the data-message of safety switch 18a, 18b, this address information item has identified the safety switch of wishing to advanced security controller 20 report informations.Each address can be distributed to safety switch 18a, 18b in a different manner.For instance, be equipped with multilevel address selector switch (not shown) herein can for each safety switch 18a, 18b, on this multilevel address selector switch, be provided with the address.In another exemplary embodiment, safety switch 18a, 18b use the code 58 of its relevant control unit 16 as the address respectively.
In another embodiment, after safety circuit 80 started, the safety switch 18a, the 18b that are connected in series were assigned with the address with initialize mode.The method for optimizing of carrying out this address assignment illustrates with reference to figure 4.
Fig. 4 has shown the signal graph of this initialize mode.The pulse train 100 at top is the operating voltage U that connects all parts that are used for safety circuit 80 B Reference numeral 102 illustrates the signal of first output terminal of clock of safety governor 20, i.e. signal on the circuit 88.Reference numeral 104 illustrates the signal of the second clock output of safety governor 20, i.e. signal on the circuit 90.As operating voltage U BDuring connection, the first safety switch 18a receives lasting high level and receives individual pulse at its input 62 at its input 60.The first safety switch 18a, the one identification latter, just regenerating at its output 44 (Reference numeral 106) is applied to the signal of its joint 60 (lasting high level).After stand-by period T, its output 46 produces two pulses, shown in Reference numeral 108.Stand-by period T is used to determine whether receive other pulse at input.
The second safety switching apparatus 18b is in its input 60,62 received signals 106,108, and its output 44,46 regeneration they.In doing so, 18b adds another pulse to it in the individual pulse 108 that receive at joint 62 places.Therefore the output of the second safety switch 18b produces the pulse train shown in Reference numeral 110,112.In the same way, other (not shown among Fig. 3) such as safety switching apparatus 18c, 18d can produce a holding wire (Reference numeral 114) and go up lasting high level and the pulse train on the secondary signal line, and each safety switch will increase a pulse in pulse train.
The signal a succession of last at this, that safety governor 20 receives shown in Reference numeral 114,116.According to signal 114, the distribution of safety governor identification passage A is correct.According to signal 116, the distribution of safety governor identification channel B is correct.In addition, according to the number (subtracting 1) of pulse, it can determine the number of safety switch 18a, the 18b etc. of arranged in series.In the same way, each safety switch 18a, 18b can discern its address according to the pulse number that receives.Like this, when safety circuit 80 was connected, unique address can be distributed to each safety switch of arranged in series automatically.Be changed if safety circuit is after 80s, then carry out distribution new, correct address to configuration subsequently, described configuration exists automatically when connecting once more.
Here, by input terminal 64, the flexibility of new signal device further increases, and has up to the present explained described terminal 64.This terminal can be used for presenting external feedback signal in safety switch 18.For instance, this means that safety switch self can start the contactor with the contact of just leading, that is, do not need safety switching apparatus or suitable safety governor with regard to being used for this purpose.If the break contact route that just leads of this contactor is to the feedback input end 64 of safety switch 18, then this is sufficient.
In another embodiment, the signalling such as the safety switch 18 that illustrates has further, applies the input terminal of initial signal.This even permission realize the restarting of being monitored of equipment and do not need previous common safety governor.
In addition, the mode of operation of signalling 18 can be provided with by input terminal 64, and for example, this is described in DE 100 16 712A1.In addition, can adopt different transponder code outer setting parameters.
Fig. 5 illustrates the exemplary embodiment as the new signal device 100 of rotary speed watch-dog.In the figure, identical reference symbol shows the unit identical with the front.
With regard to importation 102, signalling 100 is different from the signalling 18 of Fig. 2 in essence, and importation 102 is different with importation 52 in this case, is designed to write down rotary speed by measuring.In this exemplary embodiment and since importation 102 from rotating driving device 104 taps motor voltage and it is assessed with regard to its frequency, the execution of rotary speed record does not need inductor.In a certain embodiments, signalling 100 adopts the form of zero velocity monitoring, that is to say that signalling 100 is monitored when reaching and keep zero velocity.This can finish, because the generator voltage that importation 102 taps and monitoring are produced by the rotating driving device 104 that slows down, this can learn from the zero velocity watch-dog that is used for the relevant application of safety itself.
In another exemplary embodiment, recording voltage, electric current or other physical descriptor are come by measurement in importation 102, and microcontroller is specified the Variable Control switch unit 34,36 of the value of setting especially based on the variable of record based on the employing of record.

Claims (16)

1. signalling that is used for safety circuit, it comprises the importation (52) that is used to receive the external status variable, at least one switch unit (34 that comprises have input (38) and output (42), 36), and comprise and be designed for according to described at least one switch unit (34 of described external status Variable Control, 36) control section (30,32), be sent to described output (42) so that put on the signal of described input (38), it is characterized in that, described switch unit (34,36) described input (38) is connected internally to fixed potential, its feature also is, described signalling comprises and is used for outside enable signal (88,90) at least one input, described enable signal (88,90) offer described control section (30,32), described control section (30,32) according to described enable signal (88,90) described at least one switch unit (34 of control, 36).
2. according to the signalling of claim 1, it is characterized in that the signal that sends the described output (42) of described at least one switch unit (34,36) to is provided for described control section (30,32).
3. according to the signalling of claim 1 or 2, it is characterized in that described control section (30,32) is designed to checkout gear internal fault situation and uses at least one described switch unit (34,36) to produce data-message (96) at its output (42).
4. according to the signalling of claim 3, it is characterized in that described data-message is a pulse message.
5. according to the signalling of claim 1 or 2, it is characterized in that, described signalling has the switch unit (34,36) of at least two redundancies, each all has separately input (38) and output separately (42) switch unit of described at least two redundancies (34,36), and each of described at least two redundant switch units (34,36) all has the described fixed potential that is applied to its input.
6. according to the signalling of claim 1 or 2, it is characterized in that described signalling comprises the (U that is used to provide operating voltage B) input (66), described operating voltage offers described at least one switch unit (34,36) as described fixed potential.
7. according to the signalling of claim 1 or 2, it is characterized in that, described signalling comprise can first and at least one second locus (16 ') between the described external status variable of removable control unit (16) that moves as the current locus of described control unit (16).
8. according to the signalling of claim 1 or 2, it is characterized in that described importation (52) are designed to obtain the variable of physical measurement as the external status variable.
9. according to the signalling of claim 1 or 2, it is characterized in that described signalling comprises the feedback input end (64) that is used for providing from driver (22,24) external feedback signal.
10. according to the signalling of claim 1, it is characterized in that described fixed potential is fixing high potential (U B).
11. the signalling according to claim 1 is characterized in that, described input is redundant safe input (60,62).
12. the signalling according to claim 7 is characterized in that, described removable control unit (16) is a transponder.
13. signalling according to Claim 8 is characterized in that, the variable of described physical measurement is rotary speed, variable voltage and/or variable current.
14. safety means that are used for closing safely hazardous equipment (10), described safety means comprise and are designed for the safety governor (20) of cutting out described equipment (10) in the failure safe mode, and comprise first and at least one secondary signal device (18a of being connected in series described safety governor (20) mutually, 18b), each described signalling (18a, 18b) comprise the importation (52) that is used to receive the external status variable, at least one switch unit (34 with input (38) and output (42), 36), and be designed for according to described at least one switch unit (34 of described external variable control, 36) control section (30,32), be sent to described output (42) so that put on the signal of described input (38), it is characterized in that, described switch unit (34 in each signalling, 36) described input (38) is connected internally to fixed potential, and described at least one switch unit (34 in described first signalling (18a), 36) described output (42) offers the described control section (30 of described secondary signal device (18b), 32), and the described control section (30 of described secondary signal device (18b), 32) also start described at least one switch unit (34 of described secondary signal device (18b) according to described first signalling (18a), 36), its feature also is, will be from the enable signal (88 of described safety governor (20), 90) offer the described control section (30 of described first signalling (18a), 32), the described control section (30 of described first signalling (18a), 32) also according to described enable signal (88,90) described at least one switch unit (34 of described first signalling of startup (18a), 36).
15. equipment according to claim 14, it is characterized in that the described control section (30,32) in each signalling (18a, 18b) is designed to checkout gear internal fault situation and uses described at least one switch unit (34,36) to produce data-message (96) at its output (42).
16. the equipment according to claim 14 is characterized in that, described fixed potential is fixing high potential (U B).
CN 200580010039 2004-04-19 2005-03-23 Signaling devices for safety circuits Expired - Fee Related CN100545981C (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
DE102004020995.2A DE102004020995C5 (en) 2004-04-19 2004-04-19 Signaling device for a safety circuit
DE102004020995.2 2004-04-19
DE102004031918.9 2004-06-23

Publications (2)

Publication Number Publication Date
CN1938806A CN1938806A (en) 2007-03-28
CN100545981C true CN100545981C (en) 2009-09-30

Family

ID=35456106

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 200580010039 Expired - Fee Related CN100545981C (en) 2004-04-19 2005-03-23 Signaling devices for safety circuits

Country Status (2)

Country Link
CN (1) CN100545981C (en)
DE (1) DE102004020995C5 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104272420A (en) * 2012-04-05 2015-01-07 皮尔茨公司 Safety switching apparatus with a switching element in the auxiliary contact current path

Families Citing this family (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102006000635A1 (en) * 2006-01-03 2007-08-09 Kuka Roboter Gmbh Device for controlling at least one machine
DE102007032827A1 (en) * 2006-01-12 2009-01-15 Phoenix Contact Gmbh & Co. Kg Safety device for multi-channel control of a safety device
DE102008054698A1 (en) * 2008-12-16 2010-06-17 Robert Bosch Gmbh machine tool
DE102010025675B3 (en) * 2010-06-25 2011-11-10 Pilz Gmbh & Co. Kg Safety circuit arrangement for fail-safe switching on and off of a dangerous system
DE102010054386B3 (en) 2010-12-06 2012-02-23 Pilz Gmbh. & Co. Kg Safety switching device for fail-safe disconnection of an electrical load
DE102011013886A1 (en) 2011-03-04 2012-09-06 Pilz Gmbh & Co. Kg Device for the automated control of a technical installation
DE102011016137A1 (en) * 2011-03-30 2012-10-04 Pilz Gmbh & Co. Kg Safety circuit arrangement for fail-safe switching on or off of a dangerous system
DE102011110183B3 (en) 2011-08-09 2012-11-15 Pilz Gmbh & Co. Kg Modular control device
DE102011110184A1 (en) 2011-08-09 2013-02-14 Pilz Gmbh & Co. Kg Modular control device
DE102011110182A1 (en) 2011-08-09 2013-02-14 Pilz Gmbh & Co. Kg Modular control device
DE102011055920B3 (en) 2011-12-01 2013-05-29 Pilz Gmbh & Co. Kg Separate accessory for a control device
DE102012101516A1 (en) 2012-02-24 2013-08-29 Pilz Gmbh & Co. Kg Safety switching device with power supply
DE102012110698B3 (en) 2012-11-08 2014-02-27 Pilz Gmbh & Co. Kg Device for controlling and / or regulating a technical installation
DE102013100441B4 (en) 2013-01-16 2019-05-23 Pilz Gmbh & Co. Kg Safety relay
DE102013100467A1 (en) * 2013-01-17 2014-07-17 Netstal-Maschinen Ag Microprocessor-controlled control device for an injection molding plant
DE102013101050B4 (en) 2013-02-01 2023-02-16 Pilz Gmbh & Co. Kg Safety switching device with safe power pack
DE102013101932A1 (en) * 2013-02-27 2014-08-28 Pilz Gmbh & Co. Kg Safety switching device for on / fail-safe switching off of a technical system
EP2800118B1 (en) * 2013-04-29 2016-12-28 Rockwell Automation Germany GmbH & Co. KG Auto detection of guard locking device
DE102016117821A1 (en) 2016-09-21 2018-03-22 Pilz Gmbh & Co. Kg Safety circuit for fail-safe disconnection of a hazardous technical system
DE102018200120A1 (en) * 2018-01-05 2019-07-11 Kuka Deutschland Gmbh Safety control with at least one semiconductor switching contact
US11338382B2 (en) * 2018-04-04 2022-05-24 Lincoln Global, Inc. Welding equipment security
EP3557113B1 (en) * 2018-04-20 2025-06-25 EUCHNER GmbH + Co. KG Safety switch
DE102019102004B3 (en) * 2019-01-28 2020-06-10 Pilz Gmbh & Co. Kg Improved access security system to secure a machine or system
CN113534656B (en) * 2021-09-07 2022-01-21 中国商用飞机有限责任公司 Telex flight backup control system and telex flight backup control method

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4570109A (en) * 1983-02-03 1986-02-11 U.S. Philips Corporation Irradiation device
EP1363306A2 (en) * 2002-05-18 2003-11-19 K.A. SCHMERSAL GmbH & Co. Security switch, security circuit with security switches and methode for operating a security switch

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE10016712C5 (en) * 2000-04-04 2004-09-16 Pilz Gmbh & Co. Safety switching device and method for setting an operating mode of a safety switching device

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4570109A (en) * 1983-02-03 1986-02-11 U.S. Philips Corporation Irradiation device
EP1363306A2 (en) * 2002-05-18 2003-11-19 K.A. SCHMERSAL GmbH & Co. Security switch, security circuit with security switches and methode for operating a security switch

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104272420A (en) * 2012-04-05 2015-01-07 皮尔茨公司 Safety switching apparatus with a switching element in the auxiliary contact current path
CN104272420B (en) * 2012-04-05 2017-04-12 皮尔茨公司 Safety switching apparatus with a switching element in the auxiliary contact current path

Also Published As

Publication number Publication date
DE102004020995B4 (en) 2008-07-24
DE102004020995A1 (en) 2005-11-10
DE102004020995C5 (en) 2016-12-08
CN1938806A (en) 2007-03-28

Similar Documents

Publication Publication Date Title
CN100545981C (en) Signaling devices for safety circuits
JP5089378B2 (en) Signal transmission device for safety circuit
JP4729561B2 (en) Safety circuit and safety switch applied thereto
US9429271B2 (en) Safety circuit assembly for switching on or off a hazardous system in a failsafe manner
US9293285B2 (en) Safety circuit arrangement for connection or failsafe disconnection of a hazardous installation
CN106716275B (en) Control and data transmission system, gateway module, input/output module and course control method for use
US20110313580A1 (en) Method and platform to implement safety critical systems
US11365088B2 (en) Monitoring device for a passenger transport system, testing method and passenger transport system
CN105765470A (en) Safety control system having configurable inputs
JP4263339B2 (en) Safety switch device
US8090474B2 (en) Apparatus for controlling at least one machine
US5396122A (en) Door or protective hood locking control system as a safety device for machines
HK1254771A1 (en) Safety circuit for the fail-safe shutdown of an electrically powered system
CN110239575A (en) Multiply two logic control implementations and the systems for taking two based on two
US6487695B1 (en) Method for providing fail-safe secure data transmission between a numerical control system and a spatially separate unit
JP2019192244A (en) Safety switch
CN100470419C (en) Programmable Controllers
CN1570793A (en) Coordination of field device operations with overrides and bypasses within a process control and safety system
CN110088024A (en) The remote recovery system of elevator faults
Kanamaru et al. Functional safety application using safety PLC
CA1233546A (en) Remote load control relay processor
Piggin A fieldbus for machine safety
Einer et al. A railway demonstrator model for experimental investigation of integrated specification techniques
HK1099123B (en) Signaling device for a protective circuit
HK1099122B (en) Safety swtich for a fail-safe circuit

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20090930