[go: up one dir, main page]

CN101655257A - Electronic equipment - Google Patents

Electronic equipment Download PDF

Info

Publication number
CN101655257A
CN101655257A CN200810144974A CN200810144974A CN101655257A CN 101655257 A CN101655257 A CN 101655257A CN 200810144974 A CN200810144974 A CN 200810144974A CN 200810144974 A CN200810144974 A CN 200810144974A CN 101655257 A CN101655257 A CN 101655257A
Authority
CN
China
Prior art keywords
assembly
fault
circuit
electronic equipment
component
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN200810144974A
Other languages
Chinese (zh)
Inventor
大川勉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Panasonic Holdings Corp
Original Assignee
Matsushita Electric Industrial Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Matsushita Electric Industrial Co Ltd filed Critical Matsushita Electric Industrial Co Ltd
Priority to CN200810144974A priority Critical patent/CN101655257A/en
Publication of CN101655257A publication Critical patent/CN101655257A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Safety Devices In Control Systems (AREA)

Abstract

The invention provides electronic equipment provided with a plurality of components. The electronic equipment comprises a first component, a second component and a fault secure circuit, wherein the fault of the first component is directly correlated with the risk in security of the electronic equipment. Even when the second component has a fault, the fault of the second component does not have a side effect on the security of the electronic equipment, but can make the electronic equipment lose a main function. The fault secure circuit is used for stopping the operation of the second component.

Description

电子设备 Electronic equipment

技术领域 technical field

本发明涉及电子设备,该电子设备配备有:其故障可与关于电子设备的安全方面的风险直接结合(couple to)的组件;以及另一组件,即使当后面提到的组件有故障时,虽然该故障不会对该电子设备的安全性施加负面影响,但该组件的故障也使电子设备失去其主要功能。The present invention relates to electronic equipment equipped with: a component whose failure can be directly coupled to a risk with respect to the safety aspect of the electronic equipment; and another component, even when the latter mentioned component is faulty, although The failure does not negatively affect the safety of the electronic device, but failure of the component also renders the electronic device incapable of its primary function.

背景技术 Background technique

图12是用于示出具有故障安全(fail-safe)功能的传统产品100的框图。图12中示出的产品100配备有这样的组件110,该组件110包含时间测定单元120、定序器(sequencer)130和存储单元140。在产品100中提供的组件110具有故障安全功能。对存储单元140设置任意时间。在时间测定单元120执行加法计数(count up)操作的同时,当经过了对存储单元140设置的预定的时间时,时间测定单元120停止定序器130。以上述方式可改进寿命结束(lifetime end)的安全(例如,参考专利公开文件1)。FIG. 12 is a block diagram for illustrating a conventional product 100 having a fail-safe function. The product 100 shown in FIG. 12 is equipped with a component 110 including a timing unit 120 , a sequencer 130 and a storage unit 140 . The components 110 provided in the product 100 have fail-safe functions. Arbitrary time is set to the storage unit 140 . While the time measuring unit 120 performs a count up operation, when a predetermined time set to the storage unit 140 elapses, the time measuring unit 120 stops the sequencer 130 . Lifetime end safety can be improved in the above-described manner (for example, refer to Patent Publication 1).

专利公开文件1:JP-A-7-049151Patent Publication Document 1: JP-A-7-049151

在图12所示的产品100中,当经过了任意设置的预定时间时,停止组件110的操作,以便改进寿命结束的安全。应当理解,通常,当产品配备有很多种类和各种模式的组件时,根据组件,由于退化(deterioration)引起的故障的等级彼此不同,所述退化对于产品的安全方面的风险可施加负面影响。换言之,存在这样的组件:即使当这些组件有故障时,其故障也不会对产品的主要操作和安全性施加任何负面影响;然而,存在这样的组件:如果这些组件有故障,则其故障可能对于产品的操作和安全性施加很大的负面影响。此外,即使当组件有故障时,虽然对于组件的安全性可能不会施加负面影响,但是可能对于产品的操作施加负面影响。In the product 100 shown in FIG. 12, when an arbitrarily set predetermined time elapses, the operation of the component 110 is stopped in order to improve safety at the end of life. It should be understood that, generally, when a product is equipped with many kinds and various modes of components, the levels of failure due to degradation, which can exert a negative influence on the risk in terms of safety of the product, differ from each other depending on the component. In other words, there are components whose failure does not exert any adverse effect on the main operation and safety of the product even when these components are malfunctioning; however, there are components whose failure, if they are malfunctioning, may exert a large negative impact on the operation and safety of the product. Furthermore, even when a component is faulty, although a negative influence may not be exerted on the safety of the component, a negative influence may be exerted on the operation of the product.

发明内容 Contents of the invention

本发明的目的是,提供一种能够进一步改进当电子设备的寿命结束时的其安全性的电子设备。It is an object of the present invention to provide an electronic device which further improves the safety of the electronic device at the end of its life.

本发明要提供这样的电子设备,其特征在于:电子设备具有多个组件,该电子设备包括:第一组件,其故障与关于电子设备的安全方面的风险直接结合;第二组件,通过该第二组件,即使当第二组件有故障时,虽然第二组件的故障不会对电子设备的安全性施加负面影响,但第二组件的故障也使电子设备失去其主要功能;以及故障安全电路,用于停止第二组件的操作。The present invention intends to provide such an electronic device, characterized in that the electronic device has a plurality of components, the electronic device comprising: a first component, the failure of which is directly associated with a risk related to the safety of the electronic device; a second component, through which a second component, even when the second component fails, the failure of the second component causes the electronic device to lose its primary function, although the failure of the second component does not exert a negative impact on the safety of the electronic device; and a fail-safe circuit, Used to stop the operation of the second component.

在如上所述的电子设备中,在第二组件内提供故障安全电路。In the electronic device as described above, the fail-safe circuit is provided within the second component.

本发明将提供这样的电子设备,其特征在于:电子设备具有多个组件,该电子设备包括:第一组件,其故障与关于电子设备的安全方面的风险直接结合;第二组件,通过该第二组件,即使当第二组件有故障时,虽然第二组件的故障不会对产品的安全性施加负面影响,但第二组件的故障也使产品失去其主要功能;电源电路,用于控制向第二组件提供电功率;以及故障安全电路,该故障安全电路以如下方式操作:在故障安全电路监视第一组件的状况的同时,当故障安全电路检测到第一组件的问题时,故障安全电路控制电源电路,以便停止向第二组件提供电功率。The present invention will provide such an electronic device, characterized in that the electronic device has a plurality of components, the electronic device comprising: a first component, the failure of which is directly associated with a risk to the safety of the electronic device; a second component, through which Two components, even when the second component fails, although the failure of the second component will not exert a negative impact on the safety of the product, the failure of the second component will also cause the product to lose its main function; The second component provides electrical power; and a fail-safe circuit that operates in a manner that, while the fail-safe circuit monitors the condition of the first component, when the fail-safe circuit detects a problem with the first component, the fail-safe circuit controls the the power circuit to stop supplying electrical power to the second component.

本发明要提供这样的电子设备,其特征在于:电子设备具有多个组件,该电子设备包括:第一组件,其故障与关于电子设备的安全方面的风险直接结合;第二组件,通过该第二组件,即使当第二组件有故障时,虽然第二组件的故障不会对电子设备的安全性施加负面影响,但第二组件的故障也使电子设备失去其主要功能;时钟控制电路,用于控制向第二组件提供的时钟信号;以及故障安全电路,该故障安全电路以如下方式操作:在故障安全电路监视第一组件的状况的同时,当故障安全电路检测到第一组件的问题时,故障安全电路控制时钟控制电路以便停止向第二组件提供时钟信号。The present invention intends to provide such an electronic device, characterized in that the electronic device has a plurality of components, the electronic device comprising: a first component, the failure of which is directly associated with a risk related to the safety of the electronic device; a second component, through which Two components, even when the second component fails, although the failure of the second component will not exert a negative impact on the safety of the electronic device, the failure of the second component will also cause the electronic device to lose its main function; the clock control circuit, with for controlling the clock signal provided to the second component; and a fail-safe circuit that operates in a manner that, while the fail-safe circuit monitors the condition of the first component, when the fail-safe circuit detects a problem with the first component , the fail-safe circuit controls the clock control circuit to stop supplying the clock signal to the second component.

本发明将提供这样的电子设备,其特征在于:电子设备具有多个组件,该电子设备包括:第一组件,其故障与关于电子设备的安全方面的风险直接结合;第二组件,通过该第二组件,即使当第二组件有故障时,虽然第二组件的故障不会对电子设备的安全性施加负面影响,但第二组件的故障也使电子设备失去其主要功能;复位控制电路,用于复位第二组件;以及故障安全电路,该故障安全电路以如下方式操作:在故障安全电路监视第一组件的状况的同时,当故障安全电路检测到所述第一组件的问题时,故障安全电路控制复位控制电路,以便使第二组件保持在其复位状态下。The present invention will provide such an electronic device, characterized in that the electronic device has a plurality of components, the electronic device comprising: a first component, the failure of which is directly associated with a risk to the safety of the electronic device; a second component, through which Two components, even when the second component fails, although the failure of the second component will not exert a negative impact on the safety of the electronic equipment, the failure of the second component will also cause the electronic equipment to lose its main function; reset the control circuit, with for resetting the second component; and a fail-safe circuit that operates in the following manner: while the fail-safe circuit monitors the condition of the first component, when the fail-safe circuit detects a problem with the first component, the fail-safe circuit The circuit controls the reset control circuit to maintain the second component in its reset state.

本发明要提供这样的电子设备,其特征在于:电子设备具有多个组件,该电子设备包括:第一组件,其故障与关于电子设备的安全方面的风险直接结合;第二组件,通过该第二组件,即使当第二组件有故障时,虽然第二组件的故障不会对电子设备的安全性施加负面影响,但第二组件的故障也使电子设备失去其主要功能;数据线控制电路,用于控制第二组件的数据线;以及故障安全电路,该故障安全电路以如下方式操作:在故障安全电路监视第一组件的状况的同时,当故障安全电路检测到第一组件的问题时,故障安全电路控制数据线控制电路,以便使第二组件的数据线进入非受控状态。The present invention intends to provide such an electronic device, characterized in that the electronic device has a plurality of components, the electronic device comprising: a first component, the failure of which is directly associated with a risk related to the safety of the electronic device; a second component, through which Two components, even when the second component fails, although the failure of the second component will not exert a negative impact on the safety of the electronic device, the failure of the second component will cause the electronic device to lose its main function; the data line control circuit, a data line for controlling the second component; and a fail-safe circuit that operates in a manner that, while the fail-safe circuit monitors the condition of the first component, when the fail-safe circuit detects a problem with the first component, The fail-safe circuit controls the data line control circuit to bring the data line of the second component into an uncontrolled state.

本发明将提供这样的电子设备,其特征在于:电子设备具有多个组件,该电子设备包括:第一组件,其故障与关于电子设备的安全方面的风险直接结合;第二组件,通过该第二组件,即使当第二组件有故障时,虽然第二组件的故障不会对电子设备的安全性施加负面影响,但第二组件的故障也使电子设备失去其主要功能;控制线控制电路,用于控制第二组件的控制线;以及故障安全电路,该故障安全电路以如下方式操作:在故障安全电路监视第一组件的状况的同时,当故障安全电路检测到第一组件的问题时,故障安全电路控制控制线控制电路,以便使第二组件的控制线进入非受控状态。The present invention will provide such an electronic device, characterized in that the electronic device has a plurality of components, the electronic device comprising: a first component, the failure of which is directly associated with a risk to the safety of the electronic device; a second component, through which Two components, even when the second component fails, although the failure of the second component will not exert a negative impact on the safety of the electronic equipment, the failure of the second component will cause the electronic equipment to lose its main function; the control line control circuit, a control line for controlling the second component; and a fail-safe circuit that operates in a manner that, while the fail-safe circuit monitors the condition of the first component, when the fail-safe circuit detects a problem with the first component, The fail-safe circuit controls the control line control circuit to bring the control line of the second component into an uncontrolled state.

本发明将提供这样的电子设备,其特征在于:电子设备具有多个组件,该电子设备包括:第一组件,其故障与关于电子设备的安全方面的风险直接结合;第二组件,通过该第二组件,即使当第二组件有故障时,虽然第二组件的故障不会对电子设备的安全性施加负面影响,但第二组件的故障也使电子设备失去其主要功能;地址线控制电路,用于控制第二组件的地址线;以及故障安全电路,该故障安全电路以如下方式操作:在故障安全电路监视第一组件的状况的同时,当故障安全电路检测到第一组件的问题时,故障安全电路控制地址线控制电路,以便使第二组件的地址线进入非受控状态。The present invention will provide such an electronic device, characterized in that the electronic device has a plurality of components, the electronic device comprising: a first component, the failure of which is directly associated with a risk to the safety of the electronic device; a second component, through which Two components, even when the second component fails, although the failure of the second component does not exert a negative impact on the safety of the electronic device, the failure of the second component also causes the electronic device to lose its main function; the address line control circuit, an address line for controlling the second component; and a fail-safe circuit that operates in a manner that, while the fail-safe circuit monitors the condition of the first component, when the fail-safe circuit detects a problem with the first component, The fail-safe circuit controls the address line control circuit to bring the address lines of the second component into an uncontrolled state.

在以上描述的电子设备中,当故障安全电路响应于从外部设备发送的信号来检测第一组件的状况、并且检测到第一组件的问题时,故障安全电路停止第二组件的操作。In the electronic device described above, when the fail-safe circuit detects the condition of the first component in response to a signal sent from the external device, and detects a problem with the first component, the fail-safe circuit stops the operation of the second component.

在以上描述的电子设备中,在故障安全电路已检测到第一组件的问题后,当故障安全电路接收从外部设备发送的用于停止第二组件的操作的指令信号时,故障安全电路停止第二组件的操作。In the above-described electronic equipment, after the fail-safe circuit has detected a problem with the first component, when the fail-safe circuit receives an instruction signal for stopping the operation of the second component sent from an external device, the fail-safe circuit stops the second component. Operation of two components.

在以上描述的电子设备中,从外部设备发送的指令信号是经由网络从其传送的信号。In the electronic device described above, the instruction signal sent from the external device is a signal transmitted therefrom via the network.

在以上描述的电子设备中,当已经从关于电子设备的购买、或电子设备的初始操作的时间信息所指示的时间经过了预定时间时,故障安全电路停止第二组件的操作。In the electronic device described above, the fail-safe circuit stops the operation of the second component when a predetermined time has elapsed from the time indicated by the time information on purchase of the electronic device, or initial operation of the electronic device.

在以上描述的电子设备中,在已经经过了预定时间后,当故障安全电路接收到从外部设备发送的用于停止第二组件的操作的指令信号时,故障安全电路停止第二组件的操作。In the electronic device described above, when the fail-safe circuit receives an instruction signal for stopping the operation of the second component transmitted from the external device after a predetermined time has elapsed, the fail-safe circuit stops the operation of the second component.

在以上描述的电子设备中,外部设备为电子设备的再充电装置(recharging device)。In the electronic equipment described above, the external device is a recharging device of the electronic equipment.

根据关于本发明的电子设备,可进一步改进当寿命结束时的其安全性。换言之,可以安全的方式到达产品寿命的结束。According to the electronic equipment related to the present invention, its safety at the end of its life can be further improved. In other words, the end of product life can be reached in a safe manner.

附图说明 Description of drawings

图1是根据本发明的第一实施方式的用于示出具有故障安全功能的产品的框图。FIG. 1 is a block diagram illustrating a product having a fail-safe function according to a first embodiment of the present invention.

图2是根据本发明的第二实施方式的用于示出具有故障安全功能的产品的框图。FIG. 2 is a block diagram illustrating a product having a fail-safe function according to a second embodiment of the present invention.

图3是根据本发明的第三实施方式的用于示出具有故障安全功能的产品的框图。FIG. 3 is a block diagram illustrating a product having a fail-safe function according to a third embodiment of the present invention.

图4是根据本发明的第四实施方式的用于示出具有故障安全功能的产品的框图。FIG. 4 is a block diagram illustrating a product having a fail-safe function according to a fourth embodiment of the present invention.

图5是根据本发明的第五实施方式的用于示出具有故障安全功能的产品的框图。FIG. 5 is a block diagram illustrating a product having a fail-safe function according to a fifth embodiment of the present invention.

图6是根据本发明的第六实施方式的用于示出具有故障安全功能的产品的框图。FIG. 6 is a block diagram illustrating a product having a fail-safe function according to a sixth embodiment of the present invention.

图7是根据本发明的第七实施方式的用于示出具有故障安全功能的产品的框图。FIG. 7 is a block diagram illustrating a product having a fail-safe function according to a seventh embodiment of the present invention.

图8是根据本发明的第八实施方式的用于示出具有故障安全功能的产品的框图。FIG. 8 is a block diagram illustrating a product having a fail-safe function according to an eighth embodiment of the present invention.

图9是根据本发明的第九实施方式的用于示出具有故障安全功能的产品的框图。FIG. 9 is a block diagram illustrating a product having a fail-safe function according to a ninth embodiment of the present invention.

图10是根据本发明的第十实施方式的用于示出具有故障安全功能的产品的框图。FIG. 10 is a block diagram illustrating a product having a fail-safe function according to a tenth embodiment of the present invention.

图11是根据本发明的第十一实施方式的用于示出具有故障安全功能的产品的框图。Fig. 11 is a block diagram illustrating a product having a fail-safe function according to an eleventh embodiment of the present invention.

图12是根据传统技术的用于示出具有故障安全功能的产品的框图。FIG. 12 is a block diagram illustrating a product having a fail-safe function according to a conventional art.

具体实施方式 Detailed ways

现在参考附图,对本发明的实施方式的进行描述。Embodiments of the present invention will now be described with reference to the accompanying drawings.

(第一实施方式)(first embodiment)

图1是根据本发明的第一实施方式的用于示出具有故障安全功能的产品的框图。图1中所示的产品200配备有具有功能操作电路211的组件210、具有功能操作电路221的组件220、以及故障安全电路230。FIG. 1 is a block diagram illustrating a product having a fail-safe function according to a first embodiment of the present invention. The product 200 shown in FIG. 1 is equipped with a component 210 having a functional operating circuit 211 , a component 220 having a functional operating circuit 221 , and a fail-safe circuit 230 .

组件210对应于其故障可与关于产品200的安全方面的风险直接结合的组件。组件220是这样的组件:即使当组件220有故障时,虽然该故障不会对产品200的安全性施加负面影响,但组件220的故障也使产品200失去其主要功能。功能操作电路211对应于执行由组件210实现的产品200的功能所需的电路。功能操作电路221对应于执行由组件220实现的产品200的功能所需的电路。故障安全电路230对应于停止功能操作电路221的操作的电路。Component 210 corresponds to a component whose failure can be directly combined with a safety-related risk to product 200 . The component 220 is a component whose failure causes the product 200 to lose its main function even when the component 220 has a failure, although the failure does not exert a negative influence on the safety of the product 200 . The functional operation circuit 211 corresponds to a circuit required to perform the function of the product 200 realized by the component 210 . The functional operation circuit 221 corresponds to a circuit required to perform the functions of the product 200 realized by the components 220 . The fail-safe circuit 230 corresponds to a circuit that stops the operation of the functional operation circuit 221 .

在第一实施方式中,由于故障安全电路230被安装于组件210和220之外,所以,可将故障安全电路230安装于产品200内的任何位置。In the first embodiment, since the fail-safe circuit 230 is installed outside the components 210 and 220 , the fail-safe circuit 230 can be installed anywhere in the product 200 .

(第二实施方式)(second embodiment)

图2是根据本发明的第二实施方式的用于示出具有故障安全功能的产品的框图。图2中所示的产品300配备有具有功能操作电路311的组件310、以及具有功能操作电路321和故障安全电路330的另一组件320。FIG. 2 is a block diagram illustrating a product having a fail-safe function according to a second embodiment of the present invention. The product 300 shown in FIG. 2 is equipped with a component 310 having a functional operating circuit 311 , and another component 320 having a functional operating circuit 321 and a fail-safe circuit 330 .

组件310对应于其故障可与关于产品300的安全方面的风险直接结合的组件。组件320是这样的组件:即使当组件320有故障时,虽然该故障不会对产品300的安全性施加负面影响,但组件320的故障也使产品300失去其主要功能。功能操作电路311对应于执行由组件310实现的产品300的功能所需的电路。功能操作电路321对应于执行由组件320实现的产品300的功能所需的电路。故障安全电路330对应于停止功能操作电路321的操作的电路。Component 310 corresponds to a component whose failure can be directly combined with a safety-related risk to product 300 . The component 320 is a component whose failure causes the product 300 to lose its main function even when the component 320 has a failure, although the failure does not exert a negative influence on the safety of the product 300 . The functional operation circuit 311 corresponds to a circuit required to perform the functions of the product 300 realized by the components 310 . The functional operation circuit 321 corresponds to a circuit required to perform the functions of the product 300 realized by the components 320 . The fail-safe circuit 330 corresponds to a circuit that stops the operation of the functional operation circuit 321 .

在第二实施方式中,即使当组件320有故障时,虽然可能不会对产品300的安全性施加负面影响,但是其故障可使产品300失去主要功能的组件320也包括故障安全电路330。结果,当可在组件320中确认问题时,通过故障安全电路330,可有意地使组件320进入故障状态。因此,当使组件320进入故障状态时,可控制产品300不操作,使得可增加当产品300的寿命结束时的安全性。In the second embodiment, even when a component 320 is faulty, a component 320 whose failure may cause the product 300 to lose its main function includes the fail-safe circuit 330 although it may not exert a negative influence on the safety of the product 300 . As a result, when a problem can be identified in component 320 , via fail-safe circuit 330 , component 320 can be intentionally brought into a fault state. Therefore, when the component 320 is brought into a fault state, the product 300 can be controlled not to operate, so that the safety when the life of the product 300 ends can be increased.

(第三实施方式)(third embodiment)

图3是根据本发明的第三实施方式的用于示出具有故障安全功能的产品的框图。图3中所示的产品400配备有具有功能操作电路411的组件410、以及具有功能操作电路421和故障安全电路430的组件420。功能操作电路421包含电源电路422。FIG. 3 is a block diagram illustrating a product having a fail-safe function according to a third embodiment of the present invention. The product 400 shown in FIG. 3 is equipped with a component 410 having a functional operating circuit 411 , and a component 420 having a functional operating circuit 421 and a fail-safe circuit 430 . The functional operation circuit 421 includes a power supply circuit 422 .

组件410对应于其故障可与关于产品400的安全方面的风险直接结合的组件。组件420是这样的组件:即使当组件420有故障时,虽然该故障不会对产品400的安全性施加负面影响,但组件420的故障也使产品400失去其主要功能。功能操作电路411对应于执行由组件410实现的产品400的功能所需的电路。功能操作电路421对应于执行由组件420实现的产品400的功能所需的电路。电源电路422对应于控制功能操作电路421的电功率提供的电路,即,为了使功能操作电路421在正常条件下操作所需的电路。故障安全电路430对应于以下电路:即,在故障安全电路430连续监视功能操作电路411的状况的同时,当故障安全电路430检测到由于退化等引起的功能操作电路411的问题时,故障安全电路430控制包含在功能操作电路421中的电源电路422,以便停止将电功率提供到功能操作电路421。还应注意到,可替换地,可将故障安全电路430安装于组件420之外。Component 410 corresponds to a component whose failure can be directly linked to a safety-related risk with respect to product 400 . The component 420 is a component whose failure causes the product 400 to lose its main function even when the component 420 has a failure, although the failure does not exert a negative influence on the safety of the product 400 . The functional operation circuit 411 corresponds to a circuit required to perform the function of the product 400 realized by the component 410 . The functional operation circuit 421 corresponds to a circuit required to perform the function of the product 400 realized by the component 420 . The power supply circuit 422 corresponds to a circuit that controls electric power supply of the functional operation circuit 421 , that is, a circuit required for the functional operation circuit 421 to operate under normal conditions. The fail-safe circuit 430 corresponds to a circuit that, while the fail-safe circuit 430 continuously monitors the condition of the functional operation circuit 411, when the fail-safe circuit 430 detects a problem with the functional operation circuit 411 due to degradation or the like, the fail-safe circuit 430 controls the power supply circuit 422 included in the functional operation circuit 421 so as to stop supply of electric power to the functional operation circuit 421 . It should also be noted that the fail-safe circuit 430 could alternatively be mounted outside of the assembly 420 .

在第三实施方式中,在故障安全电路430连续监视包含在其故障可与产品400的安全方面直接结合的组件410中的功能操作电路411的状况的同时,当故障安全电路430检测到功能操作电路411的问题时,故障安全电路430停止功能操作电路421的操作。如果停止了功能操作电路421的操作,则组件420不操作,但是,如果组件420不操作,则组件410也不操作。因此,可能避免以下提到的事件:也就是,在其故障可与关于产品400的安全方面的风险直接结合的组件410的故障持续的同时,产品400继续操作,使得组件410进入退化故障。如前所述,可增加当产品400的寿命结束时的安全性。In the third embodiment, while the fail-safe circuit 430 continuously monitors the condition of the functional operation circuit 411 contained in the component 410 whose failure can be directly combined with the safety aspect of the product 400, when the fail-safe circuit 430 detects that the functional operation In the event of a problem with the circuit 411 , the fail-safe circuit 430 stops the operation of the functional operation circuit 421 . If the operation of the functional operation circuit 421 is stopped, the component 420 does not operate, but if the component 420 does not operate, the component 410 does not operate either. Thus, it is possible to avoid the mentioned event that the product 400 continues to operate while the failure of a component 410 whose failure may be directly coupled with a safety-related risk to the product 400 persists, causing the component 410 to enter a degraded failure. As previously mentioned, safety at the end of the life of the product 400 may be increased.

(第四实施方式)(fourth embodiment)

图4是根据本发明的第四实施方式的用于示出具有故障安全功能的产品的框图。图4中所示的产品500配备有具有功能操作电路511的组件510、以及具有功能操作电路521和故障安全电路530的组件520。功能操作电路521包含时钟控制电路522。FIG. 4 is a block diagram illustrating a product having a fail-safe function according to a fourth embodiment of the present invention. The product 500 shown in FIG. 4 is equipped with a component 510 having a functional operating circuit 511 , and a component 520 having a functional operating circuit 521 and a fail-safe circuit 530 . The functional operation circuit 521 includes a clock control circuit 522 .

组件510对应于其故障可与关于产品500的安全方面的风险直接结合的组件。组件520是这样的组件:即使当组件520有故障时,虽然该故障不会对产品500的安全性施加负面影响,但组件520的故障也使产品500失去其主要功能。功能操作电路511对应于执行由组件510实现的产品500的功能所需的电路。功能操作电路521对应于执行由组件520实现的产品500的功能所需的电路。时钟控制电路522对应于控制向功能操作电路521提供时钟信号的电路,即,为了使功能操作电路521在正常条件下操作所需的电路。故障安全电路530对应于以下电路:即,在故障安全电路530连续监视功能操作电路511的状况的同时,当故障安全电路530检测到由于退化等引起的功能操作电路511的问题时,故障安全电路530控制包含在功能操作电路521中的时钟控制电路522,以便停止对功能操作电路521提供时钟信号。还应注意到,可替换地,可将故障安全电路530安装于组件520之外。Component 510 corresponds to a component whose failure can be directly linked to a safety-related risk with respect to product 500 . The component 520 is a component whose failure causes the product 500 to lose its main function even when the component 520 fails, although the failure does not exert a negative influence on the safety of the product 500 . The functional operation circuit 511 corresponds to a circuit required to perform the function of the product 500 realized by the component 510 . The functional operation circuit 521 corresponds to a circuit required to perform the functions of the product 500 realized by the components 520 . The clock control circuit 522 corresponds to a circuit that controls supply of a clock signal to the functional operation circuit 521 , that is, a circuit required for the functional operation circuit 521 to operate under normal conditions. The fail-safe circuit 530 corresponds to a circuit that, while the fail-safe circuit 530 continuously monitors the condition of the functional operation circuit 511, when the fail-safe circuit 530 detects a problem with the functional operation circuit 511 due to degradation or the like, the fail-safe circuit 530 controls the clock control circuit 522 included in the functional operation circuit 521 so as to stop supplying the clock signal to the functional operation circuit 521 . It should also be noted that the fail-safe circuit 530 could alternatively be mounted outside of the assembly 520 .

在第四实施方式中,在故障安全电路530连续监视包含在其故障可与产品500的安全方面直接结合的组件510中的功能操作电路511的状况的同时,当故障安全电路530检测到功能操作电路511的问题时,故障安全电路530停止向功能操作电路521提供时钟信号。如果停止向功能操作电路521提供时钟信号,则组件520不操作,但是,如果组件520不操作,则组件510也不操作。因此,可能避免以下提到的事件:也就是,在其故障可与关于产品500的安全方面的风险直接结合的组件510的故障持续的同时,产品500继续操作,使得组件510进入退化故障。如前所述,可增加当产品500的寿命结束时的安全性。In the fourth embodiment, while the fail-safe circuit 530 continuously monitors the condition of the functional operation circuit 511 contained in the component 510 whose failure can be directly combined with the safety aspect of the product 500, when the fail-safe circuit 530 detects that the functional operation In the event of a problem with circuit 511 , fail-safe circuit 530 stops providing a clock signal to functional operation circuit 521 . If the supply of the clock signal to the functional operation circuit 521 is stopped, the component 520 does not operate, however, if the component 520 does not operate, the component 510 does not operate either. Thus, it is possible to avoid the mentioned event that the product 500 continues to operate while the failure of a component 510 whose failure may be directly coupled with a safety-related risk to the product 500 persists, causing the component 510 to enter a degraded failure. As previously mentioned, safety at the end of the life of the product 500 may be increased.

(第五实施方式)(fifth embodiment)

图5是根据本发明的第五实施方式的用于示出具有故障安全功能的产品的框图。图5中所示的产品600配备有具有功能操作电路611的组件610、以及具有功能操作电路621和故障安全电路630的组件620。功能操作电路621包含复位控制电路622。FIG. 5 is a block diagram illustrating a product having a fail-safe function according to a fifth embodiment of the present invention. The product 600 shown in FIG. 5 is equipped with a component 610 having a functional operating circuit 611 , and a component 620 having a functional operating circuit 621 and a fail-safe circuit 630 . The functional operation circuit 621 includes a reset control circuit 622 .

组件610对应于其故障可与关于产品600的安全方面的风险直接结合的组件。组件620是这样的组件:即使当组件620有故障时,虽然该故障不会对产品600的安全性施加负面影响,但组件610的故障也使产品600失去其主要功能。功能操作电路611对应于执行由组件610实现的产品600的功能所需的电路。功能操作电路621对应于执行由组件620实现的产品600的功能所需的电路。复位控制电路622对应于复位功能操作电路621的电路,即,为了使功能操作电路621在正常条件下操作所需的电路。故障安全电路630对应于以下电路:即,在故障安全电路630连续监视功能操作电路611的状况的同时,当故障安全电路630检测到由于退化等引起的功能操作电路611的问题时,故障安全电路630控制包含在功能操作电路621中的复位控制电路622,以便保持功能操作电路621已被连续复位的状态。还应注意到,可替换地,可将故障安全电路630安装于组件620之外。Component 610 corresponds to a component whose failure may be directly coupled with a safety-related risk to product 600 . The component 620 is such a component that even when the component 620 fails, the failure of the component 610 causes the product 600 to lose its main function although the failure does not exert a negative influence on the safety of the product 600 . The functional operation circuit 611 corresponds to a circuit required to perform the function of the product 600 realized by the component 610 . The functional operation circuit 621 corresponds to a circuit required to perform the function of the product 600 realized by the component 620 . The reset control circuit 622 corresponds to a circuit that resets the functional operation circuit 621 , that is, a circuit required for the functional operation circuit 621 to operate under normal conditions. The fail-safe circuit 630 corresponds to a circuit that, while the fail-safe circuit 630 continuously monitors the condition of the functional operation circuit 611, when the fail-safe circuit 630 detects a problem with the functional operation circuit 611 due to degradation or the like, the fail-safe circuit 630 controls the reset control circuit 622 included in the functional operation circuit 621 so as to maintain a state in which the functional operation circuit 621 has been continuously reset. It should also be noted that the fail-safe circuit 630 could alternatively be mounted outside of the assembly 620 .

在第五实施方式中,在故障安全电路630连续监视包含在其故障可与产品600的安全方面直接结合的组件610中的功能操作电路611的状况的同时,当故障安全电路630检测到功能操作电路611的问题时,故障安全电路630保持功能操作电路621在复位状态下。如果功能操作电路621被连续保持在复位状态下,则组件620不操作;但是,如果组件620不操作,则组件610也不操作。因此,可能避免以下提到的事件:也就是,在其故障可与关于产品600的安全方面的风险直接结合的组件610的故障持续的同时,继续操作产品600,使得组件610进入退化故障。如前所述,可增加当产品600的寿命结束时的安全性。In the fifth embodiment, while the fail-safe circuit 630 continuously monitors the condition of the functional operation circuit 611 contained in the component 610 whose failure can be directly combined with the safety aspect of the product 600, when the fail-safe circuit 630 detects that the functional operation In the event of a problem with circuit 611, fail-safe circuit 630 maintains functional operation circuit 621 in a reset state. If functional operating circuit 621 is continuously held in reset, then component 620 does not operate; however, if component 620 does not operate, then component 610 does not operate either. Thus, it is possible to avoid the mentioned event of continuing to operate the product 600 , such that the component 610 enters a degraded failure, while the failure of a component 610 whose failure may be directly coupled with a safety-related risk to the product 600 persists. As previously mentioned, safety at the end of the life of the product 600 may be increased.

(第六实施方式)(sixth embodiment)

图6是根据本发明的第六实施方式的用于示出具有故障安全功能的产品的框图。图6中所示的产品700配备有具有功能操作电路711的组件710、以及具有功能操作电路721和故障安全电路730的组件720。功能操作电路721中包含数据线控制电路722。FIG. 6 is a block diagram illustrating a product having a fail-safe function according to a sixth embodiment of the present invention. The product 700 shown in FIG. 6 is equipped with a component 710 having a functional operating circuit 711 , and a component 720 having a functional operating circuit 721 and a fail-safe circuit 730 . The function operation circuit 721 includes a data line control circuit 722 .

组件710对应于其故障可与关于产品700的安全方面的风险直接结合的组件。组件720是这样的组件:即使当组件720有故障时,虽然该故障不会对产品700的安全性施加负面影响,但组件720的故障也使产品700失去其主要功能。功能操作电路711对应于执行由组件710实现的产品700的功能所需的电路。功能操作电路721对应于执行由组件720实现的产品700的功能所需的电路。数据线控制电路722对应于控制功能操作电路721的数据线的电路,即,为了使功能操作电路721在正常条件下操作所需的电路。故障安全电路730对应于以下电路:即,在故障安全电路730连续监视功能操作电路711的状况的同时,当故障安全电路730检测到由于退化等引起的功能操作电路711的问题时,故障安全电路730控制包含在功能操作电路721中的数据线控制电路722,以便使功能操作电路721的数据线进入非受控状态。还应注意到,可替换地,可将故障安全电路730安装于组件720之外。Component 710 corresponds to a component whose failure may be directly coupled with a safety-related risk to product 700 . The component 720 is a component whose failure causes the product 700 to lose its main function even when the component 720 has a failure, although the failure does not exert a negative influence on the safety of the product 700 . The functional operation circuit 711 corresponds to a circuit required to perform the function of the product 700 realized by the component 710 . The functional operation circuit 721 corresponds to a circuit required to perform the functions of the product 700 realized by the components 720 . The data line control circuit 722 corresponds to a circuit that controls the data line of the functional operation circuit 721, that is, a circuit required for the functional operation circuit 721 to operate under normal conditions. The fail-safe circuit 730 corresponds to a circuit that, while the fail-safe circuit 730 continuously monitors the condition of the functional operation circuit 711, when the fail-safe circuit 730 detects a problem with the functional operation circuit 711 due to degradation or the like, the fail-safe circuit 730 controls the data line control circuit 722 included in the function operation circuit 721 so as to bring the data line of the function operation circuit 721 into an uncontrolled state. It should also be noted that the fail-safe circuit 730 could alternatively be mounted outside of the assembly 720 .

在第六实施方式中,在故障安全电路730连续监视包含在其故障可与产品700的安全方面直接结合的组件710中的功能操作电路711的状况的同时,当故障安全电路730检测到功能操作电路711的问题时,故障安全电路730使功能操作电路721的数据线进入非受控状态。如果功能操作电路721的数据线进入非受控状态,则组件720不操作,但是,如果组件720不操作,则组件710也不操作。因此,有可能避免以下提到的事件:也就是,在其故障可与关于产品700的安全方面的风险直接结合的组件710的故障持续的同时,产品700继续操作,使得组件710进入退化故障。如前所述,可增加当产品700的寿命结束时的安全性。In the sixth embodiment, while the fail-safe circuit 730 continuously monitors the condition of the functional operation circuit 711 contained in the component 710 whose failure can be directly combined with the safety aspect of the product 700, when the fail-safe circuit 730 detects that the functional operation In the event of a problem with circuit 711, fail-safe circuit 730 puts the data line of functional operation circuit 721 into an uncontrolled state. If the data line of functional operation circuit 721 goes into an uncontrolled state, component 720 does not operate, however, if component 720 does not operate, then component 710 does not operate either. Thus, it is possible to avoid the mentioned event that the product 700 continues to operate, so that the component 710 enters a degraded failure, while the failure of a component 710 whose failure may be directly coupled with a safety-related risk to the product 700 persists. As previously mentioned, safety at the end of the life of the product 700 may be increased.

(第七实施方式)(seventh embodiment)

图7是根据本发明的第七实施方式的用于示出具有故障安全功能的产品的框图。图7中所示的产品800配备有具有功能操作电路811的组件810、以及具有功能操作电路821和故障安全电路830的组件820。功能操作电路821中包含控制线控制电路822。FIG. 7 is a block diagram illustrating a product having a fail-safe function according to a seventh embodiment of the present invention. The product 800 shown in FIG. 7 is equipped with a component 810 having a functional operating circuit 811 , and a component 820 having a functional operating circuit 821 and a fail-safe circuit 830 . The function operation circuit 821 includes a control line control circuit 822 .

组件810对应于其故障可与关于产品800的安全方面的风险直接结合的组件。组件820是这样的组件:即使当组件820有故障时,虽然该故障不会对产品800的安全性施加负面影响,但组件820的故障也使产品800失去其主要功能。功能操作电路811对应于执行由组件810实现的产品800的功能所需的电路。功能操作电路821对应于执行由组件820实现的产品800的功能所需的电路。控制线控制电路822对应于控制功能操作电路821的控制线的电路,即,为了使功能操作电路821在正常条件下操作所需的电路。故障安全电路830对应于以下电路:即,在故障安全电路830连续监视功能操作电路811的状况的同时,当故障安全电路830检测到由于退化等引起的功能操作电路811的问题时,故障安全电路830控制包含在功能操作电路821中的控制线控制电路822,以便使功能操作电路821的控制线进入非受控状态。还应注意到,可替换地,可将故障安全电路830安装于组件820之外。Component 810 corresponds to a component whose failure may be directly coupled with a safety-related risk to product 800 . The component 820 is a component whose failure causes the product 800 to lose its main function even when the component 820 fails, although the failure does not exert a negative influence on the safety of the product 800 . The functional operation circuit 811 corresponds to a circuit required to perform the functions of the product 800 realized by the components 810 . The functional operation circuit 821 corresponds to a circuit required to perform the functions of the product 800 realized by the components 820 . The control line control circuit 822 corresponds to a circuit that controls the control line of the function operation circuit 821 , that is, a circuit required for the function operation circuit 821 to operate under normal conditions. The fail-safe circuit 830 corresponds to a circuit that, while the fail-safe circuit 830 continuously monitors the condition of the functional operation circuit 811, when the fail-safe circuit 830 detects a problem with the functional operation circuit 811 due to degradation or the like, the fail-safe circuit 830 controls the control line control circuit 822 included in the function operation circuit 821 so as to bring the control line of the function operation circuit 821 into an uncontrolled state. It should also be noted that the fail-safe circuit 830 could alternatively be mounted outside of the assembly 820 .

在第七实施方式中,在故障安全电路830连续监视包含在其故障可与产品800的安全方面直接结合的组件810中的功能操作电路811的状况的同时,当故障安全电路830检测到功能操作电路811的问题时,故障安全电路830使功能操作电路821的控制线进入非受控状态。如果故障安全电路830使功能操作电路821的控制线进入非受控状态,则组件820不操作,但是,如果组件820不操作,则组件810也不操作。因此,可能避免以下提到的事件:也就是,在其故障可与关于产品800的安全方面的风险直接结合的组件810的故障持续的同时,继续操作产品800,使得组件810进入退化故障。如前所述,可增加当产品800的寿命结束时的安全性。In the seventh embodiment, while the fail-safe circuit 830 continuously monitors the condition of the functional operation circuit 811 contained in the component 810 whose failure can be directly combined with the safety aspect of the product 800, when the fail-safe circuit 830 detects that the functional operation In the event of a problem with circuit 811, fail-safe circuit 830 puts the control line of functional operation circuit 821 into an uncontrolled state. If fail-safe circuit 830 brings the control line of functional operation circuit 821 into an uncontrolled state, then component 820 does not operate, but if component 820 does not operate, then component 810 does not operate either. Thus, it is possible to avoid the mentioned event of continuing to operate the product 800 , such that the component 810 enters a degraded failure, while the failure of a component 810 whose failure may be directly coupled with a safety-related risk to the product 800 persists. As previously described, safety at the end of the product 800's life can be increased.

(第八实施方式)(eighth embodiment)

图8是根据本发明的第八实施方式的用于示出具有故障安全功能的产品的框图。图8中所示的产品900配备有具有功能操作电路911的组件910、以及具有功能操作电路921和故障安全电路930的组件920。功能操作电路921中包含地址线控制电路922。FIG. 8 is a block diagram illustrating a product having a fail-safe function according to an eighth embodiment of the present invention. The product 900 shown in FIG. 8 is equipped with a component 910 having a functional operating circuit 911 , and a component 920 having a functional operating circuit 921 and a fail-safe circuit 930 . The function operation circuit 921 includes an address line control circuit 922 .

组件910对应于其故障可与关于产品900的安全方面的风险直接结合的组件。组件920是这样的组件:即使当组件920有故障时,虽然该故障不会对产品900的安全性施加负面影响,但组件920的故障也使产品900失去其主要功能。功能操作电路911对应于执行由组件910实现的产品900的功能所需的电路。功能操作电路921对应于执行由组件920实现的产品900的功能所需的电路。地址线控制电路922对应于控制功能操作电路921的地址线的电路,即,为了使功能操作电路921在正常条件下操作所需的电路。故障安全电路930对应于以下电路:即,在故障安全电路930连续监视功能操作电路911的状况的同时,当故障安全电路930检测到由于退化等引起的功能操作电路911的问题时,故障安全电路930控制包含在功能操作电路921中的地址线控制电路922,以便使功能操作电路921的地址线进入非受控状态。还应注意到,可替换地,可将故障安全电路930安装于组件920之外。Component 910 corresponds to a component whose failure may be directly linked to a safety-related risk with respect to product 900 . The component 920 is a component whose failure causes the product 900 to lose its main function even when the component 920 fails, although the failure does not exert a negative influence on the safety of the product 900 . The functional operation circuit 911 corresponds to a circuit required to perform the function of the product 900 realized by the component 910 . The functional operation circuit 921 corresponds to a circuit required to perform the function of the product 900 realized by the component 920 . The address line control circuit 922 corresponds to a circuit that controls the address lines of the function operation circuit 921, that is, a circuit required for the function operation circuit 921 to operate under normal conditions. The fail-safe circuit 930 corresponds to a circuit that, while the fail-safe circuit 930 continuously monitors the condition of the functional operation circuit 911, when the fail-safe circuit 930 detects a problem with the functional operation circuit 911 due to degradation or the like, the fail-safe circuit 930 controls the address line control circuit 922 included in the function operation circuit 921 so as to bring the address lines of the function operation circuit 921 into an uncontrolled state. It should also be noted that the fail-safe circuit 930 could alternatively be mounted outside of the assembly 920 .

在第八实施方式中,在故障安全电路930连续监视包含在其故障可与产品900的安全方面直接结合的组件910中的功能操作电路911的状况的同时,当故障安全电路930检测到功能操作电路911的问题时,故障安全电路930使功能操作电路921的控制线进入非受控状态。如果故障安全电路930使功能操作电路921的地址线进入非受控状态,则组件920不操作,但是,如果组件920不操作,则组件910也不操作。因此,可能避免以下提到的事件:也就是,在其故障可与关于产品900的安全方面的风险直接结合的组件910的故障持续的同时,继续操作产品900,使得组件910进入退化故障。如前所述,可增加当产品900的寿命结束时的安全性。In the eighth embodiment, while the fail-safe circuit 930 continuously monitors the condition of the functional operation circuit 911 contained in the component 910 whose failure can be directly combined with the safety aspect of the product 900, when the fail-safe circuit 930 detects that the functional operation In the event of a problem with circuit 911, fail-safe circuit 930 puts the control line of functional operation circuit 921 into an uncontrolled state. If fail-safe circuit 930 brings the address line of functional operation circuit 921 into an uncontrolled state, then component 920 does not operate, but if component 920 does not operate, then component 910 does not operate either. Thus, it is possible to avoid the mentioned event of continuing to operate the product 900 , such that the component 910 enters a degraded failure, while the failure of a component 910 , whose failure may be directly coupled with a safety-related risk to the product 900 , persists. As previously mentioned, safety at the end of the life of the product 900 may be increased.

(第九实施方式)(ninth embodiment)

图9是根据本发明的第九实施方式的用于示出具有故障安全功能的产品的框图。图9中所示的产品1000配备有具有功能操作电路1011的组件1010、以及具有功能操作电路1021和故障安全电路1030的组件1020。FIG. 9 is a block diagram illustrating a product having a fail-safe function according to a ninth embodiment of the present invention. The product 1000 shown in FIG. 9 is equipped with a component 1010 having a functional operating circuit 1011 , and a component 1020 having a functional operating circuit 1021 and a fail-safe circuit 1030 .

组件1010对应于其故障可与关于产品1000的安全方面的风险直接结合的组件。组件1020是这样的组件:即使当组件1020有故障时,虽然该故障不会对产品1000的安全性施加负面影响,但组件1020的故障也使产品1000失去其主要功能。功能操作电路1011对应于执行由组件1010实现的产品1000的功能所需的电路。功能操作电路1021对应于执行由组件1020实现的产品1000的功能所需的电路。故障安全电路1030对应于以下电路:即,在故障安全电路1030响应于经由例如因特网等的网络从外部单元输入的操作而检测功能操作电路1011的状况的同时,当故障安全电路1030检测到由于退化等引起的功能操作电路1011的问题时,故障安全电路1030停止功能操作电路1021的操作。还应理解,在故障安全电路1030已检测到功能操作电路1011的问题后,当故障安全电路1030经由网络接收到用于停止功能操作电路1021的操作的指令信号时,可替换地,故障安全电路1030响应于该指令信号来停止功能操作电路1021的操作。还应注意到,可替换地,可将故障安全电路1030安装于组件1020之外。Component 1010 corresponds to a component whose failure can be directly combined with a safety-related risk to product 1000 . The component 1020 is a component whose failure causes the product 1000 to lose its main function even when the component 1020 fails, although the failure does not exert a negative influence on the safety of the product 1000 . The functional operation circuit 1011 corresponds to a circuit required to perform the functions of the product 1000 realized by the components 1010 . The functional operation circuit 1021 corresponds to a circuit required to perform the functions of the product 1000 realized by the components 1020 . The fail-safe circuit 1030 corresponds to a circuit that, while the fail-safe circuit 1030 detects the condition of the functional operation circuit 1011 in response to an operation input from an external unit via a network such as the Internet, when the fail-safe circuit 1030 detects that the When a problem with the functional operation circuit 1011 is caused, the fail-safe circuit 1030 stops the operation of the functional operation circuit 1021 . It should also be understood that after the fail-safe circuit 1030 has detected a problem with the functional operation circuit 1011, when the fail-safe circuit 1030 receives an instruction signal for stopping the operation of the functional operation circuit 1021 via the network, alternatively, the fail-safe circuit 1030 stops the operation of the functional operation circuit 1021 in response to the instruction signal. It should also be noted that fail-safe circuitry 1030 could alternatively be mounted external to assembly 1020 .

在第九实施方式中,组件1020中包含故障安全电路1030,即使当组件1020有故障时,虽然组件1020的故障不会对产品1000的安全性施加负面影响,但是组件1020的故障也使产品1000失去其主要功能。结果,当故障安全电路1030确认在组件1010中的问题时,故障安全电路1030可停止功能操作电路1021的操作。因此,可能避免以下提到的事件:也就是,在其故障可与关于产品1000的安全方面的风险直接结合的组件1010的故障持续的同时,产品1000继续操作,使得组件1010进入退化故障。如前所述,当产品1000的寿命结束时,可增加安全性。In the ninth embodiment, the fail-safe circuit 1030 is included in the component 1020. Even when the component 1020 has a fault, although the fault of the component 1020 does not exert a negative influence on the safety of the product 1000, the fault of the component 1020 also makes the product 1000 loses its primary function. As a result, when the fail-safe circuit 1030 identifies a problem in the component 1010 , the fail-safe circuit 1030 can stop the operation of the functional operation circuit 1021 . Thus, it is possible to avoid the mentioned event that the product 1000 continues to operate while the failure of a component 1010 whose failure may be directly coupled with a safety-related risk to the product 1000 persists, causing the component 1010 to enter a degenerative failure. As previously mentioned, when the life of the product 1000 ends, safety can be increased.

(第十实施方式)(tenth embodiment)

图10是根据本发明的第十实施方式的用于示出具有故障安全功能的产品的框图。图10中所示的产品1100配备有具有功能操作电路1111的组件1110、具有功能操作电路1121的组件1120和故障安全电路1130。FIG. 10 is a block diagram illustrating a product having a fail-safe function according to a tenth embodiment of the present invention. The product 1100 shown in FIG. 10 is equipped with a component 1110 having a functional operating circuit 1111 , a component 1120 having a functional operating circuit 1121 and a fail-safe circuit 1130 .

组件1110对应于其故障可与关于产品1100的安全方面的风险直接结合的组件。组件1120是这样的组件:即使当组件1120有故障时,虽然该故障不会对产品1100的安全性施加负面影响,但组件1120的故障也使产品1100失去其主要功能。功能操作电路1111对应于执行由组件1120实现的产品1100的功能所需的电路。功能操作电路1121对应于执行由组件1120实现的产品1100的功能所需的电路。故障安全电路1130包含其中存储例如购买日期/时间、初始操作日期/时间等的日期/时间信息的存储器1131。故障安全电路1130对应于以下电路:当已经从由在存储器1131中存储的日期/时间信息指示的日期和时间经过了预定的时间段时,停止功能操作电路1121的操作。可替换地,在已经从日期/时间信息指示的日期和时间经过了预定的时间段之后,当故障安全电路1130经由网络接收到用于停止功能操作电路1121的操作的指令信号时,故障安全电路1130可响应于所接收的指令信号来停止功能操作电路1121的操作。还应注意到,可替换地,可将故障安全电路1130安装于组件1120之外。Component 1110 corresponds to a component whose failure may be directly coupled with a safety-related risk to product 1100 . The component 1120 is a component whose failure causes the product 1100 to lose its main function even when the component 1120 fails, although the failure does not exert a negative influence on the safety of the product 1100 . The functional operation circuit 1111 corresponds to a circuit required to perform functions of the product 1100 realized by the components 1120 . The functional operation circuit 1121 corresponds to a circuit required to perform the function of the product 1100 realized by the component 1120 . The fail-safe circuit 1130 includes a memory 1131 in which date/time information such as purchase date/time, initial operation date/time, etc. is stored. The fail-safe circuit 1130 corresponds to a circuit that stops the operation of the functional operation circuit 1121 when a predetermined period of time has elapsed from the date and time indicated by the date/time information stored in the memory 1131 . Alternatively, after a predetermined period of time has elapsed from the date and time indicated by the date/time information, when the fail-safe circuit 1130 receives an instruction signal for stopping the operation of the functional operation circuit 1121 via the network, the fail-safe circuit 1130 may stop the operation of the functional operation circuit 1121 in response to the received instruction signal. It should also be noted that fail-safe circuitry 1130 may alternatively be mounted external to assembly 1120 .

在第十实施方式中,在购买产品1100或作为初始操作而操作产品1100之后、已经经过了预定的时间段时,通过故障安全电路1130停止组件1120的功能操作电路1121的操作。即使当上述组件1120有故障时,虽然组件1120的故障不会对产品1100的安全性施加负面影响,但组件1120的该故障也使产品1100失去主要功能。通常,关于在经过预定时间之后的故障率,已这样进行了设计:组件1110的故障率低于组件1120的故障率。因此,可能避免以下提到的事件:也就是,组件1100连续操作了超出预定时间的较长时间段,使得组件1110进入退化故障。如前所述,可增加当产品1100的寿命结束时的安全性。In the tenth embodiment, when a predetermined period of time has elapsed after purchasing the product 1100 or operating the product 1100 as an initial operation, the operation of the functional operation circuit 1121 of the component 1120 is stopped by the fail-safe circuit 1130 . Even when the above-mentioned component 1120 fails, the failure of the component 1120 causes the product 1100 to lose its main function, although the failure of the component 1120 does not exert a negative influence on the safety of the product 1100 . Generally, with respect to the failure rate after a predetermined time elapses, design has been made such that the failure rate of the component 1110 is lower than the failure rate of the component 1120 . Therefore, it is possible to avoid the event mentioned below: that is, the component 1100 operates continuously for a long period of time beyond a predetermined time, so that the component 1110 enters a degraded failure. As previously described, safety at the end of the life of the product 1100 can be increased.

(第十一实施方式)(eleventh embodiment)

图11是根据本发明的第十一实施方式的用于示出具有故障安全功能的产品的框图。图11中所示的产品1200配备有具有功能操作电路1211的组件1210、具有功能操作电路1221的组件1220和故障安全电路1230。在该第十一实施方式中,已将例如购买信息、或初始操作日期和时间等的日期/时间信息存储在内置于再充电装置(recharging device,未示出)的存储器(未示出)中,其中采用所述再充电装置以便对产品1200充电。Fig. 11 is a block diagram illustrating a product having a fail-safe function according to an eleventh embodiment of the present invention. The product 1200 shown in FIG. 11 is equipped with a component 1210 having a functional operating circuit 1211 , a component 1220 having a functional operating circuit 1221 and a fail-safe circuit 1230 . In this eleventh embodiment, date/time information such as purchase information, or initial operation date and time, etc. have been stored in a memory (not shown) built in a recharging device (not shown) , wherein the recharging device is employed to charge the product 1200.

组件1210对应于其故障可与关于产品1200的安全方面的风险直接结合的组件。组件1220是这样的组件:即使当组件1220有故障时,虽然该故障不会对产品1200的安全性施加负面影响,但组件1220的故障也使产品1200失去其主要功能。功能操作电路1211对应于执行由组件1220实现的产品1200的功能所需的电路。功能操作电路1221对应于执行由组件1220实现的产品1200的功能所需的电路。故障安全电路1230对应于以下电路:当已经从由在外部提供的再充电装置的存储器中存储的日期/时间信息指示的日期和时间经过了预定的时间段时,停止功能操作电路1221的操作。可替换地,在已经从日期/时间信息指示的日期和时间经过了预定的时间段之后,当故障安全电路1230经由网络接收到用于停止功能操作电路1221的操作的指令信号时,故障安全电路1230可响应于所接收的指令信号来停止功能操作电路1221的操作。还应注意到,可替换地,可将故障安全电路1230安装于组件1220之外。Component 1210 corresponds to a component whose failure may be directly coupled with a safety-related risk to product 1200 . The component 1220 is a component whose failure causes the product 1200 to lose its main function even when the component 1220 fails, although the failure does not exert a negative influence on the safety of the product 1200 . The functional operation circuit 1211 corresponds to a circuit required to perform the function of the product 1200 realized by the components 1220 . The functional operation circuit 1221 corresponds to a circuit required to perform the function of the product 1200 realized by the component 1220 . The fail-safe circuit 1230 corresponds to a circuit that stops the operation of the functional operation circuit 1221 when a predetermined period of time has elapsed from the date and time indicated by the date/time information stored in the memory of the externally provided recharging device. Alternatively, after a predetermined period of time has elapsed from the date and time indicated by the date/time information, when the fail-safe circuit 1230 receives an instruction signal for stopping the operation of the functional operation circuit 1221 via the network, the fail-safe circuit 1230 may stop the operation of the function operating circuit 1221 in response to the received command signal. It should also be noted that fail-safe circuitry 1230 may alternatively be mounted external to assembly 1220 .

在第十一实施方式中,在购买产品1200或作为初始操作而操作产品1200之后、已经经过了预定的时间段时,通过故障安全电路1230停止组件1220的功能操作电路1221的操作。即使当上述组件1220有故障时,虽然组件1220的故障不会对产品1200的安全性施加负面影响,组件1220的该故障也使产品1200失去主要功能。通常,关于在经过预定时间之后的故障率,已这样进行设计:组件1210的故障率低于组件1220的故障率。因此,可能避免以下提到的事件:也就是,组件1200连续操作了超出预定时间的较长时间段,使得组件1210进入退化故障。如前所述,可增加当产品1200的寿命结束时的安全性。In the eleventh embodiment, when a predetermined period of time has elapsed after purchasing the product 1200 or operating the product 1200 as an initial operation, the operation of the functional operation circuit 1221 of the component 1220 is stopped by the fail-safe circuit 1230 . Even when the above-mentioned component 1220 is faulty, the fault of the component 1220 causes the product 1200 to lose its main function, although the fault of the component 1220 does not exert a negative influence on the safety of the product 1200 . Generally, with respect to the failure rate after a predetermined time elapses, design has been made such that the failure rate of the component 1210 is lower than the failure rate of the component 1220 . Therefore, it is possible to avoid the event mentioned below: that is, the component 1200 operates continuously for a long period of time beyond a predetermined time, so that the component 1210 enters a degraded failure. As previously mentioned, safety at the end of the product 1200's life can be increased.

关于本发明的电子设备可作为这样的电子设备而有用,该电子设备配备有:其故障可与关于电子设备的安全方面的风险直接结合的组件;以及另一组件,即使当后面提到的组件有故障时,虽然该故障不会对电子设备安全性施加负面影响,但该组件的故障也使电子设备失去其主要功能,同时,进一步改进当电子设备的寿命结束时的其安全性。The electronic equipment concerning the present invention can be useful as an electronic equipment equipped with: a component whose failure can be directly combined with a risk concerning the safety aspect of the electronic equipment; and another component, even when the latter-mentioned component In the event of a failure, although the failure does not exert a negative influence on the safety of the electronic device, the failure of the component also renders the electronic device incapable of its main function, while further improving its safety when the life of the electronic device ends.

Claims (14)

1. electronic equipment comprises:
First assembly, its fault directly combines with risk about the secure context of described electronic equipment;
Second assembly, by this second assembly, even when described second assembly has fault, though the fault of described second assembly can not apply negative effect to the security of described electronic equipment, the fault of described second assembly also makes described electronic equipment lose its major function; And
Fault secure circuit is used to stop the operation of described second assembly.
2. electronic equipment as claimed in claim 1, wherein
In described second assembly, provide described fault secure circuit.
3. electronic equipment comprises:
First assembly, its fault directly combines with risk about the secure context of described electronic equipment;
Second assembly, by this second assembly, even when described second assembly has fault, though the fault of described second assembly can not apply negative effect to the security of described electronic equipment, the fault of described second assembly also makes described electronic equipment lose its major function;
Power circuit, being used for control provides electrical power to described second assembly; And
Fault secure circuit, this fault secure circuit is operated as follows: when described fault secure circuit monitors the situation of described first assembly, when described fault secure circuit detects the problem of described first assembly, described fault secure circuit is controlled described power circuit, provides electrical power so that stop to described second assembly.
4. electronic equipment comprises:
First assembly, its fault directly combines with risk about the secure context of described electronic equipment;
Second assembly, by this second assembly, even when described second assembly has fault, though the fault of described second assembly can not apply negative effect to the security of described electronic equipment, the fault of described second assembly also makes described electronic equipment lose its major function;
Clock control circuit is used to control the clock signal that provides to described second assembly; And
Fault secure circuit, this fault secure circuit is operated as follows: when described fault secure circuit monitors the situation of described first assembly, when described fault secure circuit detects the problem of described first assembly, described fault secure circuit is controlled described clock control circuit, provides clock signal so that stop to described second assembly.
5. electronic equipment comprises:
First assembly, its fault directly combines with risk about the secure context of described electronic equipment;
Second assembly, by this second assembly, even when described second assembly has fault, though the fault of described second assembly can not apply negative effect to the security of described electronic equipment, the fault of described second assembly also makes described electronic equipment lose its major function;
Reset control circuit, described second assembly is used to reset; And
Fault secure circuit, this fault secure circuit is operated as follows: when described fault secure circuit monitors the situation of described first assembly, when described fault secure circuit detects the problem of described first assembly, described fault secure circuit is controlled described reset control circuit, so that described second assembly is remained under its reset mode.
6. electronic equipment comprises:
First assembly, its fault directly combines with risk about the secure context of described electronic equipment;
Second assembly, by this second assembly, even when described second assembly has fault, though the fault of described second assembly can not apply negative effect to the security of described electronic equipment, the fault of described second assembly also makes described electronic equipment lose its major function;
Data line control circuit is used to control the data wire of described second assembly; And
Fault secure circuit, this fault secure circuit is operated as follows: when described fault secure circuit monitors the situation of described first assembly, when described fault secure circuit detects the problem of described first assembly, described fault secure circuit is controlled described data line control circuit, so that make the data wire of described second assembly enter uncontrolled state.
7. electronic equipment comprises:
First assembly, its fault directly combines with risk about the secure context of described electronic equipment;
Second assembly, by this second assembly, even when described second assembly has fault, though the fault of described second assembly can not apply negative effect to the security of described electronic equipment, the fault of described second assembly also makes described electronic equipment lose its major function;
The control line control circuit is used to control the control line of described second assembly; And
Fault secure circuit, this fault secure circuit is operated as follows: when described fault secure circuit monitors the situation of described first assembly, when described fault secure circuit detects the problem of described first assembly, described fault secure circuit is controlled described control line control circuit, so that make the control line of described second assembly enter uncontrolled state.
8. electronic equipment comprises:
First assembly, its fault directly combines with risk about the secure context of described electronic equipment;
Second assembly, by this second assembly, even when described second assembly has fault, though the fault of described second assembly can not apply negative effect to the security of described electronic equipment, the fault of described second assembly also makes described electronic equipment lose its major function;
The address wire control circuit is used to control the address wire of described second assembly; And
Fault secure circuit, this fault secure circuit is operated as follows: when described fault secure circuit monitors the situation of described first assembly, when described fault secure circuit detects the problem of described first assembly, described fault secure circuit is controlled described address wire control circuit, so that make the address wire of described second assembly enter uncontrolled state.
9. electronic equipment as claimed in claim 1, wherein:
When described fault secure circuit detected the situation of described first assembly and detects the problem of described first assembly in response to the signal that sends from external equipment, described fault secure circuit stopped the operation of described second assembly.
10. electronic equipment as claimed in claim 9, wherein:
After described fault secure circuit has detected the problem of described first assembly, when fault secure circuit receives when stopping the command signal of operation of described second assembly from described external equipment being used to of sending, described fault secure circuit stops the operation of described second assembly.
11. electronic equipment as claimed in claim 9, wherein:
The signal that sends from described external equipment is via the signal of network from its transmission.
12. electronic equipment as claimed in claim 1, wherein:
When from about the indicated effluxion of the temporal information of the initial operation of the purchase of described electronic equipment or described electronic equipment during the scheduled time, described fault secure circuit stops the operation of described second assembly.
13. electronic equipment as claimed in claim 12, wherein:
After having passed through the described scheduled time, when described fault secure circuit receives when stopping the command signal of operation of described second assembly from external equipment being used to of sending, described fault secure circuit stops the operation of described second assembly.
14. electronic equipment as claimed in claim 13, wherein, described external equipment is the recharging device of described electronic equipment.
CN200810144974A 2008-08-18 2008-08-18 Electronic equipment Pending CN101655257A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN200810144974A CN101655257A (en) 2008-08-18 2008-08-18 Electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN200810144974A CN101655257A (en) 2008-08-18 2008-08-18 Electronic equipment

Publications (1)

Publication Number Publication Date
CN101655257A true CN101655257A (en) 2010-02-24

Family

ID=41709648

Family Applications (1)

Application Number Title Priority Date Filing Date
CN200810144974A Pending CN101655257A (en) 2008-08-18 2008-08-18 Electronic equipment

Country Status (1)

Country Link
CN (1) CN101655257A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111532925A (en) * 2020-03-27 2020-08-14 日立电梯(中国)有限公司 Elevator power supply protection method

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPS6118815A (en) * 1984-07-06 1986-01-27 Mazda Motor Corp Data recorder for automobile
JPS62203874A (en) * 1986-03-04 1987-09-08 Nissan Motor Co Ltd Fail-safe device
CN87105399A (en) * 1986-08-08 1988-02-17 默林·格伦 Self-monitoring digital solid state circuit trip release
JPH0749151A (en) * 1993-08-06 1995-02-21 Matsushita Electric Ind Co Ltd Safety device for hot water supplying apparatus
JP2000054866A (en) * 1998-08-05 2000-02-22 Unisia Jecs Corp Fail-safe control device for electronically controlled throttle type internal combustion engine
JP2000305603A (en) * 1999-04-19 2000-11-02 Mitsubishi Electric Corp Onboard electronic controller with self-monitoring function
JP2005037034A (en) * 2003-07-14 2005-02-10 Noritz Corp Control device for combustion device
EP1637437A2 (en) * 1999-09-03 2006-03-22 Kayaba Industry Co., Ltd. Fail-safe mechanism

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPS6118815A (en) * 1984-07-06 1986-01-27 Mazda Motor Corp Data recorder for automobile
JPS62203874A (en) * 1986-03-04 1987-09-08 Nissan Motor Co Ltd Fail-safe device
CN87105399A (en) * 1986-08-08 1988-02-17 默林·格伦 Self-monitoring digital solid state circuit trip release
JPH0749151A (en) * 1993-08-06 1995-02-21 Matsushita Electric Ind Co Ltd Safety device for hot water supplying apparatus
JP2000054866A (en) * 1998-08-05 2000-02-22 Unisia Jecs Corp Fail-safe control device for electronically controlled throttle type internal combustion engine
JP2000305603A (en) * 1999-04-19 2000-11-02 Mitsubishi Electric Corp Onboard electronic controller with self-monitoring function
EP1637437A2 (en) * 1999-09-03 2006-03-22 Kayaba Industry Co., Ltd. Fail-safe mechanism
JP2005037034A (en) * 2003-07-14 2005-02-10 Noritz Corp Control device for combustion device

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111532925A (en) * 2020-03-27 2020-08-14 日立电梯(中国)有限公司 Elevator power supply protection method
CN111532925B (en) * 2020-03-27 2021-10-22 日立电梯(中国)有限公司 Elevator power protection method

Similar Documents

Publication Publication Date Title
WO2013137425A1 (en) Circuit for monitoring abnormalities in ecu
US10856438B2 (en) Fan control circuit and fan control system
KR20110053194A (en) Information equipment
WO2013084277A1 (en) Electronic control device having power supply voltage monitoring function and vehicle steering control device equipped with same
US9735563B2 (en) Power distribution method, power distribution apparatus, and information handling system
JP7068458B2 (en) Conveyor control device
CN101655257A (en) Electronic equipment
JP2011093389A (en) Control system, electronic devices, control device, and method for starting devices
CN111065985B (en) Safety controller
US20080291587A1 (en) Electronic appliance
JP2010093949A (en) Uninterruptible power supply apparatus
JP6393702B2 (en) Electronic control unit
JP2016078211A (en) robot
JP2002116921A (en) Auxiliary device for central processing unit
JP2011061968A (en) Power supply monitoring circuit, power supply monitoring method used for the same, power supply monitoring control program, and electronic apparatus
JP2012224448A (en) Safety protection device for elevator
CN111954970B (en) Actuator control apparatus
JP7444688B2 (en) motor drive device
JP2010211645A (en) Electronic device
JP5949576B2 (en) Load drive circuit
JP2014160326A (en) Device with supply power source switching function, supply power source switching method, and supply power source switching program
JP2007122298A (en) System reset circuit
JP2007202247A (en) Power supply device and image forming device
CN102591441A (en) Power supply system
KR100722440B1 (en) Cooling Fan Speed Control of Display Products

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20100224