WO2012139638A1 - Procédé de détermination automatique de la probabilité d'erreur d'une application de sécurité - Google Patents

Procédé de détermination automatique de la probabilité d'erreur d'une application de sécurité Download PDF

Info

Publication number
WO2012139638A1
WO2012139638A1 PCT/EP2011/055806 EP2011055806W WO2012139638A1 WO 2012139638 A1 WO2012139638 A1 WO 2012139638A1 EP 2011055806 W EP2011055806 W EP 2011055806W WO 2012139638 A1 WO2012139638 A1 WO 2012139638A1
Authority
WO
WIPO (PCT)
Prior art keywords
safety
switching device
computer
implemented method
application
Prior art date
Application number
PCT/EP2011/055806
Other languages
German (de)
English (en)
Inventor
Kyoung-Jin Lee
Herbert Haller
Jürgen Wolski
Original Assignee
Siemens Aktiengesellschaft
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens Aktiengesellschaft filed Critical Siemens Aktiengesellschaft
Priority to PCT/EP2011/055806 priority Critical patent/WO2012139638A1/fr
Publication of WO2012139638A1 publication Critical patent/WO2012139638A1/fr

Links

Classifications

    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B9/00Safety arrangements
    • G05B9/02Safety arrangements electric

Definitions

  • the invention relates to a method for determining a probability of failure of a safety application, which comprises a sensor, an actuator and a safety switching device.
  • a security application in this case comprises a security ⁇ switching device which is connected to its respective inputs and / or outputs with at least one sensor and at least egg ⁇ nem actuator.
  • the safety switching device processes incoming signals si ⁇ cherheitsgelinium (such as redundant), and controls the outputs according to the stored in the safety switching device parameterization. In addition, checks the safety ⁇ switching device, the connected sensors and actuators to the correct function and switches at a recognition of a Feh ⁇ toddlers as configured failsafe manner.
  • the sensors and actuators can be either electromechanical Ge ⁇ devices (for example, a switch, a contactor), other safety switching devices or intelligent safety-related devices (such as a light grid, a safety-related motor starter ter).
  • electromechanical Ge ⁇ devices for example, a switch, a contactor
  • other safety switching devices or intelligent safety-related devices (such as a light grid, a safety-related motor starter ter).
  • Sensors and / or actuators are connected to the inputs and outputs of the safety relay.
  • the senso- Ren / actuators can thus send signals to thebutschaltge ⁇ advises and / or process the signals sent from the safety switching device.
  • the inputs and outputs of the safety relay can be designed as terminals. However, they can also be formed by a connection means for a safe or non-secure field bus.
  • the safety switching device can be made compact, ie the inputs and outputs are already present in the safety ⁇ switching device.
  • the safety switching device can also be modular. In this case, it comprises at least one logic assembly and a Extension C ⁇ approximately assembly, which has inputs and or outputs.
  • the individual modular modules are in this case out forms such that they can be assembled together ⁇ to a safety switching device.
  • the safety application is ultimately formed by the interaction of the sensors and actuators connected to the safety relay and the parameterization stored in the safety relay. If a user wishes to use such a safety application, he must identify the error probability of the safety application ahead ⁇ .
  • the error probability has been determined on the basis of the individual PFH and PFD values of the components used in the safety application.
  • Components of the safety application are, in particular, the safety switching device ⁇ or the affected modules of the security ⁇ switching device and the sensors and actuators of the safety application, which are connected to the inputs or outputs of the safety relay.
  • a user must first chain of the components of the safety ⁇ application (inclusive of the individual components of the security safety switchgear to be run in the safety application). To determine the error probability, the user must now determine the respective PFH and PFD values of the individual components separately using the chain outlined.
  • the user must study the respective technical documentation (eg data sheets, manuals) of the affected components and determine the respective PFH and PFD values of the components from the corresponding documentation. Based on the individual PFH and PFD values of the components of the safety application, the error probability of the safety application can now be calculated.
  • the determination of the chain of the safety application, the determination of the respective PFH and PFD values of the components and the subsequent calculation of the probability of error represent a great effort for the user and involve a great risk of error. It can especially come or calculation ⁇ errors on the part of the user, it can be assumed false PFH / PFD values.
  • the object of the present invention is to simplify the determination of an error probability of a security application.
  • This object is achieved by a method according to claim 1, that is, by a computer-implemented method for determining a probability of error of aongap ⁇ plication, which includes a sensor, an actuator and a safety switching device, comprising the steps of:
  • the information on the safety application already gained by configuring and defining be used so that the determination of the probability of error can be done automatically.
  • the determination of the probability of error is preferably carried out without zuslegili ⁇ che input of a safety-critical characteristic value of a compo- nent of the safety application by a user, as the safety-critical characteristic value of the components of the safety application were ready determined during the definition.
  • the security application and / or when determining the probability of failure of a security application only the components used in the security application are preferably considered.
  • Comprises a sensor, actuator or a safety relay in each case a plurality of assemblies it is preferred that only the components of the sensor, actuator, or thoroughschaltge ⁇ Raets to define and / or detection are taken into account, which are also used for the safety application.
  • Other modules of the sensors, actuators and safety relays that are not used in the safety application are not taken into consideration.
  • the individual assemblies are thus considered as a separate component.
  • a clear reference to the respective security-critical characteristic value of the individual component is established with regard to the affected components of the security application. This is preferably done either by a direct input of the si ⁇ cherheitskritica characteristic value of the concerned component, or by an indication of a unique characteristic components, so that based on this feature of the components deemskriti ⁇ specific core value is indicated.
  • the error probability of the Si ⁇ cherheitsap bearing can be automatically determined according to the definition. This is preferably done without additional input ⁇ a safety-critical characteristic value by the user.
  • the advantage achieved with the invention is that calculation ⁇ error can be avoided by the automatic determination of the probability of error by the computer-implemented method. Furthermore, a user saves the time which he would normally need for sketching the chain of the safety application, determining the individual safety-critical characteristic values (eg PFH and PFD values) of the components of the safety application and calculating the probability of error of the safety application. Further, carried an exact determination of the error probability of the present / plannedboneapplika ⁇ tion, so that an overdimensioning of thesauappli ⁇ cation or components is avoided.
  • a configuration and parameterization of the safety switching device is in the configuring of thethatschaltgerä ⁇ tes.
  • the outputs and inputs of the safety switching device are assigned with regard to the planned / used sensors and actuators.
  • the type of sensor and / or actuator is in this case Festge ⁇ sets already.
  • components preferably includes the sensors and actuators included in the safety application, as well as the safety switching device or its components.
  • the behavior of the components of the safety application with each other and thus the logic of the safety application is defined.
  • the logical evaluation and control of the sensors and / or actuators of the safety application is carried out in particular by the safety relay, so that the logic of the safety application is stored in the safety relay.
  • the safety switching device the logic between the affected individual inputs and individual outputs of the safety relay is thus defined during the parameterization.
  • the number of required inputs and outputs on the safety relay can be determined in particular.
  • a safety-critical characteristic value of the sensor, actuator and the safety switching device is uniquely determined when defining the safety application.
  • all components of thebutapplika ⁇ tion be considered separately.
  • Components of theforceap ⁇ plication are, in particular, the bound on the safety relay at ⁇ sensors and actuators, which are involved in the security administration, and the safety switching device itself. If a sensor, actuator and / or a safety switching ⁇ device of modular design, so are preferably only the single Assembled modules of the sensor, actuator and / or safety switching device, which are involved in the safety ⁇ application. Each individual module thus forms a component.
  • the components used with regard to the safety application are uniquely determined with regard to their safety-critical characteristic value (eg PFH and PFD value).
  • the characteristic value can be formed by a single value but also by a plurality of values.
  • Example ⁇ is the safety switching device as even from individual construction ⁇ groups, preferably the components of the safety switching device (logic and expansion) used for theceappli ⁇ cation can be uniquely determined in terms ih ⁇ res safety critical characteristic value.
  • the unambiguous determination of the safety-critical characteristic value of the respective components can take place in different ways.
  • the safety-critical parameter of the respective component can either be an input means manu ⁇ ell entered directly by a user / selected or the user determines the component used so that a conclusion can be obtained in the safety-critical characteristic of the compo ⁇ components.
  • the user by means of a component catalog can determine a unique Comp ⁇ nentenmerkmal (for example, the device name, the machine-readable Fab ⁇ rikante## "order number", the serial number, the order number, the product name) of component (sensor, actuator, safety switching device and their assembly) .
  • a unique Comp ⁇ nentenmerkmal for example, the device name, the machine-readable Fab ⁇ rikantevier "order number", the serial number, the order number, the product name
  • component sensor, actuator, safety switching device and their assembly
  • ei ⁇ ner database several distinct component features are stored, as well as their specific safety-critical characteristic value. by means of the computer-implemented method may be used to access the database. on the basis of a determination of a
  • the application no longer needs to laboriously seek the safety ⁇ critical characteristic of the respective component and enter, but it is sufficient if it determines that component by a unique component feature, for example, based on the order number, so that in other automatically the appropriate safety-critical characteristic of the component be ⁇ votes.
  • the unambiguous determination of the safety-critical characteristic value, by means of a unique component feature of the Sen ⁇ sors, actuator or safety switching device are carried out, for which purpose first the unique component feature of the Sen ⁇ sors, actuator or safety switching device is determined and then the safety-critical characteristic of the Sensors, Ac- sector or safety switching device is determined by a comparison of the specific unique component feature with a database. If the sensor, actuator and / or the safety switching device modular in construction, so preferably the fabricatskriti ⁇ specific characteristic value can be determined for each individual component of the sensor, actuator and / or safety switching device by a unique Kom ⁇ ponentenmerkmal of the corresponding assembly.
  • the selection of the unique component feature takes place in particular by a manual input of a value or by a selection in a component catalog.
  • the selection can be made by means of a graphical user interface.
  • the database contains several unique component features of sensors, actuators, safety switching devices and / or their modules as well as their associated specific safety-critical characteristic value.
  • the computer-implemented method is safety-oriented.
  • the safety switching device is designed to control a Ver ⁇ consumers indirectly and / or immediately safe, so that it can be turned off by means of the safety switching device.
  • a Ver ⁇ supply line can preferably be opened to a consumer and / or closed. This can be done either directly by cherheitsschalt réelle that Si or by means of a connected to the Si ⁇ cherheitsschalt réelle contactor. It is also conceivable that the consumer has safe inputs, which are controlled by the safety switching device, so that the Safety switching device shun the consumer over this
  • the safety switching device comprises at least one Logikbau ⁇ group and at least one expansion module.
  • the expansion module can be a pure input module with inputs, an output module with outputs, or a mixed module with inputs and outputs.
  • the Si ⁇ cherheitsschalt réelle can thus be modular.
  • the modules of the safety relay will be considered for determining the error probability of the safety ⁇ application which are used in the application safety.
  • the individual modules each have a safety-critical characteristic value.
  • the safety-critical characteristic value of the individual modules involved in the safety switching device is uniquely determined.
  • the determined error probability of the security ⁇ application is output via an output means.
  • the output can be made for example by printing or by means of a graphic display.
  • the individual computation steps for determining the error probability of the safety application, the participating components of the safety application and / or the safety-critical characteristic values can be output in relation to the individual components of the safety application.
  • the calculation steps underlying the determination are output at least partially via the output means.
  • the safety-critical characteristic values of the individual sensors, actuators and / or safety switching devices that characterize the determination are output in relation to these.
  • the error probability is indicated by a PFH and / or PFD value and / or, if present, the safety-critical characteristic value is a PFH and / or PFD value.
  • the sensor, the actuator, the safety relay and / or its modules each have a PFH and / or PFD value.
  • the probability of failure of the safety application is also defined by PFH and / or PFD value.
  • PFH Probabilty of failure per hour
  • PFD Probability of failure on demand
  • the safety application preferably represents a safety-oriented system which fulfills one of the safety requirement levels 1 to 4 according to IEC 61508 and IEC 13849.
  • the computer-implemented method is realized in particular by a computer program product (engineering tool).
  • the computer program product may be a particular user through a graphical user interface that parameterize the safety switching device and defining the control certainly ⁇ uniform application.
  • the determined Probability of error displayed via the graphical user interface.
  • Running data obtained during the parametering and defining may be transmitted to the safety switching device by means of the computer-implemented encryption, so that it can be imaged by means of the safety relay, the logic of Si ⁇ cherheitsap rates.
  • a safety switching device may include a plurality of safety applications preferably being determined for each security application, the error probability separately ⁇ the must. This can be done by the present process preference ⁇ as well.
  • the computer-implemented method has a calculation function by means of which the error probability of the safety application can be calculated on the basis of the safety-critical characteristic values of the components involved.
  • the probability of error can be easily determined already during the planning and design phase of a plant or Maschi ⁇ ne, so that may be followed by a corresponding design of the plant / machine ER.
  • FIG 2 is a schematic illustration of individual steps of the computer-implemented method governing the determination of a probability of error of a Si ⁇ more uniform application.
  • 1 shows a schematic representation of a security ⁇ application 6.
  • the safety application 6 in this case comprises a safety switching device 1, three sensors 2 and two Akto ⁇ ren 3.
  • the sensors 2 are each by means of a under individual wiring to an input 4 of the safety relay 1 are connected, so that signals between the sensors 2 and the safety relay 1 can be replaced.
  • the Ak ⁇ motors 3 are also respectively connected by means of a single wiring with an output 5 of the safety switching device 1, so that signals between the actuators 3 and the safety ⁇ switching device 1 can be exchanged.
  • FIG. 2 shows a schematic representation of individual steps of the computer-implemented method for determining a probability of error of a security application, as shown for example in FIG.
  • the safety switching device is configured.
  • the security application is defined.
  • the error probability of the defined safety application is determined.
  • a user may each step using a Compu ⁇ ters on which the computer-implemented method can be executed with ⁇ means of a computer program product, imple ⁇ ren.
  • the third step 9 is carried out fully automatically by the computer program product.
  • the program product may further Compu ⁇ the determined error International ⁇ probability and / or underlying the calculation of the calculation steps safety application defined output, for example via a graphical user interface or by a print command.

Landscapes

  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Engineering & Computer Science (AREA)
  • Automation & Control Theory (AREA)
  • Safety Devices In Control Systems (AREA)

Abstract

L'invention concerne un procédé permettant de déterminer une probabilité d'erreur d'une application de sécurité (6), qui comprend un capteur (2), un actionneur (3) et un bloc logique de sécurité (1). Le but de l'invention est de simplifier la détermination d'une probabilité d'erreur de l'application de sécurité (6). A cet effet, il est proposé un procédé mis en oeuvre sur ordinateur comprenant les étapes suivantes : projection du bloc de logique de sécurité (1), définition de l'application de sécurité (6), détermination de la probabilité d'erreur de l'application de sécurité (6) définie.
PCT/EP2011/055806 2011-04-13 2011-04-13 Procédé de détermination automatique de la probabilité d'erreur d'une application de sécurité WO2012139638A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/EP2011/055806 WO2012139638A1 (fr) 2011-04-13 2011-04-13 Procédé de détermination automatique de la probabilité d'erreur d'une application de sécurité

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2011/055806 WO2012139638A1 (fr) 2011-04-13 2011-04-13 Procédé de détermination automatique de la probabilité d'erreur d'une application de sécurité

Publications (1)

Publication Number Publication Date
WO2012139638A1 true WO2012139638A1 (fr) 2012-10-18

Family

ID=44625915

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2011/055806 WO2012139638A1 (fr) 2011-04-13 2011-04-13 Procédé de détermination automatique de la probabilité d'erreur d'une application de sécurité

Country Status (1)

Country Link
WO (1) WO2012139638A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102017204219A1 (de) 2017-03-14 2018-09-20 Continental Automotive Gmbh Motorfernstart-System und Verfahren

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006067121A1 (fr) * 2004-12-20 2006-06-29 Siemens Aktiengesellschaft Procede pour concevoir un systeme de maniere sure, composant systeme et logiciel utilises a cet effet
DE102008044018A1 (de) * 2008-11-24 2010-05-27 Beckhoff Automation Gmbh Verfahren zum Bestimmen einer Sicherheitsstufe und Sicherheitsmanager

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006067121A1 (fr) * 2004-12-20 2006-06-29 Siemens Aktiengesellschaft Procede pour concevoir un systeme de maniere sure, composant systeme et logiciel utilises a cet effet
DE102008044018A1 (de) * 2008-11-24 2010-05-27 Beckhoff Automation Gmbh Verfahren zum Bestimmen einer Sicherheitsstufe und Sicherheitsmanager

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
"Wahrscheinlichkeitserkennung leicht gemacht", INTERNET CITATION, June 2005 (2005-06-01), pages 1 - 2, XP002573656, Retrieved from the Internet <URL:http://www.cicweb.de/index.cfm?pid=1473&pk=66042> [retrieved on 20100316] *
DR. MICHAEL HUELKE: "SISTEMA: ein Tool zur einfachen Anwendung der Steuerungsnorm EN ISO 13849-1", 31 December 2007 (2007-12-31), pages 1 - 9, XP055015028, Retrieved from the Internet <URL:http://www.dguv.de/ifa/de/pub/grl/pdf/2007_230.pdf> [retrieved on 20111216] *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102017204219A1 (de) 2017-03-14 2018-09-20 Continental Automotive Gmbh Motorfernstart-System und Verfahren
US11078880B2 (en) 2017-03-14 2021-08-03 Continental Automotive Gmbh Remote engine start system and method

Similar Documents

Publication Publication Date Title
EP2399174B1 (fr) Procédé et dispositif pour réaliser un programme d&#39;application pour une commande de sécurité
EP2012201B1 (fr) Procédé destiné à la programmation d&#39;une commande de sécurité
EP2422243B1 (fr) Commande de sécurité pour commander une installation automatisée et procédé de génération d&#39;un programme d&#39;application pour une commande de sécurité
EP2367083B1 (fr) Dispositif de création d&#39;un programme pour une commande programmable par mémoire, dispositif de programmation et procédé de programmation d&#39;une commande programmable par mémoire
DE102010010014B3 (de) Sicherheitsvorrichtung mit einer konfigurierbaren Sicherheitssteuerung
DE102009019089A1 (de) Verfahren und Vorrichtung zum Erstellen eines Anwenderprogramms für eine Sicherheitssteuerung
DE102008008357A1 (de) Verfahren und System zur Ermittlung von Zuverlässigkeitsparametern einer technischen Anlage
WO2010121796A1 (fr) Commande de sécurité et procédé de commande d&#39;une installation automatisée
DE102009026785A1 (de) Feldgerät zur Bestimmung und/oder Überwachung einer physikalischen oder chemischen Prozessgröße
EP2246756A1 (fr) Procédé et appareil de commande destinés à commander un composant d&#39;automatisation industriel orienté vers la protection
EP2422248A1 (fr) Système et procédé de répartition de données de projets d&#39;une commande de sécurité d&#39;une installation automatisée aux composants de commande
AT516652B1 (de) Formgebungsanlage
EP3470937B1 (fr) Procédé et dispositifs de surveillance du temps réactionnel d&#39;une fonction de sécurité fournie par un système de sécurité
WO2012139638A1 (fr) Procédé de détermination automatique de la probabilité d&#39;erreur d&#39;une application de sécurité
EP3470939A1 (fr) Procédé et dispositifs de surveillance de l&#39;intégrité de sécurité d&#39;une fonction de sécurité fournie par un système de sécurité
EP2360540B1 (fr) Support de données doté de graphiques pour la configuration de systèmes d&#39;entraînement et ordinateur doté d&#39;une interface utilisateur graphique
EP2864845B1 (fr) Reconfiguration automatisée d&#39;un circuit de réglage à événements discrets
DE10394242T5 (de) Verfahren und Instrument zur Zuweisung von Rechenressourcen in einem verteilten Steuersystem
WO2005001582A1 (fr) Unite de commande electronique et procede de definition d&#39;une architecture de logiciel pour une unite de commande electronique
WO2003027782A1 (fr) Systeme et procede pour programmer un systeme d&#39;automatisation a partir de diagrammes d&#39;impulsions
DE102009002734A1 (de) Feldgerät zur Bestimmung oder Überwachung einer Prozessgröße in der Prozessautomatisierung
DE102013010783A1 (de) Verfahren und Steuergerät zum Testen einer Automatisierungslösung basierend auf einer PLC-Steuerung
EP1714198A2 (fr) Procede de projection pour systeme d&#39;automatisation
EP3671378A1 (fr) Contenant de données pour un système de commande d&#39;une installation technique
EP2482154A1 (fr) Procédé et appareil de commande destinés à commander un composant d&#39;automatisation industriel orienté vers la protection

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11715214

Country of ref document: EP

Kind code of ref document: A1

DPE1 Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11715214

Country of ref document: EP

Kind code of ref document: A1