Train safety is an important issue in the United States and throughout the world. This is true for both passenger trains and for freight trains. Although movement of a train can be directed by a computerized train system in some instances, the movement of the vast majority of trains is directed by a human operator. Reliance on a human operator necessarily creates the possibility of mistakes being made by that operator, and these mistakes can and often do lead to unsafe conditions and, in the worst case, accidents and loss of life and property.
One aspect of train safety is ensuring that trains do not exceed maximum allowable speeds. Maximum allowable speeds can include: 1) upper limits on train speed that may be applicable throughout an entire rail system; 2) permanent maximum speed limits applicable to a certain specific sections of track; and 3) temporary speed restrictions that may be applicable throughout an entire rail system (e.g., a lower speed on hot summer days when there is a possibility of track buckling) or a portion of a rail system (e.g., a restriction on a particular section of track that is undergoing repairs).
A second aspect of train safety is avoiding collisions between trains. Train operators are typically authorized by a signaling system or a dispatcher to move a train from one area (sometime referred to in the art as a “block”) to another. The operator is expected to move the train in only those areas for which the train has been authorized to travel. When an operator moves a train outside an authorized area, the possibility that the train may collide with another train that has been authorized to move in the same area arises.
Concern over operator error in complying with speed restrictions and limits on authorized movement has led to a number of systems that attempt to prevent such operator errors. Early versions of such systems, such as the cab signal system, involve the transmission of signal information into a locomotive via a signal transmitted over an electrical power line through which the train receives electrical power for movement. Such systems will take preventive action (e.g., a “penalty” brake application) when the train is moving outside the authorized area. However, this can lead to unsafe conditions because the preventive action does not occur until after the authorized movement limit has been violated.
Other, more sophisticated systems, such as the TRAIN SENTINEL™ system marketed by the assignee of this application, Quantum Engineering, Inc., anticipate when a train will violate a limit on a movement authorization or exceed a speed limit, and take preventive action prior to a violation to ensure that the limit on a movement authorization or the speed limit is not violated. However, this system requires significant onboard computing capability.
An important issue with such train control systems is whether or not they are sufficiently reliable. A relevant industry standard is the IEEE 1483 “Standard for Verification of Vital Functions in Processor-Based Systems Used in Rail Transit Control.” This standard includes a definition of what is necessary for a train control system to be considered as “vital.”