The present invention relates to an arrangement and a method for controlling an automated system and, in particular, to an arrangement and a method for controlling a railroad system. Moreover, the invention relates to a new disconnection unit for use in such an arrangement and such a method.
DE 10 2007 039 154 A1 discloses a safety system for a railroad network having a control level and having field elements to be controlled. An electronic railway control center is mentioned as one example. The document states that such control centers historically are constructed on a highly centralized basis, and any minor change therefore affected the entire system. This also applied to the software, which, in the event of minor changes, had to be adapted from the control level down to the field elements, such as switches, movement signals etc. In order to simplify the conversion and extension of such a safety system, the document proposes a modular design, with the control level being in the form of the master, with the field elements being in the form of slaves, and with the master and the slaves being connected to one another via a communication system. The slaves are also intended to be controllable via an additional controller, which can be connected to the communication system via a communication interface that is the same for all the slaves.
For the proposed implementation, DE 10 2007 039 154 A1 requires that the communication system ensures uncorrupted and uncorruptable transmission of data messages between the master and the slaves. In other words, the proposed solution requires a failsafe communication system between the master and the slaves. This means that both the master and the slaves must have a specific communication interface for a failsafe communication system. An implementation of this kind may result in progress in terms of flexibility for conversions or extensions in comparison to earlier safety systems, on which DE 10 2007 039 154 A1 is based. However, the proposed implementation is disadvantageous when existing railroad systems have to be converted, since this implementation is based on the use of a very specific communication system, which is therefore generally proprietary.
DE 197 42 716 A1 describes a control and data transmission system having a control unit and a plurality of I/O units. Safety-related assemblies are in each case integrated in the control unit and the I/O units, which assemblies negate the input and output data to be transmitted and transmit such data redundantly with respect to the original data. The redundant data transmission requires a communication interface, which is specifically designed for this purpose and is therefore proprietary, and it requires correspondingly designed I/O units. This control and data transmission system is therefore also disadvantageous when it comes to convert existing railroad systems.