In certain vital control systems, such as, in cab signaling apparatus for railroad and mass and/or rapid transit operations, it is extremely important to exercise the utmost care in designing and laying out circuits and networks. In order to provide the highest degree of safety to individuals as well as to afford the most protection against damage to the equipment, it is essential and mandatory to ensure that under no circumstance will a critical component or circuit failure be capable of producing an unsafe condition. Accordingly, it is readily obvious that the control apparatus must operate in a fail-safe manner so that any conceivable failure will result in a condition at least as restrictive and preferably more restrictive than that preceding the failure. For example, a component failure or circuit malfunction in a vital speed control system must not be permitted to simulate and indicate a condition for increasing or maintaining the vehicular speed. In keeping with Association of American Railroads (AAR) definition of Fail-Safeness, a vital piece of apparatus or equipment is considered to operate in a fail-safe manner when any critical component or circuit failure results in a safe condition.
In a cab signal speed control system, it is mandatory for the operator or trainman to take appropriate action within a given period of time after a more restrictive speed command is received onboard from the wayside. Thus, upon reception of a more restrictive or lower speed signal, the operator must immediately acknowledge the warning signal by decelerating the moving train to the newly received prescribed speed or the emergency brakes will be automatically set after an elapsed period of time to bring the train to a complete stop. It will be appreciated that the acknowledgment of the warning signal and the deceleration of the moving train or transit vehicle should take place as soon as possible after the reception of the more restrictive signal in order to prevent the train or vehicle from going too fast and too far beyond a safe braking and stopping point. Since the distance of travel is the product of the speed of a train and the elapsed time, it is essential that the time period from the reception of the more restrictive speed command signal to the acknowledgment by the operator must not be capable of being increased. The safety of individuals and equipment may be put in jeopardy if the elapsed time period is inadvertently or accidentally increased by a component or circuit failure. Thus, in an electronic system the time period for response is established by a time delay circuit which is actuated upon the reception of a more restrictive speed command signal. As mentioned, the length of the time period must not be extended under any circumstance. Ergo, the electronic time delay circuit must operate in a fail-safe manner in that no critical component or circuit failure is capable of extending the expiration of the time period to produce an unsafe condition.