Field of the Invention
Preferred and non-limiting embodiments are related to positive train control (PTC) systems and, in particular, to a method and system for transmitting enforceable instructions in PTC systems.
Description of Related Art
There are potential hazards associated with conventional designs of a Back Office Server (BOS) segment in conventional positive train control (PTC) systems. For example, various hazards have been identified and are associated with the manner in which conventional PTC systems transform and transfer enforceable instruction data to an on-board system after the enforceable instruction data is received from a computer aided dispatch (CAD) in Railroad Systems. An enforceable instruction is a bulletin or authority issued to a train by a CAD. In particular, two identified hazards include: (1) the BOS normalization process may cause enforceable instruction data received by the on-board system to differ from the enforceable instruction data that was sent by the CAD; and (2) the BOS may not associate an enforceable instruction with the correct train(s).
The first hazard is associated with the manner in which the PTC system handles enforceable instruction data after the enforceable instruction data is received from the CAD. A conventional process for issuing an enforceable instruction from a CAD system to the on-board system is described below and illustrated in FIG. 1. The CAD sends an enforceable instruction to a geographic BOS (G BOS) containing safety critical information with a railroad (RR) message cyclic redundancy check (CRC) over the entire enforceable instruction message content. The G BOS receives and validates the message using the RR message CRC. The G BOS normalizes CAD-provided enforceable instruction data unique to each railroad into a common format. The G BOS constructs and sends a Bulletin Dataset message (message 01041) or a Movement Authority Dataset message (message 01051) to the on-board system by assigning the enforceable instruction to an on-board system based on locomotive and train identifications in the enforceable instruction and stored associations (e.g., Train ID to Locomotive ID association and subdivision/district polling); constructs a dataset message (Bulletin Dataset (01041) or Movement Authority Dataset (01051) message) and includes a BOS enforceable instruction (MD) CRC with the message; calculates a hash-based message authentication code (HMAC) over the entire message; and sends the dataset message to the on-board system. The on-board system receives and validates the dataset message (Bulletin Dataset (01041) or Movement Authority Dataset (01051) message) by authenticating the message using the message HMAC and validating individual fields in the message, as well as the BOS MD CRC.
One potential hazard associated with G BOS conversion of safety critical MD data (shown as “Hazard” in FIG. 1) is that the on-board system enforces incorrect safety critical MD data due to MD data received by the on-board segment differing from the data sent by CAD. The G BOS normalization causes the MD data to be changed from the MD data that was initially sent by the CAD to the G BOS. Conventional PTC systems do not include a method or system for ensuring the integrity of the BOS segment transmission of enforceable instructions to locomotives.
A second hazard is that the G BOS may not associate an enforceable instruction with the correct train(s). An incorrect association results in the on-board system having the wrong set of enforceable instruction data and enforcing incorrect safety critical data. FIG. 2 shows a conventional enforceable instruction delivery method with the second hazard identified.