A variety of safety devices are used for various situations. Many such devices have monitoring capabilities and provide information regarding situations that are of interest or concern from a safety or security perspective. One such device is a flame detector that detects optical output of a burner flame, for example.
One benefit of having such devices is that they can be deployed in various locations and communicate with a centrally located monitoring station where the information from various safety devices is processed for monitoring purposes or to dispatch a response team or individual depending on the circumstances. There are known protocols for communicating such information. There are two modes of such communications. The first is for the monitoring mode and involves what are considered “Non-Critical Exchanges.” The messages exchanged in this first mode are available at run time and do not affect the safety-related operation of the safety device.
The non-critical exchanges typically are based on the instrumentation and control industry standard application protocol entitled Modbus RTU. This protocol is employed for all non-safety critical communications such as requests for monitored condition information, safety device status, and current safety device settings. One aspect of such communications is that they can not alter or affect any configuration parameters of the safety device (i.e., they do not alter the behavior of the safety device's critical function).
The second mode of communication involves what are considered safety-critical communications. For example, there are specific safety-critical parameters that can be set during commissioning or changed while a device is in service. Any communications for setting such a parameter require a communication protocol that is more robust and reliable than that used for the non-critical communications. For example, the Modbus RTU protocol is currently not acceptable for critical communications. Safety-critical communications have to satisfy industry standards such as those contained in IEC 61508-2 Section 7.4.8, EN50159-1, EN50159-2 and EN50129. These standard requirements provide for required probabilities of undetected failure of the communication process that take into account transmission errors, repetition, deletion, insertion, re-sequencing, corruption, delay and masquerade. The industry standards detail specific threats that open and closed communications systems should guard against to avoid potential malfunctions of the safety device resulting from an error or fault in the safety-critical communications.