The present invention relates to a safety switching device for switching on or off a hazardous installation in a failsafe manner.
A safety switching device in terms of the present invention is a switching device designed for meeting the requirements of common safety standards for industrial machines, especially meeting the requirements for PL d (Performance Level d) according to the ISO 13849-1 and/or SIL 3 (Safety Integrity Level 3) according to EN/IEC 62061 or comparable safety standards. This includes especially safety relays, safety controllers and sensor and actuator modules which are used for controlling and performing safety-critical tasks in the field of industrial production environments. For example, safety relays are known which monitor the operating position of an emergency off button or of a protective door or the operating state of a light barrier, and switch off a machine or a machine installation in dependence thereon, if required. A failure of safety switching devices can have life-threatening consequences for machine personnel which is why safety switching devices may only be used when they are certified by competent supervisory authorities.
A prior art safety switching device is known, for example, from DE 10 2006 004 558 A1 which relates to a safety switching device for reliably switching off an electrical load. The safety switching device has an input for connecting a signaling device, a switching element at the output for reliably switching off the load, a control/evaluating unit which drives the switching element in response to the signaling unit, and a power supply for providing an operating voltage.
Quite generally, a power supply is used for providing a particular operating voltage for a device or an assembly, such as the control/evaluating unit, especially a different voltage than is provided by the power system. The power supply has a voltage converter, also called transformer, for converting an input voltage into an output voltage corresponding to the required operating voltage. The output voltage or operating voltage is typically a direct voltage. A distinction is made between external power supplies which are mostly connected to the device via a cable, and internal power supplies which are arranged inside the device or integrated therein.
In the case of external power supplies, a mains voltage at the input end which is provided by a public utility, for example, may be converted into an output voltage or operating voltage for electrical or electronic devices which cannot be operated with the existing mains voltage. For example, a power supply may generate from a mains voltage of 230 volt AC (alternating voltage) an operating voltage of 24 volt DC (direct voltage), which may be needed for operating a particular device.
In the case of safety switching devices, an external power supply having a maximum output voltage that does not exceed a value which is harmless to humans even in the case of component faults must normally be used for protection against hazardous body currents, for example a power supply with PELV (Protective Extra-Low Voltage) or SELV (Safety Extra-Low Voltage). Overvoltages, which might be fed into the safety switching device from the outside, have to be assumed with approx. 65 volts for contact protection. The nominal voltage is usually 24 volts. In the case of a power supply for a safety switching device, the input voltage is, therefore, usually a voltage which is lower than the mains voltage. For example, an input voltage of 24 volts may be converted into a lower output voltage such as, for example, 5 volts or a lower value.
The power supply of the safety switching device can be dimensioned, for example, in such a manner that it is not overloaded at a nominal voltage of, e.g. 24 volts, even when maximally 65 V are fed in. The overvoltage occurring externally can thus be controlled by a suitable circuit configuration and corresponding component selection. In case of component defects or component failures in the power supplies, however, a voltage of 65 V, fed in for example, could reach the internal components supplied by the power supply. If the normal operating voltage is 5 V or lower, for example, the components may then be destroyed in the case of internal component defects/failures. This may lead to an unsafe state of the safety switching device. It is desirable, therefore, to provide measures for controlling these overvoltages caused by internal component failures in the power supply.
In the safety switching devices previously known, power supply faults such as overvoltages caused by component defects were controlled by means of measures outside of the power supplies. An overvoltage which could destroy components fed by the power supply was accepted and controlled by monitoring measures and failsafe driving of the outputs.