Reducing a risk for human beings and the environment often requires providing safety functions in automation bus systems and the subscribers connected thereto. An example is the stop of a machine connected to the automation bus system when an emergency stop switch is actuated. To this end, error-proof automation systems are increasingly applied. In general these error-proof automation systems realize on the one hand the proper safety function, such as two-hand control, muting, operation mode selection switch, etc., and on the other hand error detection and error controlling steps such as set forth for example in standards IEC 61508 and ISO 13849.
In present automation systems, communication systems which connect local input/output devices (I/O devices) and controls are used, depending on the automation level and the dimension of the system. For transferring safety-related data it is known to support the network with secure network protocols. Heretofore, the employed signal flow emanates from a central safety apparatus in which the secure input signals are transferred to a secure controller, are processed therein, and then transferred to respective actuators. This secure processing is also referred to as a secure application.
Communication errors can exist or arise in the hardware and firmware of the automation devices, in infrastructure components of the network such as field bus or Ethernet components, and during data transfer, due to external influences. An example for external influences is interference in data transfer caused by electro-magnetic fields.
In automation technology there are presently two tendencies. On the one hand, efforts are taken to decentralize control functions. Furthermore there is an interest to integrate safety technology into the control and network apparatus.
With decentralization the control function is more and more transferred into the output level. For example in drives the control function can be integrated to a limited extend.
However, integration of safety technology into controls and networks produces strong dependencies in the application process. A result of these dependencies is that development and programming of the systems becomes more complex. This is in some way contradictory to the desirability of easy handling of the safety technology. The complexity of development of safety-related applications has been until now one of the essential reasons for the sluggish acceptance of a transition from conventional hard-wired safety technology, in particular on the basis of safety relays. Additionally, present secure automation bus systems are prone to erroneous use and lacking availability of the controlled system caused by so called faulty activation due to the problems mentioned above.