Such a system or method is for example used in industrial automation systems, in which safety-relevant data is maintained.
Known fail-safe systems are disclosed inter alia in standards such as IEC 61508 “Functional Safety of Electrical/Electronic/Programmable Electronic Safety-Related Systems”. According to IEC 61508 in a fail-safe automation system measures must be taken to prevent error and control error according to a Safety Integrity Level (SIL).
To transmit safety-relevant data on a bus system a telegram is generated, which in addition to the pure net data to be transmitted also contains a checksum, which a recipient can use to check the transmitted net data for any errors. This checksum must always match the net data. If there is no such correspondence, this signals to the recipient that an error has occurred. The so-called Cyclic Redundancy Check (CRC) is implemented for example to generate the checksum.
To achieve a safety integrity level of 2 according to IEC 61508 in an automation system, all the safety-relevant data, in particular IO data, is maintained in duplicate. To transmit the data on the bus system according to the prior art a telegram is generated by a two-channel communication driver, in which the data present in both channels is used. To this end the data is provided by one of the two channels via a controller and the checksum is calculated and provided from the data of the other channel by means of a second controller. When the data leaves the communication driver for the bus, the telegram allows an error occurring in one of the two controllers that are redundant in respect of each other to be identified, by checking the correspondence of the checksum and the net data. This allows safety integrity level 2 to be achieved in the communication protocol, even though the two-channel data only appears/is present on a system with one-channel hardware.