The present invention relates to a safety switching device for failsafe disconnection of an electrical load, such as a drive of a dangerous machine, and to an arrangement for failsafe evaluation of a position encoder provided for user selection of an operational quantity, such as an operating mode, in such a safety switching device. More particularly, the invention relates to an arrangement for failsafe evaluation of a position encoder having a first terminal, a second terminal and a moveable tap, wherein a defined total impedance can be detected between the first and second terminal, and wherein a first partial impedance and a second partial impedance can be detected between the respective terminal and the tap.
In general, the invention relates to a device and an arrangement in the field of safety engineering in the sense of protecting personnel from injury by potentially hazardous machines and equipment. Safeguarding such machines and equipment has been performed for many years now using safety switching devices, which evaluate status signals from emergency stop buttons, safety-door switches, light barriers, light curtains and other safety-related signaling devices, and, depending on the evaluation, either disconnect a monitored machine or installation from the power supply, or bring it into a safe state by other means. Safety switching devices are typically used in addition to the operational controllers of the machine or installation. Operational controllers control the “normal” operating procedure of the machine or installation. They are not designed to be “failsafe”, however, and hence cannot ensure the desired level of personnel protection.
If a larger number of safety functions is required, programmable safety controllers are typically used, wherein monitoring of the individual signaling devices and their logical dependency can be defined by software programming. For applications having a small or moderate number of safety functions, on the other hand, safety switching devices are mostly used, whose operation can be modified to a certain extent without this requiring software programming by the user. For example, in such safety switching devices, various operating modes can be set, for instance start-up operating modes (automatic start-up, manual start-up, monitored start-up), or delayed/non-delayed shutdown of the machine. In the latter case, the user shall also have the facility to set a delay or select from a number of predefined delays. In addition, in many safety switching devices, it is possible to adjust the operating mode to suit different operating environments, for example whether the safety switching device is supplied with clocked or unclocked status signals. All these settings are collectively referred to below as setting an operational quantity.
Operational quantities can be set, for example, using potentiometers or resistor networks, which provide a variable resistance as a function of the instantaneous position of a control element. For reasons of failsafety, however, at least two redundant position encoders are used for safety switching devices, which is a disadvantage because of the component costs and the need of assembly. DE 100 09 707 A1 thus proposes to combine the switching function of two redundant rotary switches of a safety switching device into one component.
DE 100 16 712 A1 discloses a safety switching device, wherein an operational quantity can be set by supplying one of at least three different input signals to an input terminal of the safety switching device. Depending on the applied input signal, the safety switching device selects one of at least three predefined operating modes. This method has proved highly advantageous, because it dispenses with the expensive and time-consuming assembly of redundant rotary switches or potentiometers. The method does require, however, that there is at least one input terminal available on the safety switching device for supplying the selection signal. This restricts the minimum overall size of a safety switching device.
EP 1 494 098 A1 discloses a method and a device for a largely failsafe evaluation of a potentiometer. The potentiometer is connected in series with one or two defined fixed resistors. The potentiometer, together with the two fixed resistors, forms a voltage divider, and the instantaneous potentiometer position is determined from the divider ratio of the potentiometer. In addition, the voltage drop across the one fixed resistor is determined and compared with a setpoint value. Since the same current flows through the potentiometer and the fixed resistor, the potentiometer can be checked using the fixed resistor. The disadvantage with this method is that the voltage range that can be varied by means of the potentiometer is reduced by the fixed resistors connected in series. This means that the number of potentiometer positions that can be distinguished from each other with failsafe reliability is reduced. In addition, measurement of the potentiometer position is subject to inaccuracies dependent on the tolerances of the fixed resistors. Finally, this circuit is expensive if a plurality of potentiometers are to be evaluated with failsafe reliability.
EP 1 022 570 A2, DE 43 22 472 A1 and U.S. Pat. No. 5,812,411 disclose further circuits for evaluating the position of a potentiometer and for checking correct operation of the potentiometer. These solutions are also expensive, in particular if a plurality of potentiometers are to be monitored with failsafe reliability. In addition, the number of potentiometer positions that can be distinguished from each other is again limited because of tolerances of additional components.