The present invention pertains to fault tolerant data processing, and, more particularly, to uninterrupted fault tolerant data processing for high reliability applications.
Data errors, or faults, are inevitable in digital data processing systems and are in part due to the complexity of the circuitry, the associated peripheral and ancillary devices, and the process control software. To permit error-free data to be generated, processed, transmitted, and received, even in the event of the occurrence of a fault, the art has developed a number of approaches for detecting when faults have occurred and then suspending operations until the defective processing element has been replaced or alternatively rendered operational. In many applications it is extremely undesirable to suspend data processing when faults are detected and so a variety of techniques and apparatuses have been developed to achieve continued system operation despite fault occurrences, albeit with some delay which occurs as the system determines the nature of the fault and the appropriate corrective action(s). Certain systems, for example, the flight control system of a spacecraft during launch, cannot tolerate even momentary lapses in data processing, nor can an error be permitted to occur. The art has developed systems for successfully providing the required degree of confidence. In such computer systems independent self-checking computer modules remove themselves if a fault is detected.
Another strategy for providing fault tolerance in digital systems is to employ groups of identical processors performing identical tasks together with voting arrangements such that when one processor disagrees with the remainder of the processors, it is removed from use.
For example, secure telephony relies on processing of voice, facsimile, or other analog data and conversion to digital form, followed by encryption of the digital data via key generators/(data processors). The key generator produces a unique bit stream in response to input data. The unique bit stream can be decrypted by the receiver to reproduce the digital data. The digital data are then employed to generate a replica of the original analog data.
A current practice in enhancing system robustness is to employ a pair of key generators encrypting the same data in tandem. When a fault condition is identified through key generator output signal comparisons or other means, these key generators are shut down and a third key generator is switched into service to provide data encryption. This process may result in interruption of the encryption process and does not achieve a maximum mean time between failures possible for a triply redundant system, for example.
In light of the foregoing discussion, it will be appreciated that there are real needs for data processing systems wherein data processing is neither corrupted or interrupted, even in the event of soft malfunctions or hardware error or failure.