Safety engineering is employed for automated processes in the widest variety of industrial spheres, in order to protect employees from injury and to ensure the functional capability of machinery and installations. In safety-engineering applications the complete signal path of a safety function is taken in consideration. This is composed of secure apparatus, such as controllers, sensors or actuators and the connections thereof to one another. Said connections are designed for the most part in parallel wiring. However, parallel cabled routes require a high cost for fault detection of secure cabling. This occurs by means of a diagnosis function of the secure equipment in order to detect, e.g. a cross-circuit or short circuit or open connection. According to the safety requirement, said systems are designed to be redundant or, in part, also to be diverse in order to master or detect the possibility of occurring faults. This approach is impractical in planning and for some spheres of application and, moreover, frequently is expensive and cost-intensive to carry out.
A significant matter of expense within the costs for planning, cabling and equipment is the transformation cost for adapting the signal between logic signal and peripheral signal, which is incurred due to the interchange points between the input or output components and the control.
In modern systems, secure networks replace a large part of said routes with serial connections, since this simplifies the signal path between input or output components and the control. However, serial networking with current network solutions is very cost intensive and is used at present only for high-value finished equipment. The reason for this is the, at this time, different operating principle of cabling monitoring, redundancy in the cabling and the simplicity of the sensors, such as a purely mechanical opener. A combination of finished equipment with network connection and parallel wiring is not possible in this context. A network capable sensor, for example, therefore cannot simply be exchanged for a cabled sensor.
The transmission and processing of safety-oriented data in a serial communication system employed for control of an automation system is encumbered with special requirements. In this context, safety-oriented data denote such data as serve to control safety-relevant processes of a machine or installation, where each process is safety-relevant, from which the event of a fault can result in the origination of danger to people and/or material goods.
One approach according to the state of the art for this set of problems consists in constructing, in particular, the safety-oriented components of the system in a multi-channel way beyond a certain level of safety, i.e., redundantly. For example, in an automation bus system it can be provided that safety bus components, i.e., bus stations, for example, assigned to a safety-relevant machine are equipped with redundant hardware components. Simultaneously the central control and the bus also can be of a multi-channel construction or even a special, safety control for control of the safety-relevant components can be provided separate from the process controller and under certain circumstances with a redundant construction. The bus typically is provided with a secure protocol, with even the secure protocol itself being able to feature a redundancy. The safety control essentially carries out connections of safety-related input information and thereupon transmits safety-related connections to output components, for example, by means of an automation bus. The output components, for their part, process the received safety measures and, after a positive check of said safety measures, emit these to the peripheral. In addition they switch their outputs to a secure status if they detect a fault or have not received any more valid data within a specified amount of time. A control system for controlling safety-critical processes, for which the safety-related arrangements feature a multi-channel structure is known, e.g. from EP 1 188 096 B1.
Moreover it is known to furnish specially designed secure communication stations, for which an increase in security is achieved by means of a redundant evaluating logic in combination with a fail-safe comparator. This type of secure bus station is employed, for example, in systems based on the INTERBUS-safety system.
However, in the aforementioned systems, the redundant provision of hardware components leads in a disadvantageous way to increased expense and to increased cost.