While the present invention is broadly directed at communication systems, it is more specifically directed at vital communication systems. Vital communication systems communicate vital data in such a way that the data retains its "vitalness" at the output of the communication system.
The term vital implies that the data has been processed to guard against generating data which, even in the presence of a failure, is not safe. The apparatus and techniques which are employed to generate the vital data plays no part in the present invention; it is the purpose of the present invention to communicate that data, from a point at which it is generated, to a remote point. It should be apparent that a vital communication link is all that is needed. However, vital communication links are not readily available. It is therefore the purpose of the present invention to transport the vital data over a non-vital communication link, such that at the output of a non-vital communication link, the data retains its "vitalness". While prior developments in this area have met with success, see U.S. Pat. No. 4,090,173 and prior copending Sibley application Ser. No. 273,299, now U.S. Pat. No. 4,471,486 entitled "Vital Communication System for Transmitting Multiple Messages", both assigned to the assignee of this application, we believe improvements in the area of maintaining high security against failures can be obtained.
One technique to retain the "vitalness" of the data being transmitted is to transmit, in addition to the message itself, redundant information. While the probability of corrupting the data itself may be at a given level, the probability that the corrupting influence will not only corrupt the data but the redundant information in a compensating fashion is lower. However, there are a variety of techniques for adding redundant information.
Transmitting vital information over a non-vital communication link requires, in addition to the transmission function itself, additional functions of checking or verification, and these procedures are carried out both at the input and output end. The checking or verification procedures are designed to check or verify that at the input end, the input sensing has been accomplished in a vital fashion, or in other words, to answer the question have we correctly sensed the input data?; and at the output end, we must check or verify that the received data is consistent with the redundant information (this detects any errors in the non-vital communication), and we must also check or verify that the output of the communication system properly reflects the data which has been received, i.e. guard against errors in the output function.
Furthermore, at the input end, once we have satisfied ourselves that the data has been properly sensed, it must be encoded (this is where the redundant information is added) and we must check and/or verify that the encoding is properly performed. A complementary function at the receive end is the necessity for decoding the information, i.e. stripping out the redundant information, and checking and/or verification is also required to assure that this has been effected without error.
Efficiency in connection with this processing (verification that sensing, encoding, decoding and output have all been performed correctly) relates to the time required for effecting the functions. Desirably, the time required to effect these functions is minimized, without at the same time increasing the probability of unsafe failures.