This disclosure relates to an apparatus for safeguarding a monitoring area in which an automatically operating machine is disposed, with a sensor unit for monitoring the monitoring area, with a configuration unit for defining at least one first and one second protection area, and with an evaluation unit for triggering a safety-related function.
The disclosure further relates to a corresponding method and a corresponding computer program for safeguarding a monitoring area in which an automatically operating machine is disposed.
With modern industrial robots that move at considerable speeds, collisions generally result in serious damage, both to the robots and to the workpieces being handled by the same. This can result in costly production outages. The safety of persons that are interacting with the automatically operating robots also has the highest priority. With modern industrial robots and other machines with moving machine elements, the movement of which constitutes a risk for persons and other objects, a collision between the moving machine elements and a foreign object must therefore be prevented from occurring by using safety devices. For this it is usually sufficient to bring the machine to a standstill before an unintentional contact occurs.
Traditionally, hazard areas around automatically operating machines are fenced off with mechanical barriers in the form of protection fences and protection doors and/or using light barriers, light grids and laser scanners. Once a person opens a protection door or interrupts a light grid or a light barrier, a switch-off signal is produced, with which the hazardous working displacement of the machine is stopped. The installation of such safety devices is however rather expensive and the safety devices require a lot of space around a hazardous machine. Moreover, such safety devices are not very flexible when it comes to adapting the safeguarding of the hazardous working area to different operating situations of the machine.
In order to avoid said disadvantages, there have been efforts for some time to implement the safeguarding of the hazardous working area of an automatically operating machine using camera systems and suitable image processing. One such system is distributed by the applicant under the name SafetyEYE.
EP 1 543 270 B1 discloses such a system with at least two cameras, which cyclically produce images of the hazardous working area. The images from the cameras are analyzed with at least two algorithmically different methods, wherein the hazardous working displacement of the machine is stopped if at least one of the two methods results in detection of a foreign object in a previously defined protection area. Each of the two analysis methods produces 3D information from the images from the cameras, so that the position of objects in the defined protection area can be determined using the methods. A great challenge for such methods and apparatuses is that the already complex image processing has to be implemented fail-safe in the sense of relevant standards for machine safety, in particular EN 954-1 (obsolete), EN ISO 13849-1, IEC 61508 and EN ISO 13855, so that such an apparatus can actually also be used for safeguarding a hazardous machine. A failure of the apparatus itself may not result in the safeguarding of the machine being lost. An apparatus below that at least achieves Category 3 according to EN 954-1, SIL 2 according to IEC 61508 and/or the Performance Level PL (d) according to EN ISO 13849 therefore qualifies as fail-safe in this sense. The method known from EP 1 543 270 B1 and a corresponding apparatus can achieve this and have already proved themselves in practical applications.
An increasingly occurring desire under the aforementioned topic is for the improvement of the man-machine interaction. The focus here mainly lies in developing the safety systems to enable people to work in immediate proximity to a hazardous machine without this causing a risk to the people, but also without the machines being unintentionally shut down too often because of the persons present in the immediate vicinity thereof. For example, it is desirable that a person can remain in the basically hazardous surroundings of a robot while the robot is working in order to monitor the working processes of the robot in situ or in order to process a workpiece simultaneously or alternately with the robot. Nevertheless, it must further be ensured that the person is not injured by the working displacements of the robot.
With the aforementioned camera-based safety systems, mainly virtual protection areas must be defined around the machine. The camera system then detects whether a foreign object enters such a protection area and then switches off the machine or brings the machine into a safe state. In order to be able to guarantee sufficient safety, the protection areas for this are defined at a relatively large distance around the machines. The safety distances to be maintained are based on the standards EN ISO 13855: 2010 and EN ISO 13857:2008.
The general formula for calculating the minimum distance reads:S=K·(t1+t2)+C+Zg where:                S=minimum distance in mm measured from the start of the protection area to the source of the hazard;        K=approach speed with which the object to be detected approaches the hazard area in mm/s (for the aforementioned camera-based safety systems this is mostly assumed to be K=1600 mm/s);        t1=response time of the safety system (for the aforementioned camera-based safety systems this is generally assumed to be t1=0.34 s);        t2=response time of the machine (e.g. robot, assumed to be 0.7 s);        Zg=allowance for measurement tolerance of the safety system;        C=penetration depth. This is defined as the distance by which a body part can move past the safety device towards the hazard area before the safety device is triggered.        
An exemplary, realistic calculation of the safety distance for the aforementioned camera-based safety systems would be given by the following:
                    S        =                ⁢                              K            ·                          (                                                t                  1                                +                                  t                  2                                            )                                +          C          +                      Z            g                                                  =                ⁢                              1600            ⁢                                                  ⁢            mm            ⁢                          /                        ⁢                          s              ·                              (                                                      0.34                    ⁢                                                                                  ⁢                    s                                    +                                      0.7                    ⁢                                                                                  ⁢                    s                                                  )                                              +                      850            ⁢                                                  ⁢            mm                    +                      316            ⁢                                                  ⁢            mm                                                  =                ⁢                  2.83          ⁢                                          ⁢          m                    
The magnitude of said safety distance is usually determined by the maximum working area to be reached by the robot if the robot does not have a mechanical stop. This means that the safety area surrounds the robot relatively widely. Bearing in mind that most robots actually only very rarely use their maximum possible working area in practice, a value of 3 m starting from the maximum working area of the robot to be reached appears to be generous or large. As a result the required safety level can indeed be guaranteed, but this takes up a great deal of space. This would thus also make it difficult to install a plurality of robots adjacent to each other in a relatively small space, which would prove disadvantageous particularly in production halls with a plurality of such robots. It would therefore be desirable in principle to be able to limit the spatial extent of the virtual protection areas somewhat without this adversely affecting the safety to be guaranteed.
DE 10 2007 007 576 A1 proposes a method and an apparatus for safeguarding the hazardous working area of a robot, wherein a 3D image of the working area is produced and a kinematic human model is associated with a person present within the working area. The 3D image is analyzed as to whether the actual state of the working area deviates from a target state of the working area, wherein the target positions of the person are taken into account by means of the kinematic human model. Said method and the corresponding apparatus should enable human-robot collaboration. Because of the target-actual comparison, a person in the working area of the robot must however move exactly according to the target state in the kinematic human model. Suitable modelling appears complex and it limits flexibility in any case, because adaptation to new operating situations requires new modelling in each case. Moreover, DE 10 2007 007 576 A1 proposes the use of scanners as sensor units, which have a single-fault tolerance according to category 3 of the EN 954-1. Furthermore, a cyclical or continuous check of the functionality of the sensor units is proposed, and the displacement of the robot during the checking phase should be monitored using safety-related technology, such as for example by redundant recording and analysis of the axial positions of the robot-system. However, DE 10 2007 007 576 A1 contains no information about the analysis of the 3D images and the underlying modelling being able to provide the fail safety necessary for the safeguarding of hazardous working areas.
EP 1 635 107 A1 approaches the problem of defining very small protection areas by coupling an evaluation unit for defining a hazard area to the machine control unit of the machine, and by designing the evaluation unit to derive the parameters necessary for the definition of the hazard area from the control signals used by the machine control unit for displacement control of the machine. The parameters necessary for the definition of the hazard area are also determined based on the parameters used for the machine control unit (e.g. position, speed of displacement and direction of displacement of the robot arm). The hazard area thus moves dynamically, i.e. with the robot arm. The machine itself is by definition always disposed within the hazard area for this. Such a dynamic definition of the hazard area or protection area would be relatively space-saving under ideal conditions. However, the implementation of such a dynamic definition of the protection area is not only very complex in practice, it also requires high computing costs. Furthermore, it appears doubtful whether such a closely dimensioned protection area (immediately around the machine to be safeguarded) can guarantee the required safety level in practice. Besides, the method and the associated apparatus disclosed in EP 1 635 107 A1 are only suitable for fail-safe machines or robots. This means that the machine control unit itself should be configured to be fail-safe and redundant. The method and the apparatus are, however, not suitable for non-safe robots or machines. The method and the apparatus presuppose that the machine or the robot actually also moves according to the programmed machine control unit. A malfunction of the machine or of the robot is in any case not detectable by means of the camera-based monitoring sensor.