Variable speed drive for driving an electric motor and method of diagnosing the drive

What is AI technical title?
AI technical title is built by PatSnap AI team. It summarizes the technical point description of the patent document.
By using two parallel signal buffers in the variable speed drive to share the IGBT gate control signal and independently receive the STO control signal, the problem of the inability to fully diagnose the safety torque shutdown function in the prior art is solved, and more reliable safety circuit detection and simplified certification process are achieved.

CN114079421BActive Publication Date: 2026-06-12VACON OY

View PDF 2 Cites 0 Cited by

Patent Information

Authority / Receiving Office: CN · China
Patent Type: Patents(China)
Current Assignee / Owner: VACON OY
Filing Date: 2021-08-05
Publication Date: 2026-06-12

Application Information

Patent Timeline

05 Aug 2021

Application

12 Jun 2026

Publication

CN114079421B

IPC: H02P29/024; H02P27/08; H02H7/08; H02M1/34; G01R31/00; G01R31/52; G01R31/56

CPC: H02P29/024; H02P27/08; H02H7/0833; H02M1/34; G01R31/00; G01R31/52; G01R31/56; G01R31/343

AI Tagging

Application Domain

Electric motor control AC motor control

Explore More Agents

Novelty Search
Search existing technologies and assess novelty
↗
FTO
Analyze whether a product may infringe others' patents
↗
Design FTO
Check prior-design risk for exterior design
↗
Drafting
Draft patent application text based on a technical solution
↗
Find Solutions with TRIZ
Generate feasible solution to solve your technical challenge
↗

Similar Technology Patents

Drive device
US20260163515A1Electric motor control Secondary cells
Switching to waveforms with increased QMW to increase AC motor speeds while avoiding radial stator vibrations
DE102024136018A1
Multiplex control device for motors
CN122203891AElectric motor control AC motor control
A shaft voltage on-line monitoring suppression method and system
CN122203921AElectric motor control Emergency protective arrangements for limiting excess voltage/current
A distributed double six-phase motor controller shell for electric drive bridge
CN224356403UEasy to operate and controlsave space Electric motor controlCircuit arrangements on support structures

Get free access to AI patent search and analysis

Check patentability, review prior art and ask IP Agent with full patent context.

Smart Images

Figure CN114079421B_ABST

Patent Text Reader

Abstract

The invention relates to a variable speed drive for driving an electric motor and providing a safe torque off (STO) function. The drive comprises two parallel signal buffers connected to a safety controller and at least one IGBT gate driver circuit, wherein the signal buffers share the same IGBT gate control signal as input and feed this input to the same IGBT gate driver circuit, and wherein each signal buffer has its own STO control signal for activating and deactivating the output. The invention also relates to a method for diagnosing a corresponding drive.

Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to a variable speed drive for driving an electric motor and providing a safe torque off (STO) function. The drive includes two parallel signal buffers connected to a safety controller and at least one IGBT gate driver circuit. The signal buffers share the same IGBT gate control signal as input and feed this input to the same IGBT gate driver circuit. Each signal buffer has its own STO control signal for activating and deactivating its output. The invention also relates to a method for diagnosing the corresponding drive. Background Technology

[0002] Variable speed drives are used to drive electric motors with desired output characteristics. This invention can be preferably used in variable speed drives for industrial, motion, and elevator applications, where rated functional safety circuitry may be required. Due to the required level of safety, the drive may include safety functions such as Safe Torque Off (STO).

[0003] In functionally safe circuits such as SIL3 (Safety Integrity Level 3), it may be necessary to diagnose and / or monitor the functionality and / or hardware components of the circuit in response to hardware failures. In many cases, diagnosis is based on feedback generated from test pulses injected into safety signals and then read from the signal chain in response to those signals.

[0004] In variable speed drives, the STO (Safety Tolerance) function is used to prevent the electric motor from generating torque on its shaft in situations that could lead to personal injury or material damage (such as when an elevator car is on the level with its doors open, or when an operator is inserting a new piece of material into a cutting machine). Several alternative methods exist to achieve this function, but it is typically implemented by adding a switching element to the output IGBT bridge door control signal. This switching element prevents PWM modulation generated by non-safety controllers of the drive from reaching the IGBT doors. This prevents the output bridge (inverter) from switching, and thus prevents the electric motor from generating torque. Cutting off the path of these low-voltage door control signals is generally less costly than adding an external safety contactor to the inverter output phase.

[0005] Adding a switching element to the gate control signal line limits the form of the test pulses. This is because normal driver operation should not be interrupted, while the ability of the driver to stop modulation should still be diagnosed as much as possible. Because improper behavior in signal processing can cause serious damage to the driver, affecting the gate control signal may be risky.

[0006] In devices known in the art, these problems are managed by reading diagnostic test pulse feedback before the last switching element of the safety chain. Between the feedback reading point and the final switching element, a filter prevents the test pulse from affecting the switch. The final switching element is only controlled if the STO request is truly valid, i.e., the activation time is long enough. More problematic is that because modulation has been stopped by normal means before the final safety chain element is switched on, there is typically no feedback obtained from the signal chain after the final element of the safety chain. Feedback cannot be read after the final element of the safety chain, and therefore it is unknown whether the signal was successfully cut off by safety means. This leaves a blind spot in diagnostics because a short circuit on the final switching element cannot be detected. In the worst case, the two independent STO channels may eventually fail unnoticed, potentially causing the motor shaft to suddenly start or continue rotating even after safety functions have been invoked, for example, by activating an emergency switch.

[0007] Beyond the theoretical safety risks, limited diagnostics significantly diminishes the functional safety critical values calculated by failure modes and their detectability in safe designs. Undiagnosed components with failure modes (such as short circuits) that lead to hazardous conditions (such as safety functions failing to prevent door control signals from reaching the IGBT / inverter bridge) will substantially reduce safety critical values. In practice, when designs are subject to factors such as… This is relevant when the drive is approved by a body such as the IFA, but it also affects the safety failure budget of the drive user if the drive is used as a component of a more complex system. Summary of the Invention

[0008] The object of this invention is to provide an improved driver and a method for diagnosing the driver, which overcomes the aforementioned problems. This object is achieved by the driver according to claim 1 and the method for diagnosing the driver according to claim 9. Advantageous embodiments of the invention are the subject of the dependent claims.

[0009] According to the present invention, a variable speed drive is provided for driving an electric motor with a Safe Torque Off (STO) function. The drive includes two parallel signal buffers connected to a safety controller and at least one IGBT gate driver circuit or an insulated gate bipolar transistor gate driver. The signal buffers share the same IGBT gate control signal as input and feed this input to the same IGBT gate driver circuit. Each signal buffer is connected such that it can receive its own STO control signal for activating and deactivating its output. The STO control signal received by the signal buffers can be provided by the safety controller.

[0010] Safe Torque Off (STO) is a safety function integrated into the drive. Alternatively or additionally, this function can be implemented externally relative to the drive, for example, in the form of a safety contactor. STO can be used to prevent accidental motor rotation, for example, in an emergency while the drive remains connected to power. When STO is activated, the motor cannot generate torque. The term "STO function" as used today can be understood broadly and can include any hardware and / or software features required to effectively implement the STO function.

[0011] The basic idea of this invention is to use two parallel signal buffers or switch groups to transmit the gate control signal to the IGBT gate driver circuit. Both buffers share the same IGBT gate control signal as input and feed this input to the same IGBT gate driver circuit. Crucially, the buffers can be diagnosed independently. While diagnosing whether the first buffer circuit is capable of performing the STO function upon request, the other buffer circuit continues to feed signals, for example, signals from a modulator (i.e., a control board or field-programmable gate array (FPGA)) to the IGBT gate driver circuit. After the diagnostics show that the first buffer is operating correctly, the first buffer can be set to carry the gate control signal, while the second buffer can be diagnosed. The diagnostics can be performed by a safety controller and / or some other device capable of diagnosing the buffer. A major advantage of this invention is that the diagnostic scope can be extended to the final switching element of the driver safety chain without affecting the normal operation of the driver. This invention can diagnose safety circuits more comprehensively than known circuits in the prior art without interrupting the normal operation of the driver.

[0012] According to the present invention, a parallel buffer structure can be provided for the high-side gate of the driver. If it is assumed that the STO function should also be interrupted at the low-side gate control signal, for example as another redundant safety channel, another parallel buffer structure can be provided for channel independence. Alternatively, all gate control signals for both the high-side and low-side IGBTs can be routed through a single parallel buffer structure.

[0013] This invention can be implemented using any number of gate driver circuits in a driver, such as a single IGBT system, for example a mechanical brake controller, a system including two IGBTs, or as a parallel IGBT structure with more than ten IGBTs.

[0014] IGBT gate control signals can originate from non-secure modulators, such as MCUs or FPGAs, and each of these signals can be connected to two buffers, or more precisely, to the input side of the buffers. Depending on the state of the STO control signal of each buffer, the IGBT gate control signal is either passed to the output of the buffer or blocked within the buffer. The two corresponding outputs from the buffers (i.e., one output from each buffer) are associated with a certain gate control signal and combined back into a single signal with an OR logic operator. This signal is then routed to the corresponding IGBT gate driver circuitry. Because the IGBT gate control signal is connected to two buffers, the signal buffers share the same IGBT gate control signal.

[0015] The buffers share the same IGBT gate control signal as input, and each signal buffer has its own STO control signal for activating and deactivating its output. Depending on the state of the STO control signal, the buffer can pass or block the IGBT gate control signal. The two output signals from the two buffers associated with the same IGBT gate control signal input are combined into a single signal, which is then connected to the IGBT gate driver circuit. Similar functionality applies to all IGBT gate control signals involved. Therefore, according to the invention, the signal buffers are connected to the same IGBT gate driver circuit such that a signal from the buffer can reach the IGBT gate driver circuit after the signal has passed through, for example, some series diodes.

[0016] In a preferred embodiment of the invention, the security controller includes a complex programmable logic device (CPLD), and / or a field-programmable gate array (FPGA), and / or a microcontroller unit (MCU). The security controller may include some or all of the hardware and / or software required for diagnosing the driver. The security controller may be designed to perform other functions of the driver, such as outputting driver performance characteristics or other driver-related information to external devices, and / or receiving external signals for, for example, to modify the functions performed by the security controller and / or the driver.

[0017] In another preferred embodiment of the invention, the outputs of a gate of the two buffers are connected to a common point via a series diode. The connection between the outputs of the two buffers and the common point can be designed such that if either or both of the buffers provide a high output, the common output measured at the input of the gate driver circuit is high.

[0018] In another preferred embodiment of the invention, all gate control signals to be disconnected by the STO function are connected via series diodes. This may mean that, for example, all signal-carrying connections that should be disconnected by the STO function in an emergency include at least one diode.

[0019] In another preferred embodiment of the invention, each buffer has four input channels, one input channel for each gate control signal, and the fourth channel is used to be continuously supplied with logic high input.

[0020] In a particularly preferred embodiment of the invention, during the zero-vector condition where all gate control signals can be low simultaneously, the fourth input channel sets the feedback to a normal high. Without a sustained high input from the fourth channel, the feedback would drop to a low state during the zero-vector period, leading to diagnostic problems. The fourth channel does not affect the gate control signals.

[0021] In another preferred embodiment of the invention, either of the two buffers can be used to transmit a signal to the IGBT gate driver circuit. This means that the buffer is connected to the IGBT gate driver circuit in such a way that a signal can be transmitted to the IGBT gate driver circuit through the first buffer without the second buffer significantly affecting the signal, and vice versa. Therefore, the switching capability of the second buffer can be tested while the first buffer is providing a signal to the IGBT gate driver circuit, and vice versa.

[0022] In another preferred embodiment of the invention, driver diagnostics are performed by activating one of two separate low-active outputs.

[0023] A low-level active output can correspond to a low-level active STO control signal, and depending on the type of buffer used, the corresponding buffer can be set to a high-impedance state, or logic low can be assigned to its output. If all four switches in a buffer or switch group operate correctly, and the output is set to a low-impedance or high-impedance state, the common feedback drops to zero. If any of the gate control signal outputs is maintained in a high-impedance state or does not follow the STO control signal, the feedback remains high-impedance or begins to repeat the PWM modulation present in the input IGBT gate control signal from the modulator, indicating a safety hardware (HW) fault. More precisely, if one of the switches in the gate control signal does not follow the STO activation command, the feedback is high only when the IGBT gate control signal from the modulator to the corresponding switch is high. Since the IGBT gate control signal constantly changes between logic "1" and "0", the feedback may also change similarly. The feedback will be "1" at least part of the time, and this will then be diagnosed as an HW fault.

[0024] If all outputs of a buffer are held low, the safety controller indicates that the system is in a safe state. If one or more buffer outputs used for IGBT gate control signals remain low, this may not be detected by the safety controller and does not need to be, as it can be considered a safety-type fault. However, due to the lack of phase feedback signals, this could lead to a fault triggered by a non-safe modulator. Diagnostic operations can also be performed in a safe state by monitoring feedback signals. In a safe state, the STO control signal is low, and the expected feedback state is also low. If both feedback signals show a high state for some reason, a fault can be assumed in the STO circuit, and the redundant (second) safety channel used for the STO can be activated to set the system to a safe state.

[0025] The present invention also relates to the method according to claim 9. The method diagnoses a transmission drive according to any one of claims 1 to 8 and includes the following steps:

[0026] First, diagnose the first buffer.

[0027] The feedback from the first diagnostic buffer is read back to the safety controller.

[0028] Control the first buffer to the on state.

[0029] Diagnose the second buffer.

[0030] The feedback from the second diagnostic buffer is read back to the safety controller, and

[0031] Control the second buffer to the on state.

[0032] Controlling the first buffer to the on state may include setting the first buffer such that it can be used to provide control signals to the IGBT gate driver circuit or the corresponding inverter bridge.

[0033] In a preferred embodiment of the method, the diagnostic test pulse length is limited only by the diagnostic sequence period, wherein a test pulse length of 500ms ± 200ms, particularly a test pulse length of 500ms ± 100ms, is used to diagnose each buffer. Attached Figure Description

[0034] The method may include additional steps corresponding to the features currently described regarding transmission drives. Further details and advantages of the invention are described with reference to the following figures:

[0035] Figure 1 : A schematic diagram of the components of the driver according to the present invention;

[0036] Figure 2A schematic diagram of the STO function in a driver based on existing technology; and

[0037] Figure 3 : A schematic diagram of the STO function in the driver according to the present invention. Detailed Implementation

[0038] Figure 1 A schematic diagram of the components of a variable speed drive according to the present invention is shown. This drive is used to drive... Figure 1 An electric motor, not shown, is provided with a Safety Torque Off (STO) function. This STO function ensures that the motor does not generate torque, for example, in an emergency. The STO function may be included in... Figure 1 Other components or features that are not visible in the middle.

[0039] The driver includes two parallel signal buffers 10 and 11, which are connected to a safety controller and at least one IGBT gate driver circuit. Signal buffers 10 and 11 share the same IGBT gate control signal as input 8 and feed this input 8 to the same IGBT gate driver circuit. Each signal buffer 10 and 11 is connected to receive its own STO control signal for activating and deactivating outputs 1 and 2.

[0040] Safety controller in Figure 1 Not shown, and the security controller may include a complex programmable logic device (CPLD), and / or a field programmable gate array (FPGA), and / or a microcontroller unit (MCU).

[0041] The output of one of the gates used for the two buffers 10 and 11 is connected to the same point 9 via a series diode 12. Figure 1 In the example, the three outputs of each buffer 10, 11 are connected to three common points 9 through six series diodes 12. In other words, all gate control signals to be cut off by the STO function are connected through the series diodes 12.

[0042] Each buffer 10, 11 has four channels, one for each gate control signal 8, and a fourth channel 5 is used to continuously supply logic high inputs. During the zero-vector condition where all gate control signals can be low simultaneously, the fourth input channel 5 sets feedbacks 3, 4 to normally high. Either buffer 10, 11 can be used independently of the other buffer 10, 11 to transmit signals to the IGBT gate driver circuit.

[0043] Diagnostic work on the drive is performed by activating one of two separate, active-low STO control signals 1 and 2. Diagnosing the variable speed drive, or more precisely, diagnosing the STO function output or parallel PWM signal buffer circuitry of the variable speed drive, may include the following steps:

[0044] First, diagnose the first buffer 10.

[0045] • Read the feedback 3 from the first diagnostic buffer back to the safety controller.

[0046] • Control the first buffer 10 to the on state,

[0047] • Diagnose the second buffer 11,

[0048] • Read the feedback 4 from the second diagnostic buffer back to the safety controller, and

[0049] • Control the second buffer 11 to the on state.

[0050] First, it is irrelevant to determine which of the two buffers 10 and 11 is the most important. When diagnosing said buffers 10 and 11, the diagnostic test pulse length may be limited only by the diagnostic sequence period, wherein a test pulse length of 500ms ± 200ms, and particularly a test pulse length of 500ms ± 100ms, is used to diagnose each buffer 10 and 11.

[0051] The driver of this invention is essentially built on two signal buffer circuits / switch groups 10, 11 with high-active "enable" inputs, which are connected to a security controller such as a CPLD (Complex Programmable Logic Device). "Switch groups 10, 11" may also be referred to as "buffers 10, 11," although their operation is very similar to that of an AND gate.

[0052] Two buffers 10 and 11 share the same IGBT gate control signal input 8, but each buffer 10 and 11 has its own STO control signal for activating / deactivating outputs 1 and 2. The output of a gate in either buffer 10 or 11, associated with the same shared IGBT gate control signal (one of the three IGBT gate control signals 8), is connected to the same point (9, connected to the IGBT gate driver circuit) via a series diode 12, such that if either or both buffers provide a high output at the relevant gate (at points 6 and 7), the common output measured at input 9 of the gate driver circuit is high. The same configuration applies to all gate control signals to be STO-disabled.

[0053] Each buffer 10, 11 has four inputs, one for each gate control signal 8, and a fourth channel 5 is used to continuously supply logic high inputs. During the zero-vector condition where all gate control signals can be low simultaneously, the fourth channel 5 also needs to set feedbacks 3 and 4 to a normal high. Without a continuously high input from the fourth channel, the feedback will drop low during the zero-vector period, leading to diagnostic problems. The fourth channel 5 does not affect the gate control signals.

[0054] Therefore, either of the two buffers 10 and 11 can be used to forward the signal to the IGBT gate driver circuit, allowing simultaneous testing of the switching capability of the other buffer 10 or 11. Diagnostics are performed by activating one of two separate active-low STO control signals 1 and 2, which, depending on the type of buffer used, either set the corresponding buffer 10 or 11 to a high-impedance state or write logic low to its outputs 6 and 7. If all four switches of one buffer 10 or 11 operate correctly and the output is written to low or high impedance, the common feedback 3 and 4 drops to zero. If one or more of the gate control signal outputs remain high or do not follow the STO control signal, the feedback remains high or begins to repeat the PWM modulation present in the input IGBT gate control signal from the modulator, thereby triggering a safety hardware fault.

[0055] If all outputs of buffers 10 and 11 remain low, the safety controller indicates that the system is in a safe state. If one or more buffer outputs used for IGBT gate control signals remain low, this may not be detected by the safety controller and does not need to be, as it can be considered a safety-type fault. This diagnostic can also be performed in a safe state by monitoring feedback signals. In a safe state, the STO control signal is low, and the expected feedback state is also low. If any one or both feedback signals show a high state for some reason, a fault can be assumed in the STO circuit, and a redundant second safety channel for STO can be activated to set the system to a safe state.

[0056] After the first buffer 10 has been diagnosed and its feedback has been successfully read back to the safety controller, the first buffer 10 can be controlled to the on state by setting the STO control signals 1 and 2 to logic high, and then the other second buffer 11 can be diagnosed. The diagnostic order of buffers 10 and 11, and the buffers can be arbitrarily chosen, and the scope of the invention is not limited. Since the diagnostic test pulse length is limited only by the diagnostic sequence period (typically about 1 s) of the time window during which the two buffers 10 and 11 should be tested, a test pulse length of approximately 500 ms can be used for each buffer 10 and 11. This ensures that multiple modulation modes are fed through the tested buffers 10 and 11 as the motor shaft rotates.

[0057] Using two parallel buffers 10 and 11 adds some complexity to the diagnostic procedure, but it doesn't represent a major obstacle. Theoretically, using two parallel buffers 10 and 11 could double the "hazardously detected" failure rate of the switching element block by doubling the number of signal switches on each gate control signal line, but it still provides a better critical value because hazardous hardware failures can be detected quickly. The detection is essentially done well before the next invocation of the safety function. In a safety system with at least SIL3 level, if the primary method fails or is diagnosed as ineffective, there is always at least a second independent path to perform the function.

[0058] Diagnostics can be designed to cover the entire STO safety function chain, providing better safety-critical values and leaving no undetected dangerous faults in the signal chain. This simplifies the driver certification process.

[0059] Because time-critical diagnostics are not required, component tolerances have a smaller impact on the design. Diagnostics can run on, for example, a 1-second cycle with a 400ms test pulse length, which provides greater freedom in defining test sequences and makes the system less susceptible to interference. According to the invention, long HW filters are not required. In contrast, prior art embodiments suffer from problems with component tolerances, causing test pulses to affect the behavior of unsafe systems by inducing random failures in unsafe controllers and stopping drivers.

[0060] When a safety controller (e.g., CPLD / FPGA / MCU) is used as the main operating and diagnostic device in a safety system, this implementation adds only a small amount of additional board component cost compared to prior art implementations. The parallel PWM buffer also provides the possibility of monitoring switching conditions in a safe state, which may be necessary in some applications. Some safety function implementations (unlike those of this invention) are often only diagnosable when they are in an unsafe state. This can cause problems in some applications because the system must first enter an unsafe state to observe whether the safety system is functioning correctly. In extreme cases, such operation may cause the system to lose its ability to ensure user safety.

[0061] Figure 2 This is a schematic diagram of the STO function in a driver based on existing technology. Here, the diagnostics in the illustrated STO safety function chain do not cover the actual signal cutoff element, namely the element designated "gate signal cutoff". As a result, potentially undetected dangerous failure modes may occur.

[0062] As can be seen in devices known in the art, diagnostic test pulse feedback is read before the last switching element in the safety chain. A filter is placed between the feedback read point and the final switching element to prevent the test pulse from affecting the switch. The final switching element is only controlled if the STO request is truly valid, i.e., the activation time is long enough. More problematic is that after the final element of the safety chain, no feedback is obtained from the signal chain. Therefore, it is unknown whether the signal cutoff was successful. This leaves a diagnostic blind spot because a short circuit on the final switching element cannot be detected. In the worst case, the two independent STO channels may eventually fail unnoticed, potentially leading to unwanted motor movement even when the safety function is invoked by activating the emergency switch.

[0063] This undermines the safety-critical values of the driver and customer systems. Undetected hazardous failure modes left in the product also often lead to issues with certification bodies / notified bodies, thereby increasing the risk to product development planning.

[0064] Figure 3 This is a schematic diagram of the STO function in the driver according to the present invention. Figure 2 Compared to the situation shown in the diagram, here, the diagnostics in the illustrated STO safety function chain cover the actual signal cutting elements, namely the elements designated "Gate Signal Cut-off Buffer 1" and "Gate Signal Cut-off Buffer 2". As a result, dangerous failure modes that are not detected are less likely to occur compared to the prior art.

[0065] The present invention is not limited to one embodiment of the above embodiments, but can be modified in many ways.

[0066] All features and advantages arising from the claims, description, and drawings, including construction details, spatial arrangement, and procedural steps, may be essential to the invention individually and in a wide variety of different combinations.

[0067] Figure Labels

[0068] 1, 2 STO control signals (inputs) from the safety controller

[0069] 3, 4 STO activation feedback and test pulse feedback (output)

[0070] 5. The fourth input channel (input) is controlled by a constant logic high state.

[0071] 6, 7 Signal buffer output

[0072] 8. IGBT gate control signals (inputs) from non-safety controllers

[0073] 9. Common gate control signal output (output) to the IGBT gate driver circuit.

[0074] 10 First Signal Buffer

[0075] 11 Second signal buffer

[0076] 12 Series Diodes / Signal Selectors

Claims

1. A variable speed drive for driving an electric motor and providing a safe torque off (STO) function, the drive comprising two parallel signal buffers (10, 11) connected to a safety controller and at least one IGBT gate driver circuit, wherein, The signal buffers (10, 11) share the same IGBT gate control signal as input (8) and feed the input (8) to the same IGBT gate driver circuit, and each signal buffer (10, 11) has its own safe torque off (STO) control signal for activating and deactivating the outputs (1, 2).

2. The variable speed drive according to claim 1, characterized in that, The security controller includes a complex programmable logic device (CPLD), and / or a field-programmable gate array (FPGA), and / or a microcontroller unit (MCU).

3. The variable speed drive according to claim 1 or 2, characterized in that, The output of one of the gates of the two buffers (10, 11) is connected to the same point (9) via a series diode (12).

4. The variable speed drive according to any one of the preceding claims, characterized in that, All gate control signals to be cut off by the Safe Torque Off (STO) function are connected via series diodes (12).

5. The variable speed drive according to any one of the preceding claims, characterized in that, Each buffer (10, 11) has 4 input channels, one input channel for each gate control signal (8), and a fourth input channel (5) is used to be continuously supplied with logic high input.

6. The variable speed drive according to claim 5, characterized in that, During the zero-vector condition where all gate control signals can be low simultaneously, the fourth input channel (5) sets the feedback (3, 4) to normally high.

7. The variable speed drive according to any one of the preceding claims, characterized in that, Either of the two buffers (10, 11) can be used to transmit signals to the IGBT gate driver circuit.

8. The variable speed drive according to any one of the preceding claims, characterized in that, Diagnostics to the driver are performed by activating one of two separate, active-low control signals (1, 2).

9. A method for diagnosing a transmission drive according to any one of the preceding claims, the method comprising the steps of: • First, diagnose the first buffer (10). • Read the feedback (3, 4) from the diagnosis of the first buffer back to the safety controller. • Control the first buffer (10) to the on state, • Diagnose the second buffer (11). • Read the feedback (3, 4) from the diagnosis of the second buffer back to the security controller, and • Control the second buffer (11) to the on state.

10. The method according to claim 9, characterized in that, The diagnostic test pulse length is limited only by the diagnostic sequence period, where a test pulse length of 500ms ± 200ms is used to diagnose each buffer (10, 11).

11. The method according to claim 10, characterized in that, A test pulse length of 500ms ± 100ms was used to diagnose each buffer (10, 11).