31 results about "Safety critical application" patented technology

A longitudinal control law is designed to optimize the flying qualities when aircraft is set to approach configuration, i.e. when the flap lever is set to the landing position and landing gears are locked down. Under such circumstances, the effort of trimming the aircraft speed can be extremely reduced by the usage of a momentary on-off switch or other control in the sidestick, instead of or in addition to a conventional trim up-down switch, making easier the task of airspeed selection by the pilot. This control law provides excellent handling qualities during approach and landing, with the benefit of not needing or using radio altimeter information in safety-critical applications.

Systems, methods and apparatus are provided through which a safety switch arrangement is assembled to prevent false activation of a subsystem in a medical system. In some embodiments, the safety switching arrangement comprises at least a first and a second type of switching element. In some embodiments, the first and the second type of switch each have an output that is processed by a processor, controller, or logic unit to produce an output signal for activating or deactivating a subsystem in the medical system.

A railway safety critical application system substitutes commercial off-the-shelf (COTS) hardware and/or software for railway-domain specific product components, yet is validated to conform to railway safety critical system failure-free standards. The safety critical system uses a pair of tasks executed on a controller of a COTS personal computer or within a virtual environment with asymmetric communications capability. Both tasks receive and verify safety critical systems input message data and security code integrity and separately generate output data responsive to the input message. The first task has sole capability to send complete safety critical system output messages, but only the second task has the capability of generating the output security code. A failure of any of systems hardware, software or processing capability results failure to transmit a safety critical system output message or an output message that cannot be verified by other safety critical systems.

In order to be acceptable for safety critical applications, it is necessary for an electrical machine to allow continued operation despite an electrical short circuit in one of the operational phases of that electrical machine. It will be appreciated that an electrical short circuit creates excessive electrical current through the short circuit with significant heating and other detrimental effects. However, the electrical machine can operate with one operational phase disabled. In such circumstances, the present invention incorporates means for determining an electrical short circuit has occurred and then injects an electrical current approximately equal to or greater than the rated electrical current. In such circumstances, the operational phase or coil 4, 24, 34 is effectively protected despite the electrical short circuit and hence the electrical machine can continue to operate.

For the operation of at least one non-safety-critical application process and at least one safety-critical application process, the invention proposes a data processing and transmission system with a data transmission network, at least one non-safety-related network element linked to the non-safety-critical application process and connected to the network, and with at least one safety-related network element linked to the safety-critical application process, as well as with at least one master unit connected to the network, and a server unit connected to the network separately from the master unit, wherein the safety-related server unit controls the at least one safety-critical application process, specifically by processing safety-relevant data necessary for controlling the safety-critical application process and by organizing the transmission of the safety-relevant data over the network by means of at least one of the network elements and/or the master unit.

A method of operating an operator control and monitoring device for safety-critical applications in which the control and monitoring device includes a display and a touch-sensitive sensor, wherein a control element is shown on the display which an operator must touch to obtain an approval for a safety-critical application that is granted for as long as the control element is being touched, wherein first and second numbers of touch points are respectively displayed in first and second control zones, position data of the first and second control zones is selected such that the fingers of a human hand cannot simultaneously touch all touch points of the first and second control zones, and wherein the approval for the safety-critical application is only granted if all touch points from the first and second control zones are being touched.

Field device for determining or monitoring a physical or chemical process variable, wherein the field device is composed of a sensor, which works according to a defined measuring principle, and a control/evaluation unit, which, as a function of a safety standard required for the particular safety-critical application, conditions and evaluates, along at least two equivalent measuring paths, measurement data delivered by the sensor. The control/evaluation unit is implemented on an FPGA, on which are provided at least a first section and a second section, wherein, in each section, a digital measuring path, which is composed of a plurality of software-based and/or hardware-based function modules, is dynamically reconfigurable. The sections are isolated from one another by permanently configured spacer regions, wherein the spacer regions are embodied in such a way, that a temperature and/or a voltage change in one of the sections has no influence on the other section or other sections, and, in the case of malfunction, no connection occurs between the sections.

The invention relates to a multi-channel concurrent image transmission method based on an IEEE802.11p protocol, belonging to the technical field of real-time transmission of image information. The multi-channel concurrent image transmission method comprises the following steps: decomposing image data in each frame to be transmitted into 9 sets of data at first, packaging the 9 sets of data to form 9 network communication messages, and sequentially transmitting the 9 network communication messages according to one original CCH (Control Channel) and six original SCHs (Synchronous Channels) of the IEEE802.11p protocol in a period polling mode. Therefore, the original single-channel transmission of the image information is converted into CCH and SCH multi-channel cooperative concurrent transmission, so that burden is greatly reduced; simultaneously, real-time application requirements of the image information are also ensured; compared with the single-channel transmission, the transmission speed of the multi-channel concurrent transmission method is increased by 3 times; the vulnerability that system messages or other communication messages facing to safety-critical applications are congested while being transmitted by directly utilizing the CCH is avoided; and the service quality of other real-time applications facing to the safety-critical applications is improved.

To enable efficient abduction even for observations that are faulty or inadequately modeled, a relaxed abduction problem is proposed in order to explain the largest possible part of the observations with as few assumptions as possible. On the basis of two preference orders over a subset of observations and a subset of assumptions, tuples can therefore be determined such that the theory, together with the subset of assumptions, explains the subset of observations. The formulation as a multi-criteria optimization problem eliminates the need to offset assumptions made and explained observations against one another. Due to the technical soundness of the approach, specific properties of the set of results (such as correctness, completeness etc.), can be checked, which is particularly advantageous in safety-critical applications. The complexity of the problem-solving process can be influenced and therefore flexibly adapted in terms of domain requirements through the selection of the underlying representation language and preference relations. The invention can be applied to any technical system, e.g. plants or power stations.

A graphics processing unit (GPU) of a GPU subsystem of a computing device operates in a first rendering mode to process graphics data to produce a first image. The GPU operates in a second rendering mode to process the graphics data to produce a second image. The computing device detects whether a fault has occurred in the GPU subsystem based at least in part on comparing the first image with thesecond image.

Development of validated software codes is a troublesome but important process, in particular for the condition that takes security key application programs into consideration. The invention provides a method for generating validated software codes according to demand, which comprises the following steps: (1) using software to generate the demanded state model; (2) using the state model to develop the software code description of the state model and the mathematic description of the state model; and (3) comparing the software codes with the mathematic description so as to validate that the software code description is correct expression of the mathematic description.

Methods and articles of manufacture for hosting a safety critical application on an uncontrolled data processing device are provided. Various combinations of installation, functional, host integrity, coexistence, interoperability, power management, and environment checks are performed at various times to determine if the safety critical application operates properly on the device. The operation of the SCA on the UDPD may be controlled accordingly.