[go: up one dir, main page]

EP3483033A1 - Procédé et unité de commande embarquée permettant de commander et / ou surveiller les composants d'un véhicule ferroviaire - Google Patents

Procédé et unité de commande embarquée permettant de commander et / ou surveiller les composants d'un véhicule ferroviaire Download PDF

Info

Publication number
EP3483033A1
EP3483033A1 EP18205034.4A EP18205034A EP3483033A1 EP 3483033 A1 EP3483033 A1 EP 3483033A1 EP 18205034 A EP18205034 A EP 18205034A EP 3483033 A1 EP3483033 A1 EP 3483033A1
Authority
EP
European Patent Office
Prior art keywords
control unit
rail vehicle
components
vehicle
write access
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
EP18205034.4A
Other languages
German (de)
English (en)
Inventor
Markus Häbel
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Knorr Bremse Systeme fuer Schienenfahrzeuge GmbH
Original Assignee
Knorr Bremse Systeme fuer Schienenfahrzeuge GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Knorr Bremse Systeme fuer Schienenfahrzeuge GmbH filed Critical Knorr Bremse Systeme fuer Schienenfahrzeuge GmbH
Publication of EP3483033A1 publication Critical patent/EP3483033A1/fr
Pending legal-status Critical Current

Links

Images

Classifications

    • BPERFORMING OPERATIONS; TRANSPORTING
    • B61RAILWAYS
    • B61LGUIDING RAILWAY TRAFFIC; ENSURING THE SAFETY OF RAILWAY TRAFFIC
    • B61L15/00Indicators provided on the vehicle or train for signalling purposes
    • B61L15/0018Communication with or on the vehicle or train
    • B61L15/0027Radio-based, e.g. using GSM-R
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B61RAILWAYS
    • B61LGUIDING RAILWAY TRAFFIC; ENSURING THE SAFETY OF RAILWAY TRAFFIC
    • B61L15/00Indicators provided on the vehicle or train for signalling purposes
    • B61L15/0018Communication with or on the vehicle or train
    • B61L15/0036Conductor-based, e.g. using CAN-Bus, train-line or optical fibres
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B61RAILWAYS
    • B61LGUIDING RAILWAY TRAFFIC; ENSURING THE SAFETY OF RAILWAY TRAFFIC
    • B61L15/00Indicators provided on the vehicle or train for signalling purposes
    • B61L15/0072On-board train data handling
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B61RAILWAYS
    • B61LGUIDING RAILWAY TRAFFIC; ENSURING THE SAFETY OF RAILWAY TRAFFIC
    • B61L27/00Central railway traffic control systems; Trackside control; Communication systems specially adapted therefor
    • B61L27/40Handling position reports or trackside vehicle data
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B61RAILWAYS
    • B61LGUIDING RAILWAY TRAFFIC; ENSURING THE SAFETY OF RAILWAY TRAFFIC
    • B61L27/00Central railway traffic control systems; Trackside control; Communication systems specially adapted therefor
    • B61L27/50Trackside diagnosis or maintenance, e.g. software upgrades
    • B61L27/57Trackside diagnosis or maintenance, e.g. software upgrades for vehicles or trains, e.g. trackside supervision of train conditions
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B61RAILWAYS
    • B61LGUIDING RAILWAY TRAFFIC; ENSURING THE SAFETY OF RAILWAY TRAFFIC
    • B61L27/00Central railway traffic control systems; Trackside control; Communication systems specially adapted therefor
    • B61L27/70Details of trackside communication

Definitions

  • the present invention relates to a method for controlling and / or monitoring components of a rail vehicle and an on-board control unit for controlling and / or monitoring components of a rail vehicle and to a rail vehicle with such an onboard control unit.
  • a method for monitoring and diagnosing components of a rail vehicle is known in which a central unit of the rail vehicle communicates with a control center via a cloud.
  • a central unit usually an onboard control unit (onboard control unit, OCU) is used, which is completely administered via the cloud architecture, so for example at any time (ie also during passenger operation or high-speed voyage) also new software functionalities onboard Control unit can be brought. Since this may in principle result in an unpredictable behavior of the onboard control unit relative to the rail vehicle, a write access of the onboard control unit to the components of the rail vehicle is conventionally prevented by means of hardware.
  • OCU onboard control unit
  • the fixed rules are preferably designed such that they prevent a write access in principle and allow only in exceptional cases. These exceptional cases are preferably determined by the type of write access and / or the time of the write access. The dependence on the time of the write access is to be understood in particular as a function of the respective operating state of the rail vehicle.
  • the term fixed rules is intended to clarify that these rules must not be changed in the normal operation of the rail vehicle, in particular not by the communicating with the onboard control unit cloud architecture.
  • the on-board control unit can normally only read data from the components of the rail vehicle in order, for example, to diagnose these components
  • To monitor maintenance purposes, in a well-defined exceptional case such as the setting of target temperatures for warming up the rail vehicle in the early morning but also write access to the components of the rail vehicle are allowed.
  • the fixed rules thereby fulfill a given safety requirement, preferably in accordance with the safety integrity level SIL 1, SIL 2, SIL 3 or SIL 4.
  • the components of the rail vehicle which are to be controlled and / or monitored include, in particular, control units of the rail vehicle, such as the vehicle control unit (VCU), the brake system control unit (BCU), the traction control unit (TCU) ) and the like, without the invention being restricted to these control units.
  • VCU vehicle control unit
  • BCU brake system control unit
  • TCU traction control unit
  • the components and the on-board control unit of the rail vehicle are connected to one another via a vehicle data bus of the rail vehicle.
  • the write access of the onboard control unit is restricted to the vehicle data bus.
  • the vehicle data bus may be a wired or a wireless data bus.
  • Particular advantages of the invention result from the use of Ethernet as a vehicle data bus, since ethernet-based data buses require system access to write access. But the invention is also in Combination with other vehicle data buses such as CAN, MVB, etc. can be used.
  • the fixed rules remain unchanged after regulatory approval of the on-board control unit. This means that the fixed rules can indeed be changed in principle, but in such a case, a renewed regulatory approval of the onboard control unit is required.
  • write access of the cloud architecture to the onboard control unit of the rail vehicle is preferably unrestricted.
  • a read access of the onboard control unit to the components or the vehicle data bus of the rail vehicle is unrestricted.
  • a write access of the cloud architecture to the onboard control unit of the rail vehicle takes place without limitation.
  • the onboard control unit for controlling and / or monitoring components of a rail vehicle comprises a first computing device for communicating with a cloud architecture and additionally a second computing device for limiting write access of the first computing device to the components of the rail vehicle according to fixed rules fulfill a predetermined security requirement.
  • the on-board control unit is configured to communicate with the components of the rail vehicle via a vehicle data bus communicate.
  • the second computer device of the on-board control unit is preferably designed to limit the write access of the first computer device to the vehicle data bus.
  • the first computer device and the second computer device of the on-board control unit are independently programmable. This is preferably achieved by using two separate CPUs or two cores of a CPU for the two computer devices.
  • the subject matter of the invention is also a rail vehicle which has a plurality of components to be controlled and / or monitored, an onboard control unit of the invention described above and a vehicle data bus for connecting the components and the onboard control unit to one another.
  • Fig. 1 shows in greatly simplified form the structure of a rail vehicle 10, in which the present invention is applicable.
  • a plurality of components 12, 14 are provided in a conventional manner, which are to be controlled and monitored. These include, for example a central vehicle control unit (VCU), a brake control unit (BCU), a traction control unit (TCU), and the like.
  • VCU central vehicle control unit
  • BCU brake control unit
  • TCU traction control unit
  • vehicle data bus 16 As the vehicle data bus 16, for example, an Ethernet-based data bus is used.
  • this onboard control unit 18 communicates with a cloud architecture 20.
  • the cloud architecture 20 includes, for example, a cloud, a control center, mobile devices, and the like.
  • Fig. 2 shows the structure of an embodiment of such an onboard control unit 18, which on the one hand allows write access of the onboard control unit 18 to the components 12, 14 of the rail vehicle in exceptional cases and at the same time meets the predetermined safety requirement level.
  • the on-board control unit 18 includes a first computing device 22 and a second computing device 24.
  • the two computing devices 22, 24 are, for example, two separate CPUs or two cores of a CPU, which are independently programmable. Due to the independent programming, the two computer devices 22, 24 can fulfill in particular different security requirement levels.
  • the software of the first computer device 22 may be designed without a security requirement level (ie SIL 0). That is, the cloud architecture 20 has an unrestricted read and write access to the first computer device 22.
  • the software of the first computer device 22 can always be changed if necessary without requiring a new regulatory approval for the onboard control unit 18.
  • the first computing device 22 is also designed to be that of the cloud architecture 20 preprocessing data received from components 12, 14 of rail vehicle 10.
  • the second computer device 24 serves to monitor or filter the read and write access of the first computer device 22 to the components 12, 14 or the vehicle data bus 16 of the rail vehicle 10. Data processing typically does not take place in the second computer device 24. While the read access can usually be unlimited, the write access is limited by the second computer means 24 according to fixed rules, to allow write access only in exceptional cases.
  • the software of the second computer device 24 or their fixed rules for write access meet a predetermined safety requirement level of SIL 1, SIL 2, SIL 3 or SIL 4.
  • SIL 1 SIL 2, SIL 3 or SIL 4.
  • the fixed rules for write access remain unchanged after regulatory approval. If the fixed rules in the second computing device 24 nevertheless need to be changed once, a new regulatory approval must be made.
  • the approval of the second computer device 24 can be carried out relatively inexpensively and cost-effectively vehicle-specific with reusable frameworks.

Landscapes

  • Engineering & Computer Science (AREA)
  • Mechanical Engineering (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Electric Propulsion And Braking For Vehicles (AREA)
EP18205034.4A 2017-11-10 2018-11-07 Procédé et unité de commande embarquée permettant de commander et / ou surveiller les composants d'un véhicule ferroviaire Pending EP3483033A1 (fr)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
DE102017220068.5A DE102017220068A1 (de) 2017-11-10 2017-11-10 Verfahren und Onboard-Steuereinheit zum Steuern und/oder Überwachen von Komponenten eines Schienenfahrzeugs

Publications (1)

Publication Number Publication Date
EP3483033A1 true EP3483033A1 (fr) 2019-05-15

Family

ID=64184019

Family Applications (1)

Application Number Title Priority Date Filing Date
EP18205034.4A Pending EP3483033A1 (fr) 2017-11-10 2018-11-07 Procédé et unité de commande embarquée permettant de commander et / ou surveiller les composants d'un véhicule ferroviaire

Country Status (2)

Country Link
EP (1) EP3483033A1 (fr)
DE (1) DE102017220068A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110775099A (zh) * 2019-11-07 2020-02-11 交控科技股份有限公司 一种列车中通信系统的集成方法
WO2021110351A1 (fr) * 2019-12-04 2021-06-10 Siemens Mobility GmbH Procédé adaptatif d'inspection d'un appareil et système

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE19840484A1 (de) * 1998-09-04 2000-03-09 Bosch Gmbh Robert Fahrzeugrechneranordnung
DE102004034359B3 (de) * 2004-07-13 2006-02-23 Siemens Ag Schaltungsanordnung zum Betreiben eines Leuchtzeichens
US20120323411A1 (en) * 2011-06-14 2012-12-20 Thales Canada Inc. Control of automatic guided vehicles without wayside interlocking
DE102014113371A1 (de) * 2014-09-17 2016-03-17 Knorr-Bremse Systeme für Schienenfahrzeuge GmbH Verfahren zur Überwachung und Diagnose von Komponenten eines Schienenfahrzeugs, mit erweiterbarer Auswertungssoftware
DE102014119241A1 (de) * 2014-12-19 2016-06-23 Knorr-Bremse Systeme für Schienenfahrzeuge GmbH Verfahren zur Authentifizierung an einer Steuereinheit eines Subsystems eines Schienenfahrzeugs
EP3144842A1 (fr) * 2015-09-15 2017-03-22 Siemens Aktiengesellschaft Systeme et procede d'analyse d'un objet
EP3246778A1 (fr) * 2016-05-17 2017-11-22 KNORR-BREMSE Systeme für Schienenfahrzeuge GmbH Dispositif de lecture de données à partir d'un appareil de commande stratégique

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE19840484A1 (de) * 1998-09-04 2000-03-09 Bosch Gmbh Robert Fahrzeugrechneranordnung
DE102004034359B3 (de) * 2004-07-13 2006-02-23 Siemens Ag Schaltungsanordnung zum Betreiben eines Leuchtzeichens
US20120323411A1 (en) * 2011-06-14 2012-12-20 Thales Canada Inc. Control of automatic guided vehicles without wayside interlocking
DE102014113371A1 (de) * 2014-09-17 2016-03-17 Knorr-Bremse Systeme für Schienenfahrzeuge GmbH Verfahren zur Überwachung und Diagnose von Komponenten eines Schienenfahrzeugs, mit erweiterbarer Auswertungssoftware
DE102014119241A1 (de) * 2014-12-19 2016-06-23 Knorr-Bremse Systeme für Schienenfahrzeuge GmbH Verfahren zur Authentifizierung an einer Steuereinheit eines Subsystems eines Schienenfahrzeugs
EP3144842A1 (fr) * 2015-09-15 2017-03-22 Siemens Aktiengesellschaft Systeme et procede d'analyse d'un objet
EP3246778A1 (fr) * 2016-05-17 2017-11-22 KNORR-BREMSE Systeme für Schienenfahrzeuge GmbH Dispositif de lecture de données à partir d'un appareil de commande stratégique

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
AGIRRE IRUNE ET AL: "A Safety Concept for a Railway Mixed-Criticality Embedded System Based on Multicore Partitioning", 2015 IEEE INTERNATIONAL CONFERENCE ON COMPUTER AND INFORMATION TECHNOLOGY; UBIQUITOUS COMPUTING AND COMMUNICATIONS; DEPENDABLE, AUTONOMIC AND SECURE COMPUTING; PERVASIVE INTELLIGENCE AND COMPUTING, IEEE, 26 October 2015 (2015-10-26), pages 1780 - 1787, XP032836250, [retrieved on 20151222], DOI: 10.1109/CIT/IUCC/DASC/PICOM.2015.268 *
PAPADOPOULOS Y ET AL: "Automatic allocation of safety integrity levels", CRITICAL AUTOMOTIVE APPLICATIONS, ACM, 2 PENN PLAZA, SUITE 701 NEW YORK NY 10121-0701 USA, 27 April 2010 (2010-04-27), pages 7 - 10, XP058209860, ISBN: 978-1-60558-915-2, DOI: 10.1145/1772643.1772646 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110775099A (zh) * 2019-11-07 2020-02-11 交控科技股份有限公司 一种列车中通信系统的集成方法
CN110775099B (zh) * 2019-11-07 2022-01-25 交控科技股份有限公司 一种列车中通信系统的集成方法
WO2021110351A1 (fr) * 2019-12-04 2021-06-10 Siemens Mobility GmbH Procédé adaptatif d'inspection d'un appareil et système

Also Published As

Publication number Publication date
DE102017220068A1 (de) 2019-05-16

Similar Documents

Publication Publication Date Title
DE102021000369A1 (de) Verfahren zur Steuerung eines automatisiert fahrenden Fahrzeuges
DE19927657A1 (de) Partitionierung und Überwachung von softwaregesteuerten Systemen
EP3483033A1 (fr) Procédé et unité de commande embarquée permettant de commander et / ou surveiller les composants d'un véhicule ferroviaire
DE102004022624A1 (de) Verfahren zur Überwachung eines Systems
EP2858843B1 (fr) Procédé pour activer ou désactiver des fonctions et dispositif de modification de fonctions pour véhicule
EP1966008B1 (fr) Procede de distribution de modules logiciels
EP3049289B1 (fr) Système d'exploitation intégré et combiné de portes de véhicules utilitaires
DE102007046706A1 (de) Steuervorrichtung für Fahrzeuge
DE102017219241A1 (de) Verfahren und Halbleiterschaltkreis zum Schützen eines Betriebssystems eines Sicherheitssystems eines Fahrzeugs
DE112022005984T5 (de) Aktualisierungsmanagementsystem
WO2022184550A1 (fr) Système de surveillance de conducteur pour un véhicule automobile
DE102016108997A1 (de) Vorrichtung zum Auslesen von Daten aus einem sicherheitskritischen Steuergerät
WO2008128710A1 (fr) Dispositif de commande pour véhicules
DE102023110169B4 (de) Verfahren zum Betreiben eines Steuergeräts, Kraftfahrzeug, Steuereinheit und Steuergerät für ein Kraftfahrzeug
DE102024101037B3 (de) Recheneinrichtung, insbesondere Zentralrecheneinrichtung, eines Kraftfahrzeugs
EP4016208B1 (fr) Procédé de commande d'un actionneur d'un dispositif doté d'une unité de calcul
EP3860898B1 (fr) Procédé pour empêcher la désactivation d'un nombre inadmissible de composants similaires d'un véhicule ferroviaire
DE102018116396A1 (de) Sicherheitsschalteranordnung
EP3703333B1 (fr) Procédé, dispositif et système de traitement d'au moins une information dans une installation technique de sécurité
DE102006045153A1 (de) System und Verfahren zum Verteilen und Ausführen von Programmcode in einem Steuergerätenetzwerk
WO2018033438A1 (fr) Réseau ethernet pour applications de sécurité
DE102018002327A1 (de) Verfahren zur Ermittlung eines Diebstahles
DE102017212560A1 (de) Verfahren zum ausfallsicheren Durchführen einer sicherheitsgerichteten Funktion
EP4624300A1 (fr) Procédé de comptage d'axes d'un véhicule guidé
DE102023002199A1 (de) Verfahren, Prüfeinrichtung und Programmprodukt zum Prüfen eines Fahrzeugdatenaufzeichnungssystems

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN PUBLISHED

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA ME

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20191115

RBV Designated contracting states (corrected)

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: EXAMINATION IS IN PROGRESS

17Q First examination report despatched

Effective date: 20200625