US 12,409,857 B2
Safety module for a safe drive control of a drive system in an automation system, drive system and automation system
Christopher Pohl, Verl (DE); Andreas Kathöfer, Rietberg (DE); Frank Sieweke, Leopoldshöhe (DE); and Robert Zutz, Verl (DE)
Assigned to Beckhoff Automation GmbH, Verl (DE)
Filed by Beckhoff Automation GmbH, Verl (DE)
Filed on Aug. 8, 2022, as Appl. No. 17/883,036.
Application 17/883,036 is a continuation of application No. PCT/EP2021/053974, filed on Feb. 18, 2021.
Claims priority of application No. 10 2020 104 230.2 (DE), filed on Feb. 18, 2020.
Prior Publication US 2022/0388541 A1, Dec. 8, 2022
Int. Cl. B60W 60/00 (2020.01); B60W 40/12 (2012.01)
CPC B60W 60/0015 (2020.02) [B60W 40/12 (2013.01); B60W 2510/0657 (2013.01); B60W 2554/4041 (2020.02)] 7 Claims
OG exemplary drawing
 
1. A safety module for secure drive control of a drive system in an automation system, wherein the drive system comprises:
at least one drive unit comprising a drive protocol active unit having a processor and memory configured for operation as an active unit of an encoder protocol of an encoder interface,
an encoder unit comprising an encoder protocol passive unit having a processor and memory configured for operation as a passive unit of the encoder protocol, and
a motor unit;
wherein the safety module is formed as a hardware component comprising contact connections configured to connect with the encoder unit and the motor unit,
wherein the safety module is integrated between the drive unit and the encoder unit and connected thereto via at least one data connection established by the contact connections,
wherein the safety module further comprises a protocol active unit, a protocol passive unit and a safety logic configured to communicate with one another via data communication, and
wherein the protocol active unit is configured as an active unit and the protocol passive unit is configured as a passive unit of the encoder protocol of the encoder interface, wherein the encoder interface provides the at least one data connection; and
wherein the safety module comprises a processor and memory configured to:
receive requests sent by the drive protocol active unit of the drive unit to the encoder protocol passive unit of the encoder unit to send out the encoder data by the protocol passive unit of the safety module;
forward the received requests of the drive protocol active unit of the drive unit to send out the encoder data by the protocol passive unit to the protocol active unit of the safety unit;
send out the received requests of the drive protocol active unit of the drive unit by the protocol active unit of the safety module to the encoder protocol passive unit of the encoder unit;
receive the requested encoder data sent out from the encoder protocol passive unit of the encoder unit configured for operation as the passive unit of the encoder protocol to the drive protocol active unit of the drive unit configured for operation as the active unit of the encoder protocol based on the encoder protocol with the aid of the protocol active unit of the safety module;
forward the received encoder data from the protocol active unit to the safety logic and the protocol passive unit;
check the forwarded encoder data with the aid of the safety logic for correspondence with predetermined safety criteria relating to operation of the motor unit;
send out the forwarded encoder data via the protocol passive unit based on the encoder protocol in corresponding data packets to the drive protocol active unit of the drive unit; and
cause a stop of the operation of the motor unit with the aid of the safety logic, if the forwarded encoder data is detected by the safety logic as not corresponding to the predetermined safety criteria.