TEPZZ ¥6 4Z8B_T

(19)

(11) EP 2 362 408 B1

(12) EUROPEAN PATENT SPECIFICATION

(45) Date of publication and mention (51) Int Cl.:

of the grant of the patent: H01H 47/00 (2006.01)
05.04.2017 Bulletin 2017/14

(21) Application number: 10001716.9

(22) Date of filing: 19.02.2010

(54) Safety switching device with universal signal input

Sicherheitsschaltvorrichtung mit Universalsignaleingang
Dispositif d’interrupteur de sécurité avec entrée de signal universelle

(84) Designated Contracting States: • Papenbreer, Rudolf

AT BE BG CH CY CZ DE DK EE ES FI FR GB GR 42115 Wuppertal (DE)
HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL • Machuletz, Norbert
PT RO SE SI SK SM TR 58300 Wetter (DE)
• Helpenstein, Thomas
(43) Date of publication of application: 41515 Grevenbroich (DE)
31.08.2011 Bulletin 2011/35
(74) Representative: Grünecker Patent- und
(73) Proprietor: Rockwell Automation Germany GmbH Rechtsanwälte
& Co. KG PartG mbB
42329 Wuppertal (DE) Leopoldstraße 4
80802 München (DE)
(72) Inventors:
• Lorenz, Dirk (56) References cited:
58300 Wetter (DE) DE-A1- 10 011 211 DE-A1-102005 014 125
• Zomchek, Kevin DE-B3-102006 027 135 US-A1- 2002 175 568
Nashua NH 03062 (US)
EP 2 362 408 B1

Note: Within nine months of the publication of the mention of the grant of the European patent in the European Patent
Bulletin, any person may give notice to the European Patent Office of opposition to that patent, in accordance with the
Implementing Regulations. Notice of opposition shall not be deemed to have been filed until the opposition fee has been
paid. (Art. 99(1) European Patent Convention).

Printed by Jouve, 75001 PARIS (FR)

 1 EP 2 362 408 B1 2

Description spective leads. With electro-sensitive protective equip-

ment 110, consequently, a safety input of a safety relay
[0001] The present invention relates to a safety switch- 200 only has to be equipped for performing a self-test of
ing device for actuating actuators in a fail-safe manner, its own hardware.
and further relates to an emergency shut-off circuit com- 5 [0006] As shown in FIG. 6, a conventional safety de-
prising a safety switching device according to the present vice 200 has a configuration unit 201, for instance, com-
invention. prising a switch 204, which selects a different operational
[0002] Safety switching devices and, in particular, mode depending on whether the safety device 200 is
safety relays are apparatuses intended to ensure the connected to a light curtain 110, having OSSD semicon-
safety of humans working in the environment of an in- 10 ductor outputs, or is used within an emergency shut-off
dustrial process. Safety relays are for instance used to circuit, as this is shown in FIG. 8. In contrast to the present
detect the opening of emergency stop switches or other invention, a cross fault monitoring is provided either by
machine lock-out switches, such as interlock switches the light curtain 110, or the input terminals S11, S22,
guarding a gate or limit switches. Furthermore, safety when the configuration is set for the emergency stop op-
relays are also used for processing the output signals of 15 eration. The safety relay 200 in the application environ-
electro-sensitive protective equipment, such as light cur- ment of FIG. 6 expects a static 24 V signal at the input
tains or light grids. terminals.
[0003] Generally, all safety devices have to be de- [0007] On the other hand, when connecting the safety
signed to meet stringent requirements defined in world- switching device 200 with a safety shut-off circuit, the
wide adapted safety standards. These standards intend 20 safety switching device has the task of monitoring the
to achieve high reliability, which is achieved particularly input conductors with respect to any possible cross-
by applying redundancy, diversity and monitoring princi- circuiting. Known emergency shut-off circuits, for in-
ples. Safety relays, for example, provide internal check- stance, use clocking signals which are transmitted within
ing or fault conditions, such as jammed, welded or stuck the emergency shut-off circuit, as this is for instance
contacts of safety switches. Moreover, safety switches, 25 shown in FIG. 8 and 9. In this conventional arrangement,
such as limit switches, which already have redundant the terminals S11 and S21 output clocking signals of di-
normally closed safety contacts for use with dual channel rectly opposed polarity which are transmitted to the safety
safety relays, are additionally provided with an auxiliary inputs S12, S22 in an unchanged pattern, if no fault con-
contact for status indication. dition has occurred. This signal pattern is recognized by
[0004] On the other hand, electro-sensitive protective 30 the safety device as a safe state.
equipment normally has so-called output signal switching [0008] However, the safety switching device 200 ac-
devices, OSSDs, for generating an output signal to be cording to FIG. 6 and 8 must either have configuration
connected to an input of the safety relay. These semi- means for choosing the settings in accordance with the
conductor outputs, which in the following will be referred field of application, or must have a plurality of different
as OSSDs, are provided as safety switching output of 35 inputs, each configured for a different kind of application.
protective units, such as light grids or safety laser scan- Such configuration, however, is costly and also enhances
ners. When the protective area is violated, the safety sen- the expenditure for installing a safety system.
sor switches the OSSDs into an OFF-state. Thus, the [0009] DE 10 2006 027 135 B3 and US 2002/0175568
switching off of the machine or any endangering state is A1 relate to a safety switch operating method which in-
initiated. As this is generally known, each safety sensor 40 volves transmitting an impulse by a controller over a con-
has two parallel OSSD outputs, which are evaluated in- tact, wherein the controller waits for the return impulse
dependently from each other in a two-channel modus. at another contact for retrieving information about the
For instance, the terminal of an electro-sensitive protec- switching position of switching units between the con-
tive equipment is connected to a safety relay or a safety tacts. The method involves connecting output contacts
controller according to category 3 of EN 954-1 (perform- 45 of electronic switches with a controller and an electric
ance level d according to EN ISO 13849-1) via two OSSD load, wherein the controller switches the switches. A test
outputs. The safety sensor transmits the status informa- impulse is transmitted by the controller over one of the
tion "protective field free", which will be evaluated by the contacts, and the controller waits for a return test impulse
safety control device or safety relay. at the other contact for retrieving information about a
[0005] When using the conventional safety switching 50 switching position of switching units between the con-
devices 200 as shown in FIG. 6 and 8, it has to be de- tacts. A time between a raising slope and a falling slope
termined by changing the settings at a configuration unit of the return test impulse is detected by the controller.
201, whether semiconductor outputs (OSSD) or emer- This document also relates to a safety switch with elec-
gency shut-off circuits, such as protective doors or the tronic switches including output contacts.
like, are to be coupled with the safety inputs S12, S22 of 55 [0010] DE 10 2005 014 125 A1 discloses a safety
the switching device 200. This is due to the fact that the switching apparatus for safe disconnection of an electri-
semiconductor outputs of the OSSDs perform an inher- cal load in an automated installation which has at least
ent self-test regarding any short-circuits between the re- one input for connecting a signalling device. The safety

2
 3 EP 2 362 408 B1 4

switching apparatus has an evaluation and control unit ployed, as it is intended to include all such aspects and
and at least one switching element controlled by the eval- their equivalents. Other advantages and novel features
uation and control unit in order to interrupt an electrical will become apparent from the following detailed descrip-
power supply path to the load. The switching element is tion, when considered in conjunction with the drawings.
a changeover switch having at least two mutually alter- 5
native switching paths, with a first switching path being FIG. 1 shows a schematic diagram of a safety device
located in the electrical power supply path to the load according to the present invention, when ap-
and with a second switching path leading to a monitoring plied in an emergency shut-off circuit;
unit.
[0011] DE 100 11 211 A1 relates to a safety switching 10 FIG. 2 shows a signal pattern at the output terminals
device for connecting and safely disconnecting an elec- of the safety device of FIG. 1;
trical load, in particular, an electrically driven machine.
The safety switching device comprises at least a first and FIG. 3 shows a schematic diagram of the inventive
a second electronic switching element, at least a first and safety device when being connected with a
a second output terminal, and at least one input terminal 15 light curtain;
for a first switching signal that acts on the switching ele-
ments. According to this document, the first and the sec- FIG. 4 shows the signals which are input from the light
ond switching element each have an output which, de- curtain to the safety input terminals of the safe-
pending on the first switching signal, produces an output ty device;
signal at a first potential or at a second potential. The 20
output of the first switching element is connected to the FIG. 5 shows a circuit diagram of a safety input;
first output terminal, and the output of the second switch-
ing element is connected to the second output terminal. FIG. 6 shows a schematic diagram of a known safety
[0012] The present invention therefore aims at over- device, when being connected with a light cur-
coming the above-identified problems. In particular, an 25 tain;
object underlying the present invention is to provide a
safety switching device and an emergency shut-off cir- FIG. 7 shows the signal output by the light curtain;
cuit, comprising such a safety device, which can be used
universally within different safety circuits without the ne- FIG. 8 shows a schematic diagram of a known safety
cessity of setting a different configuration depending on 30 device, when being connected in an emergen-
the respective application field. cy shut-off circuit;
[0013] The present invention as defined by the inde-
pendent claims, is based on the idea that the clocking FIG. 9 shows the clocked signals at the output termi-
safety outputs S11 and S21 which form the output signal nals of the conventional safety device of FIG. 8.
for an emergency shut-off circuit, output the same pulse 35
pattern as a conventional OSSD signal. Consequently, [0017] The innovation is now described with reference
the safety inputs S12, S22 always receive the same sig- to the drawings, wherein like reference numerals are
nal, irrespective of the kind of sensor that is connected used to refer to like elements throughout. In the following
with the inputs of the safety switching device. No chang- description, for purposes of explanation, numerous spe-
ing of any settings is required. 40 cific details are set forth in order to provide a thorough
[0014] According to the present invention, the safety understanding thereof. It may be evident, however, that
outputs S11 and S21 are monitored with respect to their the innovation can be practiced without these specific
proper function. This is necessary, because the input ter- details. In other instances, well-known structures and de-
minals do not perform any cross-circuiting monitoring. vices are shown in block diagram form in order to facilitate
[0015] According to the present invention, the safety 45 a description thereof.
outputs S11 and S21 are switched off for a short period, [0018] As used in this application, the terms "compo-
each at a different instant. The status of the safety output nent", "system", "equipment", "interface", "network"
terminals S11 and S21 are fed back to the controller of and/or the like are intended to refer to a computer related
the safety device. In case of a short-circuit or a contact entity, either hardware a combination of hardware and
to 24 Volts or 0 Volts, this fault condition is detected and 50 software, software or software in execution. For example,
the safety device switches the safety outputs into a pre- a component can be, but is not limited to being, a process
defined secure state. running on a processor, or a processor, a harddisk drive,
[0016] To the accomplishment of the foregoing and re- multiple storage drives (of optical and/or magnetic stor-
lated ends, certain illustrative aspects of the disclosed age medium), an object, an executable, a thread of ex-
invention are described herein in connection with the fol- 55 ecution, a program and/or a computer, an industrial con-
lowing description and the annexed drawings. These as- troller, a relay, a sensor and/or a variable frequency drive.
pects are indicative, however, of but a few of the various By way of illustration, both an application running on a
ways in which the principles disclosed herein can be em- server and a server can be a component. One or more

3
 5 EP 2 362 408 B1 6

components can reside within a process and/or thread a set of events and/or data. Such inference results in the
of execution, and a component can be localized on one construction of new events or actions from a set of ob-
computer and/or distributed between two or more com- served events and/or stored event data, whether or not
puters. the events are correlated in close temporal proximity, and
[0019] In addition to the foregoing, it should be appre- 5 whether the events and data come from one or several
ciated that the claimed subject matter can be implement- event and data sources.
ed as a method, apparatus, or article of manufacture us- [0022] Referring to the drawings, FIG. 1 depicts a safe-
ing typical programming and/or engineering techniques ty switching device 100 according to the present inven-
to produce software, firmware, hardware, or any suitable tion. In the particular arrangement of FIG. 1, the safety
combination thereof to control a computing device, such 10 device 100 is connected with an emergency shut-off
as a variable frequency drive and controller, to implement switch to form an emergency shut-off circuit. The emer-
the disclosed subject matter. The term "article of manu- gency shut-off switch 102 comprises two sets of contacts
facture" as used herein is intended to encompass a com- which are mechanically linked for a dual channel opera-
puter program accessible from any suitable computer- tion of the safety device 100.
readable device, media, or a carrier generated by such 15 [0023] The safety device 100 is for instance a two-
media/device. For example, computer readable media channel safety relay with four external terminals, S11,
can include but are not limited to magnetic storage de- S12, S21 and S22, but may of course also have a large
vices (e.g., hard disk, floppy disk, magnetic strips...), op- number of additional terminals, as this is well-known in
tical disks (e.g., compact disk (CD), digital versatile disk the art.
(DVD)...), smart cards, and flash memory devices (e.g., 20 [0024] Terminals S11 and S21 represent the safety
card, stick, key drive...). Additionally it should be appre- signal outputs and terminals S12 and S22 are the signal
ciated that a carrier wave generated by a transmitter can inputs of the safety device 100 and serve to be connected
be employed to carry computer-readable electronic data to other safety devices, such as the emergency stop
such as those used in transmitting and receiving elec- switch 102. The emergency stop switch 102 comprises
tronic mail or in accessing a network such as the Internet 25 two sets of normally closed contacts, which are mechan-
or a local area network (LAN). Of course, those skilled ically linked to one another. The output terminal S11 is
in the art will recognize many modifications may be made connected to +24 Volt DC and the output terminal S21
to this configuration without departing from the scope of is connected to ground. Accordingly, both poles of a sig-
the claimed subject matter. nal voltage of 24 Volts DC are available at the signal
[0020] Moreover, the word "exemplary" is used herein 30 output terminals S11 and S21.
to mean serving as an example, instance, or illustration. [0025] The input terminal S12 is connected via the
Any aspect or design described herein as "exemplary" is magnet coil of a first contactor (not shown) to ground and
not necessarily to be construed as preferred or advanta- input terminal S22 is connected via the magnet coil of a
geous over other aspects or designs. Rather, use of the second contactor (not shown) to +24 Volts DC. The two
word exemplary is intended to present concepts in a con- 35 contactors are used to operate safety outputs (not
crete fashion. As used in this application, the term "or" is shown) of the safety relay 100. In order to perform a cross
intended to mean an inclusive "or" rather than an exclu- fault monitoring in the circuit arrangement of FIG. 1, the
sive "or". That is, unless specified otherwise, or clear from output terminals S11 and S21 output a pulse train pattern
context, "X employs A or B" is intended to mean any of as shown in FIG. 2, which is exactly the same as the one
the natural inclusive permutations. That is, if X employs 40 that is generated by the OSSD of an electro-sensitive
A; X employs B; or X employs both A and B, then "X protective equipment 110, for instance a light curtain.
employs A or B" is satisfied under any of the foregoing [0026] In order to monitor the status of terminals S11
instances. In addition, the articles "a" and "an" as used and S21, according to the present invention, a feedback
in this application and the appended claims should gen- connection 104, 106, is provided at each output. A control
erally be construed to mean "one or more" unless spec- 45 unit 108 comprising at least one safety processor eval-
ified otherwise or clear from context to be directed to a uates the measured signals and generates correspond-
singular form. ing output signals. In case of a cross fault or a short-
[0021] Furthermore, the terms to "infer" or "inference", circuiting towards 24 Volts or 0 Volt, this fault condition
as used herein, refer generally to the process of reason- is detected and the control unit 108 assigns a safe value
ing about or inferring states of the system, environment, 50 to the output signals.
and/or user from a set of observations as captured via [0027] On the other hand, the pulse trains transmitted
events and/or data. Inference can be employed to identify by the outputs S11 and S21 are passed through the emer-
a specific context or action, or can generate a probability gency shut-off switch 102 and are received unchanged
distribution over states, for example. The inference can at the input terminals S12, S22 for the case that neither
be probabilistic-that is, the computation of a probability 55 a fault condition has occurred nor the emergency switch
distribution over states of interest based on a consider- has been actuated. Otherwise, the safety device does
ation of data and events. Inference can also refer to tech- not detect the expected values, when monitoring the sig-
niques employed for composing higher-level events from nals at the terminals S12 and S22 and the control unit

4
 7 EP 2 362 408 B1 8

108 of the safety device 100 initiates the safe status of in said test routine comprises switching off one of
the signals at the output terminals S11 and S21. the output signals for a predetermined period of time.
[0028] Of course, the control unit 108 will advanta-
geously also be constructed in a redundant way, as this 3. Safety switching device according to claim 1 or 2,
is known to a person skilled in the art. For instance, the 5 wherein said output signals are generated to have a
control unit 108 comprises two safety processors which pattern coinciding with an output signal of an output
monitor each other’s proper functioning. Furthermore, signal switching device, OSSD, of an electro-sensi-
the safety device according to the present invention also tive protective equipment (110).
can be used in connection with safety shut-down mats.
[0029] According to the present invention, the input ter- 10 4. Safety switching device according to one of the pre-
minals S12, S22 of the safety device 100 always expect ceding claims, wherein said first and second safety
an input signal as the one that is normally generated by input are coupled with at least one level converting
the OSSDs of an electro-sensitive protective equipment unit, and wherein the control unit (108) is operable
110. Thus, as shown in FIG. 3, the safety device accord- to perform a test routine for testing said input signals.
ing to the present invention can also be coupled to a light 15
curtain 110, without changing any configurations. The 5. Safety switching device according to one of the pre-
input terminals S12, S22 again receive the same signal ceding claims, wherein upon detection of a cross
in this case, not from the output terminals S11 and S21 fault or a short circuit with 24 V or 0 V said safety
of the safety switching device, but from the semiconduc- outputs are set to a safe state.
tor outputs of the light curtain 110, as this is shown in 20
FIG. 4. 6. Safety switching device according to one of the pre-
[0030] FIG. 5 shows a circuit diagram of a safety signal ceding claims, wherein said control unit (108) com-
input S12, which is able to switch off the input signal and prises at least two redundant microcontrollers that
test the hardware down to the safety processors 108. are adapted to monitor each other’s functions.
[0031] By leaving the safety outputs or the safety de- 25
vice 100 at a 24 Volt static potential and by providing a 7. Emergency shut-off circuit comprising:
regular testing with a pulse pattern for responding to con-
ventional OSSD outputs, the safety device according to a safety switching device (100) according to
the present invention can be used for all signal generating claim 1, and
devices, such as emergency shut-off circuits and electro- 30 at least one two-channel emergency stop switch
sensitive protective equipment as well as switching mats (102) which is connected between said safety
without the necessity of changing any configurations. The inputs and said safety outputs, said switch being
state of the outputs is monitored by the safety processors actuable between an open and a closed state.
108 and therefore a cross fault detection can be per-
formed. 35 8. Emergency shut-off circuit according to claim 7,
wherein said at least one emergency stop switch
(102) has two sets of normally closed contacts which
Claims are mechanically linked to one another and can be
actuated to be brought into an opened state.
1. Safety switching device for actuating actuators in a 40
fail-safe manner, said safety switching device (100) 9. Emergency shut-off circuit according to claim 7 or 8,
comprising: wherein said test routine comprises switching off one
of the output signals for a predetermined period of
at least one first and second safety input (S12, time.
S22) for receiving a first and second input signal; 45
at least one first and second safety output (S11, 10. Emergency shut-off circuit according to one of the
S21) for transmitting a first and second output claims 7 to 9, wherein said output signals are gen-
signal; erated to have a pattern coinciding with an output
a control unit (108) for evaluating said input sig- signal of an output signal switching device, OSSD,
nals and for generating said output signals; 50 of an electro-sensitive protective equipment.
characterized in that said first and second
safety outputs (S11, S21) each further comprise 11. Emergency shut-off circuit according to one of the
a feedback loop (104, 106) for directly coupling claims 7 to 10, wherein said first and second safety
back said output signals to the control unit (108), input are coupled with at least one level converting
and wherein the control unit is operable to per- 55 unit, and wherein the control unit is operable to per-
form a test routine for testing said output signals. form a test routine for testing said input signals.

2. Safety switching device according to claim 1, where- 12. Emergency shut-off circuit according to one of the

5
 9 EP 2 362 408 B1 10

claims 7 to 11, wherein upon detection of a cross (108) wenigstens zwei redundante Mikrocontroller
fault or a short circuit with 24 V or 0 V said safety umfasst, die dazu eingerichtet sind, ihre Funktionen
outputs are set to a safe state. gegenseitig zu überwachen.

5 7. Notfallabschaltschaltkreis, umfassend:
Patentansprüche
eine Sicherheitsschaltvorrichtung (100) nach
1. Sicherheitsschaltvorrichtung für die Betätigung von Anspruch 1 und
Stellantrieben in einer ausfallsicheren Art und Wei- wenigstens einen Zweikanal-Notfallstoppschal-
se, wobei die Sicherheitsschaltvorrichtung (100) um- 10 ter (102), der zwischen die Sicherheitseingänge
fasst: und die Sicherheitsausgänge geschaltet ist, wo-
bei der Schalter zwischen einem geöffneten und
wenigstens einen ersten und zweiten Sicher- einem geschlossenen Zustand betätigt werden
heitseingang (S12, S22) für das Empfangen ei- kann.
nes ersten und eines zweiten Eingangssignals; 15
wenigstens einen ersten und zweiten Sicher- 8. Notfallabschaltschaltkreis nach Anspruch 7, bei der
heitsausgang (S11, S21) zum Senden eines der wenigstens eine Notfallstoppschalter (102) zwei
ersten und zweiten Ausgangssignals; und Sätze normalerweise geschlossener Kontakte hat,
eine Steuereinheit (108) zum Bewerten der Ein- die mechanisch miteinander verbunden sind und
gangssignale und zum Erzeugen der Ausgangs- 20 derart betätigt werden können, dass sie in einen ge-
signale; öffneten Zustand gebracht werden.
dadurch gekennzeichnet, dass
der erste und der zweite Sicherheitsausgang 9. Notfallabschaltschaltkreis nach Anspruch 7 oder 8,
(S11, S21) jeweils weiterhin einen Rückmelde- bei dem die Prüfroutine das Abschalten eines der
kreis (104, 106) umfassen, um die Ausgangssi- 25 Ausgangssignale für eine vorbestimmte Zeitperiode
gnale direkt zu der Steuereinheit (108) rückzu- umfasst.
melden, und die Steuereinheit betätigt werden
kann, eine Prüfroutine für die Überprüfung der 10. Notfallabschaltschaltkreis nach einem der Ansprü-
Ausgangssignale auszuführen. che 7 bis 9, bei dem die Ausgangssignale derart er-
30 zeugt werden, dass sie ein Muster haben, das mit
2. Sicherheitsschaltvorrichtung nach Anspruch 1, bei einem Ausgangssignal einer Ausgangssignalschalt-
der die Prüfroutine das Abschalten eines der Aus- vorrichtung, OSSD, einer elektrosensitiven Schutz-
gangssignale für eine vorbestimmte Zeitperiode um- einrichtung (110) übereinstimmt.
fasst.
35 11. Notfallabschaltschaltkreis nach einem der Ansprü-
3. Sicherheitsschaltvorrichtung nach Anspruch 1 oder che 7 bis 10, bei dem der erste und zweite Sicher-
2, bei der die Ausgangssignale derart erzeugt wer- heitseingang mit wenigstens einer Pegelwandlerein-
den, dass sie ein Muster haben, das mit einem Aus- heit verbunden sind und die Steuereinheit (108) der-
gangssignal einer Ausgangssignalschaltvorrich- art betätigt werden kann, dass sie eine Prüfroutine
tung, OSSD, einer elektrosensitiven Schutzeinrich- 40 für die Überprüfung der Eingangssignale ausführt.
tung (110) übereinstimmt.
12. Notfallabschaltschaltkreis nach einem der Ansprü-
4. Sicherheitsschaltvorrichtung nach einem der vor- che 7 bis 11, bei der bei Erfassung eines Querschlus-
hergehenden Ansprüche, bei der der erste und zwei- ses oder eines Kurzschlusses mit 24 V oder 0 V die
te Sicherheitseingang mit wenigstens einer Pegel- 45 Sicherheitsausgänge in einen sicheren Zustand ver-
wandlereinheit verbunden sind und die Steuerein- setzt werden.
heit (108) derart betätigt werden kann, dass sie eine
Prüfroutine für die Überprüfung der Eingangssignale
ausführt. Revendications
50
5. Sicherheitsschaltvorrichtung nach einem der vor- 1. Dispositif de commutation de sécurité destiné à com-
hergehenden Ansprüche, bei der bei Erfassung ei- mander des actionneurs de manière sûre, ledit dis-
nes Querschlusses oder eines Kurzschlusses mit 24 positif de commutation de sécurité (100)
V oder 0 V die Sicherheitsausgänge in einen siche- comprenant :
ren Zustand versetzt werden. 55
au moins des première et seconde entrées de
6. Sicherheitsschaltvorrichtung nach einem der vor- sécurité (S12, S22) destinées à recevoir un pre-
hergehenden Ansprüche, bei der die Steuereinheit mier et un second signal d’entrée,

6
 11 EP 2 362 408 B1 12

au moins des première et seconde sorties de entre un état ouvert et un état fermé.
sécurité (S11, S21) destinées à transmettre un
premier et un second signal de sortie, 8. Circuit d’interruption d’urgence selon la revendica-
une unité de commande (108) destinée à éva- tion 7, dans lequel ledit ou lesdits commutateurs d’ar-
luer lesdits signaux d’entrée et à générer lesdits 5 rêt d’urgence (102) comportent deux jeux de con-
signaux de sortie, tacts normalement fermés qui sont mécaniquement
caractérisé en ce que reliés l’un à l’autre et peuvent être actionnés pour
lesdites première et seconde sorties de sécurité être amenés à l’état ouvert.
(S11, S21) comprennent en outre chacune une
boucle de rétroaction (104, 106) permettant de 10 9. Circuit d’interruption d’urgence selon la revendica-
coupler directement en retour lesdits signaux de tion 7 ou la revendication 8, dans lequel ledit pro-
sortie à l’unité de commande (108), et dans le- gramme de test comprend l’interruption de l’un des
quel l’unité de commande peut être mise en signaux de sortie pendant un intervalle de temps pré-
oeuvre pour effectuer un programme de test per- déterminé.
mettant de contrôler lesdits signaux de sortie. 15
10. Circuit d’interruption d’urgence selon l’une des re-
2. Dispositif de commutation de sécurité selon la re- vendications 7 à 9, dans lequel lesdits signaux de
vendication 1, dans lequel ledit programme de test sortie sont générés pour présenter une séquence
comprend l’interruption de l’un des signaux de sortie coïncidant avec le signal de sortie d’un dispositif de
pendant un intervalle de temps prédéterminé. 20 commutation de signal de sortie, OSSD, d’un équi-
pement de protection électro sensible.
3. Dispositif de commutation de sécurité selon la re-
vendication 1 ou la revendication 2, dans lequel les- 11. Circuit d’interruption d’urgence selon l’une des re-
dits signaux de sortie sont générés pour présenter vendications 7 à 10, dans lequel lesdites première
une séquence coïncidant avec le signal de sortie 25 et seconde entrées de sécurité sont couplées à au
d’un dispositif de commutation de signal de sortie, moins une unité de conversion de niveau, et dans
OSSD, d’un équipement de protection électro sen- lequel l’unité de commande peut être mise en oeuvre
sible (110). pour effectuer un programme de test permettant de
contrôler lesdits signaux de sortie.
4. Dispositif de commutation de sécurité selon l’une 30
des revendications précédentes, dans lequel lesdi- 12. Circuit d’interruption d’urgence selon l’une des re-
tes première et seconde entrées de sécurité sont vendications 7 à 11, dans lequel, lors de la détection
couplées avec au moins une unité de conversion de d’un défaut transversal ou d’un court-circuit avec 24
niveau, et dans lequel l’unité de commande (108) V ou 0 V, lesdites sorties de sécurité sont position-
peut être mise en oeuvre pour effectuer un program- 35 nées à un état sûr.
me de test permettant de contrôler lesdits signaux
d’entrée.

5. Dispositif de commutation de sécurité selon l’une

des revendications précédentes, dans lequel, lors 40
de la détection d’un défaut transversal ou d’un court-
circuit avec 24 V ou 0 V, lesdites sorties de sécurité
sont positionnées à un état sûr.

6. Dispositif de commutation de sécurité selon l’une 45

des revendications précédentes, dans lequel ladite
unité de commande (108) comprend au moins deux
micro contrôleurs redondants qui sont conçus pour
surveiller chacun les fonctions de l’autre.
50
7. Circuit d’interruption d’urgence comprenant :

un dispositif de commutation de sécurité (100)

conforme à la revendication 1, et
au moins un commutateur d’arrêt d’urgence à 55
deux canaux (112) qui est raccordé entre lesdi-
tes entrées de sécurité et lesdites sorties de sé-
curité, ledit commutateur pouvant être actionné

7
EP 2 362 408 B1

8
EP 2 362 408 B1

9
EP 2 362 408 B1

10
EP 2 362 408 B1

11
EP 2 362 408 B1

12
 EP 2 362 408 B1

REFERENCES CITED IN THE DESCRIPTION

This list of references cited by the applicant is for the reader’s convenience only. It does not form part of the European
patent document. Even though great care has been taken in compiling the references, errors or omissions cannot be
excluded and the EPO disclaims all liability in this regard.

Patent documents cited in the description

• DE 102006027135 B3 [0009] • DE 102005014125 A1 [0010]

• US 20020175568 A1 [0009] • DE 10011211 A1 [0011]

13