SMART OBJECT CONTROLLER FOR RAILWAY TRACKS

(19)

(11)

EP 4 101 727 A1

(12)	EUROPEAN PATENT APPLICATION

(43)	Date of publication:
	14.12.2022 Bulletin 2022/50

(21)	Application number: 21305801.9

(22)	Date of filing: 11.06.2021

(51)

International Patent Classification (IPC):

B61L 7/08^(2006.01)

B61L 19/06^(2006.01)

(52)	Cooperative Patent Classification (CPC):
	B61L 7/088; B61L 19/06

(84)	Designated Contracting States:
	AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR
	Designated Extension States:
	BA ME
	Designated Validation States:
	KH MA MD TN

(71)	Applicant: ALSTOM Transport Technologies
	93400 Saint-Ouen (FR)

(72)	Inventors:
	MOTTA, Sara 40050 MONTE SAN PIETRO (IT) GARUTI, Renzo 40050 FUNO DI ARGELATO (IT) CAPASSO, Pasquale 40122 BOLOGNE (IT) SILVESTRINI, Andrea 40138 BOLOGNE (IT)

(74)	Representative: Lavoix
	2, place d'Estienne d'Orves 75441 Paris Cedex 09 75441 Paris Cedex 09 (FR)

(54)	SMART OBJECT CONTROLLER FOR RAILWAY TRACKS

(57) A Smart Object Controller for mounting along a railway track comprising:
- a cybersecurity management module (10) arranged to receive and transmit, from or to a remote station (108), route control data representing a configuration of the railway track, and to decrypt or encrypt said route control data into safety data;
- a safety data processing module (12) arranged to receive and transmit, from or to the cybersecurity management module (10), said safety data and to convert the safety data into boolean variables and vice versa;
-a boolean equation module (14) arranged to receive, from the safety data processing module (12), the boolean variables, and to execute boolean equations based on said boolean variables, thus obtaining command data to be sent to trackside equipment (4) of the railway track to get said configuration.

Description

[0001] The present invention relates to a Smart Object Controller for railway tracks.

[0002] A Smart Object Controller (SmOC) is a device which operates in a context of Digital Railway Evolution, as for example in a Regional ERMTS low density architecture as shown in figure 1, wherein railway vehicles 100 move on respective railway tracks 102 and a plurality of GSM local radio equipment 104 communicate each other through a plurality of antennas 106.

[0003] A Smart Object Controller is a device which is placed along a railway track, next to trackside equipment, and is arranged to receive control commands from a remote station 108 and to control, in turn, such trackside equipment.

[0004] The Smart Object Controller is usually placed in a same local technological cabin where the GSM local radio equipment 104 is located.

[0005] Nowadays, in the railway architectures, it is required an enhanced digitalization of a railway infrastructure, including smart radio-controlled object controllers, allowing communication on open networks and fulfilling compliancy with standardized interoperability protocols.

[0006] Various railway architectures are known, and they often include Smart Object Controllers interfaced to a Route Control Signalling system (part of the remote station 108) to translate control commands provided by the Route Control Signalling system into specific trackside equipment controls (activation of level crossing, signals, point machines, eurobalises).

[0007] Moreover, a Smart Object Controller is arranged to acquire data from the trackside equipment and to elaborate them in order to provide to the Route Control Signalling system a feedback from the trackside equipment.

[0008] The communication between the Smart Object Controller with the Route Control Signalling system is usually protected by encryption.

[0009] A Smart Object Controller supports also the deployment of architectures without the need of a Central Interlocking Computer, and it can be directly connected to a Radio Block Center or to a Traffic Management System per se known.

[0010] Known Smart Object Controllers are arranged to communicate and exchange data with the other components of a railway instrastructure, however, it is always necessary that the remote station 108 takes care of the security of the whole data exchange, even with the aid of other security components located along the railway track and external to the Smart Object Controller, so as to allow communication with an open network communication system of the architecture.

[0011] As a result, there is a high overall number of components and a complexity of the architecture.

[0012] In fact, in known railway architectures, all the control logic is concentrated in the remote station 108 (and/or other related components) and the Smart Object Controllers are just « passive » devices, which receive and translate commands and feedbacks to and from the remote station or the trackside equipment.

[0013] In order to exchange information with an open network, it is therefore always necessary that the remote station 108 takes care of the security of such data exchange.

[0014] There is therefore the need to develop an innovative smart object controller which is capable of interfacing directly with an open network communication system without additional external equipment, thus overcoming the problem of the prior art.

[0015] This and other objects are fully achieved by a smart object controller for mounting along a railway track, characterized in that it comprises:

a cybersecurity management module arranged to receive and transmit, from or to a remote station, route control data representing a configuration of the railway track, and to decrypt or encrypt said route control data into safety data;
a safety data processing module arranged to receive and transmit, from or to the cybersecurity management module, said safety data and to convert the safety data into boolean variables and vice versa;
a boolean equation module arranged to receive, from the safety data processing module, the boolean variables, and to execute boolean equations based on said boolean variables, thus obtaining command data to be sent to trackside equipment of the railway track to get said configuration.

[0016] According to some embodiments, the smart object controller according to the present invention may comprise one or more of the following features, which may be combined in any technical feasible combination:

the boolean equation module is further arranged to process object indication data received from signalling object management module to confirm the requested configuration to the remote station through the safety data processing module and the cybersecurity management module;
the smart object controller further comprises a signalling object module arranged to receive configuration data from the remote station and command data from the safety data processing module, to elaborate such command data to obtain final command instructions to be sent to trackside equipment of the railway track to get said configuration;
the signalling object management module is further arranged to elaborate trackside indication data received from the trackside equipment to obtain object indication data to be sent to the boolean equation module through the safety data processing module;
the smart object controller comprises a maintenance data processing module arranged to receive from the boolean equation module variable monitoring data representative of the set of boolean variables that has to be monitored and to obtain object monitoring data from the signalling object management module for diagnostic purposes and to transmit maintenance data to the remote station;
the cybersecurity management module implements an Access Protection Layer;
the boolean equation module and the safety data processing module implement a two-out-of-two ("2oo2") safety architecture;
the boolean equation module comprise two processors which execute at the same time, in redundant configuration, the boolean equations.

[0017] This and other objects are also achieved by a railway line comprising trackside equipment and a smart object controller above indicated, and in particular as described hereinafter and defined in the appended relevant claims, which is configured to control the trackside equipment.

[0018] Preferred embodiments of the invention are specified in the dependent claims, whose subject-matter is to be understood as forming an integral part of the present description.

[0019] Further characteristics and advantages of the present invention will become apparent from the following description, provided merely by way of a non-limiting example, with reference to the enclosed drawings, in which:

Figure 1 is a schematic picture of a Regional ERMTS low density architecture ; and
Figure 2 is a block diagram of a smart object controller according to the present invention.

[0020] The present invention concerns the delocalization of part of the safety logic on the Smart Object Controller itself, and to interface directly the Smart Object Controller with an open network communication system of a railway infrastructure, without additional external equipment and integrating support functions such as for example cybersecurity or maintenance elaboration.

[0021] The Smart Object Controller according to the present invention, in a decentralized architecture, is installed close to trackside equipment of a railway track and manages directly the equipment through a configured local logic.

[0022] It is also possible to create a cluster of Smart Object Controllers, each assigned to a section of a railway station, wherein the Smart Object Controllers are capable of communicating each other to coordinate different operations on the trackside equipment so as to implement different « configurations » or « scenarios » communicated from the remote station 108.

[0023] In this context, the terms « configuration » or « scenario » are used in an manner equivalent to each other and refer each to a predetermined situation on the railway track including different conditions for various trackside equipment, such as lights, position of level crossings, position of the point machines, etc.

[0024] The Smart Object Controller according to the present invention also comprises a cybersecurity module arranged to perform cybersecurity functions, thus providing secure communication on open networks (public network) of the railway infrastructure.

[0025] The Smart Object Controller according to the present invention collects and elaborates data concerning the signalling functions of a railway infrastructure, without external additional equipment, and it comprises local logic modules assuring safe trackside equipment management with a redundant configuration.

[0026] Thanks to the direct management of the data, consistency between signalling events managed by the Smart Object Controller is assured, helping also maintenance and investigation operations.

[0027] Figure 2 shows a block diagram of a Smart Object Controller 2 according to the present invention.

[0028] In particular, the Smart Object Controller 2 is arranged to perform a plurality of functions described in detail here below.

[0029] A radio block center, a wayside controller and a maintenance system per se known are indicated with reference 6 and are arranged to send to and receive from to a cybersecurity management module 10 of the Smart Object Controller 2 route control data.

[0030] These devices 6 are part of or are connected to the remote station 108.

[0031] The route control data represent the all set of data applicable to a configuration or scenario of a railway track along with said Smart Object Controller is placed, such as control command data, control indication data, maintenance data.

[0032] The route control data represent also the data used to perform remote reprogramming or remote reconfiguration of the Smart Object Controller 2.

[0033] The cybersecurity management module 10 is also arranged to receive and transmit, from or to the remote station 108 or any device 6 thereof, maintenance data.

[0034] The maintenance data represent for example alarms and measures acquired from trackside equipment 4 elaborated by the Smart Object Controller.

[0035] In particular, the cybersecurity management module 10 is arranged to decrypt or encrypt the route control data received from/sent to the remote station 108 or any device 6 thereof into safety data to assure protection from non authorized access.

[0036] In order to perform such safety control, an Access Protection Layer is implemented in the cybersecurity management module 10 in a manner per se known. This function allows the Smart Object Controller 2 to directly interface with an open network.

[0037] The cybersecurity management module 10 is then arranged to exchange the safety data with te-a safety data processing module 12, to send configuration data related in a manner per se known to the route control data to a signalling object management module 16, and to receive the maintenance data from the maintenance data processing module 18, as detailed here below.

[0038] The configuration data defines: the local logic, the commands/indications data flow exchanged with the trackside equipment 4, the parameters to be used for the safety communications and the cryptographic keys for the cyber communications.

[0039] Thanks to the cybersecurity management module 10, all data entering or exiting from the Smart Object Controller 2 are protected from cyber attacks.

[0040] An encryption is added to the safety data, in order to be able to support public open network communication.

[0041] The safety data processing module 12 is arranged to receive, from the cybersecurity management module 10, the safety data, which are data related to the control commands sent by the remote station 108 and which represent different configurations.

[0042] The safety data processing module 12 is also arranged to transmit, to the cybersecurity management module 10, the safety data which are data related to the indications received by the trackside equipment 4 through signalling object management module 16.

[0043] These data are then transmitted to the remote station 108.

[0044] The safety data processing module 12 converts, in a manner per se known, the safety data into boolean variables and send such boolean variables to a boolean equation module 14.

[0045] The boolean equation module 14 is the core of the Smart Object Controller 2 and represents the implementation of a local logic: it applies a signalling safety principle to the equipment managed by the Smart Object Control 2 such as the trackside equipment 4.

[0046] The boolean equation module 14 is able to execute boolean equations per se known assuring adherence to a local logic defined by a predetermined application represented by such equations. This is a safety related function ("SIL4").

[0047] The boolean equation module 14 represents the added value of the Smart Object Controller 2 according to the present invention.

[0048] The delocalization of the logic inside the Smart Object Controller 2 permits to reduce the response time because the Smart Object Controller 2 directly controls the trackside equipment 4 and reacts in autonomy, applying a safe principle as configured.

[0049] The boolean equation module 14 is realized by a redundant architecture where each single section (active section and stand-by section) performs a configurable cyclic process split in four phases :

input phase : boolean variables are read from the safety data processing module 12 and from the trackside equipment 4 through a signalling object management module 16 and a safety data processing module 12;
output phase : boolean variables are written into the safety data processing module 12 and routed through signalling object management module 16 to the trackside equipment 4; output boolean variables representing indications can also be trasmitted to one or more of devices 6 basing on configuration
equation computation phase : based on the input variables read in the previous phase.
redundancy management phase : alignment of the redundant boolean equation outputs and internal states.

[0050] The active section transmits these said data to the stand-by section and to the safety data processing module 12, the stand-by section receives them and overwrite its internal data to be ready in case of switch-over avoiding a temporary loss of the safety data during boards switches.

[0051] In particular, the boolean equation module 14 receives from the safety data processing module 12 the boolean variables and executes the boolean equations, based on such boolean variables.

[0052] The boolean equations are predetermined equations defined in a configuration phase of the boolean equation module 14, to cover specific functions and fulfilling specific safety requirement.

[0053] As a result, the boolean equation module 14, after appropriate further elaborations here below detailed, calculates all the variables and transmits variables to be monitored (variable monitoring data) to the maintenance data processing module 18, thus obtaining command data to be or commands to be transmitted to the trackside equipment 4,

[0054] The boolean equation module 14 is also arranged to process object indication data received from a signalling object management module 16 to confirm the requested configuration to the remote station 108 through the safety data processing module 12 and the cybersecurity management module 10.

[0055] In this way, the boolean equation module 14, finally transmits indications, through the safety data processing module 12, and cybersecurity management module 10 to the remote station 108, to get and confirm the configuration required by the route control data.

[0056] Each section of the boolean equation module 14 (active and stand-by) and the safety data processing module 12 are based on a two-out-of-two ("2oo2") safety architecture providing two processors, which execute at the same time the boolean equations and cross-check of the results obtained.

[0057] In particular the cross check of the results is obtained through a two-out-of-two ("2oo2") vote of a CRC result computed on the whole set of the boolean variables.

[0058] The boolean equation module 14 sends these variables monitoring data, representative of the set of boolean variables that has to be monitored, to the maintenance data processing module 18.

[0059] The maintenance data processing module 18, which is a standard module, is also configured to obtain object monitoring data from the signalling object management module 16 for diagnostic purposes and to transmit maintenance data to the remote station 108.

[0060] The signalling object management module 16, after having received the control object data coming from the safety data processing module 12, and the configuration data received from the cybersecurity management module 10, elaborates, in a manner per se known, such data to obtain final command instructions to be sent to trackside equipment 4, such as a signal device, a point machine or a relay, to activate and control such devices and get the requested configuration.

[0061] In particular, the signalling object management module 16 is also arranged to elaborate trackside indication data received from the trackside equipment 4 to obtain object indication data to be sent to the boolean equation module 14 through the safety data processing module 12.

[0062] Thus, the signalling object management module 16 detects the trackside equipment and provides to the safety data processing module 12 the indication data to be elaborated by the boolean equation module 14 and combines route control indication data to confirm the requested configuration status.

[0063] The signalling object management module 16 performs therefore a trackside equipment management, in a manner per se known, based on the controls calculated by the boolean equation module 14.

[0064] All the data exchanged with the Smart Object Controller 2 are transformed, in a manner per se known, into digital/analogic signals according to the components involved in the respective function.

[0065] The system of the present invention permits to manage complete functional blocks dislocated remotely along a railway line.

[0066] The Smart Object Controller 2 according to the present invention manages autonomously complex functions, such as for example the level crossing function, by managing directly level crossing signals, barriers, acoustic warning and axle counters.

[0067] It is not necessary to involve the Route Control Signaling system (the remote station 108), because the Smart Object Controller 2 is capable of directly manage route information derived from other Wayside Controller or from a Radio Block Center, through a wireless encrypted communication.

[0068] Thanks to this new functionality the response time to activate/deactivate the trackside equipment or the reaction time in case of degraded mode is reduced and globally the reaction of the system is enhanced.

[0069] The main advantages of the invention can be summarized as follows :

reduction of more than 50% on the system response time due to the local logic management;
reduction of more than 10% on cost of field cables, and sharing components and services such as power supply distribution, diagnostic and network connectivity thanks to the standardization of the Smart Object Controller.

[0070] Clearly, the principle of the invention remaining the same, the embodiments and the details of production can be varied considerably from what has been described and illustrated purely by way of non-limiting example, without departing from the scope of protection of the present invention as defined by the attached claims.

Claims

1. A Smart Object Controller (2) for mounting along a railway track, characterized in that it comprises:

- a cybersecurity management module (10) arranged to receive and transmit, from or to a remote station (108), route control data representing a configuration of the railway track, and to decrypt or encrypt said route control data into safety data;

- a safety data processing module (12) arranged to receive and transmit, from or to the cybersecurity management module (10), said safety data and to convert the safety data into boolean variables and vice versa;

- a boolean equation module (14) arranged to receive, from the safety data processing module (12), the boolean variables, and to execute boolean equations based on said boolean variables, thus obtaining command data to be sent to trackside equipment (4) of the railway track to get said configuration.

2. The Smart Object Controller (2) according to claim 1, wherein said boolean equation module (14) is further arranged to process object indication data received from signalling object management module (16) to confirm the requested configuration to the remote station (108) through the safety data processing module (12) and the cybersecurity management module (10).

3. The Smart Object Controller (2) according to claim 1 or 2, further comprising a signalling object management module (16) arranged to receive configuration data from the remote station (108) and command data from the safety data processing module (12), to elaborate such command data to obtain final command instructions to be sent to trackside equipment (4) of the railway track to get said configuration.

4. The Smart Object Controller (2) according to claim 3, wherein said signalling object management module (16) is further arranged to elaborate trackside indication data received from the trackside equipment (4) to obtain object indication data to be sent to the boolean equation module (14) through the safety data processing module (12).

5. The Smart Object Controller (2) according to claim 4, comprising a maintenance data processing module (18) arranged to receive from the boolean equation module (14) variable monitoring data representative of the set of boolean variables that has to be monitored and to obtain object monitoring data from the signalling object management module (16) for diagnostic purposes and to transmit maintenance data to the remote station (108).

6. The Smart Object Controller (2) according to any of the preceding claims, wherein the cybersecurity management module (10) implements an Access Protection Layer.

7. The Smart Object Controller (2) according to any of the preceding claims, wherein the boolean equation module (14) and the safety data processing module (12) implement a two-out-of-two (2oo2) safety architecture.

8. The Smart Object Controller (2) according to any of the preceding claims, wherein the boolean equation module (14) comprise two processors which execute at the same time, in redundant configuration, the boolean equations.

9. A railway line comprising trackside equipment (4), characterized in that it further comprises a Smart Object Controller (2) according to one or more of the preceding claims configured to control the trackside equipment (4).

Drawing

Search report

Search report