主权项 |
1. An operating method for a control device for an industrial-technical process, the method comprising cyclical steps of:
accepting, by the control device, input signals indicating safe-operation from the industrial-technical process in a fail-safe manner; transferring, by the control device, the input signals indicating safe-operation of the industrial-technical process to a Cloud using a fail-safe protocol over a link to a computer network; receiving, by the control device, specific control signals indicating safe-operation from the Cloud using the fail-safe protocol for the industrial-technical process via the link to the computer network; deciding, by the control device, based on additional information in a fail-safe manner, whether the control signals indicating safe-operation determined by the Cloud intended for the industrial-technical process are recognized as safe; and depending on results of the decision, one of controlling the industrial-technical process in accordance with the control signals indicating safe-operation in the fail-safe manner and placing the industrial-technical process into a safe state in the fail-safe manner to prevent an occurrence of damage to material or to prevent personal injury; wherein the control device, using the fail-safe protocol, accepts from the Cloud over the link to the computer network, in addition to the control signals indicating safe-operation intended for the industrial-technical process, a signature uniquely identifying a computing path of the Cloud; wherein the control device transfers safety-oriented input signals indicating safe-operation a further time to the Cloud using the fail-safe protocol via the link to the computer network; wherein the control device accepts further control signals indicating safe-operation intended for the industrial-technical process from the Cloud over the link to the computer network, using the fail-safe protocol, and accepts a further signature uniquely identifying a computing path of the Cloud; wherein the additional information comprises further control signals indicating safe-operation accepted from the Cloud and the signatures of the computing path; and wherein a check for correctness of the control signals indicating safe-operation transferred from the Cloud to the control device comprises the step of comparing the control signals indicating safe-operation accepted from the Cloud with a comparison between the signatures accepted from the Cloud. |