Profisafe

Last updated

Profisafe (usually styled as PROFIsafe, as a portmanteau for Profinet or Profibus safety) is a standard for a communication protocol for the transmission of safety-relevant data in automation applications with functional safety. This standard was developed jointly by several automation device manufacturers in order to be able to meet the requirements of the legislator and the IFA for safe systems. The required safe function of the protocol has been tested and confirmed by TÜV Süd. The PROFIBUS Nutzerorganisation e.V. in Karlsruhe supervises the standardization for the partner companies and organizes the promotion of this common interface.

Contents

System structure

Profisafe [1] [2] defines how safety-related devices (emergency stop buttons, light curtains, overfill prevention devices, ...) communicate safely with safety controllers via Profinet, Profibus or a backplane in such a way that they can be used in safety-related automation tasks up to SIL3 (Safety Integrity Level). Due to the specification of Profisafe, products of different manufacturers [3] can be combined to a safe system.

Market relevance

The first version of Profisafe was released as early as 1998. [4] A second version in 2005 also enabled use via the Ethernet-based Profinet. According to the PROFIBUS Nutzerorganisation e.V., by 2023 a total of almost 21,7 million devices with Profisafe will be placed on the market by the various manufacturers, and a further 2.8 million devices will be added each year. [5] In the database of the PROFIBUS Nutzerorganisation e.V., 106 different products from 31 different manufacturers are entered in October 2022. [6]

Operating principle

With Profisafe, secure communication is implemented via a profile, i.e., via a special format of the user data and an additional protocol. [7]

Safety-relevant data are transported with Profisafe [8] [9] as F-messages between an F-Host (safety controller) and its F-Device (safety device) as payload in a telegram of an industrial network. In the case of a modular F-Device with several F-modules, the payload consists of several F-messages. In this case Profisafe has no further requirements for the transmission channel, this is considered as a black channel. Therefore different transport protocols like Profibus or Profinet can be used. Different transmission channels such as copper cable, fiber optic cable (FOC), backplane bus or wireless systems [10] such as WLAN can be used. Neither the transmission rates nor the respective error detection of the transport protocol play a role for safety.

The following figure shows the format of the payload of a "Safety Protocol Data Unit (SPDU)": [11]

transmitted datastatus/control byteCRC signature
1 bis 12/13 (max 123) bytes1 byte4 bytes

The cyclic redundancy check (CRC signature) is calculated over all local security parameters, the transmitted data and the locally stored monitoring number of the SPDU. This ensures that all information from the sender and the receiver is consistent without having to always transmit all parameters.

The monitoring number enables the recipient to check whether he has received all the messages in the correct sequence. With the acknowledgement, the monitoring number is returned to the sender for checking within a defined maximum delay time (timeout). Since some bus components, such as switches, have a buffer memory, a 32-bit monitoring number was selected for Profisafe.

The 1:1 communication relationship between F-Host and F-Device simplifies the detection of misdirected F-messages. For this purpose, the sender and receiver require a unique identifier (code name) throughout the network, which is used to verify the authenticity of F-messages. In Profisafe, the code name is also called "F-Address".

The following table shows which errors can be detected by which measure:

ErrorMonitoring numberTimeoutCode nameCRC
Duplication of a messageYes
Deletion of a messageYesYes
Inserting a messageYesYesYes
Changing the order of messagesYes
Change to the dataYes
Delay of a messageYes
A message masquerades as a secure messageYesYesYes
Transmission buffer is removed (e.g. in a switch)Yes

Specification

The international standard IEC 61508 Functional safety of electrical/electronic/programmable electronic safety-related systems. IEC 62061 Safety of machinery - Functional safety of safety-related electrical, electronic and programmable electronic control systems and ISO 13849 Safety of machinery — Safety-related parts of control systems are also the basis for Profisafe.

The international standard IEC 61784-3 [11] defines different protocols for safe systems with comparable properties. Profisafe is part 3 of this collection of standards and is thus defined as IEC 61784-3-3:2021 CPF 3.

See also

Related Research Articles

<span class="mw-page-title-main">Profibus</span> Communications protocol

Profibus is a standard for fieldbus communication in automation technology and was first promoted in 1989 by BMBF and then used by Siemens. It should not be confused with the Profinet standard for Industrial Ethernet. Profibus is openly published as type 3 of IEC 61158/61784-1.

A fieldbus is a member of a family of industrial digital communication networks used for real-time distributed control. Fieldbus profiles are standardized by the International Electrotechnical Commission (IEC) as IEC 61784/61158.

Actuator Sensor Interface is an industrial networking solution used in PLC, DCS and PC-based automation systems. It is designed for connecting simple field I/O devices in discrete manufacturing and process applications using a single two-conductor cable.

In functional safety, safety integrity level (SIL) is defined as the relative level of risk-reduction provided by a safety instrumented function (SIF), i.e. the measurement of the performance required of the SIF.

<span class="mw-page-title-main">Profinet</span> Computer network protocol

Profinet is an industry technical standard for data communication over Industrial Ethernet, designed for collecting data from, and controlling equipment in industrial systems, with a particular strength in delivering data under tight time constraints. The standard is maintained and supported by Profibus and Profinet International, an umbrella organization headquartered in Karlsruhe, Germany.

IEC 61508 is an international standard published by the International Electrotechnical Commission (IEC) consisting of methods on how to apply, design, deploy and maintain automatic protection systems called safety-related systems. It is titled Functional Safety of Electrical/Electronic/Programmable Electronic Safety-related Systems.

IEC standard 61511 is a technical standard which sets out practices in the engineering of systems that ensure the safety of an industrial process through the use of instrumentation. Such systems are referred to as Safety Instrumented Systems. The title of the standard is "Functional safety - Safety instrumented systems for the process industry sector".

EtherCAT is an Ethernet-based fieldbus system developed by Beckhoff Automation. The protocol is standardized in IEC 61158 and is suitable for both hard and soft real-time computing requirements in automation technology.

SafetyBUS p is a standard for failsafe fieldbus communication in automation technology. It meets SIL 3 of IEC 61508 and Category 4 of EN 954-1 or Performance Level "e" of the successor standard EN 13849-1.

<span class="mw-page-title-main">CODESYS</span> Development environment for programming controller applications

Codesys is an integrated development environment for programming controller applications according to the international industrial standard IEC 61131-3.

Functional safety is the part of the overall safety of a system or piece of equipment that depends on automatic protection operating correctly in response to its inputs or failure in a predictable manner (fail-safe). The automatic protection system should be designed to properly handle likely systematic errors, hardware failures and operational/environmental stress.

<span class="mw-page-title-main">OpenSafety</span> Industrial safety communications protocol

openSAFETY is a communications protocol used to transmit information that is crucial for the safe operation of machinery in manufacturing lines, process plants, or similar industrial environments. Such information may be e.g. an alert signal triggered when someone or something has breached a light curtain on a factory floor. While traditional safety solutions rely on dedicated communication lines connecting machinery and control systems via special relays, openSAFETY does not need any extra cables reserved for safety-related information. It is a bus-based protocol that allows for passing on safety data over existing Industrial Ethernet connections between end devices and higher-level automation systems – connections principally established and used for regular monitoring and control purposes. Unlike other bus-based safety protocols that are suitable for use only with a single or a few specific Industrial Ethernet implementations and are incompatible with other systems, openSAFETY works with a wide range of different Industrial Ethernet variants.

The train communication network (TCN) is a hierarchical combination of two fieldbus for data transmission within trains. It consists of the Multifunction Vehicle Bus (MVB) inside each vehicle and of the Wire Train Bus (WTB) to connect the different vehicles. The TCN components have been standardized in IEC 61375.

The Factory Instrumentation Protocol or FIP is a standardized field bus protocol. Its most current definition can be found in the European Standard EN50170.

RAPIEnet was Korea's first Ethernet international standard for real-time data transmission. It is an Ethernet-based industrial networking protocol, developed in-house by LSIS offers real-time transmission and is registered as an international standard.

Device Description Language (DDL) is the formal language describing the service and configuration of field devices for process and factory automation.

ISO 13849 is a safety standard which applies to parts of machinery control systems that are assigned to providing safety functions. The standard is one of a group of sector-specific functional safety standards that were created to tailor the generic system reliability approaches, e.g., IEC 61508, MIL-HDBK-217, MIL-HDBK-338, to the needs of a particular sector. ISO 13849 is simplified for use in the machinery sector.

IEC/EN 62061, ”Safety of machinery: Functional safety of electrical, electronic and programmable electronic control systems”, is the machinery specific implementation of IEC/EN 61508. It provides requirements that are applicable to the system level design of all types of machinery safety-related electrical control systems and also for the design of non-complex subsystems or devices.

IO-Link is a short distance, bi-directional, digital, point-to-point, wired, industrial communications networking standard used for connecting digital sensors and actuators to either a type of industrial fieldbus or a type of industrial Ethernet. Its objective is to provide a technological platform that enables the development and use of sensors and actuators that can produce and consume enriched sets of data that in turn can be used for economically optimizing industrial automated processes and operations. The technology standard is managed by the industry association Profibus and Profinet International.

References

  1. Stripf, Wolfgang; Barthel, Herbert (2015). Industrial Communication Technology Handbook - PROFIsafe: Functional Safety with PROFIBUS and PROFINET. CRC Press, Taylor & Francis. doi:10.1201/b17365-29. ISBN   9781315215488.
  2. "Marketing Flyer: PROFIsafe - Safe • Integrated • Open". Profibus and Profinet International. 2019. Order no. 4.142. Retrieved 14 February 2023.
  3. Examples of applications with products from different manufacturers can also be found here: "Case Studies". Profibus and Profinet International. Retrieved 2023-02-14.
  4. "10 Years of PROFIsafe". Profibus and Profinet International. 26 November 2008. Retrieved 14 February 2023.
  5. "Record PROFINET and IO-Link numbers". PROFIBUS Nutzerorganisation e.V. 2023-04-14. Retrieved 2023-07-24.
  6. "Product Finder with selection PROFIsafe". PROFIBUS Nutzerorganisation e.V. 2022. Retrieved 2022-10-17.
  7. "PROFIsafe System Description". Documentation. Profinet International. 2016. Retrieved 2020-04-01.
  8. "Functional Safety". Learning Modules. Profinet University. Retrieved 2020-04-02.
  9. Wilamowski, Bogdan; Irwin, David (2011). The Industrial Electronics Handbook - Profisafe. CRC Press, Taylor & Francis. doi:10.1201/9781315218434-56. ISBN   9781439802892. S2CID   240133930.
  10. Akerberg, Johan; Reichenbach, F.; Björkman, Mats (2010). Enabling safety-critical wireless communication using WirelessHART and PROFIsafe. Emerging Technologies and Factory Automation (ETFA). IEEE. 10.1109/ETFA.2010.5641253.
  11. 1 2 "Industrialcommunication networks – Profiles – Functional safety fieldbuses". International Electrotechnical Commission (IEC). 2021. IEC 61784-3-3. Retrieved 2023-07-24.