The IEC 61508 defines the term “black channel”. In communication technology, this refers to a communication channel with unsecured properties or non-application-specific properties. The black channel is a characteristic element of the so-called black channel principle, in which secure communication is to be ensured despite the above-mentioned output characteristics of a communication channel.
How does secure communication via the black channel work?
In the environment of functional safety technology, black channels mainly involve the transmission of safety-related signals via standardized communication media (e.g., Ethernet or WLAN). Basically, safety-related signals are transmitted from A to B. For example, this could be a signal from an emergency stop device that needs to be transmitted to the safe controller. Ideally safety-related signals could be transported together with standard signals via a shared network.
In other words, functional safety technology is integrated into the existing network. One of the resulting advantages is that additional wiring effort can be avoided and costs can be minimized. However, the existing networks usually have not been developed in line with the requirements of functional safety. This can result in various error cases.
Possible communication errors:
- Repetition of telegrams
- Loss of telegrams
- Addition of telegrams
- Incorrect sequence of telegrams
- Corruption of telegrams
- Delay of telegrams
- Incorrect addressing of telegrams
How is a safety system built in accordance with IEC 61508?
The existing network does not have sufficient protection, so a security protocol must be overlaid at this point. The safety protocol runs at a higher level than the standard protocol. Mechanisms need to be integrated in order to identify and eliminate possible errors or a combination of several errors.
The higher-level PROFIsafe protocol ensures the integrity of the data
Examples of error-detecting measures:
- Consecutive telegram counter to ensure the correct sequence
- Monitoring can be implemented using checksums (CRC) to prevent data corruption
- “Watchdogs” are triggered with each new telegram to detect delays
Using these error-detecting measures and the lack of requirements for the transmitting network, it is possible to monitor the integrity of data transmission via the network.
What happens when an error is detected?
As soon as an intolerable error is detected, the systems only use substitute values for calculations. In the event of a communication malfunction, the substitute value "0" is used for calculations on the safe controller. For example, this could happen if an emergency stop is not actuated for a safe input. This means that the “0” safe state is assumed as if the emergency stop had been actuated. In the output direction, the output module monitors the integrity of the data. If an error is detected here, substitute values are output. In this case, all safe outputs on the module are switched off in order to ensure functional safety.
This functionality is also available for data transmission via wireless connections. As soon as the network permits transmission, e.g., via WLAN or Bluetooth, the safety-related data are also be transmitted. The reduced bandwidth and longer transmission time may need to be taken into consideration here. It is also possible to use a cloud service to transmit safety signals across locations.
For highly branched systems: Transmit safety-related signals via cloud services
What impact does the black channel have on the availability of machinery and equipment?
Modern networks that have been properly installed do not pose any challenges with regard to availability. However, for instance, it is not possible to improve poorly installed PROFIBUS DP systems that are lacking termination resistors or have reflections and poor equipotential bonding. The availability will likely decrease as a result.
The concept behind the black channel principle enables the combined transmission of safety and standard signals on almost any transmission media. The principle is the basis for modern functional safety technology.