Phone +49 7144 89718-0 | info@schildknecht.ag
Drahtlose-Kommunikation-2200x550-EN-3
To blog overview

Safety via radio: How to ensure secure and stable data communication with PROFIsafe and CIP Safety

Wireless communication as an alternative to cables has numerous advantages over wired systems and is the gold standard for flexible productions and modular plants. However, especially for applications with functional safety, some issues should be considered when selecting and installing the appropriate wireless solution in order to achieve stable and secure data communication. In an industrial context, PROFIsafe and CIP Safety are often used as bus protocols for such safety-critical applications. Read on to see how to achieve secure wireless communication and which specifics you should consider when using these protocols in an industrial environment.

 

CIP Safety and PROFIsafe: Two paths to safe communication

CIP Safety: A flexible safety protocol for industrial automation and many fieldbus standards

"CIP Safety" is short for "Common Industrial Protocol Safety" and was developed as a specialized protocol to ensure safe data transmission in industrial applications. It forms an integral part of the CIP (Common Industrial Protocol) framework, which was created by the Open DeviceNet Vendor Association (ODVA). This protocol is designed to transmit critical safety data in real time in order to provide comprehensive protection for machines and systems. It can be flexibly implemented in various network structures, including DeviceNet, EtherNet/IP and ControlNet.

CIP Safety works on a master-slave principle that is used in many industries, including the control of cranes in an industrial environment. Imagine a large overloading crane in a port moving containers. The crane operator acts as the master device and communicates with various slave devices such as the crane's motors and safety sensors. The master constantly monitors the status of these devices to ensure that the crane is operating smoothly and safely.

If the master detects a potential hazard - such as an overload or mechanical malfunction - through the feedback from the sensors, it can immediately initiate an "emergency stop" action. This safety function sends immediate stop signals to all affected components of the crane, preventing potential accidents. This action is crucial to ensure the safety of workers and cargo.

The strength of CIP Safety lies in its reliability, which is supported by redundant network structures and communication paths so that safety communication is maintained even in the event of a partial system failure. The protocol adapts flexibly to different industrial conditions, but requires careful configuration and regular maintenance to ensure optimum safety and functionality. CIP Safety is therefore a fundamental technology for safety in industrial automation and enjoys the support of numerous leading manufacturers in the automation sector.

 

PROFIsafe: A comprehensive safety protocol for industrial automation

Whether for a crane control system, the emergency stop transmission of a production machine or other safety-related communication: PROFIsafe has been established as a standard for functionally safe communication and has been an international standard since 2007 under the designation IEC 61784-3-3.

PROFIsafe is a safe communication protocol that is based on PROFIBUS and PROFINET and enables the transmission of safety-relevant data. It is used to safeguard industrial automation systems and machines and is therefore an important component of functional safety.

PROFIsafe was developed with the aim of complying with international safety standards such as IEC 61508, IEC 62061 and ISO 13849-1. It supports several safety functions such as emergency stop, two-hand operation and the monitoring of safety gates, which enable the safe operation of machines and systems. PROFIsafe is also easy to implement and maintain. It is compatible with a wide range of automation components and devices and offers support for numerous safety functions that can be adapted to specific user requirements.

Overall, PROFIsafe provides an effective safety protocol for reliable and safe data communication within industrial automation, contributes to improving safety at work, minimizes the risk of accidents, and ensures a high level of safety.


PROFIsafe & CIP Safety - the same protocol with radio and cable

The core components of PROFIsafe and CIP Safety technology are a safety telegram, which carries the safety-relevant data, and a safety proxy, which encrypts this data and sends it to the receiver. In the event of a system failure or error, the safety proxy intervenes by interrupting communication between the devices to ensure a safe response.

While the controller and device are usually safety-related components and must be certified accordingly, PROFIsafe, according to the system description, has no effect on the standard bus protocols used: whether with Industrial Ethernet (PROFINET IO), via RS485 (PROFIBUS-DP), via backplanes or wireless – the method used for data transmission has no influence on the safety rating. The transmission channels are merely so-called "black channels", of which the actual PROFIsafe application is completely independent. Accordingly, the PROFIsafe system description also states: Wireless transmission is permissible as long as sufficient availability (no false alarms) and IT security are guaranteed.

The black channel principle is also valid for all other safety protocols such as openSAFETY, SafetyNet or Safety via CAN (CANopen).

 

Secure data transmission by radio: the black channel principle in detail

This means that the use of wireless technologies is also provided for and possible by definition, just like other radio technologies. Both the safety controller and the remote IO system – for example a safety switch – contain the safety protocol. The interface between them is merely the channel for transmitting the safety information. Accordingly, no safety certification is required for the wireless device and it is treated like other infrastructure components, such as switches or cables. This makes the recalculation or verification of the safety level (SISTEMA) for using a black channel solution obsolete.

 

grafik_black-channel_en

 

Measures for wireless functional safety

Data transmission for PROFIsafe can be used as a transmission standard independent of the protocol used for data transmission – e.g. for any wireless technology such as WiFi, Bluetooth, and, in the future, 5G. Factors such as data transmission rate and error detection do not  play a role. To ensure wireless functional safety, PROFIsafe and CIP Safety uses a number of measures that are integrated into the protocol: For example, F-messages are numbered; the receiver can thus check whether messages have been received completely and without sequence errors. Timeouts, until a message is acknowledged, are detected and a unique authentication of sender and receiver ensures that no manipulation of the communication is possible. PROFIsafe also uses a cyclic block check for data integrity.

With these comprehensive mechanisms, PROFIsafe applications can meet safety parameters up to SIL3 according to IEC 61508 or Performance Level e (PLe) according to EN ISO 13849-1.7

 

Special requirements for safety-related wireless systems

In principle, therefore, the procedure for using a PROFIsafe or CIP Safety application – whether with a cable or wireless – does not differ. Nevertheless, there are some points and essential differences that should be taken into account for secure wireless communication in an industrial environment: Compared to data transmission via cable, the lower transmission rate and fluctuating latency times must be taken into account when using a wireless solution. If the standard update interval of 1 ms is used here, as is usually the case with wired PROFINET communication, radio links would quickly become overloaded. As a result, lost telegrams occur, which ultimately lead to bus errors and thus a shutdown and standstill of the system.

To compensate for the lower data rates and fluctuating latencies, it is possible to extend the update time. However, this has the effect of slowing down the entire application - this is often problematic for safety-related functions of a system or machine. For crane controls, for example, the maximum monitoring time must not exceed 500 ms.

 

Patented pre-processing increases speed and stability of the application

A system standstill due to a bus error often costs a lot of time for restarting the system – and thus a lot of money for the operator. Therefore, it is important to already consider the risk of such errors when selecting the components for functional safety via wireless networks. The patented DATAEAGLE technology for secure wireless communication in industrial environments is particularly suitable for this. It was specially developed by Schildknecht and compensates for the lower data rate and fluctuating latency of radio communication compared to cable solutions. To do this, DATAEAGLE relies on pre-processing of the telegrams. It filters the information and does not transmit redundant information. This reduces the amount of data so that the controller can transmit with the fastest possible update time of 1 ms despite radio transmission. The transmission interval is flexibly adapted to the radio connection. If only a part of the data changes, then only this part is transmitted. In this way, DATAEAGLE ensures stabilisation of the PROFIsafe data transmission with a simultaneously high update speed. The solution is optimal for creating  reliable and stable automation solutions with radio data transmission.

 

At a glance: Safety via radio with PROFIsafe, CIP Safety and DATAEAGLE

 

  • PROFIsafe and CIP Safety can be implemented with radio solutions – with the black channel principle, data transmission has no influence on the safety rating.

  • When selecting the appropriate wireless solution, the lower data rate and fluctuating latency of wireless compared to cable should be taken into account.

  • Radio transmissions with pre-processed data packets, such as DATAEAGLE from Schildknecht, are ideally suited. This method reduces the amount of data and increases stability.

  • Safety-critical applications can be realised with PROFIsafe, CIP Safety and radio data transmission – and have proven themselves in industrial environments, in some cases over many years of operation and without interruption due to bus errors.

Conclusion: Find the optimal solution for your application quickly and easily

Intelligent radio data transmission systems with stabilised radio transmission are characterised by reliability and long service life without maintenance by secure communication and robustness against interference. This makes them ideal for use in automation technology. The patented DATAEAGLE product family also offers maximum flexibility and uncomplicated plug & play installation. This way, you can achieve the optimal solution for wireless data transmission in the shortest possible time.

With our free project guide with quick check, you can easily find out whether the desired solution for your project works as planned and can be implemented with radio. Download now free of charge!

Free project guide with quick check                                 

> > Click here to subscribe to the blog & don't miss any new articles!