All off-highway mobile equipment exported to or manufactured in the European Union (EU) must meet European Machinery Directive 2006/42/EC. Some international standards, such as ISO 13849 and IEC 62061, now provide a “presumption of conformity” with the directive. Both standards refer to IEC 61508 for E/E/PE-Systems and encourage the use of SIL-certified components and software.
The CAN Safety Message is a safety protocol extension applicable to all three major industry protocols (SAE J1939, ISOBUS and CANopen). It raises the reliability of safety-relevant CAN-BUS messages above the requirement for Safety Integrity Level (SIL) 2 certification according to IEC 61508:2010.
You can use existing standard CAN components to meet mobile off-highway machine functional safety requirements without the need for specialized hardware.
CAN Safety Message analysis includes calculations for 256 nodes on a bus with a 1 MHz rate at a refresh time of 1.0 ms. The worst-case probability for failure per hour (PFH) of 8,25E-10 easily fulfills the requirements for SIL 2 certification.
The CAN Safety Message Safety Data Group (SDG) consists of two CAN data messages:
- Safety Data Message (SDM), which contains the data considered to be safety-critical and non-safety-critical data
- Safety Header Message (SHM), which contains the Running Number and CRC Signature. The SHM is used by the receiver to validate the SDM data and is sent after the SDM within a minimum delay
The SDG will be transmitted periodically and is only valid if both CAN messages are received properly.
Sauer-Danfoss Inc.
www.sauer-danfoss.com
Filed Under: Off highway • construction • agriculture, INDUSTRIAL SAFETY SYSTEMS