PROFIsafe

PROFIsafe, initially developed in 1998 as a standard in collaboration with several automation device manufacturers, aimed to meet legislative requirements for functional safety in industrial systems. In its second iteration in 2005, PROFIsafe was enhanced to support Ethernet-based PROFINET networks, expanding its capabilities beyond the original PROFIBUS. The protocol provides an additional safety layer to both PROFIBUS and PROFINET networks, enabling the transmission of safety-critical data alongside standard communication over the same physical medium. This integration ensures deterministic and error-checked communication for applications requiring Safety Integrity Level (SIL) compliance, such as emergency stops and machine guarding. 

PROFIsafe also utilizes mechanisms like cyclic redundancy checks (CRC), time monitoring, and sequence numbering to detect errors, eliminate faults, and maintain system safety, without the need for additional cabling or separate hardware. Therefore, any changes or disturbances in the safety data can be detected and corrected before they lead to functional safety issues along with reducing installation complexity, cost, and system footprint while ensuring compliance with international safety standards like IEC 61508 (Basic safety standard for functional safety). Hence, these measures are crucial for guaranteeing that safety-critical data is transmitted correctly and promptly over the same network infrastructure used for standard industrial communications. 

The black channel principle is a fundamental concept in the design of safety communication protocols like PROFIsafe. It refers to the idea of ensuring safety-critical data transmission through a secure and reliable communication channel that is essentially opaque or "black" to external interference or manipulation. PROFIsafe implements the black channel principle to safeguard safety-related information from unauthorized access, tampering, or corruption, thus maintaining the integrity and reliability of the safety system. 

The IEC 61508 standard defines the "black channel" as a communication channel with unsecured or non-application-specific properties. The black channel principle enables secure communication to be ensured despite the inherent characteristics of the communication channel. In the context of functional safety, black channels typically involve the transmission of safety-related signals over standardized communication media like Ethernet or wireless.  

By adhering to the black channel principle, PROFIsafe ensures that safety-critical information is transmitted securely and reliably within industrial automation systems. This approach helps to mitigate the risk of accidents, injuries, and equipment damage by protecting safety communication from external interference, manipulation, or unauthorized access. 

IEC 61508 is an international standard published by the International Electrotechnical Commission (IEC) that establishes requirements for the functional safety of electrical, electronic, and programmable electronic safety-related systems. 

It defines a safety lifecycle with 16 phases, covering the entire lifecycle from initial concept to decommissioning. The lifecycle phases are divided into three main groups: analysis, realization, and operation. All phases focus on ensuring the safety function of the system. Specific techniques are required across the lifecycle to avoid mistakes and errors that could undermine the safety system.  

Moreover, IEC 61508 takes a probabilistic approach to risk, recognizing that zero risk can never be achieved, only probabilities can be reduced. The risk is assessed based on the frequency (likelihood) of the hazardous event and the severity of the consequences. Safety functions are then implemented to reduce the risk to a tolerable level, using a combination of electrical/electronic/programmable electronic systems (E/E/PES) and other technologies. 

IEC 61508 also embraces the "black channel" principle, where the safety-related communication is independent of the underlying transmission channel. This allows PROFIsafe and other safety protocols to provide secure communication over a variety of network technologies without relying on their specific characteristics for safety. 

IEC 61508 is a comprehensive standard that establishes a risk-based, lifecycle approach to the functional safety of electrical, electronic, and programmable electronic safety-related systems. It is a foundational standard that is widely adopted across many industries to ensure the safe operation of machinery and processes. 

PROFIsafe incorporates several key technical features and aspects to ensure robust safety communication in industrial environments, as follows: 

Hilscher's netX technology platform, consisting of the netX SoCs, associated firmware and extensive protocol stacks, supports the development of devices that have to fulfil high functional safety requirements. The netX acts as a black channel for the safety system. The netX firmware provides the services to exchange data, parameters and diagnosis information required to implement the safety-relevant applications. The safety application can support  for example, Functional Safety over EtherCAT (FSoE), CIP Safety or PROFIsafe dependent on used communication system.  

On the hardware side, as with non-safety devices, the netX forms the interface to the fieldbus or real-time Ethernet systems. The safety frames are treated like I/O data and forwarded to the safety-relevant application. The corresponding application firmware for the netX 90 can be implemented on the application side of the controller, for example. It retrieves the data packets from the dual port memory (DPM) and forwards them to a defined interface. On the safety side, two redundant CPUs then receive the data via a galvanically isolated serial interface for further processing.