Skip to Main Content
This paper presents a novel redundancy concept for safety-critical control systems. By using signature-protected communication, it allows connecting each redundant peripheral just to the most proximate control computer while forwarding information to or from any other units (sensors, actuators, further control computers) over a bus system. We will show that wiring harness can thus be reduced drastically with regard to both weight and complexity without compromising fault tolerance characteristics. Moreover, since function and location are decoupled, remote redundancy can be shared between different subsystems if more than one control loop (e. g. brakes and steering) exists in the overall system. Finally, our approach is highly flexible and not at all restricted to a certain degree of fault tolerance, as example systems for both a fault-tolerant and a fail-safe application (steer-by-wire/flap control) will demonstrate.