Abstract: In order to control at least partially automated vehicles in a road danger zone, in particular road junctions in road traffic, in such a way that the vehicles can pass through the road danger zone in flowing traffic without stop/start interruptions, such as those caused e.g. by signalling equipment, traffic lights, the following proposes the following steps: a) each vehicle of the vehicles, on approaching the road danger zone, surrender the power to control the dynamic driving tasks of the vehicle in order to pass through said zone, b) when the vehicles have surrendered vehicle control power, a central control entity generates a digital road danger zone twin, and, as a result of the vehicles having surrendered vehicle control power, vehicle movements of the vehicle are automatically and dynamically controlled in a vehicle-coordinated and collision-free manner in order to pass through the road danger zone.

Abstract: A computer-implemented method and device for resolving closed loops in automatic fault tree analysis of a multi-component system is provided. Also provided is a method for resolving closed loops in automatic fault tree analysis of a multi-component system, the closed loops corresponding, for example, to closed-loop control circuitry of a multi-component device. The closed loops are first identified in a top-down approach within failure propagation paths. Next, the loops are resolved by setting each loop interconnection to Boolean TRUE, adjusting the fault tree in a specific way and finally setting each loop interconnection to Boolean FALSE. Embodiments of the invention are relevant for analyzing safety-critical systems. However, the present concepts are not limited to these applications and may be applied to general use cases where fault tree analysis is applicable. The proposed solution advantageously provides a method that features linear complexity.

Abstract: Various embodiments of the teachings herein include an automated method for generating a monitor model of a monitor having a first neural network for monitoring a working model of an artificial intelligence having a second neural network. In some embodiments, the method includes: classifying input data using the working model; and training the monitoring model using a representative volume of data of the working model. The representative volume of data is used as the input for the first neural network. The representative volume of data is formed by the output of the activation functions of the neurons of the second neural network.

Abstract: Conducting automatically a process failure mode and effect analysis, PFMEA, for a factory adapted to produce a product in a production process using a meta model, MM, stored or loaded in a data storage. The stored meta model, MM, comprises abstract factory model elements modeling an abstract factory, AF, including one or more service declarations modeling abstract services across different factories, wherein each service declaration comprises failure mode declarations for different failure modes.

Abstract: Provided is a method for providing a safe operation of subsystems within a safety critical system (SCS). A malfunctioning subsystem of the SCS sends a malfunction signal to the other subsystems of the SCS including a one-time cryptographic key unique to the malfunctioning subsystem, which is then decrypted by the other subsystems and collective safety management is initiated when the cryptographic key is valid. Also provided are traffic control systems, autonomous driving systems or automotive driver assistance systems. A swarm-like behavior of the subsystems collectively reacting to emergency situations is combined with a one-time cryptographic authentication and/or authorization procedure preventing repeated manipulation of the system by the same perpetrator.

Abstract: A method for transmitting data from a first sub-system to a second sub-system includes the steps of: providing a dataset by the first sub-system, the dataset having a data structure identifier and a data value; sending the dataset to the second sub-system; receiving the dataset by the second sub-system; checking whether complete assignment information regarding the data structure assigned to the data structure identifier is present in the second sub-system; recovering any missing assignment information from a communication broker in the event that the second sub-system does not contain complete assignment information; and determining the data structure on the basis of the data structure identifier and the assignment information. A corresponding system, a corresponding first sub-system, a corresponding second sub-system and a communication broker are also proposed.

Abstract: Provided is a method for providing a safe operation of subsystems within a safety critical system (SCS). A malfunctioning subsystem of the SCS sends a malfunction signal to the other subsystems of the SCS including a one-time cryptographic key unique to the malfunctioning subsystem, which is then decrypted by the other subsystems and collective safety management is initiated when the cryptographic key is valid. Also provided are traffic control systems, autonomous driving systems or automotive driver assistance systems. A swarm-like behavior of the subsystems collectively reacting to emergency situations is combined with a one-time cryptographic authentication and/or authorization procedure preventing repeated manipulation of the system by the same perpetrator.

Abstract: One or more ring closures of a fault tree are provided. For each one of the one or more ring closures: at least one respective edge the respective ring closure is replaced in the fault tree by a respective variable to obtain a placeholder fault tree and a normalized representation of the placeholder fault tree is determined.

Abstract: Provided is a device for ensuring safe operation of a technical system configured to generate a smart contract including a condition to be fulfilled for safe operation of a technical system, to store smart contract data of the smart contract in a distributed ledger, and to determine if the technical system fulfills the condition using the smart contract.

Abstract: Provided is a computer-implemented method, the method including storing a meta-model in a computer-readable storage medium, wherein the meta-model includes at least one risk element, at least one test element and at least one objective element, and associations between the elements, wherein each risk element is associated with one or more objective elements, and/or each risk element is associated with one or more test elements, wherein at least one element of the elements and/or at least one association has at least one associated risk-related parameter. A corresponding computer program product and system is also provided.

Abstract: A computer-implemented method for determining automatically a machine safety and/or a product quality of a flexible cyber-physical production system with a configuration adaptable during a production process including production steps executed by machines forming equipment of a physical factory of the cyber-physical production system to produce a product according to a product recipe, wherein the machine safety and/or product quality are calculated during runtime of the flexible cyber-physical production system by processing a meta-model of the flexible cyber-physical production system stored in a computer readable storage medium, is provided.

Abstract: Provided is a computer-implemented method, the method including storing a meta-model in a computer-readable storage medium, wherein the meta-model includes at least one risk element, at least one test element and at least one objective element, and associations between the elements, wherein each risk element is associated with one or more objective elements, and/or each risk element is associated with one or more test elements, wherein at least one element of the elements and/or at least one association has at least one associated risk-related parameter. Also provided is a corresponding computer program product and system.

Abstract: In order to control at least partially automated vehicles in a road danger zone, in particular road junctions in road traffic, in such a way that the vehicles can pass through the road danger zone in flowing traffic without stop/start interruptions, such as those caused e.g. by signalling equipment, traffic lights, the following proposes the following steps: a) each vehicle of the vehicles, on approaching the road danger zone, surrender the power to control the dynamic driving tasks of the vehicle in order to pass through said zone, b) when the vehicles have surrendered vehicle control power, a central control entity generates a digital road danger zone twin, and, as a result of the vehicles having surrendered vehicle control power, vehicle movements of the vehicle are automatically and dynamically controlled in a vehicle-coordinated and collision-free manner in order to pass through the road danger zone.

Abstract: A monitoring production of a technical apparatus in a secure and reliable manner is provided. This monitoring is achieved using encapsulation of a first distributed ledger into a second distributed ledger.

Abstract: Modeling a multi-component control or actuator system using a fault tree is provided, which solves the problem of ring closures included in a fault tree. To identify ring closures, failure propagation paths are back-traced and is checked if the respective failure propagation path forms a ring closure.

Abstract: Provided is an application of the described (or similar) decision-theoretic approaches to ensure the quality, output and timeliness of manufactured products for flexible and adaptable production systems, by determining and integrating suitable quality assurance measures which are integrated into the production process in an optimal manner. Thereby, a pareto-optimal sequence of production steps and quality assurance mechanisms are determined that provides an optimal trade-off between target product quality, production time and production costs. Since the approach is performed in an automated way, it can even be performed for flexible production scenarios down to a production of lot size I.

Abstract: A monitoring production of a technical apparatus in a secure and reliable manner is provided. This monitoring is achieved using encapsulation of a first distributed ledger into a second distributed ledger.

Abstract: A computer-implemented method and device for resolving closed loops in automatic fault tree analysis of a multi-component system is provided. Also provided is a method for resolving closed loops in automatic fault tree analysis of a multi-component system, the closed loops corresponding, for example, to closed-loop control circuitry of a multi-component device. The closed loops are first identified in a top-down approach within failure propagation paths. Next, the loops are resolved by setting each loop interconnection to Boolean TRUE, adjusting the fault tree in a specific way and finally setting each loop interconnection to Boolean FALSE. Embodiments of the invention are relevant for analyzing safety-critical systems. However, the present concepts are not limited to these applications and may be applied to general use cases where fault tree analysis is applicable. The proposed solution advantageously provides a method that features linear complexity.

Abstract: A computer based method for a reusable functional failure test for a specific technical system, e.g., a traffic light system is provided. The method avoids inconsistencies in the functional failure test and reuses items of the respective data structures. Furthermore, the embodiment can identify components or electronic devices that do exceed assumed failure rates and that might be repaired or replaced to keep implementations of the specific technical in the desired failure rate limitations of the analysis, which can be done during the operation of the specific technical system.

Abstract: A method and apparatus for generating a fault tree for a failure mode of a complex system including a plurality of components, the method includes the steps of providing component fault tree, CFT, elements of the components; linking the components according to their failure dependencies within the complex system; and generating the fault tree by incorporating for each dependency link from a first component to a second component the output failure modes of the component fault tree element of the second component into the component fault tree element of the first component to trigger the output failure modes of the first component.