The Hidden Safety Network

A Black Channel Takes a Path Through the Network That 'Didn't See a Thing'

By Ian Verhappen

1 of 2 < 1 | 2 View on one page

Practically all fieldbus protocols take a "black channel" approach to their safety bus. However, defining a black channel is all but a black channel itself, in that, though everyone talks about it and uses it, finding a description of black channel is a search in the dark.

The name black channel comes from the concept of a black box. The intent of both a black box and black channel is that what goes in one end does not see anything between the inlet and outlet as it passes through the device. The difference between the two concepts is that, rather than a black box piece of hardware, it is the network itself that must appear to not be there. The bus system, therefore, does not perform any safety-related tasks but only serves as transmission medium.

If the various safety bus protocols followed a white-channel scheme, this would require that the bus networking and protocol be designed from the ground up for safety. That means all the network components must be safety-related and need the associated approvals. Network components include — in addition to the end devices or nodes themselves and the logic solver — the interface converters, attachments and couplers, repeaters, safety barriers, bridges, hubs, switches and routers.

Error Consecutive Number (sign of life) Time-out (width acknowledgement) Codename (for sender and receiver) Data Integrity (CRC)
Repetition X      
Loss X X    
Insertion X X X  
Incorrect Sequence X      
Data Corruption       X
Delay   X    
Masquerade (standard message mimics fail safe)   X X X
FIFO errors in intermediate routers   X    
*No acknowledgement from routers (lower levels of OSI Model)

Table 1
From The Industrial Communication Technology Handbook, Richard Zurawski, CRC Press 2005, pp. 28-1-28-19.


The black-channel concept uses a non-trusted transmission system; the network gear is not safety-related. As a result, the primary advantage of the black-channel concept is we can reuse regular network hardware for safety networks without having to modify more than the devices or nodes themselves.

No changes to any of the Physical Layers means the safety measures must be added as a safety layer on top of Open Systems Interconnection (OSI) protocol Layer 7, thus increasing the size of that layer. The new layer is responsible for the transport of safety-relevant data. The remainder of the application layer is responsible for acquisition and processing of user or process data.

As shown in Figure 1, the black channel uses a safety layer between the communication stack and application as per IEC 62280-1. This concept originated from railway signaling technology. The safety layer performs safety-related transmission functions and checks on the communication to ensure the integrity of the link meets the requirement for SIL 3 continuous/high-demand mode. Though unlikely to be done, it is possible to use the black-channel concept with some non-safety-related devices sitting on the same bus and sharing the communication media. So, if someone accidentally connects a non-safety device to the safety bus, it will not negatively impact safety operation.

To comply with the relevant safety standards, a safety-bus frame must be passed completely unmodified from a safety sender to a safety receiver no matter what kind of transmission system both nodes use. Thus, the safety measures are encapsulated in the communicating end nodes/devices as shown in Figure 2.

This means that none of the error-detection mechanisms of the chosen communication technology are taken into account to guarantee the integrity of the transferred process data. Basically, there are no restrictions on transmission rate, number of bus devices or transmission technology — as long as the given safety application reaction times can tolerate the additional overhead parameters.

1 of 2 < 1 | 2 View on one page
Show Comments
Hide Comments

Join the discussion

We welcome your thoughtful comments.
All comments will display your user name.

Want to participate in the discussion?

Register for free

Log in for complete access.


No one has commented on this page yet.

RSS feed for comments on this page | RSS feed for all comments