EP3825205A1 - Railway vehicle, distributed control system, and method for managing operations of railway vehicles in a railway network - Google Patents
Railway vehicle, distributed control system, and method for managing operations of railway vehicles in a railway network Download PDFInfo
- Publication number
- EP3825205A1 EP3825205A1 EP20208472.9A EP20208472A EP3825205A1 EP 3825205 A1 EP3825205 A1 EP 3825205A1 EP 20208472 A EP20208472 A EP 20208472A EP 3825205 A1 EP3825205 A1 EP 3825205A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- railway
- railway vehicle
- control system
- vehicle
- communication path
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 238000000034 method Methods 0.000 title claims abstract description 16
- 238000004891 communication Methods 0.000 claims abstract description 134
- 230000008878 coupling Effects 0.000 claims description 31
- 238000012545 processing Methods 0.000 claims description 19
- 230000002265 prevention Effects 0.000 claims description 11
- 230000009471 action Effects 0.000 description 6
- 230000001133 acceleration Effects 0.000 description 5
- 230000003137 locomotive effect Effects 0.000 description 3
- 230000003068 static effect Effects 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000004807 localization Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 230000011664 signaling Effects 0.000 description 1
- 230000007704 transition Effects 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Images
Classifications
-
- B—PERFORMING OPERATIONS; TRANSPORTING
- B61—RAILWAYS
- B61L—GUIDING RAILWAY TRAFFIC; ENSURING THE SAFETY OF RAILWAY TRAFFIC
- B61L15/00—Indicators provided on the vehicle or train for signalling purposes
- B61L15/0018—Communication with or on the vehicle or train
- B61L15/0027—Radio-based, e.g. using GSM-R
-
- B—PERFORMING OPERATIONS; TRANSPORTING
- B61—RAILWAYS
- B61L—GUIDING RAILWAY TRAFFIC; ENSURING THE SAFETY OF RAILWAY TRAFFIC
- B61L23/00—Control, warning or like safety means along the route or between vehicles or trains
- B61L23/34—Control, warning or like safety means along the route or between vehicles or trains for indicating the distance between vehicles or trains by the transmission of signals therebetween
Definitions
- the present invention relates in general to the field of traffic management in a railway network; more in particular it concerns a railway vehicle, a distributed control system and a method for managing operations of railways vehicles in a railway network, in particular as regard to prevention of collisions and possibility of virtual coupling between vehicles.
- railways networks are very complex systems formed by many components and devices which must be properly coordinated, continuously monitored, and timely operated, in order to ensure the correct and efficient functioning of the traffic over the whole railway network, while satisfying the highest standards of safety for the fleet of operating vehicles, which is a very critical aspect in the railroad industry.
- a centralized and safe movement of the "fleet of trains” is managed via a Radio Block Center (“RBC”) subsystem through a proper “Movement Authority” which is in operative communication, directly or indirectly, with the various trains, and operates along the track with the help of several track side devices, such as track circuits, axle counters, interlocking subsystems, signaling devices, gate crossings, et cetera.
- RBC Radio Block Center
- Movement Authority which is in operative communication, directly or indirectly, with the various trains, and operates along the track with the help of several track side devices, such as track circuits, axle counters, interlocking subsystems, signaling devices, gate crossings, et cetera.
- a railway vehicle suitable to operate in a railway network characterized in that it comprises at least one on-board control system configured:
- the present invention provides also a method for managing operations of a plurality of railway vehicles operating in a railway network, characterized in that it comprises, in whichever suitable order, at least the following steps:
- each of the above listed terms means and encompasses electronic circuits or parts thereof, as well as stored, embedded or running software codes and/or routines, algorithms, or complete programs, suitably designed for achieving the technical result and/or the functional performances for which such means are devised.
- a railway vehicle, a distributed control system and a method for managing operations of railway vehicles in a railway network, according to the present invention, are schematically illustrated in figures 1 , 2 and 3 , therein indicated by the corresponding overall reference numbers 100, 300 and 400 respectively.
- the railway vehicle 100 comprises at least one on-board control system, indicated by the overall reference number 200, which is configured to exchange one or more first messages with at least one off-board control system 250, using a dedicated first communication path, schematically indicated in figures 1 and 2 by the reference number 10, having a first communication range.
- the at least one off-board control system 250 may include, in addition or in alternative to the control center 151, one or more trackside control systems, for example associated each to supervise a section of the railway network 105, and for instance placed at corresponding stations.
- the at least one off-board control system is depicted as comprising for example the centralized control center 151 and a trackside control system 160, and both comprises for example a respective database 161; a control and processing unit 162, a communication interface module 163, and a Human Machine Interface 165.
- the on-board control system 200 is further configured:
- the first vehicle 100 and the another vehicle 101 are shown, for ease of illustration, as comprising each only two units, e.g. a head unit 110 and a tail unit 120; as those skilled in the art would easily appreciated, the term railway vehicle herein used encompasses any suitable type of railway vehicle, such as passengers or freight trains, which can be composed by any number of locomotives or equivalent traction units, and associated one or more carriages, railcars, vehicles, or the like.
- the at least another vehicle has to be substantially equivalent to the reference or own vehicle 100, and it has been indicated by the reference number 101 only for the sake of a clearer description.
- the on-board control system 200 includes, for instance, at least a control and processing unit 1, an associated communication interface or module 2, a localizing system 3 for localizing the actual position of the own railway vehicle 100 in the railway network 150, a further computerized unit, for instance a European Vital Computer (EVC) 4 which provides to the unit 1 movement authority information for the own vehicle 100 which is received for instance from the centralized control center 151, a database 5, and a Human Machine Interface 6 used for monitoring the operations linked with the railway vehicle 100.
- EEC European Vital Computer
- the database 5, or block database contains data related to the railway network, and in particular, for instance, zone numbers, unique block identification number(s), absolute location administratc point (s), list of blocks in both directions of the tracks, list of blocks (incremental distance, angle) in both directions.
- data stored can be in the following form: Zone number, block identifier or ID, location Anac point, list of block identifiers of IDs in up direction, list of blocks (distance, angle) in up direction, list of block identifiers or IDs in down direction, list of blocks (distance, angle) in down direction.
- This database 5 can be constructed/updated using the inputs from the localizing system 3, which provides to the unit 1 data suitable for localizing the vehicle 100 within the physical or virtual block(s) of the railway network 105.
- the localizing system 3 via one or more of its sensors, such as odometers/accelerometers, provides data about the actual speed, acceleration et cetera, which are required to precisely calculate the movement of a vehicle within 100 the railway network 105.
- control and processing unit 1 With the data received from the localizing system 3 and those available from the database 5, the control and processing unit 1 is able to locate the actual position of the own vehicle 100 and to predict its movement path quite accurately based on the braking distance along with the route assigned to vehicle itself.
- the control and processing unit 1 of the own vehicle 100 sends/receives the telemetry of each relevant block ID and the incremental distance from it, to/from nearby vehicles within the short-range communication distance of the path 20.
- the telemetry includes, for instance, the speed/acceleration, the movement path in terms of the list of blocks within the braking distance along with the assigned route to the nearby vehicles.
- control and processing unit 1 of the own vehicle 100 sends/receives the telemetry of each relevant block ID and the incremental distance from the block, to/from nearby vehicles within the "very short-range communication distance of the path 30.
- This telemetry includes for instance the speed/acceleration, the movement paths of relevant vehicles.
- the control and processing unit 1 can be of concentrated or distributed type, and it can be constituted by, or comprise, any suitable processor-based device, e.g. a processor of a type commercially available, suitably programmed and provided to the extent necessary with circuitry, in order to perform the innovative functionalities devised for the railway vehicle 100 according to the present invention.
- any suitable processor-based device e.g. a processor of a type commercially available, suitably programmed and provided to the extent necessary with circuitry, in order to perform the innovative functionalities devised for the railway vehicle 100 according to the present invention.
- the first communication path 10 which covers the distance range of an entire railway network zone, for example, 500 km, is used in particular for exchanging messages related to the management of identifying keys/IDs for uniquely identifying each vehicle 100, 101 of the plurality of vehicles operating in the railway network, between the on-board control system 200 and in particular the processing unit 1 and one or more off-board control systems, such as the trackside control system 160 represented in figure 2 .
- control and processing unit 1 is configured for generating a first identifier or key SK suitable to be stored and kept secret in the own vehicle 100, e.g. in a memory of the unit 1 or in the database 5, and a second public identifier or key PK associated with the first secret identifier or key SK.
- the second identifier key PK is transmitted, via the interface communication module 2, to at least one off-board control system, e.g. the centralized control center 151 and /or the trackside control system 160, via the first communication path 10, where it is publicly accessible by the other railway vehicle(s) 101 operating in the railway network 150, for uniquely identifying the own vehicle 100.
- each public identifier or key PK sent by a railway vehicle 100 can be stored in an off-board database 161 installed at the remote control center 151, and/or in any off-board database 161 located in the trackside control system 160 installed along the railway network 150.
- each railway vehicle When each railway vehicle sends its public key PK to the off-board control system 160 (or to the control center 151), it can receive back the corresponding public identifier or key PK of the control system 160 itself (or of the control center 151) so as to establish dedicated communication sessions with it; further, via the same off-board control system, each vehicle can receive the public identifier of keys PKs of other vehicles.
- control and processing unit 1 is adapted to encrypt at least one, preferably all, the one or more second and third messages.
- the on-board control system 200 and in particular for example the control and processing unit 1, is adapted to generate second messages, preferably encrypted, which include information related to and suitable for managing and executing a collision prevention intervention between the own railway vehicle 100 and one or more other vehicles, such as the vehicle 101 illustrated in figure 1 , operating in the same railway network 150.
- the second messages are suitable to be exchanged with the at least another vehicle 101, and/or with the another unit of the own railway vehicle 100, using the second communication path 20, for instance via the interface communication module 2.
- the second or short range communication path 20 is in particular dedicated for exchanging messages in the context of collision avoidance.
- the relevant second messages are signed as generic messages using the security key SK of a sending vehicle 100 and incorporate the identity (ID) of the sending vehicle 100 itself. These messages can be verified using the related public key PK of the sending vehicle 100 by the on-board control system 200 of the receiving vehicle 101.
- the on-board control system 200 is configured to disable the third communication path 30 when a collision prevention intervention between the own railway vehicle 100 and the least another railway vehicle 101 of the plurality of vehicles operating in the railway network 150 is under execution.
- the on-board control system 200 is adapted to generate third messages, preferably encrypted which include information for virtual coupling of the own railway vehicle 100 with at least another railway vehicle 101 of the plurality of vehicles 100 operating in the same railway network 150, in the vicinity of the own vehicle 100.
- the preferably encrypted third messages are suitable to be exchanged with the at least another vehicle 101 operating in the vicinity of the own vehicle 100, using the third communication path 30, for instance via the interface communication module 2.
- the third or very short-range communication path 30, which covers for example a distance up to 1 km, is preferably exclusively dedicated for exchanging messages in the context of virtual coupling between a leading vehicle 100 and a trailing one out of a plurality of vehicles operating in the railway network 105.
- each third message sent by a vehicle 100 is signed using the public key "PK" of the other vehicle 101 under mutual virtual coupling.
- the third message can be verified by using the security key SK of the receiving vehicle 101 under mutual virtual coupling.
- the on-board control system 200 when the own railway vehicle 100 engages in virtual coupling with at least another and nearby vehicle 101 using the third communication path 30, the on-board control system 200, and in particular its control and processing unit 1, is configured to overrule any on-going collision prevention intervention with such another vehicle, while keeping the second communication path 20 active, together with the first communication path 10 as well, in order to promptly face any issue arising from the on-going virtual coupling or with any other railway vehicle.
- the above mentioned another part of the own railway vehicle 100 comprises a second on-board control system 200, wherein the first on-board control system is positioned at a front part of the own railway vehicle 100, e.g. the head unit 110, which can be a locomotive, and the second on-board control system 200 is positioned at a rear part for the own vehicle 200, e.g. the tail vehicle 120 thereof, which can be for example a second locomotive or any suitable car.
- the first on-board control system is positioned at a front part of the own railway vehicle 100, e.g. the head unit 110, which can be a locomotive
- the second on-board control system 200 is positioned at a rear part for the own vehicle 200, e.g. the tail vehicle 120 thereof, which can be for example a second locomotive or any suitable car.
- the second on-board control system is substantially identical to the first on-board control system 200, and therefore the description related to the first on-board control system 200 applies likewise to the second control system 200.
- the first and second on-board control systems 200 are in operative communication with each other via the second communication path 20, using for instance the respective communication interface module 2.
- the second on-board control system 200 links in operative communications and exchanges, for instance via its communication interface 2: corresponding first messages with at least one off-board control system, such as the control center 151 and/or any trackside control system 160, using the first communication path 10; corresponding second and third messages with and any further railway vehicle 101, using the second communication path 20 and the third communication path 30, respectively.
- each railway vehicle 100 is able to communicate with various off-board control systems, and with other railway vehicles 101 preceding and trailing the own vehicle 100 along a route of the railway network 150.
- a distributed control system 300 for managing operations of railway vehicles operating in a railway network 150 comprises at least: a first railway vehicle 100 and a second railway vehicle 100 equipped each with the at least one, preferably two, on board control system(s) 200, previously described, and which are linked in mutual communication using the second communication path 20; and at least one off-board control system, such as the control center 151 and/or any trackside control system 160, in operative communication with the first railway vehicle 100 and the second railway vehicle 100 at least via the respective first communication path 10.
- the third communication path 30 is used for inter-train communication between the railway vehicle 100 and the other railway vehicle 101.
- Figure 3 illustrates a method 400 for managing operation of a plurality of railway vehicles 100, of the type previously described, operating in the railway network 150, the method 400 being characterized in that it comprises, in whichever suitable order, at least the following steps:
- the step 410 of exchanging one or more second messages and/or the step 415 of exchanging one or more third messages comprises preferably encrypting at least one of said one or more second and/or third messages.
- the step 410 of exchanging one or more second messages comprises generating and preferably encrypting second messages which include information related to and suitable for managing a collision prevention intervention between the first railway vehicle 100 and the at least another vehicle 101; to this end, the encrypted second messages are suitable to be exchanged with the at least another vehicles 101 and/or with the another unit of the first railway vehicle 100, namely a second on-board control system 200 thereof, using the second communication path 20.
- the on board control system 200 of a railway vehicle 100 receives via the short-range communication path 20, the localization reports from all the nearby vehicles 101, which reports include for example the braking distance of a relevant vehicle at maximum speed.
- both nearest vehicles generate the consensus for entering into a collision prevention mode, and execute required operations, for example they both apply the brakes to avoid the collision and perform an incident reporting.
- the very short-range communication path 30 will be inactive during "vehicles collision avoidance", and only the short and long-range communication paths 20, 10 are used.
- the method 400 comprises a step 420 of disabling the third communication path 30 when a collision prevention intervention between the first railway vehicle 100 and the at least another railway vehicle 101 is under execution.
- the step 415 of exchanging one or more third messages comprises generating and preferably encrypting third messages which include information for virtual coupling of the first railway vehicle 100 with said at least another nearby railway vehicle 101 of the plurality of vehicles operating in the same railway network 150, the encrypted third messages being suitable to be exchanged with the at least one nearby vehicle 101 using the third communication path 30.
- virtual coupling is preferably enabled only when two vehicles 100 are moving in the same direction and the same blocks of railway network 150 for a reasonable distance/time, for example 20 kms/10 minutes.
- the public keys from various vehicles 200 are managed at the key management master node of the trackside control system, such as the system 160, by pairing the vehicle ID with its related public key PK).
- a secured message is created by calculating for example the SHA-256 (Secure Hash Algorithm-256) of a message at first, and then generating 160-bit hash using RIPEMD-160 (RACE Integrity Primitives Evaluation Message Digest).
- the SHA-256 generates an almost-unique 256-bit (32-byte) signature for a message which is required for the security of the message.
- RIPEMD-160 is a 160-bit cryptographic hash function which is required for maintaining uniformity.
- the message as for example represented in the below table, exchanged between the on-board control system 200 and an off-board trackside control system 160, is also used to change the key.
- the public key of the receiver is used for message encryption such that only the respective receiver can decrypt the public key (PK) of sender using its secret key (SK).
- PK public key
- SK secret key
- the receiver ID is filled with zeros when there are anonymous receivers, i.e. a message broadcasted, to all the nearby vehicles.
- Any on-board control system 200 can decrypt the message using sender's public key (PK), which can be collected from an off-board trackside control system 160.
- Hash code of Message (128 bits) Time Stamp (Sec) (32 bits) Receiver Identification Hash Code (32 bits) Sender Identificatio n Hash Code (32 bits) Encryption with (PK) of Receiver / (SK) of Sender Hash code of Next Message (128 bits) Messag e Type (4 bits) Data Size (32 bits) Scrambled Data with clues (Variable size) MD5 checksu m of message Time Zeros (or) Receiver ID Sender lD 1-Change Key 512 or Messag e size New PK from Sender - 512 bits or Message Zeros (or) MD5 checksum of next message
- the method 400 comprises the steps of:
- a railway vehicle 100 starts its operations in a day, it is assigned with a unique ID and initial zone number from the control center 151, which ID is sent to the computerized unit 4 of the on board control system 100, e.g. the one at the head of the vehicle 100.
- the onboard control system 200 generates an initial pair of associated security and public keys (SK, PK), and the public key is sent to the control center 151.
- the off-board trackside control system 160 also generates its pair of security and public keys (SK, PK) and sends its public PK to the control enter 151 during the initialization for the day.
- control center 151 shares the public PKs from the on-board control system 100 and the off-board trackside control system 160 with each other during the initialization. Accordingly, a "permissioned" network is created between the on-board control system 100 and the off-board trackside control system 160.
- PK is sent as scrambled data with the attached clues for descrambling, such as for instance, swapping of every multiple of 4th bit and the prior bit, or similar.
- each of the on-board control system(s) 200 of the vehicle 100 Since the public keys need to be known substantially at control system level, one of each of the on-board control system(s) 200 of the vehicle 100 generates a new key pair and communicates with the off-board trackside control system 160 to change its current key, e.g. at each relevant station.
- the off-board trackside control system 160 also creates a new key pair for each vehicle 100, i.e. the transaction between an on-board control system 100 and the off-board trackside control system 160 will be maintained as unique key pairs, even though only one off-board trackside control system 160 is present in the respective zone of the railway network 150.
- public key PK of the receiver is used for message encryption such that only the respective receiver can decrypt the PK of sender using its security key SK.
- the same information about Movement Authority is transmitted to the other control system 200 at the tail (or viceversa) of the same vehicle 100.
- the on-board control system 100 and in particular its control and processing unit 1, calculates the list of blocks within the braking distance plus a safety margin distance, which is configurable, along with the time in the assigned route.
- This information is telemetered using the short range communication path 20, thus such message can be captured only by nearby vehicles 101 operating within the short range distance.
- the distance between the head of a first vehicle 100 and the tail of a preceding second vehicle 100 is calculated using for example the block database 5 and the respective route information. If the calculated distance exceeds the combined braking distances, it will be treated as a possible collision scenario. Furthermore, the overlapping point between the two vehicles the distance of collision, time of the collision, collision type (head/tail/side), are calculated. It is possible to have a collision, if one of the vehicles is approaching another one. If both vehicles are leaving in opposite direction, then, the movements are declared as collision-free.
- the "trailing vehicle 101" gets the dynamic movement authority based on its speed as the objective to follow so as to maintain a constant distance, for instance up to maximum 1km, from the preceding vehicle. If one of the two vehicles virtually coupled is out of the range of the third communication path 30, signals are lost and the established virtual coupling link will be disabled. This will lead the on-board control system 200 to enter into a "Collision Avoidance" mode and to execute for example the actions indicated in the above table.
- the railway vehicle 100, control system 300, and method 400 according to the present invention achieve the intended aim and objects, since they allow to properly manage operations of railways vehicles in a railway network, and in particular to properly coordinate at the same type operations for avoiding collision and virtual coupling between vehicles.
- communication among the various parts is executed using dedicated channels and according to a secured and trustable way.
Landscapes
- Engineering & Computer Science (AREA)
- Mechanical Engineering (AREA)
- Electric Propulsion And Braking For Vehicles (AREA)
- Train Traffic Observation, Control, And Security (AREA)
Abstract
- to exchange one or more first messages with at least one off-board control system (250) of the railway network using a first communication path (10) having a first communication range; and
- to exchange one or more second messages with at least another railway vehicle (101) operating in the same railway network and/or with another unit of the railway vehicle (100) using a second communication path (20) having a second communication range shorter than said first communication range; and
- to exchange one or more third messages with the at least another railway vehicle (101) of a plurality of vehicles operating in the same railway network (150) using a third communication path (30) having a third communication range shorter than the second communication range.
Description
- The present invention relates in general to the field of traffic management in a railway network; more in particular it concerns a railway vehicle, a distributed control system and a method for managing operations of railways vehicles in a railway network, in particular as regard to prevention of collisions and possibility of virtual coupling between vehicles.
- As known, railways networks are very complex systems formed by many components and devices which must be properly coordinated, continuously monitored, and timely operated, in order to ensure the correct and efficient functioning of the traffic over the whole railway network, while satisfying the highest standards of safety for the fleet of operating vehicles, which is a very critical aspect in the railroad industry.
- Nowadays, a centralized and safe movement of the "fleet of trains" is managed via a Radio Block Center ("RBC") subsystem through a proper "Movement Authority" which is in operative communication, directly or indirectly, with the various trains, and operates along the track with the help of several track side devices, such as track circuits, axle counters, interlocking subsystems, signaling devices, gate crossings, et cetera.
- Although such solution allows to properly manage a fleet of trains moving in a railway network, an increasing trend in the railway field foresees the reduction of the number of track side devices, due for example to their non-negligible costs for realization, installation and maintenance.
- At the same time, the concept of virtually coupled vehicles, e.g. remote trains operatively coupled and managed in a coordinated way as they formed a unique convoy, is evolving and attracting more and more interest, which concept is in principle in antithesis with safety considerations related to anti-collision between vehicles.
- Clearly, for any of the above aspects related to anti-collision, to virtual coupling, or to a more general traffic management, the possibility of having a reliable, trusted, safe and timely communication with and among the various trains operating within the same railway network is of paramount importance.
- The present invention is purposively aimed at providing a solution which allows to integrate and balance at the same time the contrasting goals of realizing anti-collision and virtual coupling of railway vehicles, while managing traffic in a railway network, according to a reliable, safe and trusted communication scheme.
- In particular, such aimed is achieved by a railway vehicle suitable to operate in a railway network, characterized in that it comprises at least one on-board control system configured:
- to exchange one or more first messages with at least one off-board control system of the railway network using a first communication path having a first communication range; and
- to exchange one or more second messages with at least another railway vehicle of a plurality of vehicles operating in the same railway network and/or with another unit of the railway vehicle using a second communication path having a second communication range shorter than said first communication range; and
- to exchange one or more third messages with at least another railway vehicle of a plurality of vehicles operating in the same railway network using a third communication path having a third communication range shorter than said second communication range.
- The above mentioned aim is also achieved by a distributed control system for managing a fleet of railway vehicles operating in a railway network, characterized in that it comprises:
- at least a first railway vehicle and a second railway vehicle as above indicated, and in particular ad described and especially according to any of the relevant appended
claims 1 to 8; - at least one off-board control system in operative communication with said first railway vehicle and said second railway vehicle at least via the respective first communication path.
- Further, the present invention provides also a method for managing operations of a plurality of railway vehicles operating in a railway network, characterized in that it comprises, in whichever suitable order, at least the following steps:
- exchanging, between a control system installed on-board of a first railway vehicle of said plurality of railway vehicles and at least one off-board control system of the railway network, one or more first messages using a first communication path having a first communication range;
- exchanging, between said first railway vehicle and at least another railway vehicle of the plurality of vehicles and/or another unit of the first railway vehicle, one or more second messages using a second communication path having a second communication range shorter than said first communication range;
- exchanging, between said first railway vehicle and at least another railway vehicle of a plurality of vehicles operating in the same railway network, one or more third messages using a third communication path having a third communication range shorter than said second communication range.
- Further characteristics and advantages will become apparent from the description of some preferred but not exclusive exemplary embodiments of a railway vehicle, a distributed control system and a method according to the invention, illustrated only by way of non-limitative examples with the accompanying drawings, wherein:
-
Figure 1 is a block diagram schematically illustrating two railway vehicles in communication with each other and with an off-board control center, according to the invention; -
Figure 2 is a block diagram schematically illustrating an exemplary distributed control system according to the invention; -
Figure 3 is a flow chart schematically representing a method for managing operations of railway vehicles operating in a railway network, according to the present invention. - It should be noted that in order to clearly and concisely describe the present disclosure, the drawings may not necessarily be to scale and certain features of the disclosure may be shown in somewhat schematic form.
- Further, when the term "adapted" or "arranged" or "configured" or "shaped", is used herein while referring to any component as a whole, or to any part of a component, or to a combination of components, it has to be understood that it means and encompasses correspondingly either the structure, and/or configuration and/or form and/or positioning.
- In particular, for electronic and/or software means, each of the above listed terms means and encompasses electronic circuits or parts thereof, as well as stored, embedded or running software codes and/or routines, algorithms, or complete programs, suitably designed for achieving the technical result and/or the functional performances for which such means are devised.
- A railway vehicle, a distributed control system and a method for managing operations of railway vehicles in a railway network, according to the present invention, are schematically illustrated in
figures 1 ,2 and3 , therein indicated by the correspondingoverall reference numbers - As illustrated in
figure 1 , therailway vehicle 100 according to the present invention comprises at least one on-board control system, indicated by theoverall reference number 200, which is configured to exchange one or more first messages with at least one off-board control system 250, using a dedicated first communication path, schematically indicated infigures 1 and2 by thereference number 10, having a first communication range. - In
figure 1 , the at least one off-board control system 250, associated to therailway network 150 inside which thevehicle 100 is operating, is illustrated as a remotecentral control center 151 supervising the entire railway network 105 or a portion thereof. - As those skilled in the art may easily appreciate, the at least one off-
board control system 250 may include, in addition or in alternative to thecontrol center 151, one or more trackside control systems, for example associated each to supervise a section of the railway network 105, and for instance placed at corresponding stations. - In the exemplary embodiment illustrated in
figure 2 , the at least one off-board control system is depicted as comprising for example thecentralized control center 151 and atrackside control system 160, and both comprises for example arespective database 161; a control andprocessing unit 162, acommunication interface module 163, and aHuman Machine Interface 165. - Conveniently, in the
railway vehicle 100 according to the present invention, the on-board control system 200 is further configured: - to exchange one or more second messages with at least another
railway vehicle 101 of a plurality of vehicles operating in thesame railway network 150, and/or with another unit of theown railway vehicle 100, using a dedicated second communication path, indicated infigures 1 and2 by thereference number 20, having a second communication range shorter than the first communication range; and further - to exchange one or more third messages with at least another
railway vehicle 101 of a plurality of vehicles operating in thesame railway network 150, preferably exclusively with said at least anotherrailway vehicle 101 of the plurality of vehicles operating in therailway network 150, using a dedicated third communication path, indicated infigures 1 and2 by thereference number 30; the third communication path has a third communication range shorter than said second communication range. - In
figure 1 , thefirst vehicle 100 and theanother vehicle 101 are shown, for ease of illustration, as comprising each only two units, e.g. ahead unit 110 and atail unit 120; as those skilled in the art would easily appreciated, the term railway vehicle herein used encompasses any suitable type of railway vehicle, such as passengers or freight trains, which can be composed by any number of locomotives or equivalent traction units, and associated one or more carriages, railcars, vehicles, or the like. - Further, within the frame of the present invention, the at least another vehicle has to be substantially equivalent to the reference or
own vehicle 100, and it has been indicated by thereference number 101 only for the sake of a clearer description. - According to an exemplary embodiment, schematically illustrated in
figure 2 , the on-board control system 200 includes, for instance, at least a control andprocessing unit 1, an associated communication interface ormodule 2, a localizingsystem 3 for localizing the actual position of theown railway vehicle 100 in therailway network 150, a further computerized unit, for instance a European Vital Computer (EVC) 4 which provides to theunit 1 movement authority information for theown vehicle 100 which is received for instance from thecentralized control center 151, adatabase 5, and a Human Machine Interface 6 used for monitoring the operations linked with therailway vehicle 100. - According to a possible embodiment, the
database 5, or block database, contains data related to the railway network, and in particular, for instance, zone numbers, unique block identification number(s), absolute location kilometric point (s), list of blocks in both directions of the tracks, list of blocks (incremental distance, angle) in both directions. - For example, data stored can be in the following form: Zone number, block identifier or ID, location kilometric point, list of block identifiers of IDs in up direction, list of blocks (distance, angle) in up direction, list of block identifiers or IDs in down direction, list of blocks (distance, angle) in down direction.
- The following is a numerical example of the above form: Zone1, 8, 1550, 9|10|11, (50,0)|(20,+20)|(30,+20), 7,(30,0)
- This
database 5 can be constructed/updated using the inputs from the localizingsystem 3, which provides to theunit 1 data suitable for localizing thevehicle 100 within the physical or virtual block(s) of the railway network 105. In particular, the localizingsystem 3, via one or more of its sensors, such as odometers/accelerometers, provides data about the actual speed, acceleration et cetera, which are required to precisely calculate the movement of a vehicle within 100 the railway network 105. - With the data received from the localizing
system 3 and those available from thedatabase 5, the control andprocessing unit 1 is able to locate the actual position of theown vehicle 100 and to predict its movement path quite accurately based on the braking distance along with the route assigned to vehicle itself. - The control and
processing unit 1 of theown vehicle 100 sends/receives the telemetry of each relevant block ID and the incremental distance from it, to/from nearby vehicles within the short-range communication distance of thepath 20. The telemetry includes, for instance, the speed/acceleration, the movement path in terms of the list of blocks within the braking distance along with the assigned route to the nearby vehicles. - Further, the control and
processing unit 1 of theown vehicle 100 sends/receives the telemetry of each relevant block ID and the incremental distance from the block, to/from nearby vehicles within the "very short-range communication distance of thepath 30. This telemetry includes for instance the speed/acceleration, the movement paths of relevant vehicles. - The control and
processing unit 1 can be of concentrated or distributed type, and it can be constituted by, or comprise, any suitable processor-based device, e.g. a processor of a type commercially available, suitably programmed and provided to the extent necessary with circuitry, in order to perform the innovative functionalities devised for therailway vehicle 100 according to the present invention. - According to the invention, the
first communication path 10, which covers the distance range of an entire railway network zone, for example, 500 km, is used in particular for exchanging messages related to the management of identifying keys/IDs for uniquely identifying eachvehicle board control system 200 and in particular theprocessing unit 1 and one or more off-board control systems, such as thetrackside control system 160 represented infigure 2 . - In particular, the control and
processing unit 1, is configured for generating a first identifier or key SK suitable to be stored and kept secret in theown vehicle 100, e.g. in a memory of theunit 1 or in thedatabase 5, and a second public identifier or key PK associated with the first secret identifier or key SK. The second identifier key PK is transmitted, via theinterface communication module 2, to at least one off-board control system, e.g. thecentralized control center 151 and /or thetrackside control system 160, via thefirst communication path 10, where it is publicly accessible by the other railway vehicle(s) 101 operating in therailway network 150, for uniquely identifying theown vehicle 100. - For instance, each public identifier or key PK sent by a
railway vehicle 100 can be stored in an off-board database 161 installed at theremote control center 151, and/or in any off-board database 161 located in thetrackside control system 160 installed along therailway network 150. - When each railway vehicle sends its public key PK to the off-board control system 160 (or to the control center 151), it can receive back the corresponding public identifier or key PK of the
control system 160 itself (or of the control center 151) so as to establish dedicated communication sessions with it; further, via the same off-board control system, each vehicle can receive the public identifier of keys PKs of other vehicles. - According to an embodiment of the
railway vehicle 100, the control andprocessing unit 1 is adapted to encrypt at least one, preferably all, the one or more second and third messages. - The on-
board control system 200, and in particular for example the control andprocessing unit 1, is adapted to generate second messages, preferably encrypted, which include information related to and suitable for managing and executing a collision prevention intervention between theown railway vehicle 100 and one or more other vehicles, such as thevehicle 101 illustrated infigure 1 , operating in thesame railway network 150. - In particular, the second messages are suitable to be exchanged with the at least another
vehicle 101, and/or with the another unit of theown railway vehicle 100, using thesecond communication path 20, for instance via theinterface communication module 2. - Typically, the
second communication path 20 covers the distance range of more than the braking distance at maximum speed of a vehicle plus the length of both vehicles, and is for example in the order of 10 km. - In practice, the second or short
range communication path 20 is in particular dedicated for exchanging messages in the context of collision avoidance. Asnearby vehicles 101 are not known in advance, the relevant second messages are signed as generic messages using the security key SK of a sendingvehicle 100 and incorporate the identity (ID) of the sendingvehicle 100 itself. These messages can be verified using the related public key PK of the sendingvehicle 100 by the on-board control system 200 of thereceiving vehicle 101. - According to an embodiment of the
railway vehicle 100, the on-board control system 200, and in particular its control andprocessing unit 1, is configured to disable thethird communication path 30 when a collision prevention intervention between theown railway vehicle 100 and the least anotherrailway vehicle 101 of the plurality of vehicles operating in therailway network 150 is under execution. - According to a possible embodiment of the
railway vehicle 100, the on-board control system 200, and in particular for instance its control andprocessing unit 1, is adapted to generate third messages, preferably encrypted which include information for virtual coupling of theown railway vehicle 100 with at least anotherrailway vehicle 101 of the plurality ofvehicles 100 operating in thesame railway network 150, in the vicinity of theown vehicle 100. - In particular, the preferably encrypted third messages are suitable to be exchanged with the at least another
vehicle 101 operating in the vicinity of theown vehicle 100, using thethird communication path 30, for instance via theinterface communication module 2. - In particular, the third or very short-
range communication path 30, which covers for example a distance up to 1 km, is preferably exclusively dedicated for exchanging messages in the context of virtual coupling between a leadingvehicle 100 and a trailing one out of a plurality of vehicles operating in the railway network 105. To this end, each third message sent by avehicle 100 is signed using the public key "PK" of theother vehicle 101 under mutual virtual coupling. The third message can be verified by using the security key SK of the receivingvehicle 101 under mutual virtual coupling. - According to an embodiment of the
railway vehicle 100, when theown railway vehicle 100 engages in virtual coupling with at least another andnearby vehicle 101 using thethird communication path 30, the on-board control system 200, and in particular its control andprocessing unit 1, is configured to overrule any on-going collision prevention intervention with such another vehicle, while keeping thesecond communication path 20 active, together with thefirst communication path 10 as well, in order to promptly face any issue arising from the on-going virtual coupling or with any other railway vehicle. - According to an embodiment, the above mentioned another part of the
own railway vehicle 100 comprises a second on-board control system 200, wherein the first on-board control system is positioned at a front part of theown railway vehicle 100, e.g. thehead unit 110, which can be a locomotive, and the second on-board control system 200 is positioned at a rear part for theown vehicle 200, e.g. thetail vehicle 120 thereof, which can be for example a second locomotive or any suitable car. - The second on-board control system is substantially identical to the first on-
board control system 200, and therefore the description related to the first on-board control system 200 applies likewise to thesecond control system 200. In particular, the first and second on-board control systems 200 are in operative communication with each other via thesecond communication path 20, using for instance the respectivecommunication interface module 2. - Further, likewise the first on-
board control system 200, the second on-board control system 200 links in operative communications and exchanges, for instance via its communication interface 2: corresponding first messages with at least one off-board control system, such as thecontrol center 151 and/or anytrackside control system 160, using thefirst communication path 10; corresponding second and third messages with and anyfurther railway vehicle 101, using thesecond communication path 20 and thethird communication path 30, respectively. - In this way each
railway vehicle 100 according to the present invention, is able to communicate with various off-board control systems, and withother railway vehicles 101 preceding and trailing theown vehicle 100 along a route of therailway network 150. - In practice, according to the present invention, a distributed
control system 300 for managing operations of railway vehicles operating in arailway network 150, is realized and comprises at least: afirst railway vehicle 100 and asecond railway vehicle 100 equipped each with the at least one, preferably two, on board control system(s) 200, previously described, and which are linked in mutual communication using thesecond communication path 20; and at least one off-board control system, such as thecontrol center 151 and/or anytrackside control system 160, in operative communication with thefirst railway vehicle 100 and thesecond railway vehicle 100 at least via the respectivefirst communication path 10. - The
third communication path 30 is used for inter-train communication between therailway vehicle 100 and theother railway vehicle 101. -
Figure 3 illustrates amethod 400 for managing operation of a plurality ofrailway vehicles 100, of the type previously described, operating in therailway network 150, themethod 400 being characterized in that it comprises, in whichever suitable order, at least the following steps: - 405: exchanging, between a
control system 200 installed on board of afirst railway vehicle 100 and at least an off-board control system of therailway network 150, e.g. thecontrol center 151 and/or anytrackside control system 160, one or more first messages using afirst communication path 10 having a first communication range; - 410: exchanging, between said
first railway vehicle 100 and at least anotherrailway vehicle 101 of the plurality of vehicles operating in thesame railway network 150 and/or another unit of thefirst railway vehicle 100, one or more second messages using asecond communication path 20 having a second communication range shorter than said first communication range; - 415: exchanging, between said
first railway vehicle 100 and at least anotherrailway vehicle 101 of the plurality of vehicles operating in thesame railway network 150, one or more third messages using athird communication path 30 having a third communication range shorter than said second communication range. - In particular, the
step 405 of exchanging first messages comprises generating a first secret identifier or key SK suitable to be kept stored at thefirst vehicle 100, and a second public identifier or key PK uniquely associated with the first secret identifier SK; the second identifier or key PK is suitable to be transmitted to and stored in said at least one off-board control system, using thefirst communication path 10 and being publicly accessible for uniquely identifying thefirst railway vehicle 100, by other vehicles, and/or off-board control systems. - In practice, according to the invention, public (PK) and private (SK) keys are generated by
individual vehicles 100, for example based on blockchain technology. The private key (SK) is kept by eachindividual vehicle 100, while the public key is sent to for being shared, in one or more off-board control systems, such as the depictedcontrol system 160, within the long communication range of thepath 10, and/or to thecentralized control center 151. Hence, the relevanttrackside control system 160 acts as a public key management node, has the information about all public keys, and it can confirm the uniqueness of each key-vehicle 100. - According to an embodiment, the
step 410 of exchanging one or more second messages and/or the step 415 of exchanging one or more third messages comprises preferably encrypting at least one of said one or more second and/or third messages. - In particular, the
step 410 of exchanging one or more second messages comprises generating and preferably encrypting second messages which include information related to and suitable for managing a collision prevention intervention between thefirst railway vehicle 100 and the at least anothervehicle 101; to this end, the encrypted second messages are suitable to be exchanged with the at least anothervehicles 101 and/or with the another unit of thefirst railway vehicle 100, namely a second on-board control system 200 thereof, using thesecond communication path 20. - In particular, concerning the avoidance of collision between nearby vehicles, the on
board control system 200 of arailway vehicle 100, located at the head and/or tail thereof, receives via the short-range communication path 20, the localization reports from all thenearby vehicles 101, which reports include for example the braking distance of a relevant vehicle at maximum speed. In case, both nearest vehicles generate the consensus for entering into a collision prevention mode, and execute required operations, for example they both apply the brakes to avoid the collision and perform an incident reporting. In this interval, the very short-range communication path 30 will be inactive during "vehicles collision avoidance", and only the short and long-range communication paths - According to an embodiment, the
method 400 comprises astep 420 of disabling thethird communication path 30 when a collision prevention intervention between thefirst railway vehicle 100 and the at least anotherrailway vehicle 101 is under execution. - Likewise, the step 415 of exchanging one or more third messages comprises generating and preferably encrypting third messages which include information for virtual coupling of the
first railway vehicle 100 with said at least anothernearby railway vehicle 101 of the plurality of vehicles operating in thesame railway network 150, the encrypted third messages being suitable to be exchanged with the at least onenearby vehicle 101 using thethird communication path 30. - In particular, if two vehicles are engaging in virtual coupling, collision avoidance is overruled by the virtual coupling operation. In this case, for instance, the trailing
vehicle 101 tracks the leading train using very short-range communication path 30, and all the three-communication paths (long 10, short 20, and very-short 30) are active to ensure a smooth transition to a collision avoidance procedure in case of issues while executing the ongoing virtual coupling. - In particular, virtual coupling is preferably enabled only when two
vehicles 100 are moving in the same direction and the same blocks ofrailway network 150 for a reasonable distance/time, for example 20 kms/10 minutes. - Concerning encryption, for instance for messages exchanged via the very short-range communication paths or
links 30, the corresponding separate public and private keys are generated and the public keys are exchanged between twovehicles 100 via the dedicated short-range communication path or link 30 as previously indicated. - For example, a security key (SK) with the size of 32 bytes or 256 bits can be generated using any random number generator comprised in or associated with the own control and
processing unit 1 and is kept secret. In practice, eachvehicle 100 contains its own key management node which manages its private and secret keys used for communicating messages among thevehicles 100. Then, a related public key PK, for example having the size of 64 bytes or 512 bits is generated from the previously generated security key (SK) using Ecliptic Curve Digital Signature Algorithm (ECDSA) by the relevant on-board control system 200, namely PK = ECDSA(SK). - The public keys from
various vehicles 200 are managed at the key management master node of the trackside control system, such as thesystem 160, by pairing the vehicle ID with its related public key PK). - Then, a secured message is created by calculating for example the SHA-256 (Secure Hash Algorithm-256) of a message at first, and then generating 160-bit hash using RIPEMD-160 (RACE Integrity Primitives Evaluation Message Digest). The SHA-256 generates an almost-unique 256-bit (32-byte) signature for a message which is required for the security of the message. RIPEMD-160 is a 160-bit cryptographic hash function which is required for maintaining uniformity. Finally, signature is a 160-bit hash value of a 256-bit hash of message, namely Hash of message = RIPEMD-160(SHA-256(message)).
- Accordingly, any length of message is converted into
uniform 160 bits. Then, the hash of the message is encrypted using the relationship SK/PK. This encrypted hash is the signature of the message, namely Signature = Encryption (Hash of message, SK/PK). - This "signature" is sent along with "message" by each on-
board control system 200 to other on-board control systems 200 or to off-board control system located at thecontrol center 151 or else. - For verifying a message, at first step the Hash of the message is recreated and then the signature is decrypted decrypt the using relevant public key (PK) (for encryption with SK)/SK (for encryption with PK) to create decrypted hash, namely Hash of message = RIPEMD-160(SHA-256(message)), Decrypted Hash of message = Decryption (Signature, PK/SK). If hash of message and decrypted hash of message are same, the message is verified as the correct one and can be used.
- The message, as for example represented in the below table, exchanged between the on-
board control system 200 and an off-boardtrackside control system 160, is also used to change the key. It is to be noted that the public key of the receiver is used for message encryption such that only the respective receiver can decrypt the public key (PK) of sender using its secret key (SK). The receiver ID is filled with zeros when there are anonymous receivers, i.e. a message broadcasted, to all the nearby vehicles. Any on-board control system 200 can decrypt the message using sender's public key (PK), which can be collected from an off-boardtrackside control system 160.Hash code of Message (128 bits) Time Stamp (Sec) (32 bits) Receiver Identification Hash Code (32 bits) Sender Identificatio n Hash Code (32 bits) Encryption with (PK) of Receiver / (SK) of Sender Hash code of Next Message (128 bits) Messag e Type (4 bits) Data Size (32 bits) Scrambled Data with clues (Variable size) MD5 checksu m of message Time Zeros (or) Receiver ID Sender lD 1-Change Key 512 or Messag e size New PK from Sender - 512 bits or Message Zeros (or) MD5 checksum of next message - According to an embodiment, the
method 400 comprises the steps of: - 425: engaging virtual coupling between the
first railway vehicle 100 and the at least anothernearby vehicle 101 of the plurality of vehicles operating in the railway network, using the third communication path 30: and - 430: overruling any collision prevention intervention between the
first railway vehicle 100 and the at least anothernearby vehicle 101 under virtual coupling, while keeping thesecond communication path 20, as well as thefirst communication path 10, active. - In practice, when a
railway vehicle 100 starts its operations in a day, it is assigned with a unique ID and initial zone number from thecontrol center 151, which ID is sent to thecomputerized unit 4 of the onboard control system 100, e.g. the one at the head of thevehicle 100. Theonboard control system 200 generates an initial pair of associated security and public keys (SK, PK), and the public key is sent to thecontrol center 151. At the same time, the off-boardtrackside control system 160 also generates its pair of security and public keys (SK, PK) and sends its public PK to the control enter 151 during the initialization for the day. Finally, thecontrol center 151 shares the public PKs from the on-board control system 100 and the off-boardtrackside control system 160 with each other during the initialization. Accordingly, a "permissioned" network is created between the on-board control system 100 and the off-boardtrackside control system 160. In order to avoid the unauthorized usage of PK, PK is sent as scrambled data with the attached clues for descrambling, such as for instance, swapping of every multiple of 4th bit and the prior bit, or similar. - Since the public keys need to be known substantially at control system level, one of each of the on-board control system(s) 200 of the
vehicle 100 generates a new key pair and communicates with the off-boardtrackside control system 160 to change its current key, e.g. at each relevant station. At the same time, the off-boardtrackside control system 160 also creates a new key pair for eachvehicle 100, i.e. the transaction between an on-board control system 100 and the off-boardtrackside control system 160 will be maintained as unique key pairs, even though only one off-boardtrackside control system 160 is present in the respective zone of therailway network 150. - In this way, the associated new keys of the on-
board control systems 200 and of thetrackside control system 160 are not known to thecentralized control center 151 immediately. - The same process is repeated for each
new vehicle 100 which is initialized via thecentralized control center 151, or at each station. - An important aspect is that public key PK of the receiver is used for message encryption such that only the respective receiver can decrypt the PK of sender using its security key SK.
- In case of possible collision, the on-
board control system 100, for example at the head of thevehicle 100, transmits the unique ID and initial zone number to the on-board control system 100 at the tail of the vehicle using the public key (PK) of the tail vehicle (or vice versa). This information is required to communicate with the off-boardtrackside control system 160. Theown localizing system 3 provides to the control andprocessing unit 1 the block identifier or ID for the forthcoming block of the railway network 105 along with the incremental distance from it, as well as data related to the actual speed/acceleration of thevehicle 100. Further, the control andprocessing unit 1 receives the Movement Authority information form the associated computerized unit 4 (EVC) which contains the route information. The same information about Movement Authority is transmitted to theother control system 200 at the tail (or viceversa) of thesame vehicle 100. Based on the current location and Movement Authority, the on-board control system 100, and in particular its control andprocessing unit 1, calculates the list of blocks within the braking distance plus a safety margin distance, which is configurable, along with the time in the assigned route. This information is telemetered using the shortrange communication path 20, thus such message can be captured only bynearby vehicles 101 operating within the short range distance. Likewise, the on-board control system 200 of theown vehicle 100 also receives the telemetry of the block ID and incremental distance from the block, from nearby vehicles operating within the short-range communication distance, along with information about their speed/acceleration, movement path in terms of the list of blocks within the braking distance along the assigned route. - Based on the block ID and incremental distance from other vehicles, the distance between the head of a
first vehicle 100 and the tail of a precedingsecond vehicle 100 is calculated using for example theblock database 5 and the respective route information. If the calculated distance exceeds the combined braking distances, it will be treated as a possible collision scenario. Furthermore, the overlapping point between the two vehicles the distance of collision, time of the collision, collision type (head/tail/side), are calculated. It is possible to have a collision, if one of the vehicles is approaching another one. If both vehicles are leaving in opposite direction, then, the movements are declared as collision-free. Once the possible collision scenario is confirmed, then the appropriate actions are triggered as for example described in the following table, for two trains:One train Another train Action for One train in case of possible collision Action for Another train in case of possible collision Approaching Approaching - Reduce the speed - Reduce the speed, - Apply Emergency Brake (EB)/ Service Brake (SB) through EVC - Apply EB/SB through EVC - Alert CCC, EVC Alert CCC, EVC - Get updated Movement Authority from EVC or Get updated Movement Authority from EVC or train suggests the alternate path based on block database for safe stopping. train suggests the alternate path based on block database for safe stopping. Approaching Leaving Reduce the speed of the following train, Increase the speed of the lead train Apply SB Apply SB Leaving Approaching Reduce the speed of the following train, - Increase the speed of the lead train Apply SB Apply SB Leaving Leaving No Action is required No Action is required - Concerning virtual coupling between railway vehicles, it is possible to establish "Virtual Coupling" between two static/running vehicles, or between a running leading vehicle and a static following vehicle. It is also possible to establish virtual coupling only to stop a running following vehicle closer to a static leading vehicle, i.e. the targeted speed of the following vehicle is zero and the stopping distance is less than 1 km in the same track. As collision avoidance and virtual coupling are basically in contrast to each other, virtual coupling can be activated only when the direction of travel is same for both running vehicles.
- In particular, the possible pair of trains are identified for virtual coupling during the route generation by the
centralized control enter 151. During the running, if the lead vehicle identifies the following vehicle, or vice versa, through theshort range communication 20, they can exchange the messages related to authentication of virtual coupling by sharing the route information. Hence, both trains compare the assigned route which is received using theshort range communication 20. Consensus for virtual coupling has to be expressed mutually by both vehicles. - Based on the consensus, both trains generate the dedicated PK, SK pair of keys so as to communicate the message(s) using the very short-range communication path or link 30. This pair of keys is not shared with any trackside control system. These keys are sent by a vehicle as a message signed with the public key PK of the other vehicle. Once such keys are available at both trains, the virtual coupling link is established and both vehicles will start the exchange of high-speed telemetry data using the
third communication path 30. The information about ongoing virtual coupling is also media available at the computerized unit(s) 4 and thecentralized control center 151. At the same time, as previously indicated, the collision Avoidance functionality is disabled between the two vehicles under virtual coupling. However, the collision monitoring will run in the background using the short range communication data as a fallback option in case of issues. - The "trailing
vehicle 101" gets the dynamic movement authority based on its speed as the objective to follow so as to maintain a constant distance, for instance up to maximum 1km, from the preceding vehicle. If one of the two vehicles virtually coupled is out of the range of thethird communication path 30, signals are lost and the established virtual coupling link will be disabled. This will lead the on-board control system 200 to enter into a "Collision Avoidance" mode and to execute for example the actions indicated in the above table. - Hence, it is evident from the foregoing description and appended claims that the
railway vehicle 100,control system 300, andmethod 400 according to the present invention, achieve the intended aim and objects, since they allow to properly manage operations of railways vehicles in a railway network, and in particular to properly coordinate at the same type operations for avoiding collision and virtual coupling between vehicles. To this end, communication among the various parts, is executed using dedicated channels and according to a secured and trustable way. - The
railway vehicle 100, distributedcontrol system 300, andmethod 400 thus conceived are susceptible of modifications and variations, all of which are within the scope of the inventive concept as defined in particular by the appended claims. - All the details may furthermore be replaced with technically equivalent elements.
Claims (10)
- A railway vehicle (100) suitable to operate in a railway network (150), characterized in that it comprises at least one on-board control system (200) configured:- to exchange one or more first messages with at least one off-board control system (250) of the railway network (150) using a first communication path (10) having a first communication range; and- to exchange one or more second messages with at least another railway vehicle (101) of a plurality of vehicles operating in the same railway network (150) and/or with another unit of the railway vehicle (100) using a second communication path (20) having a second communication range shorter than said first communication range; and- to exchange one or more third messages with at least another railway vehicle (101) of a plurality of vehicles operating in the same railway network (150) using a third communication path (30) having a third communication range shorter than said second communication range.
- A railway vehicle (100) according to claim 1, wherein said at least one on-board control system (200) includes a control and processing unit (1) arranged to encrypt at least one of said one or more second and third messages.
- A railway vehicle (100) according to claim 2, wherein said control and processing unit (1) is configured for generating a first identifier (SK) suitable to be kept stored secretly at the railway vehicle (100), and a second public identifier (PK), associated with the first secret identifier (SK), the second identifier (PK) being suitable to be transmitted to and stored in said at least one off-board control system (250) via said first communication path (10) and being publicly accessible for uniquely identifying the railway vehicle (100).
- A railway vehicle (100) according to any of the preceding claims, wherein the on-board control system is configured to generate second messages which include information related to and suitable for executing a collision prevention intervention between the railway vehicle (100) and the at least another railway vehicle (101) operating in the same railway network (150), said second messages being suitable to be exchanged with the at least another railway vehicle (101) and/or with the another unit of the railway vehicle (100) via the second communication path (20).
- A railway vehicle (100) according to claim 4, wherein the on-board control system is configured to disable said third communication path (30) when a collision prevention intervention between the railway vehicle (100) and at least another railway vehicle is under execution.
- A railway vehicle (100) according to any of the preceding claims,, wherein the on-board control system is adapted to generate third messages which are encrypted and include information for virtual coupling of the railway vehicle (100) with at least one nearby vehicle (101) operating in the same railway network (150), said encrypted third messages being suitable to be exchanged with the at least one nearby vehicle via the third communication path (30).
- A railway vehicle (100) according to claim 6, wherein, when the railway vehicle (100) engages in virtual coupling with at least one nearby vehicle via said third communication path (30), the on-board control system is configured to overrule any collision prevention intervention while keeping the second communication path (20) active.
- A railway vehicle (100) according to any of claims 1 to 7, wherein the at least one on-board control system (200) comprises a first on-board control system (200) positioned at a front part of the railway vehicle (100) and a second on-board control system (200), substantially identical to said first on-board control system (200), which is positioned at a rear part for the railway vehicle , said first and second on-board control systems (200) being in operative communication with each other via the second communication path (20), the second on-board control system (200) being in operative communication with the at least one off-board control system (250) via its first communication path (10) and being in operative communication with a further railway vehicle via its second and/or third communication path (30).
- A distributed control system (300) for managing a fleet of railway vehicles operating in a railway network (150), characterized in that it comprises:- at least a first railway vehicle (100) and a second railway vehicle (100) according to any of the claims 1 to 8;- at least one off-board control system (250) in operative communication with said first railway vehicle (100) and said second railway vehicle (100) at least via the respective first communication path (10).
- A method (400) for managing operations of a plurality of railway vehicles operating in a railway network, characterized in that it comprises, in whichever suitable order, at least the following steps:- (405): exchanging, between a control system installed on-board of a first railway vehicle (100) of said plurality of railway vehicles and at least one off-board control system (250) of the railway network (150), one or more first messages using a first communication path (10) having a first communication range;- (410): exchanging, between said first railway vehicle (100) and at least another railway vehicle (101) of the plurality of vehicles and/or another unit of the first railway vehicle (100), one or more second messages using a second communication path (20) having a second communication range shorter than said first communication range;- (415): exchanging, between said first railway vehicle (100) and at least another railway vehicle (101) of the plurality of vehicles operating in the same railway network, one or more third messages using a third communication path (30) having a third communication range shorter than said second communication range.
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
IN201941047414 | 2019-11-20 |
Publications (1)
Publication Number | Publication Date |
---|---|
EP3825205A1 true EP3825205A1 (en) | 2021-05-26 |
Family
ID=73476050
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP20208472.9A Withdrawn EP3825205A1 (en) | 2019-11-20 | 2020-11-18 | Railway vehicle, distributed control system, and method for managing operations of railway vehicles in a railway network |
Country Status (1)
Country | Link |
---|---|
EP (1) | EP3825205A1 (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2023064045A1 (en) * | 2021-10-15 | 2023-04-20 | Bnsf Railway Company | System and method for virtual block detection |
US12116028B2 (en) | 2017-05-05 | 2024-10-15 | Bnsf Railway Company | System and method for virtual block stick circuits |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110172856A1 (en) * | 2010-01-08 | 2011-07-14 | Wabtec Holding Corp. | Short Headway Communications Based Train Control System |
EP3219575A1 (en) * | 2016-03-17 | 2017-09-20 | ALSTOM Transport Technologies | Method for securing the exchange of authentication keys and associated key management module |
US20180159936A1 (en) * | 2016-12-07 | 2018-06-07 | Bombardier Transportation Gmbh | Wireless Trainline |
-
2020
- 2020-11-18 EP EP20208472.9A patent/EP3825205A1/en not_active Withdrawn
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110172856A1 (en) * | 2010-01-08 | 2011-07-14 | Wabtec Holding Corp. | Short Headway Communications Based Train Control System |
EP3219575A1 (en) * | 2016-03-17 | 2017-09-20 | ALSTOM Transport Technologies | Method for securing the exchange of authentication keys and associated key management module |
EP3219575B1 (en) * | 2016-03-17 | 2020-11-04 | ALSTOM Transport Technologies | Method for securing the exchange of authentication keys and associated key management module |
US20180159936A1 (en) * | 2016-12-07 | 2018-06-07 | Bombardier Transportation Gmbh | Wireless Trainline |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US12116028B2 (en) | 2017-05-05 | 2024-10-15 | Bnsf Railway Company | System and method for virtual block stick circuits |
WO2023064045A1 (en) * | 2021-10-15 | 2023-04-20 | Bnsf Railway Company | System and method for virtual block detection |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11214288B2 (en) | Method and apparatus for a train control system | |
Wu et al. | Vulnerabilities, attacks, and countermeasures in balise-based train control systems | |
EP3825205A1 (en) | Railway vehicle, distributed control system, and method for managing operations of railway vehicles in a railway network | |
KR102124927B1 (en) | Method for managing resources and resource management method for virtual connection in autonomous train control system | |
US11731675B2 (en) | Exclusive track resource sharing system | |
EP3137363B1 (en) | Checking the authenticity of a balise | |
US11772692B2 (en) | Method and apparatus for vehicle-based switch locking in a rail network | |
US20200139995A1 (en) | Secure locomotive communication system | |
JP6151148B2 (en) | Signal security system | |
JP6092548B2 (en) | Radio system and train control system | |
EA034117B1 (en) | Train traffic control system in railway transport | |
EP3636513B1 (en) | Control method and train control system | |
EP2938015B1 (en) | Communication system, communication unit, and communication method | |
US11958519B2 (en) | Method for operating a railway system, and vehicle of a railway system | |
JP5087579B2 (en) | Train control system and train control method | |
JP3997319B2 (en) | Digital communication system for train control | |
EP3219575B1 (en) | Method for securing the exchange of authentication keys and associated key management module | |
US20240246588A1 (en) | Method and apparatus for a train control system | |
CN104334436A (en) | Method for the auxiliary operation of a track element, and operation control system | |
Thomas et al. | TRAKS: A universal key management scheme for ERTMS | |
JP2009137555A (en) | Train control system | |
RU2722780C1 (en) | Method for decentralized interval control of train movement and system for its implementation | |
Lee et al. | Analysis of radio based train control system using LTE-R and analysis of security requirements: The security of the radio based train control system | |
Fang et al. | Security analysis of wireless train control systems | |
US20240039717A1 (en) | Appratus and method for controlling a critical system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION HAS BEEN PUBLISHED |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
17P | Request for examination filed |
Effective date: 20210505 |
|
RBV | Designated contracting states (corrected) |
Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: EXAMINATION IS IN PROGRESS |
|
17Q | First examination report despatched |
Effective date: 20220630 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN |
|
18D | Application deemed to be withdrawn |
Effective date: 20221111 |