" SAFEDMI - Safe Driver Machine Interface

                              for ERTMS automatic train control"

A project partialy funded by

the European Commision

DG Research

SAFEDMI objective is to design and develop a ERTMS-compliant safe (at least SIL2) DMI with safe wireless communication interfaces for configuration, SW and firmware downloading and diagnostic purposes to respond to the increasing safety level needs in the ATC systems of high-speed rail lines.

Background:

Railway automatic train control (ATC) systems are based both on trackside and on-board systems. The increasing level of train traffic and the spread of high-speed rail lines are now demanding an increasing safety level in the ATC systems. In order to ensure compatibility and interoperability between the ATC systems produced in Europe, the European Rail Traffic Management System (ERTMS) programme has been set up to provide unique functional and non-functional standard requirements.

The ERTMS architecture for the on-board ATC encompasses a Driver Machine Interface (DMI) component whose functions and ergonomic requirements are defined so to satisfy all the CENELEC related requirements.

However, such requirements do not include yet safety despite the DMI is required to operate (as a slave) in a quite critical context. In fact many railway operators do start requiring from their providers DMIs which satisfy the strong requirement of being a safe MMI reaching at least SIL2 (Safety Integrity  Level 2) according to CENELEC specifications.

The safety requirement is generated by the increased complexity of ATC on-board systems generated by more and more high demanding requirements on railways line capacities exacerbated by the requirement of avoiding possible loss of driver attention caused by the amount of information displayed.

Objective:

The objective of the SAFEDMI project is to design and develop a DMI system that distinguishes itself from other trainborne DMIs currently available on the market by being able to satisfy at least SIL2 (Safety Integrity Level 2) according to CENELEC specifications (with all the related implications) and to integrate in such safe DMI safe wireless communication interfaces for configuration, SW and firmware downloading and diagnostic purposes.

The detailed proposed objectives are: (a) to design and develop a safe DMI integrated with the current on-board ERTMS systems  developed according to the ERTMS Interface specifications;  (b) to study and develop all the HW and SW solutions to properly address the safety and fault tolerance issues generated by the SIL 2 requirements; (c) to integrate in the safe DMI safe wireless communication interfaces for configuration, SW and firmware downloading and diagnostic purposes; (d) to design and develop a HW and SW tool infrastructure to support automatic test execution, simulating driver’s action.

The safety issues to be tackled by the SAFEDMI project are related to: visualization, driver input data acquisition, data processing and wireless communication interface for maintenance purposes.

Expected results:

SAFEDMI will deliver the following results: (1) the requirements and constraints to be considered to be compliant with SIL2; (2) the SAFEDMI architecture, a preliminary HW and SW specification, the selected wireless communication technology, the communication architecture and a preliminary quantitative evaluation methodology; (3) the SIL2-compliant final prototype to be evaluated and validated.

NOTE:

The project will work in compliancy to existing ERTMS standards without the purpose of providing new standardizations for EVC-DMI interface or DMI ergonomic rules.

Moreover SAFEDMI is in fully agreement with Unisig Position Paper “DMI-EVC Interface – Unisig Position Paper” dated 11.02.2008.