Emergency stop systems are an integral and lifesaving component of large unmanned vehicles. Some E-stop designs may require their own separate data radio link, and passive listening designs can fail due to false carrier signals, or be delayed by buffering of data if no protocol handshake is required.
This paper describes an active emergency stop architecture with data handshake that can share a radio data link with primary command and control communications such as using JAUS. Given a data link where packet delivery latency is well below E-stop timeout time, the OCU and vehicle can exchange E-stop keepalive messages actively, with sequence numbers to guard against the possibility of old data deceiving the vehicle and keeping the E-stop from triggering. Since the vehicle and OCU are addressing each other and not merely looking for a carrier signal, E-stop communications can coexist with other data traffic so long as packet delivery time is well below E-stop timeout time.
An example implementation is over a computer network link supporting TCP/IP, such as using common off-the-shelf 802.11 equipment, or similar radios that might achieve longer range with somewhat lower data rate. With 802.11, round-trip delivery times are generally below 10 milliseconds, providing margin for many retransmissions within a typical 500 millisecond E-stop timeout time.
Another benefit of this active E-stop design is immediate triggering of a stop using an E-stop button. Rather than waiting for an E-stop timeout time to expire, an explicit message triggering a stop can be sent from the OCU-side E-stop button device to the vehicle E-stop circuitry (which can still be independent from the VCU). This will trigger a stop within the packet network delivery time, just 10 milliseconds in our example.