Safety and Security in Robotic Systems

In a manufacturing environment, humans are protected from machines by cages and locked safety doors. This allows humans to safely cooperate with machines. However, to be more effective, humans need to collaborate with machines with the doors and cages removed. So how will these machines be made safe enough that humans can interact with active robots?

How to make factories safe for humans?

If you have ever been to a factory, you will have seen a lot of signs with information and warnings. Typically, they remind employees to wear appropriate clothing and safety equipment. Others advise us that only trained personnel are allowed to be near and operate machines. This is the visual safety implementation – informing everyone that dangers lurk around every corner.

Humans are quite ingenious when they need to be. For example, if a machine breaks down, they will often want to save time by repairing it themselves, rather than call the specialist responsible. However, there is a reason that specialists are required. Typically, they know all the details of how a machine was built and constructed and thus how to repair or service it in a safe manner.

Physical safety implementation

In order to keep hands, fingers and arms safe, modern manufacturing equipment, such as robots, is normally kept inside some sort of cage. If access is required, a protective door will open and allow technicians to service the machine. By implication, when the machinery is in operation, a locking mechanism stops people from opening it. In case the cage door is open, but is not supposed to be, an integrated switch or sensor detects the status. Under such conditions, it ensures that the machinery cannot be switched on until that door has been fully closed and locked.

This often leaves us in a situation where either the machines are working while the operators look on. Or, the operators can service the machine while the machine is standing still. The interaction between both parties is safe but not especially efficient. Thus, the relationship is coexistent and cooperative rather than collaborative.

The impact of automation

Most factories still follow the conveyor belt philosophy that helped Henry Ford change the way cars were manufactured. Taking inspiration from the conveyor belts used in grain houses, he allowed his employees to focus on a small part of building the car as it crawled its way through the manufacturing plant. With each chassis being drawn along a conveyor belt, each person could bolt-on or affix the parts they were responsible for as the car went past.

Each employee focused on their step, becoming an expert on that section of the build. This helped Ford to reduce the time to build a car from over 12 hours to almost 90 minutes. By making each car exactly the same, his manufacturing method delivered a high level of efficiency.

Delivering more customization to consumers

Today’s consumers, however, expect more from their products. They demand customization, uniqueness and consumer goods that reflect their individuality. At this point, the conveyor belt procedure starts to break down. Necessarily, some products will require work at every step, while others will be waiting unnecessarily to pass work stations where nothing will happen.

Rather than lining all manufacturing steps one behind the other, it makes more sense to create many separate islands where each work step can be undertaken. The product visits only the islands necessary to make the specific version the consumer requested. Some work steps can even be undertaken multiple times.

Keeping robots in check

In order to ferry the product between these islands, battery-powered electric autonomous guided vehicles (AGV) will transport the product itself and the materials required for production. A basic version of the product will only visit the essential work steps, whilst premium versions may visit every one.

During this process, it is essential that safety and security are provided. While both terms may appear to be interchangeable at first, there is a clear distinction.

Safety: Protecting the humans from the machines

Safety: Protecting the humans from the machines

In the modern factory, human operators will still be required at many stages of the process. Therefore, it is essential that these AGVs are able to maneuver potentially heavy or dangerous items around in close proximity to humans without risk of causing harm. In order to achieve this, their computers need to use a range of sensors to detect what is around the AGV at all times in dynamically changing environments.

Safety: Protecting the humans from the machines

With the safety cages gone, sensing solutions, such as a safety light barriers and time-of-flight (ToF) cameras, will inform robotic systems about their environment. Speed and movement of a robotic arm could be reduced and restricted depending on the proximity of humans. By walking through a light barrier, a robot arm would limit its activity to an area away from where humans are standing. This would allow them to drop off a tray of work or pick up finished items without the robot having to stop completely.

Safety: Protecting the humans from the machines

However, seconds or minutes of motion without the attention of sensors could easily result in a fatality. Thus, for such machinery, a special type of computing machine is required.

Safety: Protecting the humans from the machines

TriCore computer processors, as found in the AURIX™ family of microcontrollers, are capable of executing each program instruction twice. The processor executes the instruction, undertaking whatever task the result determines. A moment later, the same instruction is executed again. If the results of both processing steps are the same, the processor simply continues its task. However, if the results are different, an emergency software routine can be executed to handle the issue. This ensures that an AGV can be stopped in a safe manner almost immediately – in case a failure occurs.

Safety: Protecting the humans from the machines

This is just one of many safety features and such capabilities should not be taken for granted. The AURIX™ microcontroller safety functions are the result of years of experience and research into potential sources of failure during operation. This results in a microcontroller, together with documentation, that makes a verifiably safe robot or AGV possible.

Security: Protecting the machines from the humans

Security: Protecting the machines from the humans

All of these robotics systems will need to be connected with one-another. As they roam the factory, they will wirelessly share their location with a fleet management system. Over time, a complete virtual map of the complex can be created. Temporary obstacles and new routes can also quickly be shared amongst the AGV fleet. This way, they know which paths around the factory are free and when and how to reach to the next island.

Security: Protecting the machines from the humans

Just like our home computers and smartphones, such networked robots have to be protected from hackers, viruses and other malware. Additionally, in order to ensure their safety credentials have not been compromised, it will be necessary to warrant that only approved spare parts and consumables are used.

Security: Protecting the machines from the humans

It is highly likely that the core components of AGVs and robots will need to register themselves with the main computer once any repairs have been made. This process will allow these parts to authorize themselves as parts or accessories – similar to how we look for a hologram sticker on software or high-value products to confirm their authenticity.

Security: Protecting the machines from the humans

The basis for this authentication is the same as that used for today’s modern secure communication by email or encrypted messaging app. Each robot has a set of keys stored in a vault. Such vaults are emblematic of the chips embedded in its hardware. Parts and accessories fitted need to prove that they know this secret information in order to be allowed to be used.

Security: Protecting the machines from the humans

It is critical that this type of security is central to the design of a robotics system and is not treated as a bolt-on extra. In fact, it should be considered as complimentary to the safety implementation. A functionally safe robot that can be hacked and remotely controlled is no longer safe. The same applies if sub-standard quality tooling or spare parts are fitted.

Security: Protecting the machines from the humans

Products such as the Infineon OPTIGA™ family of security solutions support the electronics required for such functionality. Depending on what needs to be achieved, these devices can confirm that internet connections are secure or that only approved software updates are being uploaded. Some of the simpler products implement authentication, allowing consumables to prove that they come from an approved source. Among these consumables one can find oil or glue, for instance.


If man and machine are to work together in harmony, trust will be an essential element in this relationship. We are quickly moving from collaborate onto cooperation. While in the field of collaboration we are kept at a distance from robots, cooperation indicates that we work alongside them in close proximity.

The industry understands how to implement safety and Infineon delivers solutions to make it happen. As the machines become interconnected and allow software updates and bolt-on customizations, security implementations and authentication will rise up to be another core element of the overall safety implementation. When done properly, it will ensure that we can really trust the machines alongside whom we work.


Last update: July 2018