I'm designing an electronic door control system and I want to include a safety mechanism in the circuit to make sure there is always a way to open all doors in case of emergency.
Because a microcontroller might fail for any reason (bugs, power problems, etc.) I want to make this fail-safe mechanism using a standalone circuit.
The working I'm trying to achieve is as follows:
There is an emergency button. When this button is held for 10 seconds straight, the safety circuit will trigger and turn off the power to all doors, unlocking them. After 10 seconds the button may be released by the user but the safety circuit must remain active.
I looked for such circuit on the internet and found these two similar questions:
Which had pretty complicated answers.
But I also found this circuit:
Which is very simple and does exactly what I want.
When you connect the VCC to the 555 IC, after a set amount of time the output pin will go HIGH, and it will stay HIGH indefinitely.
The only problem is that when you disconnect the VCC the circuit will turn off. Which I have solved using the following circuit:
When the user presses the button, Q1 activates and the 555 starts working. After 10 seconds the output pin (3) will go HIGH. This does two things: first it activates the relay that opens all the doors, and second it activates Q2 which in turn activates Q1. Now if the user releases the button the circuit will still have power.
My problem is solved now using this circuit but I needed to know two things:
1- Is this circuit reliable? I need a reliable circuit because if this fails people could get stuck in a fire or other emergencies.
2- Is there any better solution I can use to achieve this?
Your Arduino circuit has a pcb board and electronic components and so does your safety circuit. Perhaps they share the same power supply or use the same mains for power. It is almost the same as putting a safety feature in a sketch.
Can you think of something different ?
When a safety circuit is easy to operate, then everyone might just press the button for 10 seconds to get in.
Can you make something mechanical and something that must be broken ? For example a rope that can be pulled, hidden behind glass that has to be broken.
I agree with @Koepel
you are trying to make an electronic system as a safety backup to .. an electronic system.
What if the relay fails?
If the system NEEDS to provide for a SAFE escape you need a backup system that doesnt rely on ANY of the existing system being operational. What if the electronic lock fails in the locked position?
@Koepel@johnerrington Thank you, you make very good points.
Mechanical is not possible because the locks are only operable electrically. But I can maybe design the system in a way that the power to the locks can be cut in a more straightforward manner, like physically cutting the power wire for example. Or a mechanical switch that provides power to the whole system. Because the locks are fail-safe and open when the power is cut.
In the meantime I still would like to know if the above circuit can be relied on. Because a commercial product I have investigated is using a similar approach and hence this is good enough for me.
Security is not a concern. This is actually for a cleanroom door interlocking system. The system only needs to make sure both doors are not open at the same time.
Depends on what you consider as reliable. The circuit has just a few components, and, on that level I would consider it as pretty reliable. But, I think, this is not the end of the story.
The environment is more of interest. Are the power supplies independent? You write something about fire or other kind of emergency events. So question is how sensible you set-up is (doors, controllers, your circuit above, wiring, power supply etc) against those events. Fire, e.g., may be considered as a common mode on all(!) components when it occurs at a centralized power supply. So, I think, you have to think into this direction.
Just an idea: what if your circuit works like the doors? They open when power is cut, what if the circuit does cut the power to the doors provided it is itself not powered? I.e. it is actively keeping the doors closed. Sure, you need to think about what happens if your circuit is unintentionally not powered ...
Nothing to worry about. Without knowing the details here, it is the concept of redundancy. And, it may even dissimilar because the used hardware and software is different.
Good point! But the circuit breaker may not be in the range of the person who got locked the cleanroom door interlocking system . I think the 10s duration is used to avoid misuse, i.e. under normal operating conditions you got faster through the interlocking system, and the delay of 10s is then just used in case of emergency.
The circuit does work like that, the doors and the circuit are both powered by the same supply and if the power dies all the doors will open.
I was mainly worried about the MCU going into an undefined state, hence the use of a separate circuit for the safety mechanism.
But your answer gives me an idea. If the MCU not working is my concern, perhaps I can make it so that the MCU keeps the power to the doors on in the main loop. Perhaps by constantly charging a capacitor. If for any reason it hangs and the main loop is not run then the capacitor will no longer get charged and the power will be cut. This will eliminate the need for the user to even use the emergency button.
. I think the 10s duration is used to avoid misuse, i.e. under normal operating conditions you got faster through the interlocking system, and the delay of 10s is then just used in case of emergency.