Login| Sign Up| Help| Contact|

Patent Searching and Data


Title:
DISTRIBUTED DECISION MAKING
Document Type and Number:
WIPO Patent Application WO/2019/172774
Kind Code:
A1
Abstract:
The invention relates to marine vessel safety system which ensures that a marine vessel enters a safe state in the event of at least one malfunction in any vessel operation systems and components of the marine vessel. The marine vessel safety system comprises at least one vessel monitoring system, at least one malfunction evaluation system and a safe-state control system.

More Like This:
Inventors:
SOLBERG, Kenneth (Åsestien 17, 6017 Ålesund, 6017, NO)
JOHANSSON, Carl (Borgundvegen 340, 6009 Ålesund, 6009, NO)
SKOGVOLD, Morten (Einarvikgata 10, 6002 Ålesund, 6002, NO)
Application Number:
NO2019/050048
Publication Date:
September 12, 2019
Filing Date:
March 06, 2019
Export Citation:
Click for automatic bibliography generation   Help
Assignee:
KONGSBERG MARITIME CM AS (Borgundvegen 340, 6009 Ålesund, 6009, NO)
International Classes:
B63B43/00; G05B23/02
Attorney, Agent or Firm:
BRYN AARFLOT AS (Stortingsgata 8, 0161 Oslo, 0161, NO)
Download PDF:
Claims:
17/22 133129FMA

Claims

1. A marine vessel safety system which ensures that a remote and autonomous marine vessel enters a safe state in the event of at least one malfunction in any vessel operation systems and components of the marine vessel, the marine vessel safety system comprises: at least one vessel monitoring system, configured to monitor the vessel operation systems and components of the marine vessel, a plurality of decision-making systems, each comprising at least one malfunction evaluation system configured to detect any malfunction in the vessel operation systems and components of the marine vessel and to evaluate the detected malfunction, a safe-state control system, configured to be activated by any one of the malfunction evaluation systems in the event where any of the malfunction evaluation systems detect any malfunction in the vessel operation systems and components, and to execute a set of control commands, which forces the vessel in to a safe state.

2. A marine vessel safety system according to claim 1 , wherein the at least one

decision-making system comprises at least one decision-making system positioned on-board the R&A marine vessel.

3. A marine vessel safety system according to claim 1 , wherein the at least one

decision-making system comprises at least one decision-making system positioned in a location remote from the R&A marine vessel.

4. A marine vessel safety system according to any one of the preceding claims, where the at least one malfunction evaluation system comprises a vessel monitoring system. 18/22 133129FMA

5. A marine vessel safety system according to any one of the preceding claims, where the vessel monitoring system is independent from any other system in the marine vessel.

6. A marine vessel safety system according to any one of the preceding claims, where the vessel monitoring system is autonomous.

7. A marine vessel safety system according to any one of the preceding claims, where the vessel monitoring system is firmware programmed.

8. A marine vessel safety system according to any one of the preceding claims, where at least one of the vessel operation systems and components of the marine vessel is chosen from the group comprising: engine control system,

propeller,

propulsion control system,

communication system,

navigation system,

- water cooling system,

dynamic positioning system,

distress signal communication system,

route planning system,

- situation awareness system,

collision avoidance system,

mission management system,

equipment health monitoring system,

energy management system,

integrated alarm system,

cyber security system such as intrusion detection system,

- steering gear, 19/22 133129FMA autopilot,

position reference systems,

deck machinery systems,

machinery recovery systems, and

artificial chief engineer.

9. A marine vessel safety system according to any one of the preceding claims, where each state of each of the m vessel operation systems and components of the marine vessel is defined by a set of any number, n, of parameters, m.l, m.2, m.3, m.4, m.n.

10. A marine vessel safety system according to claim 9, where at least one of the

parameters, in at least one of the sets of any number of parameters, represents a property of the respective vessel operation system or component of the marine vessel chosen from the group comprising: pressure,

temperature,

- sound,

voltage,

frequency,

gas-concentration,

humidity,

- pH,

connectivity capability,

network activity,

- software component activity,

- CPU load,

memory usage,

connectivity activity,

position, and

latency. 20/22 133129FMA

1 1. A marine vessel safety system according to any of the claims 9 and 10, where the vessel monitoring system is configured to: monitor each set of parameters, m.l, m.2, m.3, m.4, m.n, defining the state of each of the vessel operation systems and components of the marine vessel.

12. A marine vessel safety system according to claim 1 1 , where the at least one

malfunction evaluation system comprises at least one malfunction trigger algorithm.

13. A marine vessel safety system according to claim 12, where the at least one of malfunction trigger algorithm is configured to: compare each set of parameters m.l, m.2, m.3, m.4, .., m.n with a set of allowable threshold values Tm i , Tm 2, Tm 3, Tm 4, Tm n defined as a set of ranges, each set of ranges is associated with a particular set of parameters m.l, m.2, m.3, m.4, .., m.n, and if any one of the parameter values lm i, L 2, L 3, lm 4, · , Im n in the set of parameters is outside the corresponding allowable threshold value Tm i , Tm 2, Tm 3, Tm 4, · , Tm n defined in the set of ranges, then send a malfunction signal to a logical comparator, which outputs an activation signal to the safe state control system.

14. A marine vessel safety system according to any one of the preceding claims, where the malfunction evaluation system, evaluates the detected malfunction in light of the state of at least one other amongst the vessel operation systems and components of the marine vessel.

15. A marine vessel safety system according to any one of the preceding claims, where the malfunction evaluation system, comprises at least one system chosen from the group comprising: route planning system,

situation awareness system, 21/22 133129FMA collision avoidance system, and

dynamic positioning system.

16. A marine vessel safety system according to any one of the preceding claims, where said set of control commands executable by the safe-state control system is chosen based on any of the sets of parameters that defines the states of the vessel operation systems and components of the marine vessel.

17. A marine vessel safety system according to any one of the preceding claims, where said set of control commands executable by the safe-state control system comprises at least one control command which determines at least one of the following: vessel rudder position,

vessel propulsion levels,

activation of a dynamic positioning system,

activation of a distress signal communication system,

activation of a route planning system,

activation of a situation awareness system,

activation of a collision avoidance system,

activation of a machinery recovery system,

notification of a remote operator,

activation of a sound signal,

activation of a flashing light signal,

activation of a light signal,

activation of a loudspeaker announcement, and

- disconnect remote control.

18. A marine vessel safety system according to any one of the preceding claims, where at least one safe state is defined amongst the actions chosen from the group comprising: 22/22 133129FMA the marine vessel proceeds to the next waypoint,

the marine vessel stops and enters DP-mode,

the marine vessel returns to the previous waypoint,

the marine vessel navigates back to its last known safe position,

the marine vessel navigates to the nearest available safe position, the marine vessel drops an anchor,

the marine vessel shuts down some machinery,

the marine vessel shuts down all machinery,

the marine vessel stops propellers and drifts, and

the marine vessel maintains it relative position relative to an object.

Description:
Distributed decision making

Technical field

[0001] The disclosure relates to a system that reliably ensures that a marine vessel enters a safe state in the event of any malfunction in a system or component relevant for the operation of the vessel.

Background

[0002] Marine vessels contain an ever-growing amount of technical equipment in order to comply with the increasing requirements for functionality, both for the vessels themselves, but also for their cargo. Technical systems for automatic navigation, dynamic positioning, weather analysis and remote cargo surveillance are a few examples of a whole range of already existing systems, with many more under development. The advent of gradually more

autonomous marine vessels is expected to further speed up the development of automated control systems until fully autonomous marine vessels are a reality.

[0003] Although the growth in technical equipment on-board marine vessels both simplify and optimize their operation, it comes with the drawback of increased complexity and consequently often increased fragility. The number and variety of possible malfunctions that can occur increases, and the complexity of the various systems means that these malfunctions get increasingly more difficult to correct. The correction of such malfunctions might for example require specialized personnel, which is rarely available on-board, and in the case of autonomous vessels, not at all. Increasing automation, remote operation and autonomy also increase the threat of cyber-attacks, leading to the requirement for cyber-safety and over-ruling functions on-board.

[0004] In order to handle the growing risk imposed by growing complexity and

increased autonomy of marine vessels, it is necessary to implement novel back-up solutions and procedures in order to guarantee for the safety of the 2/22 133129FMA vessel and its surroundings in the case of any malfunction. Such back-up solutions may for example comprise transferring any compromised tasks over to manual staff or to an automatic back-up system, or in more severe cases, to implement a safe-configuration (fail-safe-state) for the vessel as a whole. In the latter case, a safe-configuration for the vessel could for example involve a cooperation between any remaining functioning systems of the vessel in order to operate the vessel in a safe manner.

[0005] The complexity and diversity of the systems and components belonging to a marine vessel also lead to increased difficulty in detecting a malfunction. A software error in a control system might for example affect the various outputs from this system, and hence make it difficult for the system itself to report any malfunction. A cyber-attack would have the potential of being even more severe, as the hackers could fake the output signals from any affected system, and thus make the marine vessel as a whole appear to be fully functioning.

[0006] It is the goal of the present invention to ensure the safety of a marine vessel.

In particular, it is the goal of the present invention to ensure the safety of a marine vessel in the event of a malfunction in a system or component of the marine vessel.

Summary of the invention

[0007] In a first aspect of the invention, the invention provides a marine vessel safety system which ensures that a marine vessel enters a safe state in the event of at least one severe malfunction in any vessel operation systems and components of the marine vessel, the marine vessel safety system comprises at least one vessel monitoring system, configured to monitor the vessel operation systems and components of the marine vessel, at least one malfunction evaluation system, configured to detect any malfunction in the vessel operation systems and components of the marine vessel and to evaluate the severity of the detected malfunction, a safe-state control system, configured to execute a set of control commands, which forces the vessel in 3/22 133129FMA to a safe state if any of the malfunction evaluation systems detect any severe malfunction in the vessel operation systems and components.

[0008] The marine vessel may according to one embodiment of the invention be a remote and autonomous, R&A, marine vessel. The marine vessel safety system may further comprise at least one decision-making system. The at least one decision-making system may comprise at least one decision-making system positioned on-board the R&A marine vessel. The at least one decision-making system may comprise at least one decision-making system positioned in a location remote from the R&A marine vessel. The at least one decision-making system may comprise at least one malfunction evaluation system.

[0009] In one embodiment of the invention, the at least one malfunction evaluation system may comprise a vessel monitoring system.

[0010] In another embodiment of the invention, the vessel monitoring system may be independent from any other system in the marine vessel. The vessel monitoring system may be autonomous. The vessel monitoring system may be firmware programmed.

[001 1] At least one of the vessel operation systems and components of the marine vessel may be chosen from the group comprising engine control system, propeller, propulsion control system, communication system, navigation system, water cooling system, dynamic positioning system, distress signal, communication system, route planning system, situation awareness system, collision avoidance system, mission management system, equipment health monitoring system, energy management system, integrated alarm system, cyber security system such as intrusion detection system, steering gear, autopilot, position reference systems GNSS etc., deck machinery systems, machinery recovery systems and artificial chief engineer.

[0012] Each state of each of the m vessel operation systems and components of the marine vessel may be defined by a set of any number, n, of parameters m.1 , m.2, m.3, m.4, .., m.n. At least one of the parameters, in at least one of the sets of any number of parameters, may represent a property of the respective 4/22 133129FMA vessel operation system or component of the marine vessel chosen from the group comprising pressure, temperature, sound, voltage, frequency, gas- concentration, humidity, pH, connectivity capability, network activity, software component activity, CPU load, memory usage, connectivity activity, position and latency. The vessel monitoring system may be configured to monitor each set of parameters m.1 , m.2, m.3, m.4, m.n defining the state of each of the vessel operation systems and components of the marine vessel.

[0013] In one embodiment of the invention, the malfunction evaluation system may comprise at least one malfunction trigger algorithm. The at least one of malfunction trigger algorithm may be configured to compare each set of parameters m.1 , m.2, m.3, m.4, .., m.n with a set of allowable threshold values T m .i , T m .2, T m .3, T m .4, T m .n defined as a set of ranges, each set of ranges is associated with a particular set of parameters m.1 , m.2, m.3, m.4, .., m.n and if any one of the parameter values l m.i , l m.2, lm.3, l m.4, I m.n in the set of parameters is outside the corresponding allowable threshold value T m .i , Tm.2, Tm.3, T m .4, T m .n defined in the set of ranges, then send a malfunction signal to a logical comparator L1 , which outputs an activation signal to the safe state control system.

[0014] According to one embodiment of the invention, the malfunction evaluation system evaluates the detected malfunction in light of the state of at least one other amongst the vessel operation systems and components of the marine vessel.

[0015] The malfunction evaluation system may according to another embodiment of the invention comprise at least one system chosen from the group: route planning system, situation awareness system, collision avoidance system and dynamic positioning system.

[0016] Each of the malfunction evaluation systems may be independently capable of activating the safe-state control system.

[0017] In yet another embodiment of the invention, said set of commands executable by the safe-state control system may be chosen based on any of the sets of parameters that defines the states of the vessel operation systems and 5/22 133129FMA components of the marine vessel. Said set of commands executable by the safe-state control system may comprise at least one command which determines at least one of the following: vessel rudder position, vessel propulsion levels, activation of a dynamic positioning system, activation of a distress signal communication system, activation of a route planning system, activation of a situation awareness system, activation of a collision avoidance system, activation of a machinery recovery system, notification of a remote operator, activation of a sound signal, activation of a vessel whistle, activation of a light signal, activation of a flash signaling device, activation of a light signal, lantern activation/deactivation, activation of a loudspeaker

announcement and disconnect remote control.

[0018] At least one safe state is defined amongst the actions chosen from the group comprising: the marine vessel proceeds to the next waypoint, the marine vessel stops and enters DP-mode, the marine vessel returns to the previous waypoint, the marine vessel navigates back to its last known safe position, the marine vessel navigates to the nearest available safe position, the marine vessel drops an anchor, the marine vessel shuts down some machinery, the marine vessel shuts down all machinery, the marine vessel stops propellers and drifts, and the marine vessel maintains it relative position relative to an object.

[0019] Other advantageous features will be apparent from the accompanying claims. Brief description of the drawings

[0020] In order to make the invention more readily understandable, the discussion that follows will refer to the accompanying drawings, in which

[0021] Fig. 1 shows a generic principle of a marine vessel safety system for marine vessels which may be autonomous vessels and/or remotely operated vessels, [0022] Fig. 2 shows a block diagram of a marine vessel safety system,

[0023] Fig. 3 shows a block diagram of a marine vessel safety system for marine vessels, with redundant components, 6/22 133129FMA

[0024] Fig 4 shows a more detailed view of a non-redundant marine vessel safety system,

[0025] Fig 5 shows a marine vessel safety system with redundant components or systems,

[0026] Fig 6 shows another example of a marine vessel safety system with

redundancy, where a monitoring system 12,12n is included in a malfunction evaluation system 14,14n and where a malfunction trigger algorithm is included in a malfunction evaluation system 14, 14n.

Detailed description of the Invention

[0027] In the following, general embodiments as well as particular exemplary

embodiments of the invention will be described. References and possible numerals will be made to the accompanying drawings. It shall be noted, however, that the drawings are exemplary embodiments only, and that other features and embodiments may well be within the scope of the invention as described.

[0028] The present invention concerns a vessel safety system 10 for ensuring the safety of a marine vessel in the event of any malfunction in systems or components relevant for the successful operation of the vessel. The system can act as a backup system to for example various control systems, e.g. navigation systems, and trigger when these systems are either compromised or for some reason are not capable of handling the operation of the vessel.

[0029] According to the present invention, the marine vessel safety system 10

ensures that the marine vessel enters a safe state in the event of any malfunction in vessel operation systems and components 1 1 of the marine vessel. The marine vessel safety system 10 comprises at least one vessel monitoring system 12, 12n, which monitors the state of the vessel by monitoring various systems and components 1 1 of the marine vessel.

[0030] The marine vessel safety system 10 also comprises at least one malfunction evaluation system 14, 14n, configured to detect any malfunction in the vessel operation systems and components 1 1 of the marine vessel and to evaluate 7/22 133129FMA the detected malfunction. A severity of the any malfunctions may be evaluated in light of safety and the ability of the vessel to complete its designated operation. Many malfunctions may often be of minor concern, and can thus be compensated for in a variety of ways by other systems on board or on shore.

[0031 ] Another component of the marine vessel safety system 10 is a safe-state control system 15. The safe-state control system 15 is configured to execute a set of control commands, which forces the vessel in to a safe state if any of the malfunction evaluation systems 14,14n detect any malfunction in the vessel operation systems and components 1 1. The system can be activated by the malfunction evaluation system 14, 14n for example in events where the safety of the vessel is at stake, where the safety of surrounding vessels or environment cannot be guaranteed, or where the operational ability of the vessel is sufficiently compromised. Which set of commands being executed may depend on a series of conditions, e.g. the nature and severity of any detected malfunctions, the state of the vessel, the weather, the mission of the vessel, etc. The safe-state control system 15 may comprise a plurality of subsystems or comprise several safe-state control systems 15.

[0032] The marine vessel safety system 10 is of particular relevance for remote and autonomous, R&A, marine vessels. Here, a crew is not always present on board in order to perform maintenance, repairs, or to take control of the vessel in the event of a malfunction related to the navigation and control of the vessel. R&A vessels may often operate far from external physical influences for long periods of time, only under the control of various decision making systems. These decision-making systems can in one embodiment of the invention comprise on board decision-making systems, while they in another embodiment of the invention can comprise a decision-making system positioned in a remote location from the R&A vessel. On-board decision making systems 14b, 14c in R&A vessels may comprise virtual autonomous navigation systems, ANS, which further may comprise a wide variety of sub systems, including systems for route planning, situation awareness systems, 8/22 133129FMA collision avoidance systems, systems defining the state of the ship, dynamic positioning systems, virtual chief engineer etc. Remote decision-making systems 14a are typically located on-shore, but can in principle be located in any other remote position from the R&A vessel. A remote decision-making system can for example be an operation central, operated by manual staff, which can communicate with and control the vessel on demand. All these decision-making systems may rely on at least one of the states of the various systems and components 1 1 of the marine vessel.

[0033] Decision-making systems in R&A vessels, like ANS-systems, are able to fully or partly control the operation of the vessel based on a wide variety of inputs conserning the vessel operation systems and components 1 1. The decision making systems are thus, based on such inputs, able to estimate/determine how to instruct the vessel in order to achieve for example a predetermined goal. In the event of a malfunction in one of the vessel operation systems and components 1 1 in an R&A vessel, the decision-making system/systems may have to take this into consideration when estimating/determining how to instruct the vessel. The malfunction may in many cases be minor enough so that the operation of the vessel can proceed, either by taking no action at all, or by compensating for the malfunction through other actions. However, in some instances, a malfunction may be sufficiently serious so that it compromises safety or the ability of the vessel to complete its designated operation. Such a malfunction will be evaluated as severe by any decision making system if it hinders any decision-making system in generating instructions for the vessel without compromising safety, or in generating instructions for the vessel which enables it to complete its designated operation. In any embodiment of the invention where the marine vessel safety system 10 comprises a decision-making system, the decision-making system may therefore comprise a malfunction evaluation system 14, 14n, or the malfunction evaluation system 14, 14n may comprise a decision-making system. Any decision-making system or sub-system of any decision-making system may alternatively comprise a malfunction evaluation system 14, 14n, 9/22 133129FMA be in itself a malfunction evaluation system 14, 14n or comprise all the functionalities of a malfunction evaluation system.

[0034] Any malfunction evaluation system 14, 14n may be configured to evaluate the severity of any malfunctions. This evaluation may be performed in light of the state of the vessel operation systems and components 1 1 of the marine vessel, and in light of safety and the ability of the vessel to complete its designated operation. As both the malfunction evaluation system 14, 14n and the monitoring system 12, 12n in this case need to be aware of the state of the vessel operation systems and components 1 1 of the marine vessel, these two systems can in principle be related to one another. Therefore, according to one embodiment of the present invention, the at least one malfunction evaluation system 14, 14n may comprise a vessel monitoring system 12, 12n. The at least one malfunction evaluation system 14, 14n may alternatively have a monitoring system 12, 12n implemented or may in itself have all the functionalities of the monitoring system 12, 12n. Alternatively, the vessel monitoring system 12, 12n may comprise a malfunction evaluation system 14, 14n, have a malfunction evaluation system 14, 14n implemented, or have all the functionalities of a malfunction evaluation system.

[0035] In another embodiment of the invention, the vessel monitoring system 12, 12n may be independent from any other system in the marine vessel. This is beneficial in the case of there being more than one malfunction evaluation system 14, 14n, and in case one of these malfunction evaluation systems 14, 14n experience at least one malfunction that makes it unable to activate the safe-state control system 15. Any functioning malfunction evaluation systems 14, 14n will in this case be able to detect any malfunctions in the relevant malfunction evaluation system 14, 14n and activate any safe-state control system 15.

[0036] The monitoring system 12 may in one embodiment of the invention be

independent from any other system of the marine vessel. Such an

independent system will thus be less prone to malfunctions, as it will be less affected by external influences from connected systems and less vulnerable 10/22 133129FMA to cyber-attacks. Alternatively, the vessel monitoring system 12, 12n may be autonomous. The vessel monitoring system 12, 12n may be firmware programmed.

[0037] Any malfunction may occur in any of the systems and components 1 1 of the marine vessel. Such systems and components 1 1 of the marine vessel may comprise e.g. situation awareness sensors, global positioning receivers, revolution counters, temperature sensors, communication units, route planning modules, situation awareness modules, collision awareness modules, dynamic positioning system, ship state definition modules, depth sensors, cameras, LIDAR, RADAR, map data readers, current readers, marine regulations interpreter, wind sensors, wave sensors, engine control system, propeller, propulsion control system, communication system, navigation system, water cooling system, distress signal communication system, route planning system, situation awareness system, collision avoidance system, mission management system, equipment health monitoring system 12, 12n, energy management system, integrated alarm system, cyber security system such as intrusion detection system, steering gear, autopilot, position reference systems GNSS etc., deck machinery systems, machinery recovery systems and artificial chief engineer.

[0038] In order to determine the state of the various systems and components 1 1 of the marine vessel, various properties determining these states must be measured/read/monitored. Each system or component of the marine vessel may typically have at least one readable output signal, and sometimes one or more readable input signals. Each of these signals, may further be

stored/read/defined as a parameter which may be interpreted by secondary systems, like a malfunction evaluation system 14, 14n. A system or component of the marine vessel may also have an internal property, which may for example be read by a sensor and subsequently transmitted. Each state, m, of each of the vessel operation systems and components 1 1 of the marine vessel may thus be defined by a set of any number, n, of parameters 1 1/22 133129FMA m.1 , m.2, m.3, m.4, m.n, representative of a corresponding set of properties related to that system or component.

[0039] In one embodiment of the invention the at least one of the parameters, in at least one of the sets of any number of parameters, represents a property of the respective vessel operation system or component 1 1 of the marine vessel chosen from the group comprising, pressure, temperature, sound, voltage, frequency, gas-concentration, humidity, pH, connectivity capability, network activity, software component activity, CPU load, memory usage, connectivity activity, position, latency.

[0040] The vessel monitoring system 12, 12n may further be configured to monitor each set of parameters m.1 , m.2, m.3, m.4, .., m.n which defines the state of each of the vessel operation systems and components 1 1 of the marine vessel. This can be done by reading the various values of the parameters electronically, either analogously or digitally.

[0041] The vessel monitoring system 12, 12n may monitor the various systems and components 1 1 of the marine vessel by reading signals form these systems and components 1 1. Such signals may be analogue signals, e.g. electrical signals, like voltage signals, current signals, frequency signals, they may be sound signals, force signals, pressure signals etc. The vessel monitoring system 12, 12n may transform any information, e.g. analogous signals, of the various systems and components 1 1 of the marine vessel into digital signals. The vessel monitoring system 12, 12n may comprise a receiver or an analogue to digital converter or both.

[0042] The malfunction evaluation system 14, 14n may further comprise at least one malfunction triggering algorithm 13, 13n which determines whether or not a malfunction has been detected. This algorithm can for example evaluate the parameters representing each property by comparing each value to a pre-set range, value or threshold, which defines a“safe range” for the respective property. In one embodiment of the invention, such a malfunction trigger algorithm 13, 13n may be configured to compare each set of parameters m.1 , m.2, m.3, m.4, .., m.n with a set of allowable threshold values/ranges T m.i , 12/22 133129FMA

Tm.2, Tm.3, T m.4 , T m .n- The actual comparison is performed by comparing the value of each parameter l m .i , l m.2, l m.3, l m.4, Im.n to the corresponding threshold values T m.i , T m .2, T m .3, T m .4, T m .n. If any one of the parameter values l m .i , l m.2, l m.3, lm.4, , I m.n in the set of parameters is outside the corresponding allowable threshold value T m. i , T m .2, T m .3, T m .4, T m .n defined in the set of ranges, a malfunction signal will be sent to a logical comparator, L1. This logical comparator will then further output an activation signal to the safe state control system 15. Each threshold value may in the above example include two values, defining a range. With reference to figure 3 - 5, the present invention is shown in block diagrams using logical symbols, the logical symbols shall not be construed as single logical circuits, rather they are meant to ease the understanding of an exemplary logic or algorithm behind the marine vessel safety system 10.

[0043] The evaluation of a malfunction may be performed in in light of the state of other vessel operation systems and components 1 1 , as the severity of the malfunction may be highly dependent of the state of the vessel and its systems. A malfunction related to one of two engines may for example be more severe at the beginning of a journey than at the end. Any malfunction evaluation system 14, 14n may in principle be a system which performs estimates for automation of a vessel, comprising many existing navigational and monitoring subsystems of a vessel. According to one embodiment of the invention any malfunction evaluation systems 14, 14n may comprise at least one system chosen from the group: route planning system, situation awareness system, collision avoidance system and dynamic positioning system. A malfunction evaluation system 14, 14n may also comprise other systems, like a virtual chief engineer, an autonomous navigation system, or any sub component of an autonomous navigation system.

[0044] In order to more reliably activate the safe-state control system 15, any one of the malfunction evaluation systems 14 are independently capable of activating the safe-state control system 15. Any malfunction in any of the malfunction evaluation systems 14 in itself is therefore less likely to hinder the 13/22 133129FMA activation of the safe-state control system 15, hence improving the probability that a marine vessel enters safe states in the event of malfunctions in vessel operation systems and components 1 1 of the marine vessel.

[0045] The role of the safe-state system is to ensure that the marine vessel enters a safe state where the safety of the vessel itself, the safety of any surrounding vessels and the safety surrounding environment are maintained. The set of commands executable by the safe-state control system 15 may therefore depend both on the severity of the malfunction as well as the state of the vessel operation systems and components 1 1 of the marine vessel. Examples of commands executable by the safe-state control system 15 comprises at least one command which determines at least one of the following: vessel rudder position, vessel propulsion levels, activation of a dynamic positioning system, activation of a distress signal communication system, activation of a route planning system, activation of a situation awareness system, activation of a collision avoidance system, activation of a machinery recovery system, notification of a remote operator, activation of a sound signal like a vessel whistle, activation of a light signal like a flash signaling device, activation of a light signal like a lantern activation/deactivation, activation of a loudspeaker announcement and disconnect remote control.

[0046] The set of commands executable by the safe-state control system 15 may cause the vessel to undertake certain actions, which defines the safe-state in itself. The actions may be chosen from a group comprising: the marine vessel proceeds to the next waypoint, the marine vessel stops and enters DP-mode, the marine vessel returns to the previous waypoint, the marine vessel navigates back to its last known safe position, the marine vessel navigates to the nearest available safe position, the marine vessel drops an anchor, the marine vessel shuts down some machinery, the marine vessel shuts down all machinery, the marine vessel stops propellers and drifts and the marine vessel maintains it relative position relative to an object.

[0047] The safe-state control system 15 may comprise pre-defined sets of

commands which may be stored in a matrix. Each set of commands among 14/22 133129FMA the pre-defined sets of commands may be executed for a certain malfunction, or may be executed for a certain malfunction given a specific state of any one state of any system or component of the marine vessel. The safe-state control system 15 may be firmware programmed. The matrix in the safe-state control system 15 may be firmware programmed.

Reference list

15/22 133129FMA

16/22 133129FMA