SatsafeRail™ – bringing the Industrial Internet to the rail industry

/SatsafeRail™ – bringing the Industrial Internet to the rail industry
SatsafeRail™ – bringing the Industrial Internet to the rail industry 2017-05-25T11:53:22+00:00


SatsafeRail™ is a commercial off-the-shelf (COTS) software application platform (ThingWorx) that combines key functionality of Web 2.0, search, and social collaboration, capable of connecting rail industry assets, people and systems without the need for investment in expensive bespoke hardware and software. Hardware interfaces are also COTS devices which include desktop PCs, ruggedised computing tablets, remote sensing Machine to Machine (M2M) telematics devices.

Our proven, enterprise-level solution, reduces the time, cost, and risk required to build innovative M2M and Internet of Things (IoT) applications and shares a common Satsafe® eco-system which is made up of three key elements:

  • Things – the smart, remote devices and product systems that are connected through various communication infrastructures to a computing infrastructure. Things can be anything from a simple GPS tracking and man-down product through to sophisticated, multi-sensor devices able to send information (location, vibration, speed, direction, temperature), automatically to Control Centres.
  • The Communication Infrastructure is the wired and wireless (Wi-Fi, 4G, Bluetooth, SIGFOX) networks that connect Things to the Computing Infrastructure and to each other.
  • The Computing Infrastructure is where data capture, analytics tools and new business and software applications create new forms of value. It provides comprehensive management and configuration capabilities to connect, collect, and control anything with bi-directional data transfers between remote assets (points, signals, and track-based monitoring sensors) and the cloud – from simple personal alarms through to full-scale, enterprise-grade control systems.

How it works:

The platform provides a complete application design, runtime, and intelligence environment with the following innovative features:

  • Modern and complete platform
  • Deploy 10X faster with model-based development
  • Mashup people, systems & machines
  • Deploy how you like
  • Evolve & grow application over time as solutions gain in complexity

The built-in ThingWorx Composer™ is an end-to-end application modeling environment designed to accelerate research, development and innovation which can help Future Rail to deliver the Rail Technical Strategy (RTS) more efficiently and at radically lower cost than previously possible. The Composer makes it easy to model the Things, Business Logic, Visualization, Data Storage, Collaboration, and Security required for the connected application that forms the ‘backbone’ of our proposed COMPASS Central Data Integrator.


The SatsafeRail™ platform is well suited to ‘COMPASS’ as it dynamically and virtually brings together people, systems, and connected equipment, and utilizes live collaboration sessions that help individuals or teams to solve problems faster. Working seamlessly in the background, the ThingWorx data store becomes the basis of context aware collaboration and interaction among the systems users, further enhancing its value.  Additionally, the tribal knowledge exposed during the process may be automatically captured and indexed for use in future troubleshooting activities across different areas of Network Rail’s operations.

Search based Intelligence:

ThingWorx SQUEAL™ (Search, Query, and Analysis) brings Search to the world of connected devices such as train mounted equipment, signals, remote assets and distributed data. With SQUEAL’s interactive search capabilities, users can now correlate data that delivers answers to key operational and business problems. Pertinent and related collaboration data, line-of-business system records, and equipment data get returned in a single search, speeding problem resolution, enabling innovation and reducing costs.



The diagrams below illustrates Network Rail’s deployment process and component parts of our proposed COMPASS system described as SatsafeRail.  Each work package is broken into sections with sub-systems lettered to aid understanding of the whole system and it’s component parts.



SatsafeRail COMPASS Work Packages




Work Package A – Operator Control Panel
SatsafeRail™ is a secure, web-based Central Data Integrator that is accessible from any internet browser. The system provides a consolidated, centralised tactical picture in the form of a real time map display (Dashboard) showing the infrastructure state, points conditions and the location of trains with known confidence intervals.

Work Package B – Authority to Move
The system provides the ability to transmit and display a secure ‘Authority to Move’ from the signaller (via a web-based interface) directly to the driver which will be provided through the train’s removable in-cab display (ruggedised tablet). The signaller shall have a clear visual representation of each points and signal conditions within their control area via their display as well as a clear understanding of all other trains due to arrive within their operating area with accurate arrival times.

This work package will enable control to set routes and provide route and vehicle conflict avoidance in order to signal trains safely and efficiently.

Work Package C -Vehicle movement data
COTS GNSS telematics devices shall be fitted to each train which collect and transmit location, speed, direction and train description data, via the GSM network to the Central Data Integrator.  Confidence intervals of the accuracy of the location of the train shall be provided by track-based devices as well as EGNOS (European Geostationary Navigation Overlay Service).

EGNOS, with its geostationary satellites and complex network of ground stations, will deliver more accurate positioning to greater Europe than is possible with GPS or GLONASS alone, as well as an accurate estimate of errors, and warning of disruption to a satellite signal within six seconds. Unlike GPS, EGNOS will offer integrity of signal, increased accuracy, coverage and a service level agreement (e.g. alert within specified time). This makes it suitable to provide a number of navigation services. For the most common applications, EGNOS gives a positioning accuracy of one to three metres, compared to the less accurate 10 to 15 m provided by GPS alone.

EGNOS therefore, makes existing satellite navigation signals suitable for safety critical applications such as flying aircraft or navigating ships through narrow channels. EGNOS was certified for civil aviation in 2011 and opportunities to exploit these transferable technologies for SatsafeRail™ shall be pursued in collaboration with our satellite technology partners.

Work Package D – Vehicle complete function
The system to confirm the train’s current formation shall be based on QR code technologies. Each carriage shall be fitted with an extremely low-cost, hard wearing, unique QR laser etched GeoTag which is scanned by the Train Manager at the start of each route. The initial (parent) GeoTag is the driver’s cab and the process of scanning the parent code opens a secure web-based registration page that instructs the Train Manager to scan each carriage from front to rear. Once the last carriage is scanned, the SUBMIT button is selected which sends the information, via the mobile device’s 3/4G connection, via the cloud and into the SatsafeRail™ system.

The information relating to that particular train can now be viewed by anyone on the network via any internet browser. From a maintenance perspective, Satsafe® GeoTags are a extremely low cost, but effective way to gather granulated asset data including location, time, status and maintenance team information down to individual workers.

Work Package E – Train describer
By clicking on any train that is visible on the display, the signaller will be provided with a view of the train identification, its head code (static and dynamic), vehicle number(s), and driver identification. This is a standard function of ThingWorx SQUEAL™ described in the introduction above.

Work Package F – Control Centre I/O
At the heart of SatsafeRail™ is the ThingWorx applications platform for machine to machine (m2m) and Internet of Things (IoT) applications.  This system provides the interface to communication systems between the central system and remote systems (rail vehicles/trackside infrastructure).  ThingWorx “inclusive” connectivity strategy maximizes operations management and business improvement opportunities whilst minimising integration efforts.

INFRASTRUCTURE SYSTEM (track layer)SatsafeRail

The ThingWorx Remote Service Applications enables Control to monitor, manage, and repair track layer connected assets. With these applications, users can remotely access assets, process alarms, set up asset dashboards, troubleshoot problems and perform preventive maintenance.

These applications include:

  • Connected Service – A remote service application with a Web-based graphical interface and a set of tools to remotely identify, diagnose, and repair issues with devices connected to the platform. Connected Service continuously monitors key parameters in connected products to detect problems before they cause downtime.
  • Connected Access – A remote login and desktop sharing application to remotely and securely access products to troubleshoot problems, monitor and assist with user operations, perform over-the-shoulder training, and more.
  • Connected Content – A content distribution application to automate the distribution and installation of software, content, and security patches remotely to many assets. More than just transferring files, Connected Content automates efficient, secure, reliable, and cost-effective mass distribution of software and content, and allows for the rapid retrieval of log data and configuration files.
  • Connected Configuration – Connected Configuration application enables the Platform to store, manage, and act upon asset configuration information. Each time an asset’s configuration is set, or changes, the new configuration can be processed by the ThingWorx Platform for validation via a new type of expression rule (Validation Rules), standard expression rule execution, and storage in a configuration management database (CMDB).
  • The Connected Configuration application allows you to use asset configuration information to determine the current settings for an asset, including its hardware and software configuration, the make and model of its hardware, and more.  Any configuration information for an asset can be captured in its asset configuration and stored to the ThingWorx Platform, such as version, country, language, part number; entitlement, etc. can be stored in the ThingWorx Platform configuration management database for direct access.  Once there, this asset metadata can be used in expression rules, Custom Objects, or Extended Applications.

Work Package G – Infrastructure Object Comms
SatsafeRail™ supports connectivity to devices via several methods, including 3rd party device clouds such as SIGFOX, direct network connections, Open APIs, and AlwaysOn™ connectivity using the ThingWorx Edge MicroServer. ThingWorx IoT Connectivity includes connectivity services, software agents, and toolkits that enable connectivity between an unlimited number of devices or railway assets and the ThingWorx Platform, using the communication method and hardware that suits Network Rail’s specific needs.

Depending on the class of device or asset needed to connect to, different types of connectivity solutions are available:

  • Firewall-Friendly Agents – Intelligent, configurable, software agents that run on Linux® or Windows® and install either directly onto assets or on a gateway computer tethered to specific assets. The agents use a secure HTTPS and Secure Sockets Layer (SSL) connection.
  • Protocols and Toolkits – The Adaptive Machine Messaging Protocol (AMMP) is a simple, byte-efficient, lightweight messaging protocol to facilitate machine-to-machine communications and to build IoT connectivity into products. Using a RESTful API, AMMP leverages HTTPS and JSON as the means for sending and receiving M2M-related messages between an edge device and the ThingWorx Cloud.
  • Codec Service – A Device Protocol Adapter and communication server for connecting to any message protocol. The communication server is extended with custom codecs (coders/decoders) that translate the device’s native communication format into a form that the SatsafeRail™ Platform can understand and process.
  • Edge Microserver (EMS) – The EMS enables the ThingWorx Platform to transparently access through firewalls the data, events, and services provided by remote devices, and allow remote devices transparent access to the data, events, and services running on the platform.  The EMS can be embedded directly into an edge device, run in gateway devices that sit in front of one or more remote entities, or run on a standard computer operating with Windows or Linux.  In addition, the EMS capabilities also exist in Software Development Kits (SDK) in a variety languages (Java, .NET, C, iOS, Android, Python).
  • REST – The ThingWorx Platform provides a full REST interface all modeling entities created in the platform. Devices can communicate directly to SatsafeRail™ using this RESTful interface.

Work Package H -Track based Communications interface
Satsafe® is currently working with a new wireless network provider – SIGFOX® which is an ultra narrow band wireless network designed specifically for low-throughput devices. The radically low deployment costs, low power consumption and ‘out of the box’ connectivity makes SIGFOX an ideal solution for monitoring remote railway assets. The smart sensors can be deployed rapidly across the rail network with minimal training and financial outlay meaning Operations can begin capturing data through SatsafeRail™ within minutes of deployment.

Arquiva is currently rolling out the SIGFOX network in the UK and the first 10 major cities are now operational. Satsafe® has a range of partners who have developed rail specific monitoring solutions based on the SIGFOX network and we are keen to introduce the products to the UK rail industry as part of the competiton.

Work Package I – Track based Point Control Inhibit, and Detection Repeat (PCIDR) and Control
System to remotely inhibit point operation by the Primary Signalling System, repeat detection back to a central system and provide the opportunity to remotely move points.

A pilot Points Controller sub system has been developed and a pilot built which the bidders have the option to purchase directly from the CHG Electrical or develop their own. (Please refer to Section ‘I’ in Figure 4).

Work Package J – Track based power supplies
Diverse power arrangement for trackside infrastructure equipment must be able to interface with any primary power source, fixed or renewable, and provide power in the event of loss of the primary power source of the signalling system.

This will require power source capable of moving fixed infrastructure in addition to the control system.

Work Package K – Track based train detection
Will detect presence of a train between fixed points along a linear line of route, will provide a train complete function and report to control centre.

Work Package L – Track based Level Crossing Control (LC) detection and control.
System to be able to remotely inhibit barrier operation from the standard interlocking controls, repeat detection back to a central system and provide the opportunity to remotely and locally move barriers.

Work Package M – COMPASS Signal
COMPASS signals will provide lineside signals to indicate a proceed aspect to the driver.

Work Package N – Train Protection Inhibit (e.g. TPWS)
Will provide an inhibit function to prevent activation of TPWS, AWS and ATP activation when the train passes a Primary Signalling System aspect.  This will allow the driver to pass signals which are out of use without the need to isolate the on train system each time.


Work Package 0 – Rail Vehicle System to Central System Comms
Will provide a communications medium between rail vehicle and central system e.g. GPRS / Wi-Fi.

Work Package P – Rail Vehicle System I/O
This system will provide the communication interface between the Rail vehicle system and the central system.

Work Package Q – Driver Control Panel
Displays information to the driver, and interfaces with the Rail Vehicle System.  It will be capable of interfacing with other open architectures e.g. will have multi-port so as to enable displaying other systems data in conjunction with COMPASS data.

Work Package R – Rail Vehicle Monitoring System
System to collect train movement data, and drive the Drivers Control Panel to deliver Authority to Move with provision for further expansion, e.g. condition monitoring.

Work Package S – Geospatial positioning system
Satsafe’s core business is in developing products and services that utilise multi-system spatial positioning systems in order to provide security and safety benefit to end users. The telematics devices selected by Satsafe shall be capable of providing multiple reports of a train’s position at any given moment in time.

Work Package T – Physical location system
SatsafeRail™ will incorporate Track & Train based systems for determining the location of a train independently of the spatial system e.g. RFID Reader & Tags / 3D barcode scanners.

Work Package U – Rail Vehicle System to Infrastructure System Comms
Will provide direct communication between rail vehicles and infrastructure objects, without the need to go via the Central System.

COMPASS Condition Monitoring and Fault Reporting

COMPASS Degraded Mode Working product is intended to be an ‘always-on’ system. This means that it will continually monitor its own performance with respect to the interlocking, ensuring that any anomaly is reported and the affected sub-system inhibited. SatsafeRail™  will monitor its communication system performance for latency, availability and quality of service and its train positioning system accuracy by cross-referencing multiple systems.

Power supply capability will be continually monitored and provision allowed for internal system monitoring and health checks. This will be performed continually with anomalies of any kind reported (in FMS or other designated DRACAS databases) and maintained in historical files within the COMPASS system, the data from this monitoring system can then be used to justify future stage safety arguments with respect to system safety performance.

Preventing Common-Mode Failure

The SatsafeRail™ COMPASS solution will use diverse equipment, including communications, power and control equipment to eliminate common points of failure with the primary signalling system and mitigate against common failure modes with existing equipment.

Power Supply Arrangements

SatsafeRail™ will have independent UPSs designed to have a back-up time to cover the length of an extended serious failure (approximately 3 hours) located at the control centre and multiple secondary UPSs at each line-side node where COMPASS equipment is located to ensure availability during power failures. The equipment will be monitored with alarms reported directly to FMS and centrally recorded for DRACAS purposes.

System Changeover/ Returning to Normal Working

Change-over from the primary signalling control system to the COMPASS System will require a release from the primary signalling control system followed by a command to initiate operation in COMPASS mode. When COMPASS operation is no longer required, transition back to the primary signalling control system will likewise require a release from the COMPASS system, followed by a command to revert to control via the primary signalling system.

Regardless of the deployment scenario, from consumer-level security products for telecare services and telematics insurance to enterprise-level intelligent infrastructure projects, Satsafe®powered by ThingWorx, incorporates an end-to-end security strategy covering all levels, including network, application, user, and data security.


ThingWorx (a PTC business), has attained ISO 27001:2005 certification, supporting the company’s focus on delivering the highest levels of security, performance, and availability of the ThingWorx Cloud. ThingWorx is designed to address key information security concerns with features that:

  • Maintain network security at customer sites – Utilizing patented Firewall-Friendly communication, the solution leverages the customers’ existing security infrastructure.
  • Conceal data from unauthorized parties – All communication is kept secure using SSL encryption, the same method banks use for secure online transactions.
  • Provide a secure and scalable on-demand infrastructure – ISO 27001:2005-certified data centers undergo an annual SAS 70 examination and are built on state-of-the-art equipment, technology investments, and operational expertise.
  • Ensure that system users are authenticated – All access to the system is centrally controlled, requiring password authentication.  All user actions are fully audited for traceability.
  • Limit each user to specific data, views, and actions – Once authenticated, user actions are limited to the products for which they are responsible and the level of access appropriate to their roles.
  • Provide granular policy management – For deployments at customer sites, the Policy Server provides granular, end-user policy management for meeting auditing and compliance regulations. In addition, on-demand center operations team follows well documented, operational standards, including the typical components of:
  1. Change and configuration management
  2. Capacity planning
  3. Security monitoring
  4. Proactive threshold monitoring of core resources

Each of these processes is governed by the ISO 27001 Information Security Management System (ISMS) and is aligned with Information Technology Service Management (ITSM) best practices. The ITSM process has been thoughtfully designed as a component of the Information Technology Infrastructure Library (ITIL) standard.