A new electronic module safeguards self-driving vehicles against the total failure of onboard electrical systems
Autonomous electric vehicles draw power from two sources: a high-voltage battery and, additionally, a conventional 12-volt battery that supplies the vehicle when idling or in high-load situations while driving. Safety-critical systems such as brakes and steering can therefore be connected to two sources of power. But what happens when one of these has a fault – a short circuit, for example? In order to safeguard against total failure and thereby a potentially dangerous situation, researchers from the Fraunhofer IZM have joined with partners on the HiBord project to develop an electronic disconnect device that is able to isolate any such faults in vehicle electrical systems.
In an optimistic assessment, the German motoring organization ADAC predicts that by 2050 as many as 70 percent of all new vehicles will feature technology that frees drivers to devote themselves to other tasks while driving on the highway. Yet critics are concerned by a number of unresolved questions. Will an automatic system remain reliable in the event of an emergency, and what happens if it breaks down due to the propagation of a short circuit?
In today’s electrical system architectures for automated and fully automated vehicles, it is standard practice that areas affected by a fault are isolated by means of an overload protection system. This setup means that the affected component is shut down completely in the event of a fault. For automated and fully automated vehicles, such an
approach is only viable provided there is redundancy for all components and the onboard electrical system; i.e., they are present in duplicate. Yet this is expensive and also increases weight and consumes space, particularly in the case of the onboard electrical system. In the HiBord project, researchers from Fraunhofer IZM teamed up with partners from industry and the Fraunhofer Institute for Integrated Systems and Device Technology IISB to develop a disconnect device that shuts off faulty components in the onboard electrical system while still safeguarding the supply of power to safety-critical components. This guarantees safe driving without the need to install a duplicate onboard electrical system.
Adequate time to convey passengers to safety
Although it sounds like an economy measure, this approach actually represents a significant improvement in terms of safety for autonomous driving. As Phillip Arnold, research associate at Fraunhofer IZM, explains: “In conventional systems, any undervoltage while on the road can trigger a sudden and uncontrolled failure of the entire onboard electronics – including the braking and steering systems. This presents an unacceptable risk, particularly when traveling at high speeds. But with our new module, part of the onboard electrical system continues to function as before, so that a fully automated vehicle would still have enough time to convey passengers to safety – onto the emergency lane of the freeway, for example, or a parking lot.”
In the field of power electronics, engineers use so-called MOSFETs – field-effect transistors – to switch or block large electric currents. Equipped with 16 of these MOSFET switches, the newly developed disconnect device is capable of switching up to 180 amperes of current. If this threshold value is exceeded – in the event of a short circuit, for example – the electrical switch opens and thereby shuts off the power. Moreover, given that the MOSFET switches are capable of handling up to 300 amperes and therefore operate well below their maximum permissible load, they have a significantly longer lifetime than conventional solutions.
Sixty times faster than conventional fuse systems
In tests where researchers intentionally triggered short circuits, results showed that the module is capable of reliably isolating a current of up to 700 amperes without there being any propagation of the initial short circuit. There are also clear advantages over conventional systems in terms of switching speeds. While a conventional fuse takes some 20 milliseconds to trip, the disconnect device detects a fault within 10 microseconds and only requires a further 300 microseconds before tripping. This makes it more than 60 times faster than current fuse systems.
The module has already been successfully tested in an electrically powered BMW i3 demonstrator vehicle and is designed in such a way that it can, in principal, be used in any electric vehicle. By protecting against a complete failure following sudden problems with the onboard electrical system, this new development marks a groundbreaking step towards safe and reliable autonomous driving.