EVS28 KINTEX, Korea, May 3-6, 2015 n-bms, a novel ISO26262 compliant battery management system Karl Vestin Lithium Balance A/S, Baldershøj 26C, 2635 Ishøj, Denmark, k.vestin@lithiumbalance.com
Lithium Balance, driving safety innovation LiTHIUM BALANCE provide: Innovative and cost effective Battery Management solutions Enabling our customers to reach or exceed their goals LiTHIUM BALANCE supply: High end battery management solutions Engineering and integration services Consultancy Winner of the Frost & Sullivan European Automotive Powertrain Innovation Award 2 best European green technology 2 nd best European green technology company in the Eurecan venture contest 2
Introduction I. The n-bms is fully featured next generation battery management system 1) Highly accurate measurements of cell voltages and temperatures 2) State-of-the-art algorithms for SOC/SOH 3) Automotive grade safety rated components 4) Open API for user software components 1. Flexible hardware and software architecture allows for rapid and safe vehicle integration 2. Off-the-shelf components that can quickly and efficiently be tailored to specific customer requirement 3. Developed in full compliance to ISO26262 4. Developed in close cooperation with major car manufacturers in Europe and North America 3
What is ISO26262? "Road vehicles Functional safety ISO26262: Standard in seven parts (not counting vocabulary, analysis chapter and guidelines) Covers all aspects of a product life cycle, for product idea to decommissioning Introduces the concept of automotive safety integrity level (ASIL) Provides partical instructions and guidelines for how to create safe and reliable E/E systems for road vehicles ISO26262 4
The ISO26262 work flow Concept phase Production and operation System development System verification Hardware development Software development Hardware verification Software verification 5
The cost of implementing ISO26262 I. The implementation of ISO26262 does take considerable effort. Some factors that reduce the initial effort; 1. The existance of a strong QA system within the organization 2. The existance of a strong safety culture within the organization 3. Utilization of tools and templates, such as; 1) MediniAnalyze by IKV++ (http://www.ikv.de) 2) The JasPar project (https://www.jaspar.jp/english/) II. The safety mechanisms and redundancies that the implementation of ISO26262 leads to also increase the cost of the finalized product. Some factors that reduce the cost price increase; 1. Utilization of integrated circuits to reduce component count and cost 2. Clever use of the decomposition rules to maximize hardware utilization 3. Relocation of all non-safety functions to other subsystems 6
The benefits of implementing ISO26262 I. More reliable product -> Less exposure to warranty claims II. Safer product -> Less exposure to safety incidents III. Full traceability from safety goals to hardware components simplifies maintainance IV. Capability to communicate objectively verifiable statements about product safety to customers and suppliers 7
Safety Element out of Context I. ISO26262 take a hollistic vehicle level view on functional safety. This means that all hazard and asociated ASIL s are derived on vehicle level II. This poses a problem for manufacturers of standard components that ideally should be usable in a wide range of vehicles III. Luckily ISO26262 also contains the solution to this problem The automotive industry develops generic elements for different applications and for different customers. These generic elements can be developed independently by different organizations. In such cases, assumptions are made about the requirements and the design, including the safety requirements that are allocated to the element by higher design levels and on the design external to the element. ISO26262:8-9.1 8
Tailoring of safety activities I. Concept phase 1. Assumed Item Definition 2. Assumed Hazard Analysis and Risk Assessment 3. Assumed Safety Goals II. System design phase 1. All assumed dependencies and allocated functions on other systems III. Hardware and software development 1. No tailoring, full application of standard IV. System verification 1. All item level integration and verification activities post-poned V. Production and operation 1. Assumptions made on item level specified 9
Item definition Elements of the item States of the item External interfaces of the item Failure modes of the item 10
Hazard analysis and risk assessment Operating conditions Hazards Hazardous events Severity, Exposure, Controllability ASIL 11
Requirement break-down Independency Safety goal Functional safety requirements Decomposition 12
Artifacts generated Hazard analysis and risk assessment Number Operating conditions 13 Hazards 7 Hazardous events 13*7=91 Safety goals 5 Requirement break-down Number Safety goals 5 Functional safety requirements 35 Technical safety requirements 122 Hardware safety requirements 210 Software safety requirements 165 13
Safety analysis Failure mode effect analysis (FMEA) Fault tree analysis (FTA) 14
The result 15
n-bms safety features and benefits Cell voltage monitoring ±1.2mV <100ms update rate ASIL C(D) Temperature monitoring ±2Cº <100ms update rate ASIL C(D) Current monitoring Depends on Hall effect sensor, typical ±2% <10ms update rate ASIL C(D) Isolation fault monitoring 500 Ω/V ASIL A All hardware and software engineered according to ISO26262 ASIL C level Prevent battery accidents Prevent expensive product recalls Reduce warranty exposure 16
n-bms reliability features and benefits Automotive grade safety rated hardware components Temperature range Operational -40⁰C to 85⁰C Storage -40⁰C to 105⁰C EMC: SAE J1113, CISPR 25, IEC EN 61000, ISO 11451, ISO 11452, ISO 7637 ESD: SAE J1113, ISO10605, IEC EN 61000 Vibration: IEC EN 60068 Reduced warranty exposure Near 100% up-time Enhanced battery reliability 17
n-bms performance features and benefits State-of-the-art algorithms for estimation of; State of Charge (SOC) State of Health (SOH) Remaining Useful Life (RUL) Power capability Three isolated CAN bus interfaces CANOpen UDS/OBD-II J1939 Application programming interface (API) to support customer specific algorithms and software functions Improved driver experience Simple, robust and reliable system integration Tailor made battery management system, but with the reliability offered by using standard hardware and software 18
Thank you for you attention Questions are welcome; now or later at our stand. Alternatively please feel free to contact me directly to discuss battery management, functional safety or electric vehicles in general. Project funded by Energiteknologisk Udviklings- og Demonstrationsprogram, EUDP Karl Vestin, CTO Lithium Balance A/S since 2008 k.vestin@lithiumbalance.com +45 4133 4651 19