n-BMS, a novel ISO26262 compliant battery management system a novel ISO26262... · EVS28 KINTEX,...

EVS28KINTEX, Korea, May 3-6, 2015

n-BMS, a novel ISO26262 compliant battery management system

Karl VestinLithium Balance A/S, Baldershøj 26C, 2635 Ishøj, Denmark,

k.vestin@lithiumbalance.com

Lithium Balance, driving safety innovation

2

LiTHIUM BALANCE provide:• Innovative and cost effective Battery

Management solutions• Enabling our customers to reach or

exceed their goals

LiTHIUM BALANCE supply:• High end battery management solutions• Engineering and integration services• Consultancy

Winner of the Winner of the Frost & SullivanEuropean Automotive Powertrain Innovation Award

2 best European green technology2nd best European green technologycompany in the Eurecan venture contest

Introduction

I. The n-BMS is fully featured next generation battery management system

1) Highly accurate measurements of cell voltages and temperatures

2) State-of-the-art algorithms for SOC/SOH

3) Automotive grade safety rated components

4) Open API for user software components

1. Flexible hardware and software architecture allows for rapid and safe vehicle integration

2. Off-the-shelf components that can quickly and efficiently be tailored to specific customer requirement

3. Developed in full compliance to ISO26262

4. Developed in close cooperation with major car manufacturers in Europe and North America

3

What is ISO26262?

"Road vehicles – Functional safety” ISO26262:• Standard in seven parts (not counting vocabulary, analysis chapter and guidelines)

• Covers all aspects of a product life cycle, for product idea to decommissioning

• Introduces the concept of automotive safety integrity level (ASIL)

• Provides partical instructions and guidelines for how to create safe and reliable E/E systems for road vehicles

4

ISO26262ISO26262

The ISO26262 work flow

5

Concept phaseConcept phase

System development

System development

Hardware development

Hardware development

Software development

Software development

Hardware verificationHardware verification

Software verificationSoftware

verification

System verification

System verification

Productionand operation

Productionand operation

The cost of implementing ISO26262

I. The implementation of ISO26262 does take considerable effort. Some factors that reduce the initial effort;1. The existance of a strong QA system within the organization2. The existance of a strong safety culture within the organization3. Utilization of tools and templates, such as;

1) MediniAnalyze by IKV++ (http://www.ikv.de)2) The JasPar project (https://www.jaspar.jp/english/)

II. The safety mechanisms and redundancies that the implementation of ISO26262 leads to also increase the costof the finalized product. Some factors that reduce the cost price increase;1. Utilization of integrated circuits to reduce component count and cost2. Clever use of the decomposition rules to maximize hardware

utilization3. Relocation of all non-safety functions to other subsystems

6

The benefits of implementing ISO26262

I. More reliable product -> Less exposure to warranty claims

II. Safer product -> Less exposure to safety incidents

III. Full traceability from safety goals to hardware components simplifies maintainance

IV. Capability to communicate objectively verifiable statements about product safety to customers and suppliers

7

Safety Element out of Context

“The automotive industry develops generic elements for different applications and for different customers. These generic elements can be developed independently by different organizations. In such cases, assumptions are made about the requirements and the design, including the safety requirements that are allocated to the element by higher design levels and on the design external to the element.”

ISO26262:8-9.1

8

I. ISO26262 take a hollistic vehicle level view on functional safety. This means that all hazard and asociated ASIL’s are derived on vehicle level

II. This poses a problem for manufacturers of standard components that ideally should be usable in a wide range of vehicles

III. Luckily ISO26262 also contains the solution to this problem

Tailoring of safety activities

I. Concept phase1. Assumed Item Definition

2. Assumed Hazard Analysis and Risk Assessment

3. Assumed Safety Goals

II. System design phase1. All assumed dependencies and allocated functions on other systems

III. Hardware and software development1. No tailoring, full application of standard

IV. System verification1. All item level integration and verification activities post-poned

V. Production and operation1. Assumptions made on item level specified

9

Item definition

10

Elements of the item States of the item

External interfaces of the item Failure modes of the item

Hazard analysis and risk assessment

11

Operating

conditionsHazards

Hazardous

events

Severity,

Exposure,

Controllability

ASIL

Requirement break-down

12

Safety goal

Functional

requirements

Functional safety

requirements

Decomposition

Independency

Artifacts generated

13

Hazard analysis and risk assessment Number

Operating conditions 13

Hazards 7

Hazardous events 13*7=91

Safety goals 5

Requirement break-down Number

Safety goals 5

Functional safety requirements 35

Technical safety requirements 122

Hardware safety requirements 210

Software safety requirements 165

Safety analysis

14

Failure mode effect analysis (FMEA)

Fault tree analysis (FTA)

The result

15

n-BMS safety features and benefits

• Cell voltage monitoring• ±1.2mV• <100ms update rate• ASIL C(D)

• Temperature monitoring• ±2Cº• <100ms update rate• ASIL C(D)

• Current monitoring• Depends on Hall effect sensor, typical ±2%• <10ms update rate• ASIL C(D)

• Isolation fault monitoring• 500 Ω/V• ASIL A

• All hardware and software engineered according to ISO26262 ASIL C level Prevent battery accidents Prevent expensive product recalls Reduce warranty exposure

16

n-BMS reliability features and benefits

• Automotive grade safety rated hardware components

• Temperature range• Operational -40⁰C to 85⁰C

• Storage -40⁰C to 105⁰C

• EMC: SAE J1113, CISPR 25, IEC EN 61000, ISO 11451, ISO 11452, ISO 7637

• ESD: SAE J1113, ISO10605, IEC EN 61000

• Vibration: IEC EN 60068

Reduced warranty exposure

Near 100% up-time

Enhanced battery reliability

17

n-BMS performance features and benefits

• State-of-the-art algorithms for estimation of;• State of Charge (SOC)• State of Health (SOH)• Remaining Useful Life (RUL)• Power capability

• Three isolated CAN bus interfaces• CANOpen• UDS/OBD-II• J1939

• Application programming interface (API) to support customer specific algorithms and software functions

Improved driver experience Simple, robust and reliable system integration Tailor made battery management system, but with the reliability

offered by using standard hardware and software

18

Thank you for you attention

Questions are welcome; now or later at our stand. Alternatively please feel free to contact me directly to discuss battery management, functional safety or electric vehicles in general.

19

Karl Vestin, CTO Lithium Balance A/S since 2008

k.vestin@lithiumbalance.com

+45 4133 4651

Project funded by ”Energiteknologisk Udviklings- og Demonstrationsprogram, EUDP”