Functional Safety (ASIL-D) for an Electro Mechanical Brake 2016-01-1953
Since more than eight years Vienna Engineering (VE) is working on an electro-mechanical brake (EMB) actuated by eccentrics and a highly non-linear actuation mechanism. The principle allows full braking in approx. 70 milliseconds (including air gap) and only approx. 3 A RMS actuator current at 12 V for classical ABS with oscillations. This EMB reached an elaborated state. Versions for passenger cars, elevators, railway and commercial vehicles (CVs) were derived.
Now, as the EMB is going to road tests, it is necessary to fulfill safety requirements closely. What are these safety requirements and how can they be fulfilled? The properties of the overall system, of the mechanics and electronics of the single brake are discussed in this paper.
The overall brake system for EMBs needs a truly redundant power supply, a safe control bus and a safe brake pedal. The mechanics of a single brake can be required to release when power is off and it must not get mechanically stuck. The electronics of each brake must fulfill safety integrity level ASIL-D, which can be interpreted as an extreme unlikeliness of a safety critical malfunction. It includes all electrically and electronically parts like connectors, actuator motor, its control, the microprocessor and all electronic components.
The mechanical safety requirements were developed with a car manufacturer. The system architecture is an acknowledged bus and supply design. The ASIL-D brake electronics is currently implemented together with an electronics company that originated from safe aircraft electronics, e.g. gas turbine controllers (FADEC). The paper gives an overview of these topics, including details of the EMB control electronics, which is directly integrated into the brake.
The simplicity of commanding EMBs and the very short actuation time makes certain EMBs ideal for autonomous driving and autonomous emergency braking.