Search Results

The development of highly automated driving functions (AD) recently rises the demand for so called Fail-Operational systems for native driving functions like steering and braking of vehicles. Fail-Operational systems shall guarantee the availability of driving functions even in presence of failures. This can also mean a degradation of system performance or limiting a system’s remaining operating period. In either case, the goal is independency from a human driver as a permanently situation-aware safety fallback solution to provide a certain level of autonomy. In parallel, the connectivity of modern vehicles is increasing rapidly and especially in vehicles with highly automated functions, there is a high demand for connected functions, Infotainment (web conference, Internet, Shopping) and Entertainment (Streaming, Gaming) to entertain the passengers, who should no longer occupied with driving tasks.

Classic vehicle production had limitations in bringing the driving commands to the actuators for vehicle motion (engine, steering and braking). Steering columns, hydraulic tubes or steel cables needed to be placed between the driver and actuator. Change began with the introduction of e-gas systems. Mechanical cables were replaced by thin, electric signal wires. The technical solutions and legal standardizations for addressing the steering and braking systems, were not defined at this time. Today, OEMs are starting E/E-Architecture transformations for manifold reasons and now have the chance to remove the long hydraulic tubes for braking and the solid metal columns used for steering. X-by-wire is the way forward and allows for higher Autonomous Driving (AD) levels for automated driving vehicles. This offers new opportunities to design the vehicle in-cabin space. This paper will start with the introduction of x-by-wire technologies.

Software complexity of vehicles is constantly growing especially with additional autonomous driving features being introduced. This increases the risk for bugs in the system, when the car is delivered. According to a car manufacturer, more than 90% of availability problems corresponding to Electronic Control Unit (ECU) functionality are either caused by software bugs or they can be resolved by applying software updates to overcome hardware issues. The main concern are sporadic errors which are not caught during the development phase since their trigger condition is too unlikely to occur or is not covered by the tests. For such systems, there is a need of safe and secure infield diagnosis. In this paper we present a tool software architecture with remote access, which facilitates standard read/write access, an efficient channel interface for communication and file I/O, and continuous trace.

The current automotive electronic and electrical (EE) architecture has reached a scalability limit and in order to adapt to the new and upcoming requirements, novel automotive EE architectures are currently being investigated to support: a) an Ethernet backbone, b) consolidation of hardware capabilities leading to a centralized architecture from an existing distributed architecture, c) optimization of wiring to reduce cost, and d) adaptation of service-oriented software architectures. These requirements lead to the development of Zonal EE architectures as a possible solution that require appropriate adaptation of used security mechanisms and the corresponding utilized hardware trust anchors. 1 The current architecture approaches (ECU internal and in-vehicle networking) are being pushed to their limits, simultaneously, the current embedded security solutions also seem to reveal their limitations due to an increase in connectivity.

Recently, vehicle networks have increased complexity due to the demand for autonomous driving or connected devices. This increasing complexity requires high bandwidth. As a result, vehicle manufacturers have begun using Ethernet-based communication for high-speed links. In order to deal with the heterogeneity of such networks where legacy automotive buses have to coexist with high-speed Ethernet links vehicle manufacturers introduced a vehicle gateway system. The system uses Ethernet as a backbone between domain controllers and CAN buses for communication between internal controllers. As a central point in the vehicle, the gateway is constantly exchanging vehicle data in a heterogeneous communication environment between the existing CAN and Ethernet networks. In an in-vehicle network context where the communications are strictly time-constrained, it is necessary to measure the delay for such routing task.

For highly automated driving, commercial vehicles require an Electric/Electronic (E/E) architecture, which - in addition to sensor fusion - ensures safety-critical processes such as steering and braking at all times. Among other things, a redundant 24 V supply with corresponding disconnection is required. The battery switch is a key component. Commercial, construction, and agricultural vehicles (CAV) need to operate at the highest possible availability and the lowest possible cost of ownership. This is why automated and autonomous driving has the potential to revolutionize the CAV sector. Driverless machines can be operated around the clock and almost non-stop. Platooning allows automated, interconnected trucks to drive in a convoy and very close to each other. Platooning saves fuel.

Advanced safety features and new services in connected cars depend on the security of the underlying vehicle functions. Due to the interconnection with the outside world and as a result of being an embedded system a modern vehicle is exposed to both, malicious activities as faced by traditional IT world systems as well as physical attacks. This introduces the need for utilizing hardware-assisted security measures to prevent both kinds of attacks. In this paper we present a survey of the different classes of hardware security devices and depict their different functional range and application. We demonstrate the feasibility of our approach by conducting a case study on an exemplary implementation of a function-on-demand use case. In particular, our example outlines how to apply the different hardware security approaches in practice to address real-world security topics. We conclude with an assessment of today’s hardware security devices.

Connecting mobile communication channels to vehicles’ networks is currently attracting engineers in a wide range. Herein the desire of vehicle manufacturers to remotely execute software updates over the air (SOTA) within electronic control units (ECU) is probably the field of highest attention at the moment. Today software updates are typically done at vehicle service stations and connection the vehicles electronic network via the onboard diagnosis (OBD) interface to a service computer. Herby the duration of the update is invisible to the user, as this happens during standard service appointments. With introduction of SOTA, these updates become very convenient to the customer and can lead to higher customer satisfaction levels. SOTA can be made transparent to the user however the method of implementation can affect the user experience.

Introduction The introduction of Ethernet and Gigabit Ethernet [2] as the main invehicle network infrastructure is the technical foundation for different new functionalities such as piloted driving, minimizing the CO2- footprint and others. The high data rate of such systems influences also the used microcontrollers due the fact that a big amount of data has to be transferred, encrypted, etc. Figure 1 Motivation - Vehicles will become connected to uncontrolled networks The usage of Ethernet as the in-vehicle-network enables the possibility that future road vehicles are going to be connected with other vehicles and information systems to improve system functionality. These previously closed automotive systems will be opened up for external access (see Figure 1). This can be Car2X connectivity or connection to personal devices. Allowing vehicle systems to communicate with other systems that are not within their physical boundaries impose a previously non-existing security problem.

In-vehicle communication faces increasing bandwidth demands, which can no longer be met by today's MOST150, FlexRay or CAN networks. In recent years, Fast Ethernet has gained a lot of momentum in the automotive world, because it promises to bridge the bandwidth gap. A first step in this direction is the introduction of Ethernet as an On Board Diagnostic (OBD) interface for production vehicles. The next potential use cases include the use of Ethernet in Driver Assistance Systems and in the infotainment domain. However, for many of these use cases, the Fast Ethernet solution is too slow to move the huge amount of data between the Domain Controllers, ADAS Systems, Safety Computer and Chassis Controller in an adequate way. The result is the urgent need for a network technology beyond the Fast Ethernet solution. The question is: which innovation will provide enough bandwidth for domain controllers, fast flashing routines, video data, MOST-replacement and internal ECU buses?

End of Line tests are brief set of tests intended to evaluate ECU's in order to ensure correct functioning of its intended functionality. As these tests are executed on the production line, available time to perform these tests is limited. On one hand, faster production demands require these tests and its framework to be designed in a time optimized manner. On the other hand, increase in ECU functionality translates to an increase in test's functional coverage, requiring more time. Therefore the time taken to execute the tests reaches a critical point in overall ECU production. Availability of multicore microcontrollers with increase in clock speed can increase the performance of end of line tests, but design challenges e.g. synchronization do not guarantee a linear performance increase. Therefore, design of test execution framework is absolutely critical to increase performance of test execution.

This paper presents a reliability study of a directly cooled IGBT module after a test drive of 85,000 Km in a fuel cell electric vehicle, as well as of an indirectly cooled IGBT module after a test drive of 200,000km in a hybrid car on public roads. At the end of the test drive, the inverter units were disassembled and analyzed with regard to the lifetime consumption. First, electrical measurements were carried out and the results were compared with the ones obtained directly after module production (End of Line test). After that, ultrasonic microscopy was performed in order to investigate any delamination in the solder layers. As a third step, an optical inspection was performed to monitor damages in the housing, formation of cracks or degradation of wire bonds. The results show none of the depicted failure modes could be found on the tested power modules after the field test. Obviously, no significant life time consumption could be observed.

A variety of methodologies to use embedded multicore controllers efficiently has been discussed in the last years. Several assumptions are usually made in the automotive domain, such as static assignment of tasks to the cores. This paper shows an approach for efficient task allocation depending on different system modes. An engine management system (EMS) is used as application example, and the performance improvement compared to static allocation is assessed. The paper is structured as follows: First the control algorithms for the EMS will be classified according to operating modes. The classified algorithms will be allocated to the cores, depending on the operating mode. We identify mode transition points, allowing a reliable switch without neglecting timing requirements. As a next step, it will be shown that a load distribution by mode-dependent task allocation would be better balanced than a static task allocation.

The newly released Distributed System Interface 3 (DSI3) Bus Standard specification defines three modulation levels form which 16 valid symbols are coded. This complex structure is best decoded with symbol pattern recognition. This paper proposes a simplification of the correlation score calculation that sharply reduces the required number of operations. Additionally, the paper describes how the pattern recognition is achieved using correlation scores and a decoding algorithm. The performance of this method is demonstrated by mean of simulations with different load models between the master and the sensors and varying noise injection on the channel. We prove than the pattern recognition can decode symbols without any error for up to 24dBm.

Integration scenarios for ECU software become more complicated, as more constraints with regards to timing, safety and security need to be considered. Multi-core microcontrollers offer even more hardware potential for integration scenarios. To tackle the complexity, more and more model based approaches are used. Understanding the interaction between the different software components, not only from a functional but also from a timing view, is a key success factor for high integration scenarios. In particular for multi-core systems, an amazing amount of timing data can be generated. Usually a multi-core system handles more software functionality than a single-core system. Furthermore, there may be timing interference on the multicore systems, due to the shared usage of buses, memory banks or other hardware resources.

In modern vehicles, the number of small electrical drive systems is still increasing continuously for blowers, fans and pumps as well as for window lifts, sunroofs and doors. Requirements and operating conditions for such systems varies, hence there are many different solutions available for controlling such motors. In most applications, simple, low-cost DC motors are used. For higher requirements regarding operating time and in stop-start capable systems, the focus turns to highly efficient and durable brushless DC motors with electronic commutation. This paper compares various electronic control concepts from a semiconductor vendor point of view. These concepts include discrete control using relays or MOSFETs. Furthermore integrated motor drivers are discussed, including system-on-chip solutions for specific applications, e.g. specific ICs for window lift motors with LIN interface.

The electrification of the powertrain is still one of the main challenges and innovation drivers for modern cars. With the introduction of the Toyota Prius, launched in Japan in 1997 the first commercially available hybrid car in mass production, the development continued towards the BMW i3 launched in July 2013. One main component for all kind of hybrid cars is still the power semiconductor, which is used for DC/DC converters and for the inverter to drive the electric motor for the traction control. What makes the selection of the right power semiconductor complex, is the variety of different voltage levels within the car (from standard 12V board net, the new 48V board net all the way up to 400V and above) plus different requirements in terms of switching and conduction performance, or accordingly power losses. The selection of device by application and voltage will be discussed in this paper.

The three major challenges in the power electronics in hybrid and electric vehicles are: System cost, power density and reliability. High temperature power device and packaging technologies increases the power density and reliability while reducing system cost. Advanced Silicon devices with synthesized high-temperature packaging technologies can achieve junction temperature as high as 200C (compared to the present limitation of 150C) eliminating the need for a low-temperature radiator and therefore these devices reduces the system cost. The silicon area needed for a power inverter with high junction temperature capability can be reduced by more than 50 - 75% thereby significantly reducing the packaging space and power device and package cost. Smaller packaging space is highly desired since multiple vehicle platforms can share the same design and therefore reducing the cost further due to economies of scale.

This paper considers the verification of non-standard CAN network topologies of the physical layer at high speed transmission rate (500.0Kbps and 1.0Mbps). These network topologies including single star, multiple stars, and hybrid topologies (multiple stars in combination with linear bus or with ring topology) are simulated by using behavior modeling language (VHDL-AMS) in comparison to measurement. Throughout the verification process, CAN transceiver behavioral model together with other CAN physical layer simulation components have been proved to be very accurate. The modeling of measurement environment of the CAN network is discussed, showing how to get the measurement and simulation results well matched. This demonstrates that the simulation solution is reliable, which is highly desired and very important for the verification requirement in CAN physical layer design.

In addition to basic switching functionality, smart power switches mainly provide diagnostic and protection functions, e.g. for short circuits to the load, which makes it all the more surprising that short circuit protected smart switches have been used for years in automotive applications without there being a precise definition of a short circuit. This article describes what Infineon has done to fill this gap. It was first necessary to define the kind of short circuits likely to occur in automotive applications and to specify the use and operating points of the smart switches. The next logical step was the standardization of the test circuit and application conditions in the AEC (Automotive Electronics Council) to allow an industry-wide comparison of the test results.