Search Results

The automotive industry experiences a major change as vehicles are gradually becoming a part of the Internet. Security concepts based on the closed-world assumption cannot be deployed anymore due to a constantly changing adversary model. Automotive Ethernet as future in-vehicle network and a new E/E Architecture have different security requirements than Ethernet known from traditional IT and legacy systems. In order to achieve a high level of security, a new multi-layer approach in the vehicle which responds to special automotive requirements has to be introduced. One essential layer of this holistic security concept is to restrict non-authorized access by the deployment of embedded firewalls. This paper addresses the introduction of automotive firewalls into the next-generation domain architecture with a focus on partitioning of its features in hardware and software.

Functional safe products conforming to the ISO 26262 standard are getting more important for automotive applications wherein electronic takes more and more response for safety relevant operations. Consequently safety mechanisms are needed and implemented in order to reach defined functional safety targets. To prove their effectiveness diagnostic coverage provides a measurable quantity. A straight forward safety mechanism for sensor systems can be established by redundant signal paths measuring the same physical quantity and subsequently performing an independent output difference-check that decides if the data can be transmitted or an error message shall be sent. This paper focuses on the diagnostic coverage figure calculation of such data correlation-checks for linear sensors which are also shown in ISO 26262 part5:2011 ANNEX D2.10.2.

A cooperation of several research partners supported by the German Federal Ministry of Research and Education proposes a new active matrix LED light source. A multi pixel flip chip LED array is directly mounted to an active driver IC. A total of 1024 pixel can be individually addressed through a serial data bus. Several of these units are integrated in a prototype headlamp to enable advanced light distribution patterns in an evaluation vehicle.

The constant motivation for lower fuel consumption and emission levels has always been in the minds of most auto makers. Therefore, it is important to have precise control of the fuel being delivered into the engine. Gasoline Port fuel injection has been a matured system for many years and cars sold in emerging markets still favor such system due to its less system complexity and cost. This paper will explain injection control strategy of today during development, and especially the injector dead-time compensation strategy in detail and how further improvements could still be made. The injector current profile behavior will be discussed, and with the use of minimum hardware electronics, this paper will show the way for a new compensation strategy to be adopted.

Vehicle manufacturers are challenged by rising costs for vehicle recalls. A major part of the costs are caused by software updates. This paper describes a feasibility study on how to implement software update over the air (SOTA) in light vehicles. The differences and special challenges in the automotive environment in comparison to the cellular industry will be explained. Three key requirements focus on the drivers’ acceptance and thus are crucial for the vehicle manufacturers: SOTA must be protected against malicious attacks. SOTA shall interfere as little as possible with the availability of a vehicle. Long update processes with long vehicle downtimes or even complete fails must be avoided. The functional safety of the vehicle during operation may not be limited in any way The study gives options how those objectives can be achieved. It considers the necessary security measures and describes the required adaptations of the board-net architectures both on software and hardware level.

The trend towards even more sophisticated driver assistance systems and growing automation of driving sets new requirements for the robustness and availability of the involved automotive systems. In case of an error, today it is still sufficient that safety related systems just fail safe or silent to prevent safety related influence of the driving stability resulting in a functional deactivation. But the reliance on passive mechanical fallbacks in which the human driver taking over control, being inevitable in such a scenario, is expected to get more and more insufficient along with a rising degree of driving automation as the driver will be given longer reaction time. The advantage of highly or even fully automated driving is that the driver can focus on other tasks than controlling the car and monitoring it’s behavior and environment.

In recent years, we see more and more ECUs integrating a huge number of application software components. This process mostly results from the increasing amount of so called in-house software in various fields like electric-drive, chassis and driver assistance systems. The software development for these systems is partially moved from the supplier to the car manufacturers. Another important trend is the introduction of new network architectures intending to meet the growing communication requirements. For such ECUs the software integration scenarios become more complicated, as more quality of service requirements with regards to timing, safety and security need to be considered [2]. Multi-core microcontrollers offer even more potential variants for integration scenarios. Understanding the interaction between the different software components, not only from a functional, but also from a timing view, is a key success factor for modern electronic systems [6,7,8,9].

The German funded project ARAMiS included work on several demonstrators one of which was a multicore approach on large scale software integration (LSSI) for the automotive domain. Here BMW and Audi intentionally implemented two different integration platforms to gain both experience and real life data on a Hypervisor based concept on one side as well as using only native AUTOSAR-based methods on the other side for later comparison. The idea was to obtain figures on the added overhead both for multicore as well as safety, based on practical work and close-to-production implementations. During implementation and evaluation on one hand there were a lot of valuable lessons learned about multicore in conjunction with safety. On the other hand valuable information was gathered to make it finally possible to set up a cost model for estimation of potential overhead generated by different integration approaches for safety related software functions.

This paper presents a reliability study of a directly cooled IGBT module after a test drive of 85,000 Km in a fuel cell electric vehicle, as well as of an indirectly cooled IGBT module after a test drive of 200,000km in a hybrid car on public roads. At the end of the test drive, the inverter units were disassembled and analyzed with regard to the lifetime consumption. First, electrical measurements were carried out and the results were compared with the ones obtained directly after module production (End of Line test). After that, ultrasonic microscopy was performed in order to investigate any delamination in the solder layers. As a third step, an optical inspection was performed to monitor damages in the housing, formation of cracks or degradation of wire bonds. The results show none of the depicted failure modes could be found on the tested power modules after the field test. Obviously, no significant life time consumption could be observed.

In Engine Management System, more accurate control is required to improve engine performance. Especially generating the precise ignition signal has a direct effect on better engine performance. In the beginning of this paper, a basic software structure to synchronize the engine crank signal and generate ignition signals will be explained. Several cases which can generate dwell timing error will be introduced based on this software structure. In addition, each impact level for each error case will be described. For cases of major error, compensation ways will be proposed in order to obtain more accurate dwell timing. The compensation ways by both microcontroller hardware and user software will be explained in detail. In conclusion, this paper will show the accuracy of ignition signal which implements proposed compensation ways that can be improved as compared to conventional ignition signal.

It has become an important trend to implement safety-related requirements in the road vehicles. Recent studies have shown that accidents, which occurred when drivers are not focused due to fatigue or distractions, can be predicted in advance when using safety features. Advanced Driver Assistance Systems (ADAS) are used to prevent this kind of situation. Currently, many major tiers are using a DSP chip for ADAS applications. This paper suggests the migration from a DSP configuration to a Microcontroller configuration for ADAS application, for example, using a 32bit Multi-core Microcontroller. In this paper, the following topics will be discussed. Firstly, this paper proposes and describes the system block diagram for ADAS configuration followed by the requirements of the ADAS system. Secondly, the paper discusses the current solutions using a DSP. Thirdly, the paper presents a system that is migrated to a Multi-core microcontroller.

Integration scenarios for ECU software become more complicated, as more constraints with regards to timing, safety and security need to be considered. Multi-core microcontrollers offer even more hardware potential for integration scenarios. To tackle the complexity, more and more model based approaches are used. Understanding the interaction between the different software components, not only from a functional but also from a timing view, is a key success factor for high integration scenarios. In particular for multi-core systems, an amazing amount of timing data can be generated. Usually a multi-core system handles more software functionality than a single-core system. Furthermore, there may be timing interference on the multicore systems, due to the shared usage of buses, memory banks or other hardware resources.

The electrification of the powertrain is still one of the main challenges and innovation drivers for modern cars. With the introduction of the Toyota Prius, launched in Japan in 1997 the first commercially available hybrid car in mass production, the development continued towards the BMW i3 launched in July 2013. One main component for all kind of hybrid cars is still the power semiconductor, which is used for DC/DC converters and for the inverter to drive the electric motor for the traction control. What makes the selection of the right power semiconductor complex, is the variety of different voltage levels within the car (from standard 12V board net, the new 48V board net all the way up to 400V and above) plus different requirements in terms of switching and conduction performance, or accordingly power losses. The selection of device by application and voltage will be discussed in this paper.

The amount of electronics in vehicles is increasing, so is the amount of power electronics circuits, like inverters for electric motor drives or dc/dc converters. The muscles of these circuits are power transistors like MOSFETs and IGBTs - in each circuit are several of them. While MOSFETs and IGBTs have advanced over the years in terms of their performance, their wide product spectrum and feature spectrum as well as cost, they are still not unbreakable, but semiconductors which are more sensitive to electrical or thermal overstress than, a relay for instance. Especially electrical overstress, like overvoltage or over current, may damage a power transistor within a short time frame. Hence, electrical overstress must be avoided when designing the power electronics circuit. However, even a power transistor in a carefully designed power electronics circuit, may still be exposed to over current, short circuit, over voltage, over temperature and so forth.

ISO 26262 is the actual standard for Functional Safety of automotive E/E (Electric/Electronic) systems. One of the challenges in the application of the standard is the distribution of safety related activities among the participants in the supply chain. In this paper, the concept of a Safety Element out of Context (SEooC) development will be analyzed showing its current problematic aspects and difficulties in implementing such an approach in a concrete typical automotive development flow with different participants (e.g. from OEM, tier 1 to semiconductor supplier) in the supply chain. The discussed aspects focus on the functional safety requirements of generic hardware and software development across the supply chain where the final integration of the developed element is not known at design time and therefore an assumption based mechanism shall be used.

The increasingly stringent requirements in relation to emission reduction and onboard diagnostics are pushing the Chinese automotive industry toward more innovative solutions and a rapid increase in electronic control performance. To manage the system complexity the architecture will require being well structure on hardware and software level. The paper introduces GEMS-K1 (Gasoline Engine Management System - Kit 1). GEMS-K1 is a platform being compliant with Euro IV emission regulation for gasoline engines. The application software is developed using modeling language, the code is automatically generated from the model. The driver software has a well defined structure including microcontroller abstraction layer and ECU abstraction layer. The hardware is following design rules to be robust, 100% testable and easy to manufacture. The electronic components use the latest innovation in terms of architecture and technologies.

More than ever, microcontroller performance in cars has a direct impact on the driving experience, on compliance with improved safety, ever-stricter emissions regulations, and on fuel economy. The simple microcontrollers formerly used in automobiles are now being replaced by powerful number-crunchers with incredible levels of peripheral integration. As a result, performance can no longer be measured in MIPS (Millions of Instructions Per Second). A microcontroller's effectiveness is based on coherent partitioning between analog and digital, hardware and software, tools and methodology. To make an informed choice among the available devices, the designer needs benchmarks that are specific to automotive applications, and which provide a realistic representation of how the device will perform in the automotive environment.

More than ever, microcontroller performance in cars has a direct impact on the driving experience, on compliance with improved safety, ever-stricter emissions regulations, and on fuel economy. The simple microcontrollers formerly used in automobiles are now being replaced by powerful number-crunchers whose performance can no longer be measured in MIPS. Instead, their effectiveness is based on a coherent partitioning between analog and digital, hardware and software, tools and methodology. To make an informed choice among the available devices, what the designer needs are benchmarks that are specific to automotive applications, and which provide a realistic representation of how the device will perform in the automotive environment. This presentation will explore the role of new benchmarks in the development of complex automotive applications.

This paper shall present advancements in electronic transmission control circuits addressing new challenges in the gearbox striving for improved vehicle efficiency and comfort of driving. Efficient chipset design, requires finding the optimal partitioning, that is the mapping of functionality to hardware or software and analog or digital circuit technology. The efficiency will be judged by minimal cost whilst achieving improved functionality and required scalability for a platform approach. Specific examples demonstrated are smart sensor architecture and new mapping of control strategies, realized with a novice integrated current control IC concept. Comparisons on system level are used to evaluate different function mappings as well as component partitioning. Details of the most optimized mapping and partitioning will be elaborated and first results of implementation in silicon components will be shown.

This paper focuses on the requirements of electronic systems in automotive applications in terms of reliability and quality. As one of the most common devices in such applications for switching electronic loads, the power MOSFET, is investigated in detail. Today's qualification procedure for discrete devices according to AEC Q101 [1] will be explained and how this correlates to the stress of the device in the application. It will be pointed out what additional tests for “extended qualification” should be made to deal with critical failure modes reducing overly conservative safety margins and preventing excessive costs on the component side. The tests will be explained and the results presented.