Safety Concepts for future Electromechanical Brake Systems
Electromechanical brake systems (EMB-systems) are currently attracting big interest in the automotive industry. Their first use in large-scale production is imminent. However, the EMB-actuators are only used on the rear axle in combination with a hydraulic brake system on the front axle, which significantly reduces the safety requirements for the EMB-system. This work deals with the safety concepts required for pure EMB-systems on the basis of current legislation and standards.
The EMB-system represents an item (according to ISO 26262) for which safety goals with corresponding ASIL are determined by the means of a hazard analysis and risk assessment (HARA). The analysis shows that the EMB-system must guarantee low decelerations with ASIL D, while high decelerations are generally to be assigned to lower ASILs. Furthermore, it is shown that the required safety of the EMB-system can be lowered by using dissimilar redundancies, such as deceleration-capable parking brake systems or recuperation-capable powertrains.
The safety assessment of the item EMB-system is performed by an independent analysis of the individual sub-systems consisting of the pedal, power supply, central control and EMB-actuator. For this purpose, a component library is first created that takes into account different implementation options (e.g., internal safety mechanisms and redundancies). The proof of safety is then performed by applying a methodology, which has been developed in a preliminary work (Ebner, 2024), on the basis of a complete sub-system permutation. Finally, the sub-systems evaluated as safe are used to show how safe EMB systems can look like.
A further focus of this PhD consists of considering electrical powertrains regarding their capability to provide a braking functionality. Therefore, two approaches are followed. First, the recuperation is considered as a means to decelerate. Second, the control unit of the powertrain is used as a backup for a failed control unit dedicated to the braking system due to the application of graceful degradation. It is shown that different approaches to guarantee the braking functionality are promising, depending on the powertrain topology (single vs. dual axle powertrain) and the performance of the powertrain.