Nowadays, many vehicles are equipped with Passive Start function and/or Start-Stop engine management systems;
In case of the Passive Start function, the engine is cranked following a user request (pressing a button for example) when the user identification have been validated and when some conditions are met to safely crank the engine.
In case of a Start-Stop engine management system, the decision to crank is left the engine ECU with the purpose of saving fuel. As for the Passive Start function, the cranking shall only occur when security and safety conditions are satisfied.
From a safety perspective, in order to prevent any vehicle movement while cranking (the feared event), it shall be ensured that the transmission gear state is in either Park (P) or Neutral (N) state.
Translated into an ISO26262 context, this condition shall meet an ASIL B level.
In the prior art, a system featuring an electromechanical switch satisfies the ISO26262 requirements.
Referring to FIG. 1, in which a schematic diagram of the prior art system is shown, the system includes an ECU controller 30, such like a PEPS or EMS ECU, a cranking relay 10 enabling the engine to be cranked and an inhibitor switch 20. The inhibitor switch may also be called Neutral or Park SW (in short PN switch). The inhibitor switch is, in this case, an electromechanical switch assembled directly on or sometimes into the transmission. The inhibitor switch is mechanically coding the transmission gear state in such a way it is in a closed position when the transmission is in the Neutral or Park gear state.
As shown in FIG. 1:
the inhibitor switch 20 has a side connected to the cranking relay actuating coil as well as to a ECU 30 terminal (e.g. “Feedback terminal”) allowing it to detect the inhibitor switch 20 state.
the other Inhibitor switch 20 terminal is connected to the ground.
the other cranking relay 10 actuation coil terminal is connected to the ECU 30 (e.g. “High Side Switch terminal”) allowing it to control the cranking relay 10.
Hereinafter, the operation of the prior art system will be described.
When the transmission is in the Neutral or Park state, the inhibitor switch 20 is closed, pulling the ECU 30 feedback input terminal and the cranking relay coil 10 to the ground level and electrically enabling the cranking relay 10 actuation. Should a vehicle cranking be required, the controller ECU 30 is checking the inhibitor switch 20 state and, if detect closed (in Neutral or Park state), is actuating the High side switch terminal, powering the cranking relay 10, finally resulting in cranking the vehicle engine.
In the above system, three conditions must be satisfied in order to crank the engine, that is:
the inhibitor switch 20 shall be closed, indicating the transmission is in Neutral or Park gear state;
The controller shall confirm the state of the Inhibitor switch through the FB terminal;
And, when requested, the controller shall activate the cranking relay through the High Side Switch output terminal.
It is to note that, shall any of the condition be missing (not satisfied), the cranking relay 20 can't be electrically actuated. This configuration realizes a logical AND requirement satisfying the ISO 26262 ASIL B level.
It is also to be noted here that, using the same electromechanical inhibitor switch, the safety condition can be met by reversing the logic (e.g. powering one cranking relay 20 terminal and actuating it with a Low Side switch). This configuration would also satisfy the ISO26262 ASIL B level.
The electromechanical inhibitor switch being subjected to mechanical wear out leads in some extreme cases to a functional failure (lost of the cranking ability).
To prevent such situations, a new type of contactless sensors is proposed. This type of contactless sensor mostly uses Hall sensors measuring an angle and outputting that angle rather than a gear box state and, consequently, making it is impossible to immediately replace the electromechanical switch by a contactless component.
Several solutions have been presented, for example, in EP1471290B1, a failure detection device for a rotation angle detection sensor is provided, so as to detect a failure in the sensor. Other solutions propose to convert the angle value into a gear state using external hardware/software solutions.
However, these solutions involve more hardware, making them expensive to implement (2 independent ECUs needed, 2 serially connected relays to achieve the ASIL level). They also require the vehicle system to be substantially modified as to accommodate the new type sensor.