SFFS422 May   2022

 

  1.   Trademarks
  2.   2
  3. 1Scope
  4. 2Related Documents
  5. 3Related Standards and Acronyms
  6. 4Concept Overview
    1. 4.1 System Block Diagram
    2. 4.2 System Specifications
    3. 4.3 Conditions of use: Assumptions
      1. 4.3.1 Generic Assumptions
      2. 4.3.2 Specific Assumptions
    4. 4.4 Safe Torque Off Implementation
      1. 4.4.1 Subsystem Elements
      2. 4.4.2 STO Safe Subsystem States and Timing Diagram
      3. 4.4.3 STO_1 Subsystem
      4. 4.4.4 STO_2 Subsystem
      5. 4.4.5 MCU (SIL 1) Diagnostic Coverage
      6. 4.4.6 STO_FB Subsystem
      7. 4.4.7 Information on ICs
        1. 4.4.7.1 Isolated 24-V Input Receiver
        2. 4.4.7.2 Load Switch: TPS22919
        3. 4.4.7.3 High-Side Switch: TPS27S100
        4. 4.4.7.4 Isolated Gate Driver: ISO5852S (ISO5452)
    5. 4.5 Safe State
  7. 5Concept FMEA
    1. 5.1 System FMEA
  8. 6References

4.2 System Specifications

The PDS/SR is a DC-fed 3-phase inverter which supports the function STO (safe torque off) according to IEC 61800-5-2. The STO function supports IEC 60204-1 stop category 0, resulting in an uncontrolled coast stop too. It shall meet IEC61508 SIL 3 and ISO13849 category 3 PL e.

The STO function removes both supply voltages of the six isolated IGBT gate driver supplies. STO_1 removes the logic input supply (VCC) of the isolated gate drivers, STO_2 removes the input supply (P24V) to the isolated multi-output DC/DC, which therefore removes the isolated output supply rails (VCC2/VEE2) to the six isolated IGBT gate drivers, respectively. Due to that the six outputs of the isolated gate drivers are 0 V (off) and the six IGBTs turn-off respectively. In that case the 3-phase IGBT inverter cannot generate a rotating torque to the motor anymore.

The PDS/SR is operating in high demand or continuous mode, where the rate of demands for operation made on safety sub-function is greater than 1 per year.

Table 4-1 TIDA-01599 System Specifications
Parameter Value Comment
Safety function STO Safe torque off per IEC 61800-5-2
Hardware redundancy (HFT) HFT = 1 (1oo2)
IEC 61508 SIL level SIL 3
ISO 13849 Category 3, PL e
Demand mode Continuous
SFF/DC ≥ 90% (HFT = 1) Cat 3 PL e medium DC is ≥90%.
PFH < 10-7 The quantitative analysis is not part of this concept study.
STO response time 10 ms (nominal), 200 ms (maximum) The Time between active low STO and gate drive output (Vgs) low, which means power IGBTs are OFF. The quantitative analysis is not part of this concept study.
DTI (Diagnostics test interval) 100 ms (10 Hz) The quantitative analysis is not part of this concept study. Diagnostics runs at least 10 Hz (load switch STO_1 and load switch for STO_2).
FRT (Fault response time) < 200 ms
Mission time (TM) 20 years
STO input voltage range

24-V DC ±15% (nominal)

+/-60-V DC absolute maximum
STO input logic level, valid > 2 ms

15- to 30-V DC: STO function not engaged

<10-V DC: STO function engaged

 STO is active low logic input. Input is low-pass filtered to remove OSSD pulses. Valid STO is > 2 ms.
Support of OSSD test pulses Test pulse duration < 1 ms, maximum repetition frequency 500 Hz

Added low-pass filter to remove (filter-out) the test pulses to avoid trigger STO.

Diagnostics for OSSD pulses run at 250 Hz (4-ms rate).
DC supply voltage 24-V DC ±15% (nominal)
Isolated gate driver supply voltages

Logic supply: 3V3 to 5 V (nominal)

Output supply: +15 V, –8 V (nominal)

 It is expected that the supply rails are protected to remain below the recommended maximum operating voltage of the selected isolated gate drivers.
Operating ambient temperature –40°C to 85°C