[Expert perspective] Changan New Energy Automobile Safety System Development

On December 23, 2020, China’s steam research successfully held the “2020 3rd New Energy Automobile Test Evaluation Technology International Forum”. China Steam will continue to push the exciting speech record, this article, “Changan New Energy Automobile Safety System Development” brought about Li Zonghua, deputy general manager of Chang’an New Energy Transportation Development Department.

New energy vehicle trend and security challenge

“New Energy Automotive Industry Development Plan (2021-2035)” proposes: By 2025, new energy automobile new car sales will reach 20% of the total sales volume of automobile new vehicles. In terms of energy security, China’s petroleum has rose to 70%. The oil consumption of automobiles accounts for more than 1/3; environmental protection, China’s promise is 60% carbon emissions in 2030% in 2005; the revitalization of automobile industry, “development New energy vehicles are the only way for my country to move towards auto power towards automobiles. “In terms of economic development, new energy vehicles are both new infrastructure and new kinetic energy. From now on, dual integral policies have been forced, consumer support, license plate support, road power support, official vehicle support, operational indicator support, etc., unwavering development new energy vehicles have become a consensus.

At the same time, the new energy automobile market has developed rapidly, and its unique security issues are increasing, and examples of cases, cases, foreign-known brands, pure electric vehicles, vehicles high-speed driving, dynamic systems suddenly lose control, collision with the front vehicles. The reason is analyzed for the vehicle accelerator pedal signal failure, continuous output opening degree signal, resulting in a power output after the vehicle is released after the throttle; the case 2: a domestic brand pure electric vehicle, due to shift logic issues, vehicles have non-expected reverse stop driving Safety risks, conduct large-scale recalls for related vehicles. Cause Analysis is incomplete to the failure mode of electric drive system, resulting in some specific scenarios, vehicle may not be expected, causing personal injury; case three: domestic brand pure electric car, the power battery suddenly spontaneous combustion during charging Causes the vehicle and the peripheral charging facility. Cause Analysis is not fully considered for the battery management system, and the influence of overflow on battery safety is insufficient to fail to fail, resulting in power battery thermal out of control.

At present, the continuous integration of new energy and intelligence has become trend, including the Internet, whether it is, Xiaopeng, Ideal, or traditional automotive enterprises to vigorously develop intelligence. It can be seen that basic hardware configurations can optionally (power system and interior), “software definition car”, Tesla representative, driving, automatic driving, all kinds of software can be upgraded, then bring the biggest highlight The problem is to keep personal information for new energy vehicles that continue to connect cloud connectors, and vehicles will not be utilized by hackers and other bad factors. Therefore, whether it is traditional power, battery safety, or new intelligent information security after the integration of electric vehicles, it will bring challenges for new energy car safety.

Changan New Energy Safety System Status

Changan has been developing new energy vehicles since 2001, and the 2011 pure electric vehicle (E30) “with electricity first hit”, 2017 released “Shangri-La” program, establishing new energy companies in 2018, industrial accumulation in nearly 20 years, Chang’an New energy has five major sequences, covering EV and PHEV products, accumulating users with more than 20 new energy automotive products, accumulating 364 key core technologies, including vehicle integration, “big three electricity”, CAE Analysis, trial verification, etc. In terms of security, it is the first company in China through ISO 26262 (automotive function safety management system).

Divide the security system into five parts: high-pressure safety development system, establish high-pressure connection, discharge, insulation full-term monitoring high pressure safety protection system; diagnose safety development system, establish a diagnostic security development system based on FMEM / FTA analysis; functional security development system, Establish ISO 26262 full lifecycle function security development system; information security development system, establish cloud, car interface, car gateway, car controller 4-layer safety protection system; battery safety development system, establish 7 elements, 6 dimensions Safety design system, from battery development, manufacturing, marketing, cover the battery lifecycle.

Safety system development introduction

High pressure safety development

High pressure system introduction

The vehicle high pressure system mainly involves 6 subsystems: battery system, electric drive system, heat management system, power supply, DC charging, harness system and 13 components: battery module, high voltage relay, precharge, battery sensor, BCU Controller, IGBT, high voltage capacitance, high pressure plugin, high voltage harness, DCDC, ACP, PTC, OBC. At present, the high pressure platform is mainly 300-450V. Many companies are also doing 800V-1000V high-pressure platforms that will bring more high-voltage security risks.

High pressure safety design

High-pressure safety mainly involves four aspects: high-voltage connection integrity design, including high-pressure connector connection integrity and housing cover integrity of high voltage components, to form a complete high voltage circuit, does not cause high pressure to leak due to any external factors, key The technical point is a high-voltage interlock; high pressure insulation state, including high pressure components and high voltage harness insulation, how to ensure that high pressure does not leak, will not cause damage to the occupant, insulation test part is essential, mainly used in the industry The insulating resistor is detected based on the balanced electric gun method, and it is also trying to use a pulse injection method. At present, the detection method of pulse injection makes the precision of the insulation resistance and more accurate. In addition, the integrity of the cooling circuit is now more and more electric vehicles use a liquid cooling method. Once the coolant in the cooling circuit is leaked into the battery pack, it will cause high pressure insulation; the main passive discharge design, specific It is to say that due to the energy storage device such as a thin film capacitor (X capacitor, Y capacitor), the BMS is controlled in the motor controller, and there is still high pressure in the internal pressure. In order to prevent personal injury, it is necessary to rapidly decrease the voltage in the motor controller. The A level voltage is below (ie 60VDC or less); other design such as electric balance, leakage current, etc. Diagnose security development

Diagnose safety development method

The vehicle diagnosis safety development mainly includes three phases of DFMEA analysis, diagnostic security program design and diagnostic service design. Through the analysis of the air scene, characteristics, historical similar quality problems, the system level DFMEA is obtained, and the components itself, including the aging of R & D, production, components, and the whole process, to obtain the subsystem level DFMEA, through the system The top architecture, the division level, the conditions, durations, and the need to be taken to the level, determine the diagnostic scheme from the system level to the component level, and finally design diagnostic protocols, and develop diagnostics.

Remote diagnosis

Through the combination of car T-BOX and the car network platform, the vehicle has failed or the preset condition is met, the vehicle data before and after the 4G network is automatically uploaded, and the cause of the large data platform quickly positions the problem and gives the maintenance suggestion. For example, Changan’s most important work in diagnosis security is through remote diagnosis, real-time analysis of battery module monomers, for these module monomers, thousands of people, will be invited to return to factory maintenance . Through these ways, the passive situation can be changed to active maintenance, and better enhance the user experience may also be minimized by the possibility of major security hazards.

Functional security development

Main content of functional security development stages

At present, many domestic companies are doing functional development, automatic driving is mainstream, divided into several phases in accordance with ISO 26262: related item definition, definition function, component status, components Design content; hazard analysis risk assessment, is key and focus, accurate analysis scene, the hazard, potential failure frequency, etc., potential failure frequency, etc .; function safety requirements, the function safety level is decomposed to each Parts, get TSC (technical security requirements), further decomposition into hardware, software, eventually converted into hardware / software design, which can be tested after the system is complete.

Hazard analysis and risk assessment

The hazards that can be preconmetly failing can be identified, and they are classified, thereby formulating specific security objectives for different hazards. Hazard analysis and risk assessment include 4 basic steps: environmental analysis and hazard identification, based on scene analysis, including multiple dimensions, such as the environment, day or night, snow or rain or sunny, Ping Road or uphill or downhill Or curve, high school low speed, pedestrians pass or have a rear car overtake … For these scenes, potential behaviors are identified; hazard classification, according to the hazards, the severity, frequency and controllable control of the hazard events are determined; The level is determined, by severeness, frequency, controlled joint decision; security objectives, for different hazards, the D-class is the highest level, the corresponding functional security target is relatively different for its hardware software, such as battery Motor control is to do ASLL-C or ASLL-D, depending on the hazard analysis and decomposition of the entire function.

Information security development

Information security 4 floor defense system

With the development of information, the safety of the automobile has become a new safety bottom line, and the major host plants are accelerating information security capacity construction. Information security is divided into 4 dimensions. First, the cloud / mobile terminal protection, once hackers embed TSP, software Or send some malicious instructions in the OTA platform, which will cause the vehicle to be out of control, so better prevention and control in the cloud or mobile phone app terminal is also the first level of information security; second, the vehicle external interface end protection, with Holding the level of informationization, Bluetooth key, USB, Bluetooth access, WiFi access, etc., hackers will attack through the interface; the three is gateway isolation, according to the new electronic electrical architecture, external signal either through domain control Data isolated from the gateway, which is mainly isolated from gateway, directly tampering with network signals directly, or performs constant forgery, trapping the external attack through the OBD port, will cause internal vehicles to be paralyzed; fourth is internal control Protection, the controller itself also has a security protection mechanism. If it is malicious tamper or brushing program, it must be securely certified, and the signal transmitted will also have various levels of verification to ensure the reliability of the signal transmission. As the Internet continues to enter the car, the point of attack, the attacking intersection will become more and more, information security development needs to continue to be deeply involved. Information security implementation path

The information security implementation path is divided into three phases. First, the interface security + business is safe, based on the EE architecture, safeguard the security of the vehicle’s external interface, defense remote wireless attack, near-field attack; based on OTA, Bluetooth key, 4G / 5G business scene , In participating nodes deploy security strategy, this is the most basic. Second, automatic driving safety + car communication security, based on L3 + automatic driving, automatic driving, vehicle control, chassis system deployment security strategy; based on Ethernet, CAN / Canfd, etc., implement security communication schemes, to ensure key signals , Secure transmission of privacy sensitive information. The third is to take the initiative to monitor the monitoring + large data security operation and maintenance. In the key node deployed active intrusion detection, combined with background data analysis, monitor invasion, active vulnerability repair, to ensure the safety of the automobile life cycle; establish a security team, real-time Monitor tracking all vehicle status, regular vulnerability analysis, repair, and processing burst information security intrusion events.

Battery security development

Why is the battery overheat?

Battery overheating (thermal out-of control) means that the battery is in operation, causing the battery in internal pressure and temperature in mechanical abuse, electric abuse, and heat, and the temperature is sharply rising. If the heat is not able to scatter in time, it will cause the battery thermal out of control (fire. Or exploding), battery thermal out-of control factors have the internal cause, and there is an external cause. The lithium-ion battery thermal out-of control process is divided into three phases: First, the internal thermal out of control of the battery is due to internal short circuit, external heating, SEI film decomposition, temperature rose to 150 ° C; Second, the battery drum stage, the positive electrode material decomposition, release A large amount of heat and gas, internal pressure increase drum; third, battery thermal out-of control, explosion failure phase, electrolyte severe oxidation, combustion and release a large amount of heat, produce high temperature and large amounts of gas, and batteries combustion explosion.

Nented – unsafe “gene”: The lithium ion battery is mainly composed of a positive / negative electrode active material, a collector, a diaphragm, and an electrolyte. The electrolyte has an explosion property, and the electrolyte high temperature decomposition produces oxygen, and the battery attenuation forms the dendritic crystal of the separator, resulting in heat loss. With the improvement of battery energy density, the safety of the battery itself is declining, which is also the greatest challenge in battery safety, how to find a balance point between energy density and safety.

Foreign factor – “Abuse” of Electromechanical Heat: The battery is used in the battery, charging power, and mechanical protection fluctuations, etc., which will increase the chance of damage to the diaphragm, resulting in heat loss. Mechanical variable results in damage to the diaphragm, overcharged, overlanging, the internal dendritic crystal acceleration growth puncture the diaphragm, extreme high temperature results in the contraction of the diaphragm, the introduction of impurity particles in the production process, causing the diaphragm to pierce. Therefore, the factors involved in battery safety are more complicated, which is a problem in the industry.

Battery safety development system

Changan battery security system: deep-level excavation battery 7 elements, 6 dimensional safety design, battery assembly products through 25 safety tests, cover the battery full lifecycle from battery development, manufacturing and marketing. 7 elements have added two “quality” and “techniques” and “quality”, “after-sales quality management procedures”, “Qualified Quality Management Procedures”, “Remarks”, “Defense / Over – hot review management procedures “,” should avoid problem libraries and problem troubleshooting management procedures. ” “Surgery” is 6 major dimensions, charge and discharge, highlight and discharge strategy; electrical safety, including insulation, interlocking, collision, to ensure reliable electrical integrity, no short circuit, leakage; control, ensure battery The management system does not fail, the functional security level can effectively monitor the battery status; electrochemical safety, including the battery, electrical performance, the protection of the fuse, select the battery temperature resistant to electrolyte, diaphragm, positive The negative electrode material can be further optimized, and the battery is safer; hot safety, how to delay heat spread after thermal loss, whether it is from material, diffusion channel or its own cooling method; mechanical safety, collision, vibration, squeezing, Conditions such as battery packs, modules, and cells are affected. Based on this, design and development and test verification system work in 6 generic dimensions, covering the manufacturing and marketing phase from the preliminary technical design verification, manufacturing is also crucial for battery safety, including battery monomers, battery The integration of the module, the production and manufacturing of the battery pack, and the latter transmission transportation, and whether the user use is abused, regular maintenance, recycling, etc. It can be said that the battery is in the use of life, the higher the safety risks, and only the management of the full life cycle is in place, in order to effectively avoid the occurrence of battery safety issues. Safety test verification

Building a battery safety test system, including two parts of the test verification system and the test management system. Battery Safety Test Validation System: Construction, Testing Examples and Test Projects from the three levels of components, systems, the whole vehicle; battery safety test management system: 6 dimensions of test, storage, transfer, trial, analysis Build relevant management program files.

Leave a Reply

Your email address will not be published. Required fields are marked *