Special Contents for Automotive Applications
The reason RICOH power management IC has been chosen for more than 20 years
Special Contents for IoT Devices
Ultra-low supply current / Low noise / Low electromotive force / Battery monitoring
Special Contents for Industrial Applications
Long term supply / Flexible quantity purchase / High quality and reliability
Electrification of automobile by RICOH power management IC
Functional Safety is based on the idea of preparing for the risk as failure occurs. If there are no failures in electronic parts and/or systems in the first place, it would have no trouble and would secure a safe condition in driving.
It is very difficult to make no electronic part failures and/or system failures. Therefore, parts makers are required to lower the failure rate.
In the system, the failure rate is reduced by measures such as defect monitoring and/or redundant circuits.
It is important to reduce the residual failure rate by raising the fault coverage rate for electronic components.
What can you imagine about failures of electronic components? We will explain "failure" in functional safety and electronic component failure rate.
There are some kinds of failures, including a fatal failure that is described in "Functional Safety" section, and the others which are not fatal. The single-point failure of voltage detector which is added as a functional safety mechanism is not a fatal failure, for instance.
Failure Classification caused by various factors is defined in ISO26262. The four main classifications are shown below:
SPF (Single-point Fault)
There is no safety mechanism and it violates safety goal with single-point fault.
RF (Residual Fault)
Since there is a safety mechanism but can not be covered, it violates the safety goal with a single-point fault.
MPF (Multiple-point Fault)
By overlapping two independent faults, safety goal is violated for the first time.
LF (Latent Fault)
Dual-point faults that can not be detected by a safety mechanism nor perceived by a driver
By increasing the fault coverage as much as possible, it needs to build safety mechanism that will not result in fatal failure by a single-fault.
For automotive applications, there are four safety requirement levels (ASIL: Automotive Safety Integrity Level) from A to D for electronic parts. A is low, D is the highest request level.
|SPF coverage||-||≥ 90%||≥ 97%||≥ 99%|
|LF coverage||-||≥ 60%||≥ 80%||≥ 90%|
|A fault that cannot be detected||< 1000 FIT||< 100 FIT||< 100 FIT||< 10 FIT|
The failure rate 10 FIT (Failure In Time) is the probability that 10 failures will occur per 109 hours (1 billion hours ≈ 110,000 years).
Assuming that about 110,000 cars are driving throughout the year for 24 hours, it is the probability that 10 units will fail per year.
The FIT is calculated from IEC TR 62380 standard model and defined from the following formula.
λ = λ die + λ package + λ eos
Below chart shows the FIT example of three products A, B, and C.
|A||Voltage Detector (Reset IC)||2 FIT||3 FIT||0 FIT||5 FIT|
|B||LDO Regulator||15 FIT||13 FIT||40 FIT||68 FIT|
|C||LDO Regulator with Voltage Detector (Reset IC)||15 FIT||13 FIT||40 FIT||68 FIT|
λdie; By improving the internal circuit and increasing the coverage, the failure rate can be lowered.
λpkg; Countermeasures against open faults are important points to lower the failure rate, since open fault is calculated at 90% and short fault is calculated at 10%.
λeos; It is a constant value for LDO and DCDC for interface. For non interface, it is zero.
In order to lower the failure rate λ as a product, it is necessary to reduce all the failure rates.
We can contribute to functional safety of in-vehicle equipment by reducing the failure rate of power management ICs.
Here is an example of measures to reduce package failure rate.
Below are the measures to prevent wire open in the package;
- Connect two wires from one terminal
- Increase the number of terminals to 2 terminals
1 PAD, 1 terminal and 1 wire
If the open detection is 0%, the failure rate is added as it is.
2 PAD, 1 terminal and 2 wires
If one wire breaks due to a redundant failure, function retention is possible, but that failure can not be detected.
2 PAD, 2 terminal and 1 wire each
It is possible to hold functions when wires are redundant and only one fault has occurred, and fault detection is also possible by final test.
In measures 1 & 2, when the loss of function is two wires open failures, the idea of double failure is applied to the calculation of failure rate.
Ricoh offers a wide range of innovative technologies for automotive applications from on-vehicle electrical equipment to in-vehicle accessory.
A severe quality control, which varies from the consumer products, is performed for automotive products including a reliability test of AEC-Q100 qualification and a traceability system.