Fluid-pressure and analogous brake systems – Speed-controlled – With failure responsive means
Reexamination Certificate
2000-10-25
2001-11-20
Butler, Douglas C. (Department: 3613)
Fluid-pressure and analogous brake systems
Speed-controlled
With failure responsive means
C303S020000
Reexamination Certificate
active
06318819
ABSTRACT:
TECHNICAL FIELD
This invention generally relates to error handling methodology and more particularly relates to a method of handling errors in an electronic brake system of vehicles.
BACKGROUND OF THE INVENTION
Brake systems of automotive vehicles are becoming increasingly complex. Systems such as anti-lock control systems (ABS), traction control and vehicle stabilizing systems require individual brake management for individual wheels. These systems, when activated, often cause feedback pulsations through the brake pedal. These pulsations are highly annoying to the driver.
A remedy is provided by a mechanical decoupling of wheel brake actuation and brake pedal. The latter now only serves to detect the driver's intention to brake by means of suitable sensors. This intention is electrically transmitted to the brakes. Systems provided with such a decoupling have come to be known as “brake-by-wire systems”. They have been described, e.g., in DE-Z “ATZ Automobiltechnische Zeitschrift 98 (1996) 6, pages 328-333 (translated as: GJAT
German Journal of Automobile Technology
), in U.S. Pat. No. 5,230,549, and in EP 0 467 112 B1. The lowest level of such a system of, typically, modular design is formed by four intelligent wheel brake modules. They perform wheel-individual adjustment of a required wheel brake torque. For the overall system, they are, in a manner of speaking, universal intelligent actuators. They consist of a microcontroller (slave) for control, a power booster and of the actual electromechanical wheel brake. This lowest level forms the wheel brake management.
The medium level is responsible for the brake management of the entire car, e.g., for a situation-specific distribution of the braking forces to the individual wheel brakes. The hardware of this medium level of the vehicle brake management consists of a central computing unit (master) which typically, for reasons of failure safety, is supervised by an additional system-supervising computing unit.
The top level of such a brake-by-wire system represents the interface with the driver. Typically, it consists of a conventional brake pedal reproduction with redundant sensor systems for detecting the driver's intention to brake and with additional elements of supervision which can indicate various error conditions of this so-called pedal module. This pedal module also takes care of pre-processing the sensor signals. This pedal module, also, may include a microcontroller of its own.
The individual levels are connected with each other in terms of data by means of defined logical interfaces and, typically, via a bus system adapted for real-time-based operation and preferably provided redundantly. Thus, these levels guarantee an optimum modularity of the system.
It is possible to substitute for the two bus systems (or rather for even just one bus system, only, if such is the case) by normal analog lines.
Power management or rather energy supply is a further central component of a modular-design brake system.
The brake-by-wire system is a functionally split-up safety-critical real-time system which must fulfill very high standards in terms of error detection and error handling.
The driver having no direct access to the brake, the brake system is required to maintain one emergency function in case of trouble. This is ensured by failure-active, functional redundancy in the known manner. Further, the systems are to include a high-performance online diagnosis in the known manner which, by all means, detects any errors cropping up so that an appropriate emergency function can be activated and the driver can be alerted.
These requirements have decisive effects on designing the energy supply, central brake control, and even the warning strategy of the electronic brake system.
Failure safety of the energy supply is ensured in the known manner (cf. the above-mentioned German journal) by introducing a tandem onboard network. If one partial system fails, there will be maintained a certain operability of the components supplied in the failed circuit.
It is necessary both to register any error appearing and to detect its source to ensure a safe operation of the vehicle brake management (regulatory and controlling functions). A known strategy is therefore the requirement of providing a supervisory device on this level by all means. The use of plausibility criteria and suitable, continuously performed check routines within the software are measures by means of which error conditions are localized and appropriate emergency functions are activated.
Thus, it is known from the quoted German journal to check the computing units (master and slaves) of the system by means of a supervisory computing unit. In doing so, all computing units are provided with the essential data (driver's intention to brake, vehicle speed, brake torques etc.), and by means of plausibility considerations it is possible to check the computations of the other computing units.
If there is a malfunction of the master or of the supervisory computing unit, the slaves are able to diagnosticate this and to switch over to an emergency function of the brake system without participation of the master.
Any malfunctions of a slave can be detected by the master and the supervisory computing unit. Then, the slave may be shut down, the emergency function of the remaining wheel brakes not being impaired.
Further, from DE 195 10 525 A1, measures have become known which improve the aforementioned electronic brake systems in view of any error conditions in the field of detecting the braking intention. There, error signals are reported to the wheel brake management via the vehicle brake management. Then, the wheel brake management initiates wheel-individual measures.
The aforementioned known measures, however, do not yet guarantee any comprehensive optimized safety concept.
Regarding a comprehensive safety concept in the corresponding error handling system, what is needed is to detect all errors of the electronic brake system and to consider their effects on the respective driving situations. Using the known concepts, this would imply to have to include a multitude of different conditions of the brake system in the safety considerations which would render the system very complex. However, the more complex the structure of a system is, the more prone it becomes to troubles or errors which then may lead to failures of components of the electronic brake system. Additionally, it will be difficult to perform a reconfiguration of the brake system after an error or trouble condition has developed.
Further, the known case does not feature a systematic strategy for handling conditions when there are multiple faults.
It is an object of this invention to implement the method referred to at the beginning or rather to expand the device so as to enable the number of the various conditions of the electronic brake system, the system finds itself in when error detection and handling take place, to be kept as small as possible and to have clearly defined conditions.
According to this invention, this task is solved by the steps of
determining and defining a small number of unambiguous technological operating conditions of the brake system with predefinition of certain, defined technological events which alone effect a transition from one operating condition to the next condition;
of combining the technological operating conditions with condition-specific control/regulatory measures as well as with measures of warning to the driver of the vehicle; and of
detecting errors in the brake system at the start of the vehicle by means of a pre-drive check and, on-line, during the operation of the vehicle; and of implementing error-condition-responsive error handling in accordance with the operating conditions.
Regarding the apparatus of the present invention, this task is solved by the following
a small number of unambiguous technological operating conditions of the brake system is determined and defined with predefinition of defined technological events which alone effect a transition from one operating
Bohm Jurgen
Hoffmann Oliver
Nell Joachim
Oehler Rainer
Stölzl Stefan
Butler Douglas C.
Continental Teves AG & Co. oHG
Rader & Fishman & Grauer, PLLC
LandOfFree
Method for handling errors in an electronic brake system and... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method for handling errors in an electronic brake system and..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method for handling errors in an electronic brake system and... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2611127