Redundancy:
A critical enabler for
fully automated driving

Kay Stepper on the role of redundancy as an enabler for fully automated driving.

Functional redundancy is essential for automated driving


The promise of automated driving requires a mix of technological, societal and regulatory development and cooperation. The technology continues to advance thanks to sensors and software, but also thanks to redundancy.

In order to realize fully-automated driving on the path to the accident-free future, redundancy in safety-critical systems – such as braking and steering – is an absolute.

Making automated driving a reality calls for profound understanding of all vehicle systems, and Bosch has this expertise.

Why the need for redundancy?

SAE level 3 (conditional automation) vehicles will begin to hit the market as soon as 2018. For these vehicles, a human driver is still necessary, but safety-critical functions may be completely shifted to the vehicle under certain traffic or environmental conditions. Drivers must still remain present, but will need a certain amount of time to realize that an intervention is necessary.

Redundant functions ensure that all safety-critical functions continue during this time span, even in the rare case of a failure in the system. For SAE levels 4 and 5, the redundancy becomes even more critical as the time span increases without the driver in the loop.

“The importance of redundancy for the rollout of automated driving goes beyond just the technological function... it ultimately will build confidence in consumers as they understand these systems are designed with deep levels of complexity to handle a variety of situations.”

“The importance of redundancy for the rollout of automated driving goes beyond just the technological function... it ultimately will build confidence in consumers as they understand these systems are designed with deep levels of complexity to handle a variety of situations.”

Mike Mansuetti

President, Robert Bosch North America

Redundancy in actuation

Actuation refers to the vehicle's ability to respond to an input – to act. In a traditional vehicle, the driver controls the car: turning the steering wheel to make the car move left or right and pushing the brake pedal to make the car stop or slow down.

Without a human driver to make the car actually do what it's supposed to, the functional tasks of braking and steering need to be managed by the vehicle itself. Additionally, in the rare event of a single component failure, these safety-critical systems must continue to work.

Braking

Bosch’s solution for a fail-degraded brake system is the combination of its electromechanical brake booster iBooster and ESC (Electronic Stability Control, also known as ESP®). Both are independently capable of performing braking functions for the vehicle in the rare case of a single failure.

The technological breakthrough of redundant braking was achieved by modifying one system element: the vacuum brake booster is replaced by an intelligent electro-mechanical booster, the iBooster.

The redundant brake system is comprised of two actuators that are each able to decelerate the vehicle independent of the driver applying the brake pedal. Even if a failure occurs in the brake system, either actuator (iBooster or ESC) is able to avoid wheel lock-up by modulating the brake pressure, which maintains the ability to steer during deceleration.

Steering

Redundant steering is also a key technology for automated driving, and Bosch is leading in this area.

The Electric Power Steering (EPS) system with fail-operational function from Bosch enables either a driver or auto pilot system to make a safe stop in the rare case of a single failure. The system, which enables either a driver or auto pilot system to make a safe stop during such an incident, is a key requirement on the path to fully automated driving.

The system enables an independent return to a minimal risk condition with about 50 percent electric steering support via an electrical fallback solution. This functionality is possible through a fully-redundant electronic architecture where a second actuator can take over should there be an error with the first actuator. The system is able to detect a failure in the steering system and move to the electrical fallback solution. If the driver is still in the loop, they can safely steer the vehicle without the sudden increase in steering force.

For highly automated driving, the EPS with fail-operational function will enable the system to recognize the situation and automatically steer the vehicle to a safe stop without bringing the driver back into the loop. This high level of redundancy enables automakers to comply with guidance in policy documents for highly automated driving from the U.S. DOT and NHTSA.

But redundancy for automated vehicles extends well beyond just braking and steering

We tend to think first of braking and steering when it comes to redundancy, but there are several other important vehicle systems that also require special back-up systems.

This includes such systems as vehicle perception, localization and planning, information and display instruments, and – last but not least – an intelligent, well-planned E/E architecture to make it all possible.

Making automated driving a reality calls for profound understanding of all vehicle systems, and every day, Bosch has over 3,000 engineers around the world working hard to make it happen.

Whether it's sensors, brake control systems, electrical power-steering units, display instruments, or connectivity solutions for both inside and outside the vehicle, Bosch's expertise in these complex and interconnected systems is helping pave the way to a fully automated future.