System for a vehicle, in particular a steering system; method for operating a system, in particular a steering system for a vehicle

By using subsystems with identical configurations in the vehicle steering system, ensuring that they are in different states under normal operating conditions, and monitoring each other's status in real time via a communication bus, faults can be identified and failures can be avoided. This solves the problems of high cost and system failure risk in existing technologies and achieves a cost-effective redundant system design.

CN122249358APending Publication Date: 2026-06-19SCHAEFFLER TECHNOLOGIES AG & CO KG

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
SCHAEFFLER TECHNOLOGIES AG & CO KG
Filing Date
2024-11-18
Publication Date
2026-06-19

AI Technical Summary

Technical Problem

Existing proactive failure systems employ two different subsystems, resulting in high costs for research and development, production, and after-sales service, and also pose a risk of simultaneous system failure.

Method used

The first and second subsystems use the same configuration to ensure that they are in different states under normal operating conditions, and monitor each other's status in real time through a communication bus to identify faults and avoid system failures, thereby reducing costs by using the same hardware and software.

Benefits of technology

It enables the system to maintain functionality even in the event of a failure, reduces development and manufacturing costs, avoids the risk of simultaneous system failure, and provides a cost-effective redundancy solution.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122249358A_ABST
    Figure CN122249358A_ABST
Patent Text Reader

Abstract

The present invention relates to a system (1) for a vehicle, particularly a steering system (1), comprising a first subsystem (10) and a second subsystem (20) of identical configuration, wherein the first and second subsystems (10, 20) are configured to determine their respective states and transmit them to the corresponding other subsystem (20, 10); and the system (1) is further configured such that, in normal operating mode, the first subsystem (10) is in a first state, while the second subsystem (20) is in a second state, which differs from the first state, particularly having a predetermined minimum state interval between them. The invention also relates to a method for operating such a system (1).
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to a system for vehicles, particularly an electric steering system or a steer-by-wire system, comprising a first subsystem and a second subsystem with identical configurations. Furthermore, the invention relates to a method for operating such a system. Background Technology

[0002] With advancements in vehicle technology, vehicle operation and driving have become, and are gradually becoming, more automated, thanks to driver assistance systems. Current research and development focus on further enhancing automation, enabling future driving to be fully automated or autonomous. However, to ensure autonomous driving, special safety measures and systems are required to prevent personal injury or property damage caused by technical issues, or at least mitigate the impact of technical malfunctions and / or failures. Furthermore, systems capable of autonomous driving must maintain their intended functionality even in the event of internal system errors. Such systems are known as "fail-active" systems.

[0003] Failure-prone systems are typically built as redundant systems. Redundant systems consist of multiple, especially two, distinct subsystems. These two subsystems have the same functionality but typically have different structures and components. The advantage of using two distinct subsystems is that if a failure due to a systematic error or design flaw occurs in one subsystem, it will not occur in the other, and in particular, it will not cause both subsystems to fail simultaneously. The result is that the entire system is not rendered unusable, but rather its intended functionality is maintained at least partially. However, distinct subsystems also bring disadvantages, namely, a significant increase in the investment and costs required for research and development, production, and after-sales service, potentially nearly doubling them. Summary of the Invention

[0004] In this context, the objective of this invention is to provide an alternative "fail-active" system that achieves redundancy in a simpler and more cost-effective manner.

[0005] The above task is solved by a system for a vehicle, particularly a steering system or a steer-by-wire system, comprising a first subsystem and a second subsystem of identical configuration, wherein the first and second subsystems are configured to determine their respective states and transmit them to the corresponding other subsystem, wherein the system is further configured such that, in normal operating mode, the first subsystem is in a first state and the second subsystem is in a second state different from the first state, and in particular, there is a pre-given minimum state interval between the two.

[0006] The system comprises a first subsystem and a second subsystem identical to the first subsystem. Due to the identity of the two subsystems, the investment and cost of system development, manufacturing, and after-sales service are reduced, as the system contains only one, rather than two, distinct subsystems. Furthermore, the first and second subsystems are configured to determine their respective states and transmit them to the corresponding other subsystem. This provides the advantage that both subsystems can be aware of the other's subsystem's state in real time and can respond according to the situation when necessary. Moreover, the system is configured such that, in normal operating mode, the first subsystem is in a first state, while the second subsystem is in a second state different from the first state, with a predetermined minimum state interval between them. By adhering to the minimum state interval, it is ensured that the two subsystems are in different states, so that an error occurring in a particular state can only affect one subsystem. In other words, its advantage lies in ensuring minimum system functionality at all times. Due to the identity of the two subsystems, at least in normal operating mode, it can be called a homogeneous redundant system. Overall, according to the present invention, due to the homogeneity of the system, i.e., the identity of the two subsystems, a simple and cost-effective solution for achieving redundancy is provided, thereby also providing (partial) fault tolerance.

[0007] In the context of this invention, the system should be understood in particular as a fail-safe system. A fail-safe system is understood as a system that, in the event of a system failure or error, can maintain a safe operating mode until corrective and / or bridging measures are taken. In a fail-safe system, the system's functionality is always maintained, at least partially.

[0008] According to a preferred embodiment of the present invention, a scheme is provided in which the first and second subsystems are configured to identify whether a fault exists in the other subsystem and the operating condition at the time of the fault based on the state transmitted by the corresponding other subsystem, and when the first or second subsystem detects a fault in the corresponding other subsystem, the respective subsystem's own state avoids the operating condition that would cause the fault in the other subsystem. Here, "state" refers to a set of data vectors that describe both a fault-free state, a fault type when a fault occurs, the current operating condition in a fault-free state, or the operating condition at the time of the fault. The setting or control of the receiving subsystem's own state after identifying a fault in the other subsystem can be called the system's fault recurrence avoidance strategy. Communication between the first and second subsystems can be implemented through one or more communication buses, such as LIN, CAN, or Ethernet.

[0009] In a preferred embodiment of the present invention, the first and second subsystems have identical hardware and software. By using identical hardware and software, development investment and manufacturing costs can be reduced. Furthermore, communication between subsystems with identical hardware and software can be implemented more easily.

[0010] In a preferred embodiment of the invention, the first and second subsystems are configured to drive one set of windings in a motor having two sets of separately wound windings, such that the torque generated by the first subsystem in the motor is greater than that of the second subsystem. In normal operating mode, the first subsystem may, for example, generate 55% or 60% of the total torque provided by the motor, thus constituting an asymmetric torque distribution.

[0011] According to a preferred embodiment of the invention, the first and second subsystems are specified to each include a first and a second observer for determining their respective states. Preferably, the first and second observers are identical, wherein the observer should be understood in each case as a software component or model capable of reconstructing unmeasurable or unmeasurable quantities from measurable quantities. Therefore, determining one's own state should be understood in particular as an estimation of one's own (subsystem's) state or of individual state variables.

[0012] In a preferred embodiment of the present invention, the first and second subsystems are configured to each generate an internal state vector for controlling their respective states. The respective internal state vectors may, for example, be input values ​​of the subsystem controllers of their respective subsystems.

[0013] Another subject of the invention is a method for an operating system, particularly for operating a vehicle steering system, the system comprising a first subsystem and a second subsystem of identical configuration, wherein the first and second subsystems determine their respective states and transmit them to the corresponding other subsystem, wherein, particularly in normal operating mode, the first subsystem operates in a first state, while the second subsystem operates in a second state different from the first state, and particularly there is a minimum state interval between the two.

[0014] The method of the present invention can achieve the same technical effects and advantages as described in the description related to the system of the present invention.

[0015] According to a preferred embodiment of the present invention, a first or second subsystem is specified to identify a fault in the other subsystem based on a state transmitted by the corresponding other subsystem, and in a fault operation mode, the state of the first or second subsystem is made to avoid the state when a fault occurs in the corresponding other subsystem.

[0016] In a preferred embodiment of the present invention, the first and second subsystems are respectively operated using the same hardware and the same software.

[0017] In a preferred embodiment of the present invention, the first and second subsystems are specified to control one set of windings of a motor having two sets of three-phase windings that are separated from each other, or to control a motor having a set of three-phase windings, wherein the electrical and mechanical torque generated by the first subsystem is greater than that of the second subsystem.

[0018] According to a preferred embodiment of the present invention, the first and second subsystems are provided to determine their respective states by means of the first and second observers, respectively.

[0019] In a preferred embodiment of the present invention, the first and second subsystems respectively generate an internal state vector for controlling their own states.

[0020] As an alternative to or supplement to the preferred embodiments of the above method, advantageous features and implementation methods disclosed in relation to the system of the present invention may also be used individually or in combination in this method. Attached Figure Description

[0021] Further details and advantages of the present invention will now be described with reference to the embodiments shown in the accompanying drawings. The drawings show: Figure 1 An embodiment of the system of the present invention is illustrated schematically, the system including a first subsystem and a second subsystem; and Figure 2 Show according to Figure 1 Partial view A of a subsystem of the embodiment shown. Detailed Implementation

[0022] exist Figure 1 The image schematically illustrates an embodiment of the system 1 of the present invention, which includes a first subsystem 10 and a second subsystem 20, wherein the first subsystem 10 and the second subsystem 20 are identical. Figure 1 The system 1 shown is a steering system 1, and more specifically, an electro-hydraulic steering system 1 for a vehicle. A first subsystem 10 and a second subsystem 20 are configured to determine their respective states and transmit them to the corresponding other subsystems 20 and 10. Furthermore, system 1 is configured such that, in normal operating mode, the first subsystem 10 is in a first state, while the second subsystem 20 is in a second state, wherein the second state differs from the first state, and in particular, there is a pre-defined minimum state interval between them.

[0023] The first and second subsystems 10 and 20 are configured to identify whether a fault exists in the other subsystem 20 or 10 and the operating condition when such a fault occurs, based on the state transmitted by the other subsystem 20 or 10. Furthermore, if the first or second subsystem 10 or 20 detects a fault in the other subsystem 10 or 20, it will adjust its own state to avoid the operating condition that would occur in the other subsystem 10 or 20 when a fault occurs. The first and second subsystems 10 and 20 have identical hardware and software.

[0024] The first subsystem 10 is configured to drive the first winding 101 of the motor 100. The second subsystem 20 is further configured to drive the second winding 102 of the motor 100. The first subsystem 10 generates 60% of the torque provided by the motor 100. Therefore, the second subsystem 20 generates 40% of the torque of the motor 100. The motor 100 specifically drives a worm shaft (not shown), which in turn transmits torque to the steering rod for steering the vehicle. Alternatively, the motor torque can be transmitted via belt drive to a ball screw, which positions the steering rod.

[0025] The first and second subsystems 10 and 20 can communicate with each other via a communication bus (e.g., a CAN bus) 30. This communication bus is preferably implemented in a redundant manner, consisting of two physical buses that transmit the same information, but preferably in different ways.

[0026] exist Figure 2 In, it is shown that according to Figure 1 Partial view A of the illustrated embodiment. The first subsystem 10 has a first observer 12 for determining its own state Z1. The determined state Z1 of the first subsystem 10 is transmitted via CAN bus 30 to... Figure 2 The second subsystem 20 is not shown in the diagram. Similarly, the second observer of the second subsystem 20 determines its own state Z2 and transmits it to the first subsystem 10 via the CAN bus 30.

[0027] When a fault is detected in another subsystem 10 or 20, the first or second subsystem 10 or 20 is switched to a fault operation mode. In this mode, the first or second subsystem 10 or 20 sets its own states Z1 and Z2 to be different from the fault state detected in the other subsystem 10 or 20 (avoidance strategy). For example, in the first subsystem 10, a fault occurring in the second subsystem 20 is avoided by means of a first controller 13. To this end, the first subsystem 10 generates an internal state vector V1 and provides it as an input to the first controller 13. The first controller 13 controls the first subsystem 10 in a manner that avoids the fault state of the second subsystem 20.

[0028] A failure in one subsystem 10 or 20 would typically result in the shutdown of that subsystem 10 or 20. The failure recurrence avoidance strategy of the present invention ensures that the shutdown of both subsystems 10 or 20 is avoided, and in particular, that the two subsystems 10 or 20 are shut down almost simultaneously.

[0029] Explanation of reference numerals in the attached figures 1 System 10 First Subsystem 12 First Observer 13 First Controller 20 Second Subsystem 100 motor 101 First Winding 102 Second Winding A partial view The self-state of the second subsystem of Z2 Z1 First Subsystem's Own State V1 is the internal state vector of the first subsystem.

Claims

1. A system (1) for a motor vehicle, particularly a steering system (1), comprising a first subsystem (10) and a second subsystem (20) of identical configuration, wherein, The first and second subsystems (10, 20) are configured to determine their respective states and transmit them to the corresponding other subsystem (20, 10), wherein the system (1) is further configured such that, in normal operating mode, the first subsystem (10) is in a first state, while the second subsystem (20) is in a second state different from the first state, and in particular, there is a predetermined minimum state interval between the two.

2. The system (1) as described in claim 1, characterized in that: The first and second subsystems (10, 20) are configured to identify whether the other subsystem (10, 20) has a fault and the operating condition when the fault occurs based on the state transmitted by the other subsystem (10, 20); and when the first or second subsystem (10, 20) detects a fault in the other subsystem (10, 20), it avoids the operating condition in the other subsystem (10, 20) that would cause the fault to occur.

3. The system (1) as described in any of the preceding claims, characterized in that: The first and second subsystems (10, 20) have the same hardware and the same software.

4. The system (1) as described in any of the preceding claims, characterized in that: The first and second subsystems (10, 20) are configured to control one set of windings of a motor (100) having two sets of windings that are separated from each other, such that the torque generated by the first subsystem (10) in the motor (100) is greater than the torque generated by the second subsystem (20).

5. The system (1) as described in any of the preceding claims, characterized in that: The first and second subsystems (20) each include a first and a second observer (12, 22) for determining their respective states.

6. A method for an operating system (1), particularly for operating a motor vehicle steering system (1), said system comprising a first subsystem (10) and a second subsystem (20) of identical configuration, wherein, The first and second subsystems (10, 20) determine their respective states and transmit them to the corresponding other subsystem (20, 10), wherein, particularly in normal operating mode, the first subsystem (10) operates in a first state, while the second subsystem (20) operates in a second state different from the first state, and in particular, there is a minimum state interval between the two.

7. The method as described in claim 6, characterized in that: The first or second subsystem (10, 20) detects a fault state in the other subsystem (10, 20) based on the state transmitted by the other subsystem (10, 20); and in a fault operation mode, the state of the first or second subsystem (10, 20) is different from the fault state detected in the other subsystem (10, 20).

8. The method as described in claim 6 or 7, characterized in that: The first and second subsystems (10, 20) operate using the same hardware and the same software, respectively.

9. The method according to any one of claims 6 to 8, characterized in that: The first and second subsystems (10, 20) respectively control one set of windings in a motor having two sets of windings that are separated from each other, wherein the torque generated by the first subsystem (10) in the motor is greater than the torque generated by the second subsystem (20).

10. The method according to any one of claims 6 to 9, characterized in that: The first and second subsystems (20) determine their respective states by means of the first and second observers (12, 22).