TIDUDS9B December   2017  – November 2022

 

  1.   Description
  2.   Resources
  3.   Features
  4.   Applications
  5.   5
  6. 1System Description
    1. 1.1 Key System Specifications
  7. 2System Overview
    1. 2.1 Block Diagram
    2. 2.2 Design Considerations
      1. 2.2.1 Conditions of Use: Assumption
        1. 2.2.1.1 Generic Assumptions
        2. 2.2.1.2 Specific Assumptions
      2. 2.2.2 Diagnostics Coverage
        1. 2.2.2.1 Dual-Channel Monitoring
        2. 2.2.2.2 Checking ISO1211 Functionality With MCU (SIL1)
        3. 2.2.2.3 Checking TPS22919 Functionality With MCU (SIL1)
        4. 2.2.2.4 Checking TPS27S100 Functionality With MCU (SIL1)
        5. 2.2.2.5 Optional Monitoring Using RDY Pin of ISO5452, ISO5852S or UCC21750 Integrated Analog-to-PWM Isolated Sensor
      3. 2.2.3 Drive State
    3. 2.3 Highlighted Products
      1. 2.3.1 ISO1211
      2. 2.3.2 TPS27S100
      3. 2.3.3 TPS22919
      4. 2.3.4 ISO5852S, ISO5452
    4. 2.4 System Design Theory
      1. 2.4.1 Digital Input Receiver for STO
      2. 2.4.2 STO_1 Signal Flow Path for Controlling VCC1
      3. 2.4.3 STO_2 Signal Flow Path
        1. 2.4.3.1 High-Side Switch for Controlling Secondary-Side Supply Voltage of Gate Driver
        2. 2.4.3.2 Powering up Secondary Side: VCC2 of Gate Driver
      4. 2.4.4 Gate Driver Design
      5. 2.4.5 STO_FB Signal Flow Path
  8. 3Hardware, Software, Testing Requirements, and Test Results
    1. 3.1 Getting Started Hardware
      1. 3.1.1 PCB Overview
    2. 3.2 Testing and Results
      1. 3.2.1 Logic High and Logic Low STO Thresholds
      2. 3.2.2 Validation of STO1 Signal
        1. 3.2.2.1 Propagation of STO1 to VCC1 of Gate Driver
        2. 3.2.2.2 1-ms STO Pulse Rejection
        3. 3.2.2.3 Diagnostic Pulses From MCU Interface
      3. 3.2.3 Validation of STO2 Signals
        1. 3.2.3.1 Propagation of STO2 to VCC2 of Gate Driver
        2. 3.2.3.2 1-ms Pulse Rejection
        3. 3.2.3.3 Diagnostic Pulses From MCU
        4. 3.2.3.4 Inrush Current Measurement
      4. 3.2.4 3.3-V Voltage Rail From Switcher
      5. 3.2.5 60-V Input Voltage and Reverse Polarity Protection
      6. 3.2.6 Validation of Trip Zone Functionality
  9. 4Design Files
    1. 4.1 Schematics
    2. 4.2 Bill of Materials
    3. 4.3 Layer Plots
    4. 4.4 Altium Project
    5. 4.5 Gerber Files
    6. 4.6 Assembly Drawings
  10. 5Related Documentation
    1. 5.1 Trademarks
  11. 6About the Author
  12. 7Recognition
  13. 8Revision History

System Description

Motor drives are used in a wide range of applications, such as computer numerical control (CNC), robotics, grinders, process control, and so forth. These applications often require drive-based safety functions to reduce the risk from unexpected and hazardous movement. The integrated safety functions within a drive can replace the time-consuming and expensive installation of external safety components like mains contactors or motor contacts. In addition, electronic switching times are significantly quicker than electromechanical devices, such as contactors or relays. The integrated safety functions reduce the risk of personal damage in hazard areas and reduce installation requirements.

The safe torque off (STO) function is one such functional safety provision. The STO can be requested or triggered in case of a system fault. The IEC 61800-5-2 defines STO as a function that prevents torque-producing power from supplying the motor. This safety sub-function corresponds to an uncontrolled stop according to stop category 0 of IEC 60204-1. The STO safety function is also useful where power removal is required to prevent an unexpected start-up.

This STO reference design implements a dual-channel architecture (1oo2) with a hardware fault tolerance of 1 (HFT = 1) according to IEC|EN 61800-5-2. As long as a logic 1 (+24-V DC) is present at both STO inputs, the motor is operational. If there is a logic 0 (0-V DC) at one or both of the STO inputs, the corresponding power supplies to the primary and the secondary side of the six isolated IGBT gate drivers are cut through load switches. Removing the supply voltage to the gate driver IC disables the insulated-gate bipolar transistors (IGBTs) and thus the torque-producing energy.

This reference design deals with the circuit-level implementation of the two isolated STO signals to turn off the VCC1 and VCC2 supply of the isolated gate drivers with CMOS input. Monitoring has been provided at various points for diagnostics and fault detection. A microcontroller (SIL 1 MCU) is assumed to run the diagnostics of the STO hardware by monitoring the STO inputs signals as well as the diagnostic feedback signals. The MCU and the related diagnostics software are not part of this reference design. A feedback of the drive state is provided with the STO_FB signal.

This design guide validates the functionality of the design specifications through data extracted from various test results.

This STO reference design hardware architecture (1oo2) was assessed by the TUEV SUED to be generally suitable for SIL 3 and PL e | Cat. 3. A TUEV report(6), a qualitative system FMEA and system description(7) are available to further help designers implement the STO subsystem.