SWRA825 January   2025 IWR6843 , LP87745-Q1

 

  1.   1
  2.   Abstract
  3.   Trademarks
  4. 1Introduction
    1. 1.1 Regulatory Needs for Electro-Sensitive Protective Equipment (ESPE)
    2. 1.2 Different Types of Electro-Sensitive Protective Equipment (ESPE)
  5. 2Advantages of Radar Sensors in Industrial Applications
  6. 3Safety Concept Evaluation/Analysis
    1. 3.1 System Requirements
      1. 3.1.1 Stationary Use Case
      2. 3.1.2 Mobile Use Case
    2. 3.2 Considerations for Sensing Architectures
      1. 3.2.1 System Level Architecture
        1. 3.2.1.1 Bi-Static With Spatial Diversity
        2. 3.2.1.2 Co-Located Bi-Static (Two Sensor Products)
        3. 3.2.1.3 Co-Located Bi-Static (Single Sensor Product, Dual IWR6843)
        4. 3.2.1.4 Mono-Static (Single Sensor Product, Single IWR6843)
        5. 3.2.1.5 Summary
      2. 3.2.2 Latent Fault Monitoring
    3. 3.3 Sensor Level Architecture
      1. 3.3.1 Sensor Level Architecture for CAT 2
      2. 3.3.2 Sensor Level Architecture for Cat 3
  7. 4IEC TS 61496-5 Functional Test Results
  8. 5Other Considerations
    1. 5.1 Vibrations
    2. 5.2 Clock
  9. 6Conclusion
  10. 7References

3.2.2 Latent Fault Monitoring

From a safety architecture, one key consideration is to consider the IEC 61496 requirements. While IEC TS 61496-5 mandates a type 3 ESPE, IEC 61496-1 defines a type 3 with the following wording:

“In cases where a single fault which does not cause a failure to danger of the RPD is not detected, the occurrence of a further fault internal to the RPD shall not cause a failure to danger.”

There are multiple ways to architect a sensor that fulfills this, some of which include:

  • SIL 2, HFT=1 (as per 61508): For HFT=1, IEC 61508 states that “no account shall be taken of other measures […] such as diagnostics”
  • CAT 3 (as per ISO 13849) which states “not all parts are necessarily physically redundant”
  • CAT 2 (as per ISO 13849) with diagnostics of the diagnostics functions

Since the first option with physical redundancy of the sensing element is equivalent to the previously called “co-located bistatic” option, it is not covered in this paper.

The other 2 options that highlight and leverage redundancy and multi-channel at the sensor level and take advantage of monitoring and fault injection are discussed in the upcoming sections.

Note that certain aspects of the device-level safety mechanisms that are described in the safety manual – which as of time of writing of this white paper is under NDA – are not explicated here either.