Functional Safety in Battery Management Systems for Lithium-based Batteries

• DIRECTORS: Igor Villareal, Maitane Garmendia and José Antonio Cortajarena (UPV/EHU).
• UNIVERSITY: UPV/EHU

ABSTRACT
Lithium-based battery energy storage systems are one of the most important technologies for the energy transition and decarbonisation of the energy and urban mobility sectors. Lithium-ion batteries are chemical accumulators with a higher energy density and specific energy than other storage technologies. Their major drawback is that they are safe as long as they are used within a Safe Operation Area. To this end, Battery Management Systems are responsible for monitoring and protecting them. However, numerous accidents where batteries have caught fire have shown that conventional Battery Management System design techniques are not sufficiently effective. These unfortunate events have drawn the attention of standardisation and certification bodies, manufacturers, developers, and end-users, presenting a major socio-economic impact. Thus, the need for additional measures for a safe use of the technology has become evident.
This thesis presents a Battery Management System design methodology for lithium-based batteries based on functional safety techniques. A Battery Management System design methodology provides a framework for the development of automatic safety functions with a controlled failure rate. The developed methodology is based on the V-design methodology and is compatible with the IEC 61508 and ISO 26262 safety standards.
Following the proposed methodology, the hazards and risks of lithium-ion batteries have been analysed. Based on the analysis, the relevant safety functions for battery operation have been defined, as well as the necessary measures to control the risks. In this context, a safety concept of a Battery Management System for automotive applications has been developed. The safety concept includes functional, non-functional and safety requirements of the Battery Management System, an architecture of the subsystems, an analysis of the most important failures and the corresponding measures and diagnostics to avoid them. In addition, the hardware for a Battery Management System Slave has been developed. The developed Battery Management System Slave complies with ASIL C safety integrity level in accordance with ISO 26262. In the design, the main hardware requirements and a detailed architecture have been proposed to safely integrate the measurement functionalities and all the diagnostics. Finally, a verification test strategy and a Failure Mode, Effects and Diagnostics Analysis have been proposed to check the correct integration of the safety functions and the compliance with the requirements of failure rates and safety metrics.