- Meeting the IEC/UL 60730 standard is essential for embedded designers, but the process can be lengthy, labor intensive and expensive.
- To help manufacturers more quickly demonstrate compliance, Cypress has developed safety libraries and application notes for IEC/UL 60730 and capacitive sensing.
- The company includes both the source codes and application programming interfaces (APIs) to allow manufacturers to tune and debug programs during system integration.
- Pre-written test routines make it both easier and more efficient to evaluate products and firmware performance.
Prequalified APIs and software keep white goods safe
Editor’s Note: This article appears courtesy of Electronic Design, which hosted the original version.
Have you ever heard stories about “possessed appliances” such as the microwave that automatically turns itself on, or the oven that starts warming up without any human instructions? In our world filled with radio and electromagnetic interfaces, it has become increasingly critical to secure the safe operations of home appliances so that we know our oven will not burn down the house when we are out of town. Microcontroller (MCU) and system-on-chip (SoC) vendors offer a range of prequalified software tools and test routines to make the job easier for embedded designers.
The IEC/UL 60730 standard is a set of safety requirements defined by the International Electrotechnical Commission (IEC) specifically for automatic electronic-control units in home-appliance equipment. It discusses mechanical, electrical, electronic, environmental endurance, EMC and abnormal operation of home appliances.
Today, the majority of automatic electronic controls for appliance products use single-chip MCUs with embedded memory and input/output peripherals. Meeting IEC safety standard requirements is essential for MCU embedded designers. Because qualification can take months, many MCU vendors provide real-time embedded software and application programming interfaces (APIs) to help speed the process.
The IEC 60730 standard separates appliance software into three classes:
- Class A software controls functions that aren’t intended to be relied on for the equipment's safety. Such functions include humidity controls, lighting controls, timers and switches.
- Class B software controls functions intended to prevent unsafe operation of controlled equipment. For example, this would include thermal cut-offs and door locks in a laundry machine.
- Class C software controls functions intended to prevent special hazards. Examples of special hazards include automatic burner controls and thermal cut-outs for closed, unvented water-heater systems.
Major home-appliance systems, such as washing machines, dishwashers, dryers, refrigerators, freezers and cookers/stoves, tend to fall under the Class B classification. An exception is an appliance that might cause an explosion, e.g., a gas-fired, controlled dryer; these exceptions fall under Class C.
According to the IEC 60730-1 standard, Class B software uses one of the following structures:
- Single channel with functional test: In a single-channel structure with functional test, software is designed using a single CPU to execute functions as required. The functional test is executed after the application starts, in order to ensure that all critical features are functioning reliably.
- Single channel with periodic self test: In a single-channel structure with periodic self test, software is designed using a single CPU to execute functions as required. Tests are embedded within the software; self tests occur periodically while the software is in execution mode.
- Dual channel without comparison: In a dual-channel structure without comparison, software is designed using two CPUs to execute critical functions. Prior to executing a critical function, both CPUs must verify that they have completed their corresponding tasks.
A dual-channel structure implementation provides higher reliability than either of the single-channel structures, but the cost escalates because it requires two CPUs. In addition, dual-channel system design is more complex because the two devices need to regularly communicate with each other. For these reasons, many appliance manufacturers are moving to a single-channel structure with periodic self-test implementation.
Home-appliance manufacturers have to bring end products to Underwriters Laboratories (UL) for certification before releasing those models to the market. This process takes time and money. To simplify and accelerate the certification process, MCU and system-on-chip (SoC) vendors like Cypress develop safety features such as an IEC 60730 Safety Library, along with application notes that help manufacturers meet regulations more quickly.
Some vendors also have their products certified by the VDE Association for Electrical, Electronic and Information Technologies E.V. and post the certification online for developers to access. Cypress, for example, has done this with its PSoC® programmable system-on-chip families. This precertification reduces development and documentation efforts for manufacturers by eliminating the need to submit these tests themselves. Whether it’s a library or collection of routines, MCU vendors include both the source codes and APIs so that manufacturers can tune and debug programs during system integration.
As home appliances become more intelligent, they support a greater variety of sensors. For example, a temperature sensor in a washing machine allows precise control of water temperature; a pressure sensor can be used to measure the level of water in the drum and a turbidity sensor monitors the soiling of the water.
Sensors are inherently analog in nature, which means that at least one analog signal rail will reside on the home-appliance front-panel board. These signals, however, may need to be amplified or attenuated, filtered, frequency shifted, etc., given the noise level of the operating environment. Conditioning these signals requires components such as programmable gain amplifiers (PGA), multiplexer buses, mixers, comparators (CMPs) and analog-to-digital converters (ADCs). All of these components need to be tested as part of the qualification process.
The following example, which uses a 10-bit DelSig ADC1 on a PSoC device, demonstrates how to test the secure operation of an ADC. The function implements the ADC value test:
The test is a success if the digitized input-voltage value equals the required reference voltage value within a defined accuracy range. When the test is a success, the function returns 0; otherwise, it returns 1 (failure).
We used two components for this design (see figure 1). Both are configurable and each includes a full set of dynamically generated API libraries built with the PSoC Creator IDE. PSoC components are embedded ICs represented by an icon in PSoC Creator software. They’re used to integrate multiple ICs and system interfaces into one PSoC—designers can drag and drop them as icons to build a system. After configuring the system, firmware can be written, compiled and debugged.
Figure 1: Sample system for testing the secure operation of an analog-to-digital converter (ADC) uses a 10-bit DelSig ADC on a Cypress PSoC programmable-system-on-chip device. Both devices are configurable and include a full set of dynamically generated API libraries built with the PSoC Creator IDE.
In this example, the reference voltages can be connected to both polarities to calculate the ADC gain and ADC offset. The test function saves all of the component configurations and non-retention registers before testing, and restores them afterward. This function measures the input-reference-voltage value one time during the call. During the next call, the input-reference-voltage polarity changes and the test is given a new polarity. Such an implementation offers the advantage of reduced test execution time.
Designs for user-interfaces in consumer electronics have gone through a revolutionary leap in the past decade, with capacitive-touch sensing buttons replacing billions of mechanical buttons. Home-appliance manufacturers are moving toward robust capacitive-touch sensing interfaces, as well.
Though elegant and sleek, capacitive-touch buttons raise the bar for safety, especially in harsh or sensitive operating environments. To mitigate risk, failure mode and effect analysis (FMEA) is a must-have process for user-interface ICs. As is the case with IEC 60730, IC vendors may offer a dedicated safety library for capacitive sensing that covers FMEA.2
The most common failure sources are the physical printed-circuit board (PCB), touch surface and connection to the sensors. Fortunately, these types of failures are most easily detected during manufacturing test and rarely occur during in-field use. In any case, users must be able to recover from a failure or shut the system down in a safe manner after detecting a failure.
With the growing trend of integrating the user interface and main system controller into one IC, home-appliance customers need a software library dedicated to capacitive touch sensing. Cypress’s CapSense® touch-sensing technology, for example, uses IDAC, VADC, PWMs and multiplexer mixed-signal blocks. Any incorrect functioning of these elements can cause false or missed touches. A dedicated safety library for capacitive sensing can provide fail-safe functions for home-appliance manufacturers.
As home appliances become smarter and sleeker, embedded system designers must stay abreast of increasing consumer awareness of safety operations. Whether it’s a software library based on APIs or safety routines, it’s important to stay ahead of the curve and detect failures before they are discovered by the consumer.
1. AN78175 – PSoC® 3 and PSoC 5LP – IEC 60730 Class B Safety Software Library.
2. AN79973 – PSoC3 and PSoC5 CapSense CSD – IEC 60730 Class B Safety Software Library.
Also in this issue:
Other stories in this issue
Also, troubleshooting flowcharts for parallel NOR and dongle detection details
Also in this issue
Conformal electronics differentiate products by improving the appearance, functionality and overall user experience.
With a powerful graphics processor unit (GPU) and onboard VRAM, application-specific MCU designed for the white-goods market speeds HMI design while controlling costs.
Failure analysis methodologies like root cause corrective action give organizations tools to uncover problems and improve processes.
Also, troubleshooting flowcharts for parallel NOR and dongle detection details
Whether monitoring water levels in coffee makers or implementing smart refrigerators that can warn when that milk bottle is nearly empty, liquid-level measurement enhances performance and differentiates products from the competition.
Pre-certified modules let developers skip the byzantine process of Bluetooth qualification and focus on building better products.
Specially configured for home appliances, programmable system-on-chip (PSoC) controller simplifies the addition of functionality like displays and touch sensing for better product differentiation.
Analysis of granular operational data helps developers more easily fix the flaws in their systems