Electronic Design
Safety Comes First in Today’s Home-Appliance Designs

Safety Comes First in Today’s Home-Appliance Designs

In addition to making home appliances sleeker and more stylish, OEMs need to consider how to meet safety regulations such as IEC/UL 60730.

Have you ever heard stories about “possessed appliances”? Like the microwave automatically turned itself on, or the oven starts warming up without any human instructions? In our world filled with radio and electromagnetic interfaces, it’s become increasingly critical to secure the safety operation of home appliances so that we know our oven will not burn down the house when out of town.

Download this article in .PDF format
This file type includes high resolution graphics and schematics when applicable.

The IEC/UL 60730 standard is a set of safety requirements defined by the International Electrotechnical Commission (IEC) specifically for automatic electronic-control units in home-appliance equipment. It discusses mechanical, electrical, electronic, environmental endurance, EMC, and abnormal operation of home appliances.

Today, the majority of automatic electronic controls for appliance products utilize single-chip microcontrollers (MCUs) with embedded memory and input/output peripherals. Meeting IEC safety standard requirements is a must-have for MCU embedded designers. Because the qualification process can take months, many MCU vendors provide real-time embedded software and APIs to help speed up the qualification process.

Software Classes

The IEC 60730 standard separates appliance software into three classes:

• Class A software controls functions that aren’t intended to be relied on for the equipment's safety. Such functions include humidity controls, lighting controls, timers, and switches.

• Class B software controls functions intended to prevent unsafe operation of controlled equipment. For example, this would include thermal cut-offs and door locks in a laundry machine.

• Class C software controls functions intended to prevent special hazards. Examples of special hazards include automatic burner controls and thermal cut-outs for closed, unvented water-heater systems.

Major home-appliance systems, such as washing machines, dishwashers, dryers, refrigerators, freezers, and cookers/stoves, tend to fall under the Class B classification. An exception is an appliance that might cause an explosion, e.g., a gas-fired controlled dryer. These fall under Class C.

According to the IEC 60730-1 standard, Class B software uses one of the following structures:

Single channel with functional test: In a single-channel structure with functional test, software is designed using a single CPU to execute functions as required. The functional test is executed after the application starts to ensure that all critical features are functioning reliably.

Single channel with periodic self-test: In a single-channel structure with periodic self-test, software is designed using a single CPU to execute functions as required. Tests are embedded within the software; self-tests occur periodically while the software is in execution mode.

Dual channel without comparison: In a dual-channel structure without comparison, software is designed using two CPUs to execute critical functions. Prior to executing a critical function, both CPUs must verify that they completed their corresponding tasks.

A dual-channel structure implementation provides higher reliability than either of the single-channel structures, but the cost escalates since it requires two CPUs. In addition, dual-channel system design is more complex because two devices need to regularly communicate with each other. For these reasons, many appliance manufacturers are moving to a single-channel structure with periodic self-test implementation.

Home-appliance manufacturers have to bring end products to Underwriters Laboratories (UL) for certification before launching to the market. This process takes time and money. To simplify and accelerate the certification process, MCU and system-on-chip (SoC) vendors (Microchip, Freescale, Cypress, Atmel, etc.) often develop safety features, such as an IEC 60730 Safety Library, along with application notes to help manufacturers more quickly meet regulations.

Some vendors also have their products certified by VDE (VDE Association for Electrical, Electronic and Information Technologies e.V.), such as Cypress’ programmable system-on-chip (PSoC) families of MCUs, and post the certification online for developers to access. This reduces development and documentation effort for manufacturers by eliminating the need to submit these tests themselves, thus saving certification cost. Whether it’s a “Library” or collection of “Routines,” MCU vendors include both the source codes and application programming interfaces (APIs) so that manufacturers can tune and debug programs during system integration.

All-Important Sensors

As home appliances become more intelligent, they support a greater variety of sensors. For example, a temperature sensor in washing machines allows precise control of water temperature; a pressure sensor can be used to measure the level of water in the drum; and a turbidity sensor monitors the soiling of the water.

Sensors are inherently analog in nature, which means at least one analog signal rail will reside on the home-appliance front-panel board. These signals, however, may need to be amplified or attenuated, filtered, frequency shifted, etc., given the noise level of the operating environment. Conditioning these signals requires components such as programmable gain amplifiers (PGA), multiplexer buses, mixers, comparators (CMPs), and analog-to-digital converters (ADCs).

The following example, which uses an 10-bit DelSig ADC1 on a PSoC device, demonstrates how to test the secure operation of an ADC. The function implements the ADC value test:

uint8 SelfTest_ADC(void)
Returns: 0 No error
1 Error detected

#define ADC_TEST_ACC 10
// +/- ADC result value

The test is a success if the digitalized input-voltage value equals the required reference voltage value within a defined accuracy range. When the test is a success, the function returns 0; otherwise, it returns 1 (failure).

We used two components for this design (see the figure). Both are configurable, and each includes a full set of dynamically generated API libraries built with the PSoC Creator IDE. PSoC components are embedded ICs represented by an icon in PSoC Creator software. They’re used to integrate multiple ICs and system interfaces into one PSoC—designers can drag and drop them as icons to build a system. After configuring the system, firmware can be written, compiled, and debugged.

This schematic shows an implementation of an IEC Safety ADC Test built using the PSoC Creator IDE.

In this example, the reference voltages can be connected to both polarities to calculate the ADC gain and ADC offset. The test function saves all of the component configurations and non-retention registers before testing, and restores them afterwards. This function measures the input-reference-voltage value one time during the call. During the next call, the input-reference-voltage polarity changes and the test is given a new polarity. Such an implementation offers the advantage of reduced test execution time.

User Interfaces

User-interface designs in consumer electronics have gone through a revolutionary leap in the past decade, with capacitive-touch sensing buttons replacing billions of mechanical buttons. Home-appliance manufacturers are moving toward robust capacitive-touch sensing interfaces as well.

Though elegant and sleek, capacitive-touch buttons raise the bar for safety, especially in harsh or sensitive operating environments. To mitigate risk, failure mode and effect analysis (FMEA) is a must-have process for user-interface ICs. As is the case with IEC 60730, IC vendors may offer a dedicated safety library for capacitive sensing that covers FMEA.2

The most common failure sources are the physical printed-circuit board (PCB), touch surface, and connection to the sensors. Fortunately, these types of failures are most easily detected during manufacturing test and rarely occur during in-field use. In any case, users must be able to recover from a failure or shut the system down in a safe manner after detecting a failure.

With the growing trend of integrating the user interface and main system controller into one IC, home-appliance customers need a software library dedicated to capacitive touch sensing. Using Cypress’ CapSense as an example, IDAC, VADC, PWMs, and multiplexer mixed-signal blocks are used. Any incorrect functioning of these elements can cause false or missed touches. A dedicated safety library for capacitive sensing can provide fail-safe functions for home-appliance manufacturers.

 

Download this article in .PDF format
This file type includes high resolution graphics and schematics when applicable.

As home appliances become smarter and sleeker, embedded system designers must stay abreast of increasing consumer awareness of safety operations. Whether it’s a software library base on APIs or safety routines, it’s important to stay ahead of the curve and detect failures before being discovered by the consumer.

Meng He, product manager at Cypress Semiconductor, holds an MSEE from Marquette University.  Meng can be contacted at [email protected].

Greg Verge, application engineer principle at Cypress, holds a BSEE and MBA from Seattle University. For the last ten years he has focused on mixed signal design of microcontrollers, systems on chip, and motor control. He can be reached at [email protected].

References:

1. AN78175 - PSoC® 3 and PSoC 5LP - IEC 60730 Class B Safety Software Library.

2. AN79973 - PSoC3 and PSoC5 CapSense CSD - IEC 60730 Class B Safety Software Library.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish