ECE 477 Digital Systems Senior Design Project Spring 2006
Homework 11: Reliability and Safety Analysis
Due: Friday, April14, at NOON
Team Code Name: We ate 9______Group No. 7_____
Team Member Completing This Homework: Matteo Mannino______
E-mail Address of Report Author: ______mtmannin @ purdue.edu
Evaluation:
Component/Criterion / Score / Multiplier / PointsIntroduction and Summary
/ 0 1 2 3 4 5 6 7 8 9 10 / X 1Reliability Analysis / 0 1 2 3 4 5 6 7 8 9 10 / X 2
Failure Mode, Effects, and Criticality Analysis / 0 1 2 3 4 5 6 7 8 9 10 / X 3
Appendix A / 0 1 2 3 4 5 6 7 8 9 10 / X 1
Appendix B / 0 1 2 3 4 5 6 7 8 9 10 / X 1
List of References / 0 1 2 3 4 5 6 7 8 9 10 / X 1
Technical Writing Style / 0 1 2 3 4 5 6 7 8 9 10 / X 1
TOTAL
Comments:
______
______
______
______
1.0 Introduction
Our project is a glove that allows the user to control a computer mouse pointer and all of its functions with simple hand and finger movements. The project contains two main components; a base station that communicates with the computer through a USB connection, and the glove station fitted onto the user’s hand. The two stations communicate with each other via RF transceivers.
The main safety and reliability concerns for the base station involve current spikes from the USB line, overheating of an onboard low-dropout voltage regulator, and failure to communicate with the RF transceiver. The base station contains three devices that will be analyzed for reliability; the microcontroller, RF module, and the low drop-out voltage regulator.
The main safety and reliability concerns for the glove station involve overheating of the power supply circuit and overheating or break-down of the RF transceiver. The glove contains two devices that will be analyzed for reliability; the microcontroller and the step-up converter. An analysis of the glove RF transceiver would be redundant to the base RF transceiver. Safety for the glove station is emphasized, since it is fitted onto the user’s hand and thus in the event of a failure, such as overheating, may cause injury.
The analysis of each component will be done using the Military Handbook for Reliability Prediction of Electronic Equipment. [1] Then, the schematic of the design will be divided into seven functional blocks, and the different failure modes of each block will be organized into an FMECA worksheet. Throughout the document, a ‘high’ criticality will refer to any possibility of overheating and causing fire, exploding, or injuring the user. A ‘low’ criticality will generally be anything that may cause user dissatisfaction.
2.0 Reliability Analysis
Component Selection
For the reliability analysis, five components in the design were chosen under the criteria of being the most likely to fail. To match these criteria, considerations were taken into the likelihood of overheating and the criticality of the component to the entire design. Below (Table 1) is a list of the components determined to be the most likely to fail and to be the most critical to the overall design.
1. MAX1705 (DC-DC Step-Up Converter - Glove) [2]
2. LD1117 (Voltage Regulator - Base) [3]
3. MC9S08GT16 (Microcontroller - Glove) [4]
4. MC68HC908JB16 (Microcontroller - Base) [5]
5. nRF2401A (RF Transceiver – Glove/Base) [6]
Table 1. List of Components for Reliability Analysis.
Part Failure Rate and MTTF Calculation
In order to calculate the part failure rate and MTTF for each device, several parameters and equations were used from the Military Handbook for Reliability Prediction of Electronic Equipment. The parameters used and their definitions are listed on Table 2. In calculating the MTTF of each device, if a reasonable assumption could not be made in selecting a numerical value for each parameter, then the value selected would reflect the ‘worst case scenario’ for that device.
λp = Part failure rate
C1 = Die complexity
C2 = Constant based on the number of pins
λBD = Die base failure rate
πMFG = Manufacturing process correction factor
πT = temperature coefficient
πL = Learning factor based on amount of time in production
πCD = Die complexity correction factor
λBP = Package base failure rate
πE = Environmental constant
πQ = Quality factor
πPT = Package type correction
λEOS = Electrical overstress failure rate
Np = number of pins
Table 2. Parameters used from MIL-HDBK-217F.
1. MAX1705 (DC-DC Step-Up Converter - Glove) – Linear CMOS Device [2]
λp = (C1 πT + C2 πE) πQ πL Failures/106 hours
(MIL-HDBK-217F, Section 5.1)
Parameter / Value / JustificationC1 / 0.04 / Assumed linear CMOS with 301-1000 transistors for both the linear step-converter and low battery comparator (MIL-HDBK-217F, Section 5.1)
C2 / 0.0056 / 16 pin SMT device
2.8 x 10-4 x (Np)1.08, Np = 16 pins
(MIL-HDBK-217F, Section 5.9)
πT / 7 / Normal operation from -40 to 85 degrees C, Linear MOS device
T (worst case scenario) = 85 degrees C
(MIL-HDBK-217F, Section 5.8)
πE / 2.0 / Assumed ground fixed environment
(MIL-HDBK-217F, Section 5.10)
πQ / 10 / Commercial part with unknown screening levels
(MIL-HDBK-217F, Section 5.10)
πL / 1.0 / At least two years in production
(MIL-HDBK-217F, Section 5.10)
λp / 2.912 Failures/106 hours
MTTF / 3.4341 x 105 hours ~ 39.2 years
Table 3. MAX1705 Parameters and Calculations.
The MAX1705 DC-DC Step-Up Converter’s function is to check for a low battery and to supply power to the entire glove circuit. It was chosen due to its critical role in the power supply design, and thus its possible tendency to overheat. Since the device sits on the user’s hand, failure in this device may result in overheating and thus may injure of the user. Therefore, the criticality of this device is high. This analysis clearly shows that modifications need to be made to the power supply to ensure greater safety.
2. LD1117 (Voltage Regulator - Base) – Linear CMOS Device [3]
λp = (C1 πT + C2 πE) πQ πL Failures/106 hours
(MIL-HDBK-217F, Section 5.1)
Parameter / Value / JustificationC1 / 0.02 / Assumed linear CMOS with 101-300 transistors (MIL-HDBK-217F, Section 5.1)
C2 / 9.2 x 10-4 / 3 pin SMT device
2.8 x 10-4 x (Np)1.08, Np = 3 pins
(MIL-HDBK-217F, Section 5.9)
πT / 180 / Normal operation from -40 to 150 degrees C, Linear MOS device
T (worst case scenario) = 150 degrees C
(MIL-HDBK-217F, Section 5.8)
πE / 2.0 / Assumed ground fixed environment
(MIL-HDBK-217F, Section 5.10)
πQ / 10 / Commercial part with unknown screening levels
(MIL-HDBK-217F, Section 5.10)
πL / 1.0 / At least two years in production
(MIL-HDBK-217F, Section 5.10)
λp / 36.01 Failures/106 hours
MTTF / 2.7764 x 104 hours ~ 3.17 years
Table 4. LD1117 Parameters and Calculations.
The LD1117 Low Drop-Out Voltage Regulator was chosen for its role in the base station power supply. The purpose of the LD1117 is to drop 5.0V down to 3.3V for the RF communication module. While this device is not attached to the user, possible overheating may cause a fire. For this reason the criticality of the device is high. This analysis shows that modifications need to be made to the design to ensure greater safety.
3. MC9S08GT16 (Microcontroller - Glove) – 8-bit Microprocessor [4]
λp = (C1 πT + C2 πE) πQ πL Failures/106 hours
(MIL-HDBK-217F, Section 5.1)
Parameter / Value / JustificationC1 / 0.14 / 8-bit microprocessor
(MIL-HDBK-217F, Section 5.1)
C2 / 0.017 / 44 pin SMT device
2.8 x 10-4 x (Np)1.08, Np = 44 pins
(MIL-HDBK-217F, Section 5.9)
πT / 0.98 / Normal operation from -40 to 85 degrees C, Digital MOS device
T (worst case scenario) = 85 degrees C
(MIL-HDBK-217F, Section 5.8)
πE / 2.0 / Assumed ground fixed environment
(MIL-HDBK-217F, Section 5.10)
πQ / 10 / Commercial part with unknown screening levels
(MIL-HDBK-217F, Section 5.10)
πL / 1.0 / At least two years in production
(MIL-HDBK-217F, Section 5.10)
λp / 1.712 Failures/106 hours
MTTF / 5.8411 x 105 hours ~ 66.68 years
Table 5. MC9S08GT16 Parameters and Calculations.
This microcontroller is the basis of the entire design for the glove. If it failed, the entire design would fail. Failure of this part will not lead to overheating or injury, and therefore this device remains a low criticality. The MTTF shows that it is not necessary to improve the safety of this device any further.
4. MC68HC908JB16 (Microcontroller - Base) – 8-bit Microprocessor [5]
λp = (C1 πT + C2 πE) πQ πL Failures/106 hours
(MIL-HDBK-217F, Section 5.1)
Parameter / Value / JustificationC1 / 0.14 / 8-bit microprocessor
(MIL-HDBK-217F, Section 5.1)
C2 / 0.012 / 32 pin SMT device
2.8 x 10-4 x (Np)1.08, Np = 32 pins
(MIL-HDBK-217F, Section 5.9)
πT / 0.60 / Normal operation from 0 to 70 degrees C, Digital MOS device
T (worst case scenario) = 70 degrees C
(MIL-HDBK-217F, Section 5.8)
πE / 2.0 / Assumed ground fixed environment
(MIL-HDBK-217F, Section 5.10)
πQ / 10 / Commercial part with unknown screening levels
(MIL-HDBK-217F, Section 5.10)
πL / 1.0 / At least two years in production
(MIL-HDBK-217F, Section 5.10)
λp / 1.08 Failures/106 hours
MTTF / 9.2593 x 105 hours ~ 105.7 years
Table 6. MC68HC908JB16 Parameters and Calculations.
This microcontroller is the basis of the entire design for the base station. If it failed, the entire design would fail. Like the glove microcontroller, failure of this part will not lead to overheating or injury, and therefore this device remains a low criticality. The MTTF shows that it is not necessary to improve the safety of this device any further.
5. nRF2401A (2.4 GHz RF Transceiver – Glove/Base) – VHSIC/VHSIC-like
λp = λBD πMFG πT πCD + λBP πE πQ πPT + λEOS Failures/106 hours
(MIL-HDBK-217F, Section 5.3)
Parameter / Value / JustificationλBD / 0.16 / Assumed logic and custom part type
(MIL-HDBK-217F, Section 5.3)
λBP / 0.0026 / 24 pins
(MIL-HDBK-217F, Section 5.3)
λEOS / 0.065 / Assumed to be susceptible from 0 to 1000 volts of ESD (worst case)
(MIL-HDBK-217F, Section 5.3)
πE / 2.0 / Assumed ground fixed environment
(MIL-HDBK-217F, Section 5.10)
πQ / 10 / Commercial part with unknown screening levels
(MIL-HDBK-217F, Section 5.10)
πCD / 5.2 / Measured ~0.25cm2 Die Area, ~1.00um feature size
(MIL-HDBK-217F, Section 5.3)
πPT / 6.1 / Assumed non-hermetic SMT device (worst case)
(MIL-HDBK-217F, Section 5.3)
πMFG / 2.0 / Assume neither QPL or QML (worst case)
(MIL-HDBK-217F, Section 5.3)
πT / 7.0 / Normal operation from -40 to 85 degrees C, Linear MOS device
T (worst case scenario) = 85 degrees C
(MIL-HDBK-217F, Section 5.8)
λp / 12.03 Failures/106 hours
MTTF / 8.3124 x 104 hours ~ 9.5 years
Table 6. nRF2401A Parameters and Calculations.
Communication between the base station and the glove relies on this device. The nRF2401 RF Transceiver was chosen because it operates at a high frequency and dissipates a relatively large amount of power. If it were not to function properly, the entire design would fail, but there would be no risk of injury to the user. Even though it is of low criticality, the MTTF calculation shows that more improvements should be made to the reliability of this device.
Conclusion
Part / λp / MTTFMAX1705 / 2.912 Failures/106 hours / 3.4341 x 105 hours ~ 39.2 years
LD1117 / 36.01 Failures/106 hours / 2.7764 x 104 hours ~ 3.17 years
MC9S08GT16 / 1.712 Failures/106 hours / 5.8411 x 105 hours ~ 66.68 years
MC68HC908JB16 / 1.08 Failures/106 hours / 9.2593 x 105 hours ~ 105.7 years
nRF2401A / 12.03 Failures/106 hours / 8.3124 x 104 hours ~ 9.5 years
Table 7. Overall Failure Rate Calculations
With the overall failure rate calculations organized together on Table 7, it is easy draw comparisons to analyze the data. It is clear that the most likely failure to occur is the LD1117 voltage regulator. This failure may could result in a short, and overheat the circuit, or it may just disconnect the power to the nRF2401A device. Since there is a risk of fire, this current rate of failure is not acceptable and an improvement on the design is necessary.
The second most likely device to fail is the nRF2401 transceiver. This will cut off all communication between the base station and glove, thus rendering the device useless. While this device is of low criticality, improvements should be made to help user satisfaction. The rest of the devices appear to fail relatively close to each other in comparison to the nRF2401A and the LD1117.
In conclusion, in order for the device to be marketed improvements on the design must be made. The current design yields a lifetime of about three years with a possibility of overheating and causing injury to the user.
3.0 Failure Mode, Effects, and Criticality Analysis (FMECA)
For the FMECA worksheet, Appendix A contains the schematic and all of its functional blocks. [7] Table 8 (below) corresponds to Appendix A by denoting the functional block and main component by color and label. Appendix B contains the FMECA worksheet. The criticality classifications for the worksheet can be found in Table 9. (below)