Title of Invention

A METHOD AND A PROTECTING SYSTEM FOR DETECTING A POTENTIALLY DESTRUCTIVE STATE OF AN ARRANGEMENT CONTAINING ELECTRONIC AND FOR TERMINATING THE DESTRUCTIVE STATE

Abstract This invention relates to method far detecting a potentially destructive state of an arrangement (2) containing electronics (12,13) and for terminating this state, whereby currents I1, I 2 , .., In , consumed by the electronics via connecting means from at least one supply voltage (4,5), are continuously compared with by a digital processor (9) with memorized maximum permissible currents Im1 , Im2 , .., Imn and whereby the connecting means are disconnected through processor controlled switching means (10,11) from the least one supply voltage (4,5) and are subsequently earthed as soon as at least one consumed current Ij is higher than the maximum permissible current Imj with j (1,2, -., n).
Full Text


1
The invention relates to a method for detecting a potentially destructive state of an arrangement containing electronics and for terminating this state, whereby currents I], I2, . . , In, consumed by the electronics via connecting means from at least one supply voltage, are continuously compared with memorized maximum permissible currents Im1, Im2, .., Imn and whereby the connecting means are disconnected from the at least one supply voltage and are subsequently earthed as soon as at least one consumed current I1, is higher than the corresponding maximum permissible current Im1, with je{l,2,..,m}.
The method is aimed at preventing the breakdown of the electronics which particularly occurs as a result of a latch-up condition known in the art. The occurrence of latch-up causes at least one component contained in the electronics to be reduced to a state, not envisaged in the design or at least not considered possible, where the breakdown of this at least one component is inevitable, which will usually have an adverse effect on the system's operational effectiveness. Latch-up may occur as a result of strong electromagnetic fields, static discharges, highly fluctuating supply voltages or high-energy particles.
For professional equipment, designed for e.g. space or military applications, use is preferably made of components which are insusceptible to latch up. However, owing to their prohibitive prices, these components are unsuitable for use in less sophisticated equipment. Particularly for computer equipment, components of the four-layer type, highly susceptible to latch-up, are nearly always used.
Computer equipment has increasing popular appeal and has reached an exceptionally high state of perfection.

2
Consequently, the use of COTS (Commercial-Off-The-Shelf) components even in professional applications is inevitable. There is a risk, however, that professional equipment becomes faulty as a result of latch-up of a component contained in COTS equipment. In space applications, this may occur as a result of solar activity coupled with high radiation levels. Equipment for military applications has to be immune to comparatively nearby nuclear explosions. In less sophisticated applications, latch-up may occur as a result of lightning striking in the proximity of the equipment or by problems encountered with, for instance, a ship or aircraft power supply system.
Thus, it is an object of the present invention to protect COTS equipment against the effects of latch-up, without modifying this COTS equipment as such.
The invention also relates to a protection system for detecting a potentially destructive state of an arrangement containing electronics and for terminating this state, provided with measuring means for measuring currents consumed in the operating mode by the electronics from at least one supply voltage, memory means for storing the maximum currents permitted by the electronics, a digital processor for continuously comparing consumed currents with corresponding, memorized currents and processor-controlled switching means for disconnecting the electronics from the at least one supply voltage and for subsequently connecting said electronics to earth if at least one consumed current exceeds the corresponding maximum permissible current level stored in the memory means.
For an arrangement to be protected different operating modes can be distinguished. Thus, the arrangement may be in the standby mode or may be fully operational. A favourable realization of the method is characterized in that for each

3
operating mode, a set of maximum permissible currents valid for that particular operating mode is stored in memory.
Measurements show that the currents in the different operating modes generally depend on the ambient temperature in which the arrangement operates. An embodiment according to a further aspect of the invention which also takes account of a fluctuating ambient temperature is characterized in that for a number of ambient temperatures in each operating mode, a set of maximum permissible currents, valid for that particular temperature in that particular operating mode is stored in memory. It is then possible to derive for a particular ambient temperature a maximum permissible current from the maximum permissible currents stored for the most approximate temperatures, for instance on the basis of linear interpolation.
In changing over from a first mode to a second mode, certain currents may fluctuate in a time-dependent manner. More precisely, the current will, when activating a certain function, initially reach a peak level, for instance caused by the spin up of a motor or stepping of a stepping motor. A favourable realization of the method is thereto characterized in that these currents are stored in a time-dependent manner in the set of memorized maximum permissible currents.
The sets of maximum permissible currents are preferably determined for each separate device, since the statistical spread in the current consumption of electronic components, and consequently the spread in the current consumption of each separate device, may be considerable. A favourable method according to a further aspect of the invention which realizes this in a simple manner, is characterized in that in a preoperational phase, the consumed currents I,, I2/o o , In are determined for the different ambient temperatures and

4
operating modes and that the maximum permissible values lm1, Im2, . . , Imn are derived from the values I1, 12, . . , In by multiplying these values by a factor. In a favourable realization, the factor is selected in the 1.05-1.2 interval.
In a favourable embodiment according to a further aspect of the invention, the protection system is characterized in that the arrangement distinguishes a number of different operating modes, that the memory means are designed to store, in each operating mode, a set of maximum permissible currents for a number of temperature ranges and that the processor is designed to compare, for each operating mode and each temperature range, the consumed currents with the corresponding set of maximum permissible currents.
A favourable embodiment according to a further aspect of the invention in which the sets of maximum permissible currents are obtained semi-automatically, is characterized in that the processor is also designed to determine, in a preoperational phase, the currents consumed per operating mode and per temperature range, these processor computations serving to determine the maximum permissible currents, and to store these maximum permissible currents in the memory means.
The invention will now be explained in greater detail with reference to the figure, which schematically shows an arrangement 1 for preventing damage caused by latch-up of an arrangement 2, which arrangement 2 is connected to a host 3. Host 3 may be a military installation or a satellite and is usually designed such that latch-up is precluded. Arrangement 2, in this embodiment a hard disk, is however susceptible to latch-up owing to the incorporation of low-cost semiconductors. The occurrence of latch-up can be detected through a sudden increase of at

5
least one supply current drawn by arrangement 2. For the purpose of latch-up detection, the +5V power supply line 4 and the +12V power supply line 5 are according to the invention provided with sense resistors 6, 7, which sense resistors are connected to an analog interface 8, incorporating two differential amplifiers and two A/D converters for converting,, in a manner known in the art, the consumed currents to digital signals to be processed by a digital processor 9. Processor 9 can connect arrangement 2 via switches 10, 11 to the +5V and +12V power supply lines 4, 5 or may serve to earth arrangement 2, resulting in the discharge of smoothing capacitors 12, 13 incorporated in arrangement 2. According to the invention, discharge takes place upon latch-up detection, because the energy stored in the smoothing capacitors 12, 13 may be sufficient to destroy the semiconductor affected by latch-up.
In order to ascertain the occurrence of latch-up, processor 9 continuously compares the consumed currents digitized with the aid of analog interface 8 with currents stored in a memory contained in processor 9. In the event of latch-up, the switches 10, 11 are immediately restored to the earthing position whereupon, for instance after five seconds, the +5V and +12V supply voltages are reconnected.
Generally, arrangement 2 may enter various operational states. Assuming a hard disk, we distinguish for instance the spin up of the disk during activation, transfer of data between arrangement 2 and host 3, stepping to another cylinder, data reading and writing, and an idle state.
The transition from one state to another is effected by a command to arrangement 2 to be issued via a set of command lines 141, .., 14n, which command lines are also read by processor 9. A change in one of the command lines results

6
in an interrupt of processor 9. In a preoperational phase, the current drawn from the +5V and the +12V power supply lines is after each interrupt measured for a certain period of time and subsequently stored in the memory of processor 9, in combination with the logic levels of the command lines 141, .., 14n and the change that caused the interrupt. More precisely, it is not the measurement that is retained but the maximum of both the actual measurement and of previous measurements carried out as a result of that same change. In fact, for each change exactly one measurement is retained to represent the change-engendered peak currents as a function of time.
Once these peak currents have been determined in a preoperational phase, the peak values are multiplied by a safety factor to obtain threshold values. In an operational phase, the protection circuitry will then be actuated if the actual current drawn from the +5V or the +12V power supplies exceeds said threshold values.
The safety factor is preferably selected to be small so as to increase the chance of timely latch-up detection. A too small safety factor would increase the liability to false alarm and would consequently entail an unnecessary disconnection of arrangement 2. For a certain application, the safety factor is preferably determined experimentally by measuring the false alarm probability for various safety factors and by choosing a compromise value. This compromise value will usually be 1.1.
The currents drawn by some COTS equipment units are found to fluctuate in accordance with the ambient temperature. In such cases, a temperature sensor 15 can be mounted on the COTS unit, an NTC resistor for instance, so that the consumed currents can in a preoperational phase be determined for a number of temperatures. This way, a set of

7
maximum permissible currents can be determined for each temperature. In the operational phase, this then constitutes the basis for determining the actually measured maximum permissible currents, for instance through linear interpolation bertween the stored values obtained for the most approximate temperatures.
Generally, a COTS unit will nearly always be in one certain position, for instance an idle position at room temperature. It may then be recommendable to provide arrangement 1 with a test switch for artificially increasing a certain supply current, by for instance 10% Thus, the proper functioning of the arrangement can be periodically checked.

s.
WE CLAIM:
1 . Method for detecting a potentially destructive state of an arrangement (2) containing electronics (12,13) and for teminating this state, whereby currents I1, I2 , .., 1n , consumed by the electronics via connecting means from at least one supply voltage (4,5) are continuously compared by a digital processxor (9) with memorized maximum permissible currents Im1 , Im2 , . . , Imn and whereby the connecting means are disconnected through processor control led switching means (10,11) from the least one supply voltage (4,5) and are subsequently earthed as soon as at least one consumed current Ij is higher than the maximum permissible current Imj , with j (1,2, .., n)-
2- Method as claimed in claim 1, wherein different operating modes can be distinguished for the arrangement (2) and that for each operating mode, a set of maximum permissible currents valid for that particular operating mode is stored in memory.
3. Method as claimed in claim 2, wherein far a number of ambient temperatures in each operating mode, a set of maximum permissible currents, valid for that particular temperature in that particular operating mode is stored in memory-

9.
4- Method as claimed in claim 3, wherein these currents are
stored in a time-dependent manner in the set of memorized maximum
permissible currents.
5- Method as claimed in claim 3, wherein in a preoperatlonal
phase, the consumed currents I1 , I2 , .., In are determined for
the different ambient temperatures and that the maximum
permissible values Ini1 , Im2 , .., Imn are derived from the
values I1 , I2 , . ., In by multiplying these values by a
safety factor.
6. Method as claimed in claim 5, wherein said factor is chosen
in the 1.05-1.2 interval.
7. Protection system (1) for detecting a potentially
destructive state of an arrangement (2) containing electronics
(12,13) and for terminating this state, provided with measuring means for measuring currents consumed in the operating mode by the electronics from at least one supply voltage (4,5) and for subsequently connecting said electronics (12,13) to earth if at least one consumed current exceeds the corresponding current level stored in the memory means.

10.
8. Protection system as claimed in claim 7, wherein said processor (9) distinguishes a number of different operating modes, that the memory means are designed to store, in each operating mode, a set of maximum permissible currents for a number of temperature ranges and the said processor (9) is designed to compare, for each operating mode and each temperature range, the consumed currents with the corresponding set of maximum permissible currents.
9- Protection system as claimed in claim 8, wherein the said processor (9) is also designed to determine, in a preoperational phase, the currents consumed per operating mode and per temperature range, these processor computations serving to determine. the maximum permissible currents, and to store these maximum permissible currents in the memory means.
10. Protection system as claimed in claim 7, wherein the system incorporates a test, switch for artificial ly increasing a certain supply current-


This invention relates to method far detecting a potentially destructive state of an arrangement (2) containing electronics (12,13) and for terminating this state, whereby currents I1, I 2 , .., In , consumed by the electronics via connecting means from at least one supply voltage (4,5), are continuously compared with by a digital processor (9) with memorized maximum permissible currents Im1 , Im2 , .., Imn and whereby the connecting means are disconnected through processor controlled switching means (10,11) from the least one supply voltage (4,5) and are subsequently earthed as soon as at least one consumed current Ij is higher than the maximum permissible current Imj with j (1,2, -., n).


Documents:

in-pct-2000-00050-kol abstract.pdf

in-pct-2000-00050-kol claims.pdf

in-pct-2000-00050-kol correspondence.pdf

in-pct-2000-00050-kol description(complete).pdf

in-pct-2000-00050-kol drawings.pdf

in-pct-2000-00050-kol form-1.pdf

in-pct-2000-00050-kol form-18.pdf

in-pct-2000-00050-kol form-2.pdf

in-pct-2000-00050-kol form-3.pdf

in-pct-2000-00050-kol form-5.pdf

in-pct-2000-00050-kol letters patent.pdf

in-pct-2000-00050-kol p.a.pdf

in-pct-2000-00050-kol priority document.pdf


Patent Number 213438
Indian Patent Application Number IN/PCT/2000/50/KOL
PG Journal Number 01/2008
Publication Date 04-Jan-2008
Grant Date 02-Jan-2008
Date of Filing 19-May-2000
Name of Patentee THALES NEDERLAND B.V.
Applicant Address ZUIDELIJKE HAVENWEG 40, P.O. BOX 42, 7550 HENGELO
Inventors:
# Inventor's Name Inventor's Address
1 VAN KEMPEN PAULUS HOEFAKKERS 11, NL-5133 CJ RIEL
PCT International Classification Number G 06 F 1/28
PCT International Application Number PCT/EP99/07796
PCT International Filing date 1999-10-06
PCT Conventions:
# PCT Application Number Date of Convention Priority Country
1 10/0303 1998-10-13 Netherlands