Posts Tagged ‘top-story’

Next Page »

When Will Self-Driving Cars Become a Reality?

Thursday, September 27th, 2018

Self-driving cars have been all the rage in both the trade and popular press in recent years. I prefer the term “autonomous vehicles,” which more broadly captures the possibilities, encompassing not only small passenger vehicles but mass transit and industrial vehicles as well. Depending on who’s talking, we will all be riding in fully autonomous vehicles in five to 25 years.

The five-year estimates come from startups eager to raise venture capital while the 25-year estimates stem from Tier 1 automotive suppliers who tend to be more conservative in outlook. Regardless of the timeframe, a multitude of investors – national governments, venture capitalists and companies – are dedicating significant capital and effort to make autonomous vehicles a reality.

I must admit that I did not fully grasp the enthusiasm for self-driving cars until last year. First, I’ve always enjoyed driving, unless I’m in stop-and-go traffic, so I couldn’t imagine relinquishing the task. Second, I’ve deliberately arranged my life to spend minimal time in my car. However, traffic has become much heavier in my metropolitan area (Boston), and I know that many people in cities around the world face longer commutes and waste more time in gridlock.

What is the solution to this problem that is only getting worse? I had an epiphany while walking through Shinigawa Station in Tokyo, one of the busiest train stations in the world. Dense streams of people crisscrossed the station on their individual paths, managing to avoid collisions without the aid of traffic controls. Evidently, humans have an innate collision-avoidance ability that makes traffic controls for pedestrian crowds unnecessary. If autonomous vehicles could achieve the same excellence in collision-avoidance, we could potentially reduce or eliminate traffic controls for vehicular traffic, providing a huge gain in transportation efficiency and relief from gridlock.

Sensors as core building blocks

New and improved sensors, many based on micro-electromechanical systems (MEMS) technology, are key to achieving this vision. While MEMS inertial sensors (such as accelerometers and gyros) are already integral to the core safety systems in conventional vehicles, they are also essential to improved self-navigation in autonomous vehicles.

The challenge for MEMS suppliers is to deliver inertial sensors that meet the requirements for self-navigation systems, which are different and more demanding than for safety systems.

Pinpointing a vehicle’s position requires “dead reckoning” based on inertial sensor signals as a supplement to GPS input. Undesirable drift in the inertial sensor signals due to mechanical quadrature, temperature sensitivity and noise can quickly add up to a large error in position that may result in a collision. To meet the more rigorous requirements for autonomous vehicles, suppliers must design MEMS inertial sensors that are substantially more precise and resistant to drift. This requires design software that is both extremely accurate and fast, as well as increasingly precise and reliable manufacturing capabilities.

Other MEMS-based devices, such as micromirrors and micro ultrasound transducers (MUTs), are also promising options for implementing vision and range-finding systems in autonomous vehicles. These sensing systems are needed for building electronic versions of the human collision-avoidance abilities that I witnessed in Shinigawa Station – and it is these systems that autonomous vehicles must emulate.

When will self-driving cars become a reality? Aside from the provocative question that got you to read this far, I don’t have a definitive answer. It will undoubtedly occur in phases, ranging from the driver-augmentation systems available in today’s cars to the full autonomy and ubiquity that will allow reduction of traffic controls in 20 years or more. It is clear that the ultimate goals for autonomous vehicles are highly worthwhile, and that achieving those goals will require better-performing and more diverse MEMS sensors.

MEMS-based sensing systems are essential to autonomous vehicles.

Stephen (Steve) Breit, Ph.D. has been responsible for overseeing development and delivery of Coventor’s industry-leading software tools for MEMS design automation since joining Coventor in 2000. Steve holds numerous patents on software systems and methods for MEMS design automation and virtual fabrication. He holds a Ph.D. in Ocean Engineering from MIT and a B.S. in Naval Architecture and Marine Engineering from Webb Institute.
For more information, visit:

V2X to Change the World for Truck Transport, More

Thursday, July 5th, 2018

Q&A with Herbert Blaser, u-blox

Smart city traffic management, tracking agricultural, mining, and other equipment, improved safety, and fuel savings are among the applications set to benefit.

Editor’s Note: Even shark fins that are not in soup can find themselves heating up or cooling down. Take shark fin antennas housing V2X communications equipment atop a truck, for example. The need to deal with temperature extremes is the reason the UBX-P3 DSRC/802.11p chip (u-blox) is AEC-Q100 grade 2 (-40 °C to +105 °C). And the reason some trucks sport the fins, including those in trials of the Peloton system , is to “realize fuel savings of 10 percent or more,” as Herbert Blaser, u-blox senior director, product center short range radio, explained. Speaking with EECatalog not long before the UBX-P3 SoC chip was announced, Blaser described, in addition to truck platooning, other applications for Direct Short Range Radio Communication (DSRC), which is based on the IEEE 802.11p WiFi standard. Edited excerpts of our interview follow.

EECatalog:  What sets Vehicle to Everything (V2X) applications based on DSRC/802.11p apart?

Herbert Blaser, u-blox

Herbert Blaser, u-blox: With DSRC we have solved, for example, the problem of connectivity around corners, and the technology makes line of sight up to one kilometer possible.

The technology sets a framework within which a vehicle can send any type of information in a standardized format. The basic information that is sent is the position, the velocity and the direction, or heading, of the vehicle. The receiving vehicle can receive the information and then can do something with it. It can alert the driver, it can ignore it, or even take immediate action if we’re talking about autonomous driving, for example.

EECatalog:  What comprises some of the “X,” the “everything” part of V2X?  What else would be talking to or listening to vehicles when this technology is implemented?

Blaser, u-blox:  While active traffic safety will drive volume, there are other applications that make use of the technology, which are not so high volume but still very interesting. For instance, if cities place roadside units at intersections and traffic lights, they have the means to communicate with vehicles and proactively manage the traffic or alert drivers. The same infrastructure can also be used to manage bus systems.

If you think, “what can you do with this?” then you get into applications like mining or agriculture, where you have expensive equipment driving around, and where it thus makes sense to exchange information, whether about the equipment’s position or something else. And from that point you can use your imagination and creativity to think about other applications for the technology.

Image courtesy Peloton

EECatalog:  Platooning was one of the applications mentioned in the release announcing the u-blox UBX-P3 chip for V2X.

Blaser, u-blox:  Yes, platooning is a very interesting application where there is money to be saved. In the U.S.,  Peloton is very advanced with its platooning solutions today. The DSRC/802.11p V2X communication solution Peloton uses is enabling trucks to safely stay to within just 0.5 seconds of distance between trucks. For each truck that joins a platoon, whether it is heading or trailing, all trucks in the platoon save fuel as aerodynamic drag shrinks. Saving 10 percent or even more of fuel is significant when you drive long distances. Several states have approved the platooning concept in preparation for commercial deployment. Trials are also taking place in Europe along with standardization and legislative efforts.

And with regard to increasing autonomy, with initial deployments a driver will steer, with acceleration and braking handled by machines. The driver also takes over for entering or exiting the highway. But, going forwards, we will see steps in increasing autonomy, and that means a long haul truck driver, for example, can do other things, such as prepare for the next trip.

EECatalog:  How are DSRC/802.11p V2X and cellular V2X alike and/or different?

Blaser, u-blox:  You could say “alike” in that, while incompatible with DSRC/802.11p, cellular V2X would work in the same spectrum. So, in the end, it will be the FCC who will decide which technology can be used in the 80 MHz allocated. However, for deployment within this decade it would have to be DSRC/802.11p because there is nothing else. Cellular V2X, which would be based on LTE or 5G, is not available.

EECatalog:  How close is DSRC/802.11p V2X to deployment?

With regard to field trials and introduction into the market, in the United States we have several states with active trials ongoing. New York City has more than 10,000 vehicles equipped with 11p technology. The ongoing trials are to determine “how does the interaction work?”; “how is the user being alerted?” and similar questions. Trials are taking place in Europe as well. In Germany DSRC/802.11p is deployed on the Intelligent Transport Systems (ITS) highway.

In Japan more than 100 thousand cars to date have DSRC/802.11p V2X communication installed. Australia, Korea, and Indonesia are also trying this technology. In addition to ongoing trials, there is activity on the legislative front. The Department of Transportation is working on a mandate that would require cars to equip DSRC/802.11p. There is a proposal out, we are getting feedback, and now we are waiting for the next steps to happen. In Europe and Korea ongoing discussions regarding similar legislation are taking place.

General Motors has a Cadillac model equipped with 11p today; Toyota  is equipping cars in Japan now and has announced it will equip cars in the U.S. going forward. In Europe Volkswagen has announced that DSRC will be part of its cars from 2019 onwards.

EECatalog:  Might cellular V2X succeed DSRC/802.11p?

Blaser, u-blox: I believe that once millions of cars are out there with DSRC/802.11p V2X technology, 5G might have an “in addition to” role, but certainly would not replace 11p in the next decades. 11p is technology that thousands of engineers are working with today. It is WiFI, which is an easier technology to understand than cellular—especially because cellular technology today works with base stations, and it doesn’t work car to car.

EECatalog:  One feature of the UBX-P3 DSRC/802.11p SoC I’d like you to describe is concurrent dual channel operation.

Blaser, u-blox: You can use 11p in different ways, one of which is concurrent dual channel operation. Dual channel means that we have two full receive and transmit chains in the chip that can transmit at the same time, making possible simultaneous communication on the standard’s safety and service channels. For example, it is used in the roadside units that smart cities use for traffic management, where you can have two antennas positioned in opposite directions for optimizing performance.

Or it can be used for platooning where you have to listen for the safety messages, and you need stable communication between the trucks.

In larger vehicles like trucks you also have another problem, the shadow effect of an antenna, so when you have an antenna in a side mirror, for example, you have a vehicle that attenuates the signal. To cope with this, the designers use two antennas, typically on opposite sides of the vehicle, and they transmit and receive the same information at the same time on two antennas—this is called diversity. And with this you increase the robustness and the sensitivity, which is equal to range. That sets us apart from our competition.

EECatalog: Anything to add before we wrap up?

One thing that makes u-blox stand out is that we offer both the chip and the module, so that we can offer customers a choice between the chip with the same functionality and the module. Companies typically start off wanting to save money and saying, yes, we can do a chip in house, but then realize that delays cost money; there is an opportunity cost. By using modules, customers can shorten the design cycle and they can simplify certification.

The module approach is one we have used for a number of years successfully in the GPS domain for positioning, Customers can move from one implementation to the other and get the same support and same technology from us. Using the module to lay out in the PCB is far less complex and expensive. You can quickly get something working.

Taking the Fast Bridge between Neural Networks

Friday, March 9th, 2018

How do neural networks scale up to 20,000 processors and beyond? How does machine learning scale massively if connections are a potential weak link in the race for acceleration?

Editor’s Note: Neural networks have been around since the 1950s. The advent of fast, massively parallel processors like the Graphics Processing Unit (GPU) have made neural network applications like object recognition feasible. Neural networks are one means used to create Artificial Intelligence (AI). The latest iPhones now have an AI chip, primarily to offload face recognition tasks.[i] Voice translation tasks would also benefit from an AI chip. Google provides voice translation as long as there is access to a cloud. The ability to translate directly from a phone without requiring Internet access to Google engines would be advantageous, and it’s possible that the iPhone is headed in that direction.

AI often needs real-time operation. China’s answer to policing during the New Year’s travel crush involves providing police officers with smart glasses for rapid facial recognition. If using traditional video cameras, the suspect has left the scene by the time policemen arrive. China’s police force is equipped with smart facial-recognition glasses connected to a pocket-sized data module for identifying up to 10,000 individuals. The module’s database dramatically reduces latency versus a cloud access system. Recognizing a face in as little as 100 ms, police can immediately act upon the information.[ii] At the other end of the spectrum, enormous banks of GPUs in server farms can require low latency. Scaling up to 20,000 processors and beyond needs relatively high bandwidth between GPUs to communicate quickly. Connectivity can be the slow link in a system with the fastest GPUs. A company located in Quebec, Canada, called Reflex Photonics, has a connectivity solution that fits the bill, enabling a machine learning or AI infrastructure to scale up with more processors. Reflex Photonics provides tiny optical transceiver chips that can move a tremendous amount of data, which reduces the latency between GPUs so that they can appear as though working seamlessly, in parallel.

Figure 1: The Mercedes Freightliner Inspiration truck is the first road-approved truck for autonomous operation. (Source: Daimler)

One area that Reflex Photonics serves includes VPX systems. According to the VMEbus International Trade Association (, “VPX is a broadly defined technology utilizing the latest in a variety of switch fabric technologies in 3U and 6U format blades.” VITA technologies are well known in military and aerospace. Interconnects for serial switch fabric in venerated technologies like XMC, VPX, and VXS, as well as new standards that include Gigabit Ethernet, PCI Express, and Serial RapidIO are in the VITA ecosystem. Form factors in this technology include credit card-sized processing platforms up to the 6U Eurocard.

Technology for optical interconnects is vital in the industry, since processor speeds are outpacing copper wires for bandwidth and latency among devices, including VPX. During our recent interview, Gerald Persaud, VP Business Development at Reflex Photonics, told me this is a solvable problem, even in the harsh environments of military and outer space. Edited excerpts follow:

Lynnette Reese (LR): What is Reflex Photonics currently developing?

Gerald Persaud, Reflex Photonics

Gerald Persaud (GP), Reflex Photonics: Today, we are focused on aerospace and defense, and industrial markets. Our expertise is delivering chip sized rugged high bandwidth optical transceivers that work in the harshest environments, such as space. For example, we were recently selected for a major satellite program because our parts could meet the required 20 years lifetime in space. Many optical transceiver suppliers claim high bandwidth operation at 25Gbps per channel but only for an operating temperature of 0 to 70oC. All of Reflex Photonics’ rugged transceivers operate error-free over a temperature range of -50 to 100oC while also meeting severe shock, vibration, damp heat, and thermal cycling requirements.

LR: Reflex Photonics’ expertise is in ruggedized optical communications. How did your process for dealing with the challenges of harsh environments evolve?
GP: In 2002 when we started the company our goal was to create a chip-size optical module that could be solder reflowed to support low-cost board assembly. This was much harder than we had imagined due to differences in material properties such as thermal expansion, thermal conductivity, and curing processes. Over the years we were able to incrementally improve our manufacturing processes from a commercial offering to a full space-qualified part. An excellent understanding of materials and processing is critical to the successful production of high-bandwidth rugged optical modules.

Figure 2: Optical interconnect for high-speed, high- bandwidth 10GigE and 40GigE cameras used in machine vision.

LR: What is on your roadmap?
GP: We plan to release higher channel speeds up to 56Gbps, more I/O density such as 24 transmitters or receivers in a chip size optical module. As well, we will continue to harden our parts to meet even wider temperature extremes of -65 to 125oC. Another product we recently released is active blind-mate optical connectors called LightCONEX®. We have gained a great deal of interest in this solution from the VPX community, as it frees up a lot of board space and simplifies field upgrades.

LR: Can you give an example where Reflex Photonics has a play in VPX for machine learning?
GP: One example of this is in unmanned vehicles where machine learning is critical for autonomous operation. Many sensors are interconnected to machine learning VPX compute farms via an optical switch. Optical interconnect, with its long reach, high bandwidth and light weight, is the only viable solution for advanced Autonomous Vehicles (AVs). From the start, Reflex set out to make the smallest rugged optical modules capable of supplying enormous bandwidth (BW) and optical channels. Today, Reflex Photonics’ rugged technologies are field proven and well positioned to take advantage of the trend for smarter, smaller, and robust systems.

LR: How are you dealing with power challenges in a Small Form Factor (SFF)?
GP: Power is indeed a challenge for mobile vehicles, which have a limited amount of power to supply onboard electronics. Today a 150Gbps chip consumes about 1.3W. However, as bandwidth demand grows from 150Gbps to 2400Gbps over the next five to 10 years we cannot scale power linearly or the same chip will consume 21W. And there are multiple chips per board!  We will need to introduce techniques to improve optical coupling efficiency and lower laser bias currents. As well, laser drivers and amplifier will need to operate at lower voltages. Closer integration of the drive electronics with optical transceivers could save a lot of power as the need for Clock and Data Recovery (CDR), equalizer, or pre-emphasis could be eliminated.

LR: What are your competitors doing? How is Reflex Photonics any different?
GP: Everyone including Reflex is racing to increase BW and interconnect density. However, in the aerospace and defense sector, suppliers must also meet the challenges of operating in a very harsh environment while keeping space, weight, and power [SWaP] to a minimum. Reflex is different in that we were the first to deliver a 150Gbps chip-size optical module that could operate from -50 to 100oC while consuming 1.2W. Most recently Reflex launched the first radiation-hardened parallel optical chip for space applications. These chips passed extreme environmental test conditions that our competitors were unable to meet. This is excellent news for the space industry, where size and weight are critical and smallsats are expected to do far more than their predecessors.

LR: I have always considered price to be a specification. How is your pricing affected by ultra-hardening for space?
GP: The price differential is not as significant as most would expect. In the old days when you said “space,” it meant 10 times the price. Those days are gone. There might be 30% increase in price for space grade over a military grade device. One grade down from military is the industrial device, which has similar operating temperatures but is not expected to have as long a life as Space and MIL grade parts.

Figure 3: LightCONEX® 50G and 150G is a rugged blind mate optical interconnect for VPX embedded computing systems. Used in military systems, optical interconnects are faster and more resistant to noise than copper-based connection systems. The potential for use in automotive reflects the need for high bandwidth communications at real-time speeds for modern automotive AI systems. (Image Source: Reflex Photonics)

LR: Can you detail some of the challenges for optics at extreme operating temperatures?
GP: Optical transceivers require exact alignment (less than five micrometers) of the laser or photodetector to the optical coupler. One challenge is maintaining this alignment over a wide temperature range. Reflex developed a patented approach using materials with low coefficient of thermal expansion and a simple coupling structure with no intermediate lens to maintain alignment over a wide temperature range of -57 to 125oC. Another challenge is having a cost-effective sealing method (for moisture resistance in the optical path) that will withstand many thermal cycles without compromising the mechanical integrity of the module. Of course, there are other challenges like radiation hardening, solder reflow temperature survival, low power, optical sensitivity, and signal integrity.

LR: What are the different grades of products that you have for harsh environments?
GP: Most of our sales are for MIL, Space and Industrial grade parts. We offer some commercial grades such as QSFP and CFP for Telecom/Datacom markets. Our industrial components are used in many applications such as commercial aircraft, semiconductor wafer inspection, and instrumentation and tests. Most recently, we have had a number of automotive applications for our industrial parts.

LR: Where would the automotive or transportation industry need rugged optical transceivers?
GP: The automotive industry is quite large and includes cars, city buses, transport trucks, and other vehicles. We expect as self-driving or assisted driving goes mainstream fiber-optics will interconnect all systems in the vehicle. Compact AI engines will connect many sensors to automate driving. The vehicles of tomorrow will provide great energy efficiencies, less pollution, and a comfortable and productive driving experience. NVidia is now offering small form factor AI engines that are already deployed in Unmanned Aerial Vehicles.

LR: Any optical transceiver is still going to need fiber to transport the signal in a system. Isn’t vibration a real problem for this kind of signaling in a vehicle?
GP: No. Our parts have been tested to MIL-STD-883, Method 2007.3 for vibration and Method 2002.4 for shock. Vibration is 20 to 2000Hz, 20g, 16 minutes per axis and shock is 500g, 0.5ms pulse, 5 repetitions, 6 directions. These tests were done while transmitting and receiving 150Gbps with no errors.

LR: That’s impressive. What distance and latency are we talking about?
GP: Distance in AVs are typically less than 100 m, and latency is less than 1 microsecond.

LR: Do you see Reflex Photonics involved in Autonomous Vehicles (AVs) someday?
GP: Yes, AVs will require fiber-optics for security, bandwidth, latency, and SWaP. As the leading provider of rugged high bandwidth optical transceivers, Reflex is well positioned to deliver the most reliable optical interconnect for AVs. For large AV industries like commercial automotive one big challenge will be reducing the price of optical transceivers while keeping all the ruggedization testing in place. This will happen over a number of years, and so we will invest accordingly to track market prices.

LRWhen do you think AVs will start to get traction?
GP: When the technology is considered safe adoption will happen. This will require years of education and trials. One area of concern is cybersecurity—nobody wants a hacker taking over their vehicle at 60 miles per hour. An effective strategy will be needed to isolate critical control functions from infotainment. This separation is done in commercial aircraft and similar standards will be imposed on AVs. Fiber-optics provide the first level of defense since they are immune to electromagnetic interference and therefore harder to disrupt. As well, learning machines will be smart enough to initiate automatic protection from dangerous threats. Protection techniques commonly used by military aircraft could be deployed.

LR: How do you think the Autonomous Vehicle is going to play out, in reality?
GP: The benefits of autonomous vehicles have long been known, but safety has always been a barrier. The recent advances in AI and low-cost sensors has generated great hope for convenient, safe and cost-effective people transport. Like everyone, I see a gradual shift to AV starting with assisted driving available now to special lanes for AV followed by AV completely dominating the roads. I see China embracing this technology to solve local pollution issues while seizing the opportunity to lead the automotive industry.

Lynnette Reese is Editor-in-Chief, Embedded Intel Solutions and Embedded Systems Engineering, and has been working in various roles as an electrical engineer for over two decades.




Novet, Jordan. “Apple Packed an AI Chip into the IPhone X.” CNBC, CNBC, 12 Sept. 2017,

[ii] Chin, Josh. “Chinese Police Add Facial-Recognition Glasses to Surveillance Arsenal.” The Wall Street Journal, Dow Jones & Company, 7 Feb. 2018,

Hail a Cab and All Hail the GPU

Friday, January 5th, 2018

The autonomous car will rely on data that has to be processed in real-time and adapt through machine learning for safe passage whatever the conditions.

Autonomous vehicles will rely on artificial intelligence (AI) to process safety vision systems and navigation systems. Although not a new idea, machine learning has become significant today, as it contributes to improving algorithms that can refine and enhance applications currently used in Advanced Driver Assistance Systems (ADAS) and, in the future, for control of autonomous cars.

Robotaxis require a small data center’s worth of servers in the trunk to run the deep learning, parallel computing and computer vision algorithms to accommodate the constantly changing landscape and driving conditions.

The increased volumes of data currently being generated have prompted the advance of machine learning, which relies on data for its ‘training.’ Around 90 percent of digital data was created in the last two years, and this increased volume has been used to accelerate the development of better algorithms used in machine learning.

To process all this data, there has also been a surge in interest in the Graphic Processing Unit (GPU). At GTC Europe 2017, Jensen Huang, NVIDIA’s President and CEO, explained how the GPU’s ability to rapidly display graphics makes it suitable for machine learning and AI applications. “The GPU now finds itself with a rich suite of applications,” he said. GPUs serve “just about every industry,” he continued, listing High Power Computing (HPC) and Internet services as examples. Practically every query, photo search, and recommendation on a mobile phone relies on a GPU, he told the conference.

Its advantage, says Huang, is its parallel operation. “The only way to make a Central Processing Unit (CPU) go faster is higher clock speeds,” said Huang. “Not so with GPU computing. Applying parallelism is a special way to solve algorithms,” he said as he introduced the Volta GPU, describing it as the largest single processor ever made, using 21 billion transistors. It delivers 120 TFLOPS of deep learning performance and can replace an entire rack of servers, Huang told attendees.

Figure 1: Jensen Huang introduced the Volta GPU on stage at GTC Europe 2017. Production is expected to be Q1 2018.

Use of a GPU can help engineers develop better algorithms while also allowing devices to process large data sets quickly. Data can also be shared with other robots in various locations, via the Cloud, to pool information and accelerate learning.

Huang’s vision for transportation is that the Volta GPU will “turbo charge” the transportation sector. He believes that deep learning will accelerate applications “far faster” than Moore’s Law. Deep learning researchers are already using NVIDIA GPUs and realizing that they can overcome the main handicap of machine learning, the processing of data to create algorithms for behavior. Huang reported the researchers were finding the GPU to be incredibly effective if trained on a large amount of data which requires trillions and trillions of operations.

The software writes itself enthuses Huang, by taking in large amounts of data. Combined with CUDA, the company’s parallel computing architecture, with associated libraries, compilers and development tools, Huang said that these two forces, when they converge, will turbo charge the company’s GPUs. “The GPU will revolutionize the car industry,” he said. “It has always been in design and simulation as part of the workflow. Now it will be in the car, solving one of the greatest challenges of computing, planning,” he said. For autonomous vehicles, this will mean hundreds of millions of cars and hundreds of millions of people in vehicles and outside of them, to be assigned and safeguarded, as well as route planning and navigation.

At the same event, the company launched Pegasus, believed to be the world’s first AI computer and part of the DRIVE PX AI computing platform. It boasts 320 trillion operations per second for deep learning calculations to run numerous deep neural networks. It is designed to handle Level 5 driverless vehicles, i.e. with no driver required, so the vehicle does not have pedals, steering wheel, or any controls that can be operated by a human.

Figure 2: The latest addition to DRIVE PX AI, codenamed Pegasus, will usher in robotaxis.

These vehicles are a new genre — robotaxis. They can be summoned to an address and take passengers from there to their end destination. This type of driverless vehicle will bring mobility to disabled or elderly users who otherwise have to rely on private hire or the goodwill of friends and family to travel.

For this type of vehicle, masses of complex data will need to be processed to calculate pedestrians and hazards on the roads, other vehicles and their routes, and to plot and follow navigation paths that may need to be updated in real-time. These operations require large amounts of visual data from sensors and information systems in the car, from roadside information systems, and from satellite systems. Furthermore, processing has to include many levels of redundancy to meet the safety levels required in automotive use. As a result, robotaxis require a small data center’s worth of servers in the trunk to run the deep learning, parallel computing, and computer vision algorithms to accommodate the constantly changing landscape and driving conditions. For example, a DRIVE PX AI supercomputer in the vehicle and GPUs in the data center can combine to create highly detailed maps for autonomous vehicle navigation systems.

The decrease in size represented by the Pegasus is practical on two levels, not just conserving space in the trunk, but also saving weight in the vehicle to increase fuel efficiency.

The license plate-sized Pegasus is powered by two NVIDIA Xavier System on Chips (SoCs) which have a Volta GPU, and two GPUs to accelerate deep learning and computer vision algorithms.  It is designed for Automotive Safety Integrity Level (ASIL) D certification. This is the highest, most stringent safety level, to safeguard against life-threatening or fatal injury in the event of a malfunction. It also has Inputs/Outputs (I/Os) for a Controller Area Network (CAN), Flexray, dedicated high-speed inputs for RADAR, LIDAR and ultrasonic sensors, 10Gbit Ethernet connectors and one TeraByte per second memory capability.

It is expected to be available to automotive partners in the second half of 2018.

NVIDIA’s DRIVE IX software can be coupled with DRIVE IX software to process sensor data inside and outside of the vehicle.

DRIVE PX 2 configurations are available now.

Caroline Hayes has been a journalist covering the electronics sector for more than 20 years. She has worked on several European titles, reporting on a variety of industries, including communications, broadcast and automotive.


Autonomous Trucks, LIDAR, and the Future of Trucking

Tuesday, October 3rd, 2017

Are autonomous trucks an answer to the growing truck driver shortages in the U.S.?

Trucks are by far the single most-used mode to move freight around the country, moving 63 percent of the total tonnage in 2015. Nearly 18.1 billion tons of goods worth about $19.2 trillion moved on our nation’s transportation network in 2015, based on current Freight Analysis Framework 4 (FAF4) estimates. On a daily basis, 49 million tons of goods valued at more than $53 billion are shipped throughout the United States on all modes of transportation.[i] The industry is growing rapidly, fueled in part by growing e-commerce, but the number of drivers is not growing along with it. The American Trucking Association estimates that there are at least 48,000 open jobs for drivers in the U.S. with an estimated 174,500 drivers needed by 2024.

Figure 1: A visual image that projects the average daily long-haul truck traffic on the National Highway System in the United States in 2045. (Source: Bureau of Transportation Statistics, U.S. Dept. of Transportation)


Driver shortages and necessary safety regulations that limit time behind the wheel make fully autonomous trucks (ATs) that much more attractive. Regulations restrict the number of hours that commercial truck drivers can work. Drivers transporting property cannot drive more than 11 hours before taking ten consecutive hours off. A driver cannot drive after 14 total hours of being “on duty,” regardless of the number of hours driven, and may not work more than 60 hours in 7 consecutive days, or more than 70 hours in 8 consecutive days.[ii] ATs could decrease the time that a trucker spends behind the wheel, thus lengthening freight transport time for a driver, even with a truck that’s only autonomous on highways. It’s possible that in five to 10 years trucks will drive themselves for long stretches on public highways, but the technology for completely autonomous trucks off-highways is far from deployment. Drivers already enjoy, albeit by piecemeal, benefits of autonomy that enhance safety and provide a better return for the trucking business by reducing accidents and increasing fuel efficiency. Levels of autonomy start with Advanced Driver Assistance Systems (ADAS), which might include automatic emergency braking, lane departure warning, forward collision warning, and adaptive cruise control. Such features make the driver’s job simpler and lead to improved safety, especially considering the long hours truckers spend behind the wheel. Making up for driver shortages with fully autonomous trucks seems within reach.

Figure 2: In autonomous mode, the truck driver can take out a tablet or perform other tasks. Daimler Freightliner Inspiration Trucks are approved for autonomous operation on public roads in the state of Nevada. (Source:

Daimler, Volvo, Peterbilt (in partnership with Embark), and Uber are all working on autonomous trucks (ATs). In August 2016, Uber bought Otto, a company that retrofits trucks for autonomous capabilities, for purportedly $680 million. Uber successfully tested a fully autonomous truck delivery via public highway in Colorado in October 2016. A human driver piloted the truck on and off the highway, keeping it in the right lane. The truck had both a leader car and police escort for a 125-mile highway delivery of Budweiser from Fort Collins to Colorado Springs. The Uber technology includes video cameras, accelerometers, and a Light Detection and Ranging (LIDAR) sensor.

LIDAR: The Eyes of Automotive Autonomy
LIDAR sensors are key to self-driving cars, as they are the real eyes of the system, lending depth perception to the process of decision-making in driving. Late-model LIDAR sensors are about the size of a coffee can. A LIDAR sensor visualizes the world in 360 degrees, bouncing pulsed laser beams off nearby objects all around it to create a 3D map of the real world in real time. LIDAR sends a fixed train of light pulses to a target, with a known time interval between pulses. The pulse train hits an object in its path and returns a portion to the LIDAR. The system can measure the time of flight (ToF) of the pulses with an accurate range and speed. However, LIDAR is not perfect. LIDAR can be susceptible to failures associated with sunlight and nearby LIDAR sensors. The LIDAR industry’s  struggle to keep up with orders is causing  lead times as long as six months. However, more LIDAR startups are coming online with venture capital funding and new ideas on how to conquer present-day challenges, cut costs, and reduce size. Most self-driving vehicles use LIDAR. One exception is Tesla. Tesla’s site states, “All Tesla vehicles produced in our factory, including Model 3, have the hardware needed for full self-driving capability at a safety level substantially greater than that of a human driver.”[iii] Tesla owners won’t be able to use the system as fully autonomous without regulatory approval, of course. Tesla does have a driving feature in use called “autopilot” that allows hands-free highway driving. Tesla vehicles may not have LIDAR but use several cameras, ultrasonic sensors, and one radar.

Are Autonomous Trucks Taking Notes from Self-Driving Cars?
The technology for fully autonomous trucks on highways is hitting major milestones as several companies test ATs. Volvo plans to launch self-driving trucks in confined areas with private roads such as mining and shipping ports. Indeed, a more realistic outlook for the near future restricts autonomous vehicles to closed, predictable environments, and for good reason. Unpredictable circumstances challenge all autonomous vehicles with bad weather, faded or non-existent lane markings, construction, debris in the road, and the behavior of other drivers, wildlife, and pedestrians. Even so, predictions for autonomous trucks on public highways are often cited in the media at between three to 10 years away and almost universally cited as being safer than human drivers. The implementation of autonomous trucking is hampered by a lack of clear regulations, growing push-back from truck driving unions that fear job losses, and societal inertia. In that time-frame, with the support of legislation, it is conceivable that autonomous trucking can be limited to the right-hand lane in long stretches of highway, and only in good weather. Road conditions, construction, and debris can be managed to a good extent, but no public highway is ever going to be perfect.

Figure 3: Self-driving trucks as a concept in Logan, a Wolverine movie. The fully autonomous concept trucks have no cab. (Credit: Nick Pugh Studios.)

Google cars have driven millions of miles with few accidents, of which all but one was caused by other cars. The exception occurred when the self-driving Google car hit the side of a bus while merging into city traffic at a fairly low speed. However, trucks take much longer to come to a stop and cannot swerve in a maneuver of avoidance without a real risk of jack-knifing or flipping.  Some accidents cannot be avoided. For example, if a car pulls out in front of a truck and slams on its brakes in a two-lane highway, the truck has the choice of swerving into and hitting on-coming traffic, jack-knifing, or striking the car in front of it, regardless of who or what is driving the truck.

Legislation: Autonomous Cars before Trucks
Self-driving trucks may debut after self-driving cars if legislation is a guide. The recent development of legislation regarding self-driving cars excludes commercial trucks altogether. Reasons for the exclusion include matters of jurisdiction as well as opposition from unions. The proposed legislation refers to Highly Automated Vehicles as HAVs: “On Sept. 6, 2017, the U.S. House of Representatives unanimously passed bipartisan HAV legislation, known as the SELF DRIVE Act (Safely Ensuring Lives Future Deployment and Research in Vehicle Evolution Act). That legislation, which has not yet been adopted by the Senate, would amend the definitions contained in Section 30102 of Title 49, United States Code, to include definitions for ‘highly automated vehicle,’ ‘automated driving systems,’ ‘dynamic driving task’ and other definitions relevant to the development and use of autonomous vehicles.” [iv] This is a start, but the exclusion of trucks is telling. According to the Bureau of Labor Statistics, there are about 1.7 million trucking jobs in the United States. Truck drivers are concerned about losing their jobs to self-driving trucks. Although there is a shortage of drivers and parking for drivers who must pull over after 11 hours at the wheel, autonomous trucks are rightfully considered a threat to jobs. In reality, full AT technology might be engaged from point-to-point on designated, maintained-for-AT highway routes, where human truckers take over at the endpoints for regional delivery. But unlike robots that can take over tedious tasks that humans do not like doing, many truck drivers like the long-haul aspect of their jobs. Transporting hazardous chemicals, oversize cargo, and other unusual freight will likely always have continuous human involvement.

Evolving from Ridiculous
Technology has a habit of superseding our attempts to contain it. Early vehicles of the late 19th century led to the addition of traffic laws, signs, signals, and lane markings. Attempts to curb technology, even for reasons of safety, seem ludicrous now. Great Britain’s Red Flag Act of 1865 required that any self-propelled vehicle be preceded by a person holding a red flag.

Figure 4: The Red Flag Act of 1865 in Great Britain slowed horseless carriages down to walking speed. (Source:

Over 150 years later this seems ridiculous, but has society ever adapted as fast as technology? As technology steadily improves, autonomous trucks will be capable of taking over more driving tasks, perhaps eventually merging onto and off of highways without human intervention. Truck drivers can fight against the fruit of progress, but eventually, time and cost savings will overtake the best of intentions for saving long-haul truck driver’s jobs. The red flag was replaced by traffic rules, lights, and signs, which did not exist before. Jobs were created to implement and maintain an automotive infrastructure. As the truck driver shortage deepens, perhaps a similar infrastructure surrounding ATs will evolve new jobs, shifting the landscape without displacing truck drivers all at once. Technology solves problems, solving one challenge after another to make innovative visions reality. The biggest impediment to self-driving vehicles may very well be social, for which technology has no answers.

Lynnette Reese is Editor-in-Chief, Embedded Intel Solutions and Embedded Systems Engineering, and has been working in various roles as an electrical engineer for over two decades. She is interested in open source software and hardware, the maker movement, and in increasing the number of women working in STEM so she has a greater chance of talking about something other than football at the water cooler.

[i] “Freight Shipments Projected to Continue to Grow.” US Department of Transportation, United States Department of Transportation, 14 Aug. 2017, Accessed Sept. 30, 2017.

[ii] “Summary of Hours of Service Regulations.” Federal Motor Carrier Safety Administration, United States Department of Transportation, 30 Dec. 2013, Accessed Sept. 30, 2017.

[iii] Tesla, Inc, Accessed Sept. 30, 2017.

[iv] Hamilton, Lawrence, et al. “Self-Driving Trucks Get Closer to Hitting the Road.” Law360 – The Newswire for Business Lawyers, 29 Sept. 2017, 9fgv]. Accessed Sept. 30, 2017.

RFID Keeps Track of What’s on the Tracks

Friday, June 2nd, 2017

Radio Frequency Identification (RFID) is used for logistics and planning in modern transport systems.

Transmitting data from a chip embedded in a device or in a tag on an object is a commonplace way to relay information. Data stored on the chip or tag can be activated by radio waves enabled by a reader and wirelessly transmitted to a reader, which creates digital data like that used for location information.

“It is estimated that by 2020, more than 60 per cent of payment transactions will use contactless technologies such as NFC.”

Many cities around the world use RFID and Near Field Communication (NFC) devices for public transport services. In the UK, Transport for London has used the Oyster Card contactless system since 2003. By 2012 over 43 million Oyster Cards had been issued for travel all across London’s travel zones. The data can be used for payment for travel, calculating peak times and entry and exit points, but can also be used to assess busy periods for particular stations. Oyster Cards have been used to help track the journeys of missing people as well as, controversially, to track people of interest to the police.

City Networks
Columbus, Ohio, is celebrating winning the 2016 Smart City Challenge. The US Department of Transportation’s project encourages cities to use technology to ease the urban commute, with RFID tags in vehicle windows for payment of parking spaces and tolls without slowing down the flow of traffic. The city will receive $40 million from the federal government and $10 million from Vulcan, a company owned by Microsoft co-founder Paul Allen to invest in Vehicle to Vehicle (V2V) and Vehicle to Infrastructure (V2I) as well as smartcards for bus payments. (Columbus does not have a commuter train network). The city will deploy NXP’s V2V and V2I communications system and smart cards to add intelligence to the transportation system. Wireless technology to create ‘smart corridors’ along bus routes will enable V2V and V2I communications for efficiency and is hoped to improve safety as well as usability.

Figure 1: NFC has a familiar ring to it—this payment device is based on Infineon’s contactless security chip.

Figure 1: NFC has a familiar ring to it—this payment device is based on Infineon’s contactless security chip.

It is estimated that by 2020, more than 60 percent of payment transactions will use contactless technologies such as NFC. Companies are finding more inventive ways to make the payment transaction as easy as possible and on devices that cannot be left at home by mistake. Last year, Infineon announced that an NFC-enabled ring was based on its contactless security chip (Figure 1). At the UITP Global Public Transport Summit in Montreal, Canada, the company focused on security. Its chips are interoperable and compatible to international standards such as Common Criteria for computer security and EMVCo for card payment. All components are also CIPURSE-ready or enable CIPURSE Mobile transactions. CIPURSE is an open standard defined by the OSPT Alliance for transit fare collection. It is built on standards such as ISO 7816, AES-128, ISO/IEC 14443-4. A cryptographic protocol protects against Differential Power Analysis (DPA) and Differential Fault Analysis (DFA) to guard against hackers attacking the main or side channels to access passenger data.

“Companies are finding more inventive ways to make the payment transaction as easy as possible and on devices that cannot be left at home by mistake.”

Long Range Travel
For city use, cards must be placed on a reader as the range is short for RFID, typically around one meter (three feet). This range is overshadowed by RFID sensor tags introduced by Powercast. The company introduced the PCT100 and PCT200 multi-sensor RFID tags (Figure 2) with a range of 10m, or 32 feet. They are not intended for passenger use but for shipping goods. In addition to what is claimed to be the longest read range available today, the tags can withstand extremes of temperature from -40 to +85 degrees C, for the transportation of pharmaceuticals or perishable items, which have to be refrigerated or chilled throughout the journey. 

Initially, the tags include temperature, humidity, and light sensors, with other sensor types planned for later release. Tags that can sense the RFID reader and those with an on-board Light Emitting Diode (LED), which can be used to show the strength of the RFID field, and to ‘find’ a particular tag, are also available.

Figure 2: Powercast’s multiple sensor tags have an exceptional range of 10m/32 feet.

Figure 2: Powercast’s multiple sensor tags have an exceptional range of 10m/32 feet.

The two versions have different battery uses. The PCT100 is a battery-free design, while the PCT200 has a battery but can be recharged using an RFID reader, using the company’s patented RF Harvesting technology. An embedded Powerharvester receiver generates power from a standard RFID reader so that the sensor tag’s battery does not have to be changed or plugged in for a recharge. Battery life is around one month and data read times can be set from one minute to one hour for data logging outside the RF field over long periods of time.

The tags have more than 10 times the operational power of standard passive RFID tags, says the company. The RFID reader generates an electromagnetic signal, forwarded by an antenna to the NXP UCODE RFID chip in the tag. The UCODE chip has a reduced conditional read range to help deter theft and a digital switch that controls activation or deactivation of the switch for protection against theft.

Keeping Track
Still with transport, Harting has developed an Ultra High Frequency (UHF) RFID antenna to identify trains on the railway track. The WR24-r is part of the Ha-VIS RF-ANT-WR24 range of antennae (Figure 3).

It is robust enough to be fitted under a train and operates in extreme temperatures. The WR24-t version operates at up to 150 degrees C. The antenna has a 70-degree opening angle and can be used to create gates for container tracking identification. It can recognize the train on the track for logistics as well as business data gathering. There are three antenna models in the range; the third, WR24-i model is for general industrial use.

Figure 3: Harting has created the ANT-WR24 range of antenna for rail use.

Figure 3: Harting has created the ANT-WR24 range of antenna for rail use.

As cityscapes change, and as transport needs increase, the role of RFID and NFC is becoming more vital in contributing intelligence to smart transport systems.

hayes_caroline_115Caroline Hayes has been a journalist covering the electronics sector for more than 20 years. She has worked on several European titles, reporting on a variety of industries, including communications, broadcast and automotive.

Aviation: Systems Engineer Interview

Friday, December 16th, 2016

The embedded design choices keeping In-Flight Connectivity fast and dependable.

Editor’s Note: What’s embedded can go unnoticed. So can video streaming, live television and Internet shopping, as long as users’ attention isn’t drawn to annoying delays caused by slower connection speeds. The problem of keeping connection speeds at a minimum of 5 Mbps for airline crew and passengers is one Thales Group has taken on. In mid 2017 the company will launch the in-flight connectivity service FlytLIVE. Kemi Lewis, systems engineer at Thales InFlyt Experience™ in Melbourne, spoke with EECatalog shortly after the FlytLIVE announcement. He shared with us the challenges specific to gaining and then maintaining the means to keep connection speeds fast, lengthen MTBF/MTBUR and come out on the right side of SWaP calculations.

EECatalog: What should embedded designers know about some of the specific challenges involved when building a connectivity solution aimed at commercial aviation?

 Kemi Lewis, Thales

Kemi Lewis, Thales

Kemi Lewis, Thales: One factor to be aware of is the need for FAA certification of any hardware, depending on where that hardware is being deployed in the plane. When a plane is taken out of service to be retrofitted with new hardware, the FAA requires all the testing information before giving its approval to operate the equipment on the aircraft. Product management tools like Jama Software can help meeting this compliance process by ensuring everyone from the Product Team down to Testers are aware of what requirements must be met.


Lewis notes: “Our goal is to give you the same experience you have at home: fast Internet, TV, the ability to order items and find them waiting for you when you arrive at your destination.”

The other route is LineFit, where Boeing, Airbus or another aircraft manufacturer approves the product design portfolio of equipment from Thales or another OEM approved IFE&C supplier a year to 18 months ahead. The aircraft OEM, e.g., Airbus, Boeing, Comac, would then get the approval to use this equipment as a selection feature in any of its aircraft that an airline would choose to buy. Typically, those design requirements are much more rigorous. The design must be more ruggedized and have greater redundancy because OEM manufacturers have more critical requirements for what hardware and software is approved for use on their aircraft. This is another instance where using the Reuse feature of Jama Software shortens your product time to market.

EECatalog: Is there any degree of cross pollination or synergy between the military aviation and the commercial aviation sectors, particularly with regards to SWaP?

Lewis, Thales: Much of the time fully ruggedized military-grade hardware is past the price point for the low cost In Flight Connectivity market. And it might even be too expensive for the high end of the market. Hardware that is halfway between commercial and industrial/military occupies a kind of hybrid sweet spot—that is where we look to find COTS designs that we could either use straight off the bat or have the vendor do minimal customization.

Single Board Computers that are scalable and modular work best in the evolutionary life of a design, making it easier to upgrade a design that is already in service with minimal FAA requalification.

And when the new technologies come out in the consumer market, for example, USB Type-C, there is typically a two-to-three-year lag before that technology makes its appearance on an aircraft. It has to be certified for use on an aircraft. In addition, there is a Cost Of Scale, the more a particular technology is commonly adopted across the market that majority adoption drives down the price; it makes it more feasible to use the technology in question because there is more support for it. In a situation in which there are two competing technologies and there is no majority, the concern would be that the technology could go obsolete. Also, airlines tend to be skittish when it comes to new technologies coming out for which there is no proven pedigree—given it’s going to be in an enclosed metal box flying at 10,000 feet.

EECatalog: Could you speak a bit about the architecture that underpins your solutions?

Lewis, Thales: Starting from the top you have dedicated, fast, individual bandwidth pipes to each aircraft, so there’s no sharing. That allows us to guarantee 5Mbps or more to each passenger on the aircraft and even higher if they are accessing Amazon or Netflix.

We’re always looking for less power, faster processing speed, and smaller form factors. Anything we can do to reduce the overall design footprint (SWaP) of what goes on the airplane lessens weight and results in a fuel and cost savings for the airline.

To find a sweet spot, typically we lean more to the low power. Our hardware typically stays on the aircraft for five to ten years, so we are not looking for something that needs a massive amount of cooling or additional cooling outside the standard cargo bay environment.

EECatalog: Does that need for low power mean the processors would tend to be ARM processors?

Lewis, Thales: It all depends. We have used Intel in the past, we have used Freescale; it’s really dependent on specific applications. If it’s a server, it might be an Intel based processor; if it’s a box or smart display we might go with Freescale. It all depends on the environmental conditions of the location in the aircraft.

If it’s server that’s in the cargo bay you have a little more leeway, you can go with a processor that consumes more power and might need more cooling [as opposed to] something in the passenger seat where airflow is limited. Ideally you don’t want to use a processor that is thermal-hungry and putting out a lot of heat, causing the unit to fail at some point.

Especially if it is a wide body aircraft it might need a couple of servers to split up the workload so that the longevity of each box is extended because you have divided up the workload.

EECatalog: Cooling continues to be a challenge.

Lewis, Thales: I am hoping that given the roadmaps for different COM and SBC designs that cooling will be less of a limitation constraint for avionic designs.

But we are facing limitations. For instance in the cargo bay of the aircraft there is a maximum amount of airflow focused in that particular area of the aircraft—and depending on how many boxes the aircraft needs—and that is only accounting for the normal operation of the aircraft—now you have to factor in in-flight entertainment and Internet connectivity boxes into that area. So you are constrained there from the get go. That dictates the space allotment that you have, so you have 4 MCU limited to 100W of thermal dissipation. This thermal limitation combined with box size limitation demands that the processor have a fan or a fan and heatsink. Depending on what it must do for the application it can run hot. Given all those limitations it can curtail the life of your design, and the understanding is, “okay, this box in a typical real-world application might only last three years.”

Rail Safety Certification Eased

Thursday, May 26th, 2016

MEN and QNX Case Study: A highly efficient path to functional safety certification for railway transportation.

Terry stares at his project proposal on the table for the fifth time that morning. The title reads: “Project Proposal – Automatic Train Protection System (Certified to EN 50128 SIL 4).”  Although Terry has managed the development of multiple railway systems in the past, this project is different and has cost him several nights of sleep.

A professional engineer with years of industry experience, Terry has a solid grasp on the technical aspects of an automatic train protection system. Drawing up a project outline, complete with development schedule and budgetary figures, would usually take less than two weeks for Terry but the EN 50128 SIL 4 requirement changes everything. Numerous questions swirl around in Terry’s head, each threatening to undermine the usual knowledge that Terry has for estimating schedule and budget.

“What hardware platform should we choose to make the EN 50128 certification easier?”

“Which COTS components should we use?”

“What design implications does EN 50128 have on the overall system?” 

“How much does certification cost?” 

“How do we mitigate the risk of a failed certification attempt?” 

“Is there any existing expertise on our development team on the application of the EN 50128 standards?” 

“How does the EN 50128 requirement impact the overall schedule?  Would it double the project length?” 

A Harvard Business Review article surveying a sample of large IT projects showed that on average 45% of the projects run over budget, 7% over time and 56% deliver less value than predicted. Terry never thought these statistics would apply to any project he managed, based on his experience and industry knowledge. Now, faced with a new requirement for functional safety certification, Terry has a fresh appreciation for these numbers.

The Problem

Terry’s problem is commonly found in many industries, including railway transportation, power and energy, factory automation, to name a few. Any system whose malfunction could lead to damages to human or properties is a candidate for functional safety regulation. There is an increasing adoption of functional safety standards in different markets, resulting in a number of market specific standards. (Figure 1) EN 50128 is one such example. Based on IEC 61508, the standard governs the functional safety for heavy and light rail systems. Since the standard is relatively new (published in 2011), many system manufacturers are as yet unfamiliar with it. These manufacturers are unprepared for the implication of certification requirements and how such requirements impact project budget and time. A common mistake for less-experienced companies is gross under-estimation of this impact, which can lead to market timing errors and lost revenue.

Figure 1:  Railway is one of many industries requiring functional safety to protect human life and avoid catastrophic events.

Figure 1: Railway is one of many industries requiring functional safety to protect human life and avoid catastrophic events.

The knowledge level for functional safety and certification is one of the most important deciding factors for project success. Generally speaking, a project with functional safety certification requirements can easily double or triple the time it takes to complete a project without. Efforts invested in certification activities are often greater than efforts in straight development. This magnifying effect of the certification requirements is abated when knowledge level is high and amplified when knowledge level is low. The following table shows a fictitious scenario to illustrate this effect, assuming a development team with fairly good knowledge in safety and certification.


Table 1: Project Comparison – Certified vs. Non-Certified Product

Newcomers to functional safety standards may find this increase in effort level to be inhibitive. However, a closer look at the demands of the standards helps explain this. Take IEC 61508 for example. The safety integrity levels of IEC 61508 range from SIL 1, the lowest level, to the highest at SIL 4. To provide a sense of how demanding these certifications are, a system certified at SIL 3 must have a probability of dangerous failure below 1 in 10 million per hour of operation. Achieving such a low risk of failure is non-trivial, to say the least. In fact, it’s well nigh impossible to satisfy these functional safety requirements unless they are baked into the very design of the product. This type of design strategy for safety products is reflected by the increase in both developer head count and activity duration shown in the Table 1. Demonstrating the compliance to these requirements, to an independent auditing firm, adds a whole realm of new challenges of its own, which could easily stretch the project duration by more than 100%.

So how do today’s system vendors meet the challenge of increasing regulatory pressures for safety standard compliance in the face of increasingly compressed time-to-market windows?

Three Aspects of An Effective Solution

MEN Micro Inc’s Modular Train Control System (MTCS) is a perfect demonstration of the three aspects of a highly effective solution to this problem. First, embed functional safety concepts throughout the entire design lifecycle.  Second, leverage pre-certified components wherever possible. Last but not least, use modularity to control project scope. MEN Micro was able to deliver this sophisticated product with proven pedigree in functional safety in a timely fashion. In turn, the MTCS product is itself a pre-certified component, a critical ingredient of an effective solution for all railway system builders.

MTCS is a platform designed for safety-critical train applications like train control, automatic train operation (ATO) and automatic train protection (ATP) with certification requirements up to EN 50128 SIL 4. Available in an EN 50128 SIL 4 pre-certified configuration, the MTCS provides safe control of single functions as well as for complete train control. By changing its configurable setup, the MTCS can control anything in the train that requires functional safety – under SIL 4, SIL 3 or SIL 2 requirements. MTCS is developed according to EN 50128 and EN 50129 standards. As a seasoned supplier of safety-critical systems, MEN adheres to an internal culture that gives the utmost importance to safety. For a less experienced team, getting some external help to understand the build the safety culture is definitely a worthwhile investment.

Using pre-certified components lowers overall risk to system manufacturers through proven and reliable technologies. One of the most vital components in complex platforms consisting of hardware and software is the real-time operating system. A pre-certified operating system (OS) offers a high level of reliability and risk reduction for safety-critical systems that has been independently validated. It would be difficult to imagine a certified industrial control application without a pre-certified OS. This is an additional dimension to the build-or-buy decision for system manufacturers. Some companies have legacy home-grown components including operating systems. In most cases, the cost of certifying these home-grown components will outweigh the price tag of a pre-certified solution, simply due to the economy of scale factor.    

Hardware is a different story. Pre-certified hardware is difficult to find and hardware certification is a frequently asked question from system manufacturers. By including their customer-designed hardware in the scope of certification, MEN has effectively solved this problem for its customers. The QNX Neutrino real time operating system (RTOS) is certified to IEC 61508 Safety Integrity Level 3 (SIL 3), and offers a very high level of reliability and risk reduction for safety-critical systems. It plays a major role in building secure, survivable embedded systems. By adopting QNX’s pre-certified RTOS, MEN effectively shortened the project by approximately two years, reduced project cost by about $2 million and eliminated any certification risk on the OS level.

To control project scope, which translates to project cost, modularity is the key word. At the heart of the MTCS lies the F75P—the central computing part of onboard applications like Train Management Control Systems or Train Protection Systems. The F75P is a COTS safe computer with onboard functional safety that unites three CPUs on one 3U CompactPCI® PlusIO card. Two independent control processors (CP) with independent DDR2 RAM and Flash and a supervision structure provide safety (the board becomes a fail silent subsystem, certifiable up to SIL 4). An I/O processor completes the board with I/O connectivity. With its clear separation of safe and non-safe subsystems the F75P can replace multiprocessing systems with CPU redundancy and I/O by a small-footprint, low-power solution that is flexible for different types of application scenarios.  The communication protocol of the third CPU was developed in accordance with EN 50159, which targets safety relevant communication in transmission systems. This ensures safe communication in the area known as the black channel, located between the control unit and I/O, for comprehensive, safe communication throughout the system (Figure 2).

Figure 2: Software and hardware elements work together in this modular design.

Figure 2: Software and hardware elements work together in this modular design.

The modularity concept is also reflected in MEN Micro’s choice of real-time operating system. The QNX Neutrino RTOS is a based on the microkernel architecture that enforces strong boundaries between software processes to prevent any process from affecting the performance and behavior of other processes. Processes can damage one another intentionally (via malware) or unintentionally (via bugs); the QNX Neutrino RTOS provides mechanisms to prevent such damage and to keep the system in a healthy state. Furthermore, the adaptive partitioning technology found in the QNX Neutrino RTOS provides this level of separation for CPU bandwidth. A modular design at the system level is only possible if it is built on a platform that supports this.


The Modular Train Control System offers a pre-integrated, ready to install platform that combines the ideal operating system from QNX Software Systems for reliability and easier programming of safety critical applications with the F75P solution, representing an extremely compelling offer to address regulatory pressures and cost effectiveness challenges.

In addition to pre-certification credentials, MTCS offers high level of flexibility for system integrators, resulting in significant cost and timesavings during computerization of the train. The combined solution allows users to quickly create new solutions that take advantage of the latest industrial safety and processing speed and real-time automation technology while allowing them to reuse or adapt existing automation algorithms.

So, for Terry, many of his concerns can be addressed with the selection of a reliable, pre-certified component such as the MTCS. This approach largely removes the unknowns in project planning, both in time and budget. Adoption of such a pre-certified COTS system also represents the most effective solution for many companies, freeing up internal resources to focus on true competitive differentiators. Last but not least, choosing a supplier with good knowledge in functional safety and certification sometimes provides the shortest path to access that knowledge in the most relevant manner.

B.SchmitzSince 1992, Barbara Schmitz has served as Chief Marketing Officer of MEN Mikro Elektronik. Her tasks include public relations and product positioning, as well as development and coordination of global sales channels.

Schmitz graduated from the University of Erlangen-Nurnberg. Later, she studied business economics in a correspondence course at the Bad Harzburg business school and followed it with an apprenticeship in Marketing and Communications in Nuremberg.

Transportation’s ePaper Revolution

Monday, May 23rd, 2016

Light, rugged, and with three times the life expectancy of an LCD display, ePaper offers the transportation industry a revolutionary new way to communicate.

The promise of digital signage, specifically signs that are constantly dynamic and changing, meant that accurate and up-to-date information would be provided for planning in advance of, or concurrent with activity to help guide travel. What we see today is far from that reality. Most digital signage in place today in transportation environments consists primarily of advertising-based messages that may include some place-based transit network information.

Power Hungry
While there are more advanced installations scattered around the country, for the most part, the majority of the paper and static signage has not yet transitioned to digital. The reason is simple. The initial investment cost, and the cost of maintenance to support traditional digital signage, is expensive and requires ad revenue to pay for it. If the signage is small, such as with train or bus schedules, advertising is not an option, and the signage remains static.

Traditional digital signage also has another significant requirement. It needs power and lots of it.  LCD-based or even LED-based signs need to be connected to a power source. The Total Cost of Ownership (TCO) of these signs can be high, especially when you consider the normal life of 40,000-50,000 hours, which translates to five to six years of useful life based on the backlight. There are fewer moving parts, so service and maintenance costs are much less.

Lower Power and Longer Life
Alternatively, ePaper promises to change these critical dynamics as it relates to replacing static signage for transportation.

Electronic Paper, or ePaper, as it is commonly called, is best known by the consumer products that use it, namely the Amazon Kindle. While technically a display technology, you might say that ePaper has more in common with an Etch-a-Sketch than it does with other display technologies, such as LCD.

ePaper uses actual ink pigment suspended in millions of micro-capsules (Figure 1). These capsules are controlled by positive and negative charges coming from an electronic backplane, not too dissimilar to what controls the liquid crystals in an LCD. However, the display needs only a small amount of power to change the image on the screen. When power is removed, the display retains the last image uploaded to the screen, which makes it a Bi-Stable technology. Therefore, the display is extremely low power and can be easily run off a battery or solar panel, or through Power over Ethernet (POE). This makes it an ideal technology for remote locations that have no existing power.

Figure 1: Positive and negative charges rule ePaper micro-capsules.

Figure 1: Positive and negative charges rule ePaper micro-capsules.

The ePaper display does not have a backlight and requires ambient light or a light built into the sides of the display to be seen in low-light conditions (Figure 2).

But the result of what you see on this display is nothing short of astonishing. If you have used a Kindle, then you know that the display is as close as one can get to the experience of reading paper, both in pixel resolution and comfort on the eyes. In high ambient light conditions, the high contrast display is easier to read than an LCD. In low-light conditions, just like paper, by adding a front or spotlight, the text or images read like paper.

This is a game-changer for digital signage, especially in transportation, because it provides a light and rugged sign that has at least three times the life expectancy of an LCD display, is easily readable, and requires no power to keep displaying the text and images. And it can be changed as needed. Another advantage of ePaper is that in a situation involving loss of power, the content on the display can be changed to an emergency message through the use of a small capacitive charge.

In addition, while the larger sizes of ePaper are currently available in either 13.3″ or 32″ size diagonal displays, they can easily be matrixed together with hardly a seam in evidence. This means that very large ePaper signs are easy to create, and since they are so thin and light, installation is easier with a minimum of labor required.

Figure 2: An ePaper display.

Figure 2: An ePaper display.

The Technology’s Limitations

First, ePaper is nothing like an LCD display, it does not ‘refresh’ in the classical digital signage sense, does not play video, and may take two to three seconds to change to a new image. To ensure that it will work with your application, work with a company that has developed the electronics. The easiest ways to connect an ePaper display are through wireless or POE connections.

Second, while a 32″ color ePaper sign is available, it displays around 4,100 colors, more than enough for most static information signs, but not on par with LCD for advertising messages. The highest resolution ePaper displays, which display more than UHD, are black and white. High quality cover overlays are available, however, for logos or other static messages.

Third, without a backlight, the display needs to have some artificial light in low ambient light conditions. The color temperature of any external light needs to be matched to the ePaper display. It is important to work with an ePaper display manufacturer who can also provide a front light for large screen displays if external lighting is not available.

Fourth, the initial cost. An ePaper sign will initially cost more than an equivalent indoor LCD.  It would be more comparable in cost to a rugged outdoor-rated LCD. However, considering the TCO, low power consumption over its life, and the labor savings from not having to change the static signs, the ePaper sign more than pays for itself.

ePaper Applications

You can overcome most of these limitations by working with a company that can protect the ePaper substrate from humidity, dust and the elements, especially if used outdoors.

The applications in transportation for ePaper signs are endless. Just imagine all the places that paper is used today. From schedules on the platforms or remote bus shelters (Figure 3) to intricate maps for way-finding to emergency or network messages indicating when trains or buses are running, ePaper fits the requirements more easily than LCD or LED.

Figure 3: No running of power lines out to remote locations is necessary when the transportation signage relies on ePaper.

Figure 3: No running of power lines out to remote locations is necessary when the transportation signage relies on ePaper.

ePaper signage will certainly grow in the future as integrators learn how to incorporate the formats in more and more locations, providing the transit authorities and more importantly their customers, with ever-changing digital signs. Working with an experienced ePaper display manufacturer can help you navigate the limitations and take full advantage of the technology’s many features.

R Heise Head ShotRobert Heise is Executive Vice-President for Global Display Solutions (GDS), a member of the Digital Signage Federation, the only independent, not-for-profit trade organization serving the digital signage industry. The DSF ( ) supports and promotes the common business interests of worldwide digital signage, interactive technologies and digital out-of-home network industries.

GDS is display technology company that manufactures displays for indoor and outdoor environments. GDS has partnered with E Ink Technology, a leading ePaper technology supplier to develop large screen digital signage for indoor and outdoor applications. Robert has been involved in the display electronics industry for over 30 years and has written about various technologies that have emerged in that time across a wide breadth of industries including medical, industrial, financial and numerous digital signage segments. A technologist at heart, Robert enjoys talking about strategies to overcome technical challenges. Robert also runs the 1200-member group Display Monitor Professionals on LinkedIn.

Crashing the IoT Party?

Thursday, January 7th, 2016

As the IoT grows, transportation, automotive, medical, smart grid and other sectors have become more dependent on embedded software, but is embedded software up to shouldering the burden?

Automotive, train and aircraft transportation are becoming more dependent on embedded software and thus on embedded software safety and security. So too are the smart grid, industrial control and automation, and access control. As these industries become more dependent on embedded software, they must rely more on embedded software safety and security. A typical automobile will have 50 microprocessors in it. A high-end automobile, perhaps 100. Instead of the concern being bumpers and fuel tanks, now the concern is, “Can the vehicle next to me tamper with my engine control unit while I’m driving?”

Why Embedded Software is Complex

Embedded software tends to be even more complex than typical “desktop” software because it deals with resource-constrained hardware and real-time deadlines that must be met to avoid malfunction in a large variety of environments and by a variety of users. Also, many kinds of people — electrical engineers, computer scientists and sometimes even mechanical engineers or technicians—write embedded software. Some of these people have learned “on the job” and therefore might not apply the appropriate level of engineering rigor that is required for safety-critical software.

Lastly, as teams become larger and more distributed, and schedules and budgets become squeezed, quality becomes more difficult to control. And so we continue to hear news reports about big product recalls. Recent cases were an airbag subcontractor of Japanese car manufacturers and the crash of an Airbus military transporter, most likely caused by a software bug in the engine control.

There are best practices, tons of software tools, proven processes and even certifications that promise to make sure software does what it should do and nothing else. Yet still many opportunities exist for bugs to be introduced. For instance, if the code is maintained by a new developer who isn’t familiar with the code or who hasn’t been trained on the company’s internal development processes and tools, bugs can slip in. Some bugs are introduced when hardware changes, even though the software is unchanged. And some kinds of complex problems, such as race conditions and hardware glitches, are exceptionally difficult to discover without very comprehensive software and systems testing.

Figure 1: Embedded software operates in an environment that includes resource-constrained hardware and the demands of real-time deadlines. Courtesy
Figure 1: Embedded software operates in an environment that includes resource-constrained hardware and the demands of real-time deadlines. Courtesy

Security and Safety: Correlated but Not the Same

There is a correlation between safe software and secure software, but they are not the same concerns. For example, developers of a safety-critical system will apply techniques such as Failure Mode and Effects Analysis (FMEA) and Fault Tree Analysis (FTA) to identify areas of safety concerns, in order to ensure that the product not only operates safely, but fails safely as well. A security engineer has different concerns and will apply techniques such as Threat Modeling to identify security concerns and determine what countermeasures are appropriate.
A system can be relatively safe but insecure, or unsafe but relatively secure, but the best systems are designed to be both safe and secure. For example, an embedded software defect as buffer overflow or undefined behavior can result in both safety hazards and security vulnerabilities. It’s important that developers try to prevent or eliminate these types of problems before addressing more specific security or safety concerns.

Connection and Exposure

When we consider the safety and security traits of embedded software, safety seems to be more mature and well understood compared to security concerns. Thankfully, we don’t frequently hear of planes falling out of the sky, missiles launching themselves, or medical devices killing patients. But every week, it seems, there is a router running embedded Linux being hacked, a smartphone establishing insecure Internet connections, or patient/customer data being exposed by some small Internet-connected (“IoT”) device.

Many areas and industries are exposed, particularly from a security perspective. Devices in many industries are being connected to the Internet, often with no consideration of security. Medical devices, many of which are life-critical, contain private patient data, can receive software upgrades, contain sensitive and very highly guarded intellectual property (IP), and may even contain many “locked” upgrade features that are a “simple hack away” from being unlocked for free. Just think of what an attacker could do to an insecure device.

One of our biggest concerns at Barr Group is products, often low-cost ones, that are being “Internet enabled” without any concern for security. Does that refrigerator, smoke detector, or thermostat really need to be connected to the Internet?  Sure, the convenience and “coolness” are nice, but they come at what cost? These are things that need to be considered in our quest for connectivity.

Obstacles to Software Quality

The three biggest obstacles to software quality are cost, schedule, and expertise. Cost and schedule pressures aren’t going away, so it’s our goal—really our mission—to improve software quality by working with companies to improve their skills, their processes, and their tools. We do this through a mixture of consulting and training. Our embedded software classes teach very specific skills, best practices, and processes that are focused on preventing defects and improving quality. The later a defect is discovered, the more expensive it is to fix (the worst case being a product recall), so we focus on techniques and processes that keep bugs out of the embedded software from the outset. As an example, we strongly recommend the use of an effective coding standard, code reviews, and static analysis tools. The net effect is embedded software that ships on schedule and on budget.

team-SmithDan Smith is a principal engineer at The Barr Group.  He has over two decades of hands-on embedded software development experience in C and C++. His firmware lies at the heart of products including consumer electronics, telecom/datacom, industrial controls, and medical devices. Dan earned his BSEE at Princeton and is an expert in the area of embedded systems security.

Next Page »

Extension Media websites place cookies on your device to give you the best user experience. By using our websites, you agree to placement of these cookies and to our Privacy Policy. Please click here to accept.