ADAS: Certification and Type Approval perspective

The C and TA procedure for ADAS is a complex procedure and cannot be addressed by conventional approach of product testing. It rather requires a comprehensive methodology where process as well as product performance compliance need to be established, writes Dr. Madhusudan Joshi, ICAT Manesar

Advance Driver Assistance Systems (ADAS) technology is still mellowing globally and lot of action is yet to happen in this area. While the technology is picking up, it is pertinent to establish an appropriate certification and type approval regime for ADAS to ensure safety and security of the vehicles and other road users. As many new features of ADAS that provide higher autonomy and control are being introduced with unprecedented pace, it is important that the regulatory framework keeps stride with the changing technology. Several approaches are under discussion globally to finalise the method for certification of ADAS, which is otherwise quite complicated. 

It is clear that all the ADAS features are governed by commands which in turn are based out of certain set of mathematical rules. These features are either informative or advisory like speed alert, drowsiness detection, collision warning, etc. or instigate control like emergency braking, lane keep assist, cruise control, etc. For every action executed by an ADAS feature, the critical aspect as well as control of the action needs to be understood thoroughly and classified. Depending on the classification level of the system response, criteria for certification and type approval (C and TA) shall be defined.

To make the C and TA process less cumbersome, focus shall be laid upon the scenarios involving high level of the factors of criticality and control. Such cases can then be evaluated either through simulations or actual physical test or a combination of both. The C and TA process would require an in-depth understanding of safety and security critical aspects related to ADAS. Moreover, novel assessment methods shall be established to ensure fool-proofing, as conventional verification methods using physical validation would be inadequate to establish holistic conformance. This assessment shall necessarily cover aspects related to functional safety, security and privacy.

The scope of assessment shall entail validation of software, hardware and human machine interfaces related to the product. The assessment shall also mandate auditing of processes, documents, procedures and compliances concerning the entire lifecycle of development, in-use and end-of-life of the product throughout its supply chain. The objective of this revised approach for C and TA is to ensure reliability of ADAS by minimising the risks. This is achieved by implementing comprehensive multi-layered approach of validation and verification. By virtue of inherent characteristics of ADAS to take over the driving control at times, it is obligatory on the part of rule-makers to define unambiguous procedure for C and TA.

The Process

The ideal way to handle this is to enforce process certification and product assessment in-parallel as a part of initial type approval. Subsequent to initial type approval, periodic renewal of process certification and periodic establishment of conformity of product assessment shall be carried out for continued compliance as shown in the figure alongside. The applicant for type approval shall also declare to the regulatory bodies the changes, upgrades and modifications done to the type approved hardware, software manufacturing processes, controls, etc. In addition, any amendments or revisions to the applicable standards or regulations may also require existing type approvals to be extended.

Let us discuss a case study to explain the process of C and TA of an ADAS function as per the approach suggested in the previous paragraph. We consider here the advance emergency braking system (AEBS). AEBS is an important feature of ADAS as it helps in collision avoidance during the instances of delayed or inadequate braking effort either by a negligent driver or due to inclement visibility conditions on the road. The schematic of a typical AEBS is as explained in the figure. The AEBS ECU receives inputs from sensors and also some vehicle parameters which are processed and appropriate commands are sent to the braking system or indication display.

The AEBS ECU does not get activated if it is aware that the driver is alert through his actions. The inputs from various sensors and vehicle interfaces are intelligently processed and fused to identify stationary and moving obstacles. The effectiveness of an AEBS is dependent on the strategies deployed and sensor selection. Both camera and radar are used to detect other vehicles and objects. The radar is used for detection of moving objects and the combination of radar and camera helps in detection of stationary objects with better accuracy. Radar has an inbuilt computing unit for processing the raw data for moving object detection.

The camera uses image processing techniques for object detection. To improve the accuracy of detection of the obstacles, inputs for camera and radar are combined through sensor fusion using machine learning techniques.  This is similar to the processing done by the human brain by integrated processing of inputs from multiple sensory organs and thereby sending commands to the actuator organs to initiate the action. As for instance, action performed by an individual after receiving audio as well as visual inputs. For the same reason the perception of a human is better in case his brain receives both audio and visual inputs simultaneously as compared to one of these at a time.

Certification and Type Approval of AEBS

The broad approach for certification of an ADAS feature like AEBS is exhibited in the first figure. The procedure involved in C AND TA of AEBS is elaborated in the third figure. In this case, the regulatory and type approval compliances are required to be taken by the vehicle manufacturer and their suppliers.

 Figure 4 indicates the flow from conceptualisation to final vehicle level integration of AEBS function and the test methodology thereof. Part level testing is somewhat simple to understand. However, the functional and vehicle level testing need to understood clearly. Only the functions specific to AEBS shall be tested during functional testing. Whereas during vehicle level testing, interaction of AEBS with rest of the vehicle shall be verified. The objective of overall testing is to establish the control aspect of AEBS for all its pre-defined features. Various advance simulation tools are available nowadays to access the overall functional as well as vehicle level performance of AEBS.

This saves lot of time and provides fair amount of idea to the designers and system integrators in advance. In the next level, lab testing can be performed using tools like hardware-in-loop (HIL). In this case, the AEBS ECU is connected to simulated vehicle environment and its performance can be evaluated. In the final step, the performance evaluation of the AEBS can be done on test tracks or on actual roads. The purpose of the testing carried out at different levels is to adjudge the safety, complexity and risk estimation. As a part of safety evaluation of AEBS, three main actions are required to be evaluated. The first is the identification of critical condition and driver alert where it is important to ensure that proper audio visual warnings are provided by the system to the driver. Second is activation of mild braking if a driver fails to acknowledge the warnings and also to draw his attention. Third is activation of harsh braking where collision needs to be avoided with an object in front.

In case of complexity analysis, the dependence of AEBS on the various vehicle and sensor parameters is checked. For instance, obstacle detection using radar (for example, other vehicles), camera (for example, speed sign) and both (for example, blind spot) have different levels of complexity. The risk estimation is done using the indices of safety and complexity. Higher risk estimation indicates higher safety and complexity issues. This in turn implies that the development of such function would be more time and resource-intensive.  For instance, in AEBS, harsh braking involves higher safety but is less complex. Hence, the overall risk estimation will have a moderate value. 

Conclusion

The C and TA procedure for ADAS is a complex procedure and cannot be addressed by conventional approach of product testing. It rather requires a comprehensive methodology where process as well as product performance compliance need to be established. The same is explained using AEBS as a typical case.

References:  1. www.unece.org | 2. www.iso.org | 3. www.sae.org

About the Author: Dr.  Madhusudan Joshi is Head-E & E, ICAT Manesar. Dr. Joshi has received his Doctoral Degree from Indian Institute of Technology, Delhi in the field of Cryptology. With overall 21+ years of experience in the field of automotive R&D, certification and validation, Dr. Joshi currently heads the Electronics & Electrical Group at ICAT. Information & data security, functional safety ADAS, ITS and electric mobility are current topics of his interest.