DATA STORAGE SYSTEM FOR AUTOMATED DRIVING (DSSAD)

Slides:



Advertisements
Similar presentations
Informal document GRPE-70-14
Advertisements

Outline of Definition of Automated Driving Technology Document No. ITS/AD (5th ITS/AD, 24 June 2015, agenda item 3-2) Submitted by Japan.
Presentation for Document ACSF-03-03_rev1 Oliver Kloeckner September rd meeting of the IG ASCF Munich, Airport Informal Document.
Damage Mitigation Braking System
TITLE: EVENTS DATA RECORDERS PRESENTER’S NAME: NAME ECONOMY: REP. OF KOREA.
Ministry of Industry and Trade of Russian Federation June 2013 Deputy director of the Department of transport and special engineering industry V. Kaganov.
Remote Control Parking (RCP)
Protective Braking for ACSF Informal Document: ACSF
Minimum Risk Manoeuvres (MRM)
Brief Review up to Now 1 March 11, 2011, Geneva UNECE/WP29/ITS Informal Group 19th Meeting T. Onoda & K. Hiramatsu, Japan Transmitted by expert from JAPANInformal.
Common Understanding on Major Horizontal Issues and Legal Obstacles Excerpts from the relevant sections of the ToR: II. Working items to be covered (details.
OICA IWG AECSAPRIL 2016 AECS REGULATION POST-CRASH CHECK WITH HMI TEST METHOD SUMMARY -ASIL determination – ISO Pre-requirements for HMI test method.
1 6th ACSF meeting Tokyo, April 2016 Requirements for “Sensor view” & Environment monitoring version 1.0 Transmitted by the Experts of OICA and CLEPA.
2 Overhead & channel use for multiple messages. Unused elements in common message set. Security? A new message for each new application? Where to change.
Transmitted by the Experts of TRL (EC)
OICA „Certification of automated Vehicles“
Informal document GRRF-84-32
Informal Document: ACSF-06-16
Common Understanding on Major Horizontal Issues and Legal Obstacles
Submitted by the expert form Japan Document No. ITS/AD-09-12
Industry proposal Driver availability recognition system
Informal Document: ACSF Rev.1
Automatic Emergency Braking Systems (AEBS)
Timing to be activated the hazard lights
Automated vehicles Horizontal regulation Preliminary considerations
The Driving Task DRIVER EDUCATION.
SAE J3016 Revisions & SAE Ads/adas Standards
Informal document GRRF-86-36
ASEP IWG Report to GRB 66th
Statement of Principles on the Design of High-Priority Warning Signals
Industry Homework from AEB 02
on Transition for level 3 Automated Driving system
ACSF-19, September 03-05, 2018, Paris
Status of the Informal Working Group on ACSF
Proposals from the Informal Working Group on AEBS
Status of the Informal Working Group on ACSF
DATA STORAGE SYSTEM FOR AUTOMATED DRIVING (DSSAD)
Status of the Informal Working Group on ACSF
Transmitted by the expert from ISO
Reason for performance difference between LVW and GVW
Status of the Informal Working Group on ACSF
ACSF – Automated Driving Systems Taxonomy and Definitions - SAE J3016 Jean-Michel Roy Transport Canada.
Proposals from the Informal Working Group on AEBS
Report on Automated Vehicle activities
Event Data Recorder (EDR)
Safety concept for automated driving systems
Behaviour of M2 & M3 general construction in case of Fire Event
Progress report of GRSG informal group
Informal Document: ACSF-10-08
Informal document GRSG Rev.1
Safety considerations on Emergency Manoeuver
Highlights of the 177th WP.29 session and
Submitted by the Secretary
C-EDR Introduction of Chinese Mandatory National Standard
Emergency Steering Function
Submitted by the expert
EDR-DSSAD Event Data Recorder (EDR) & Data Storage System for Automated Driving (DSSAD)
C-EDR Introduction of Chinese Mandatory National Standard
ACSF-17 – Industry Preparation
ACSF B2 SAE Level 2 and/or Level 3
Comparison between EDR/DSSAD
ACSF B2 and C2 Industry expectations from ACSF IG Tokyo meeting
Alternative Approach to UN R13 Type-IIA for Battery Electric Vehicles
6th ACSF meeting Tokyo, April 2016
Chinese Mandatory National Standard
JAPAN Position/Proposal
Status of the Informal Working Group on ACSF
Regulation ECE R79-03 ACSF C 2-Step HMI
Automated Lane Keeping Systems
EDR/DSSAD IWG Status Report
Presentation transcript:

DATA STORAGE SYSTEM FOR AUTOMATED DRIVING (DSSAD) Transmitted by the expert from: Informal document GRVA-02-20 2nd GRVA, 28 January – 1 February 2019 Provisional agenda item 5 (a) DATA STORAGE SYSTEM FOR AUTOMATED DRIVING (DSSAD) Submitted by experts from OICA

DSSAD : Purpose of the Data Storage System for Automated Driving Definition : The Data Storage System for Automated Driving is a device or a function that : records and stores a set of data (“timestamped flags”) during the automated driving sequences of any vehicle equipped with Level 3 / Level 4 / Level 5 Automated Driving Systems (ADS), in order that whenever a significant safety related event occurs, it can provide Definition : The Data Storage System for Automated Driving is a device or a function that : records and stores a set of data (“timestamped flags”) during the automated driving sequences of any vehicle equipped with Level 3 / Level 4 / Level 5 Automated Driving Systems (ADS), in order that whenever a significant safety related event occurs, it can provide a clear picture of the interactions between the driver and the system, before and after (whenever possible) the event, in order to establish : - if the driver or the system was requested to be in control of the driving task, and - who was actually performing the driving task. Definition : The Data Storage System for Automated Driving is a device or a function that : records and stores a set of data (“timestamped flags”) during the automated driving sequences of any vehicle equipped with Level 3 / Level 4 / Level 5 Automated Driving Systems (ADS), in order that whenever a significant safety related event occurs, it can provide a clear picture of the interactions between the driver and the system, before and after (whenever possible) the event, in order to establish : Definition : The Data Storage System for Automated Driving is a device or a function that : records and stores a set of data (“timestamped flags”) during the automated driving sequences of any vehicle equipped with Level 3 / Level 4 / Level 5 Automated Driving Systems (ADS), Definition : The Data Storage System for Automated Driving is a device or a function that : records and stores a set of data (“timestamped flags”) during the automated driving sequences

DSSAD : Set of data to be stored STATUS/MODE OF THE SYSTEM Several status and/or modes will potentially exist : => OFF (“disengaged”), STAND-BY, ACTIVE, FAILURE, LIMITED, TRANSITION,… STATUS/MODE OF THE SYSTEM Several status and/or modes will potentially exist : => OFF (“disengaged”), STAND-BY, ACTIVE, FAILURE, LIMITED, TRANSITION,… TRANSITION DEMAND (TD) : Several Transition Demand types will potentially exist, depending from the context : A-Type for “comfortable/planned” situations, like end of the Use-Case, and B-Type for other “unplanned” situations, C-Type ?... The “warning cascade” could vary from TDA and TDB depending on the needs and requirements and each component of the TD cascade, may be stored independently, because released through different channels, like “visual”, “audible”, “haptic” for example. => Each Transition Demand may be stored as a cascade of several signals : TDA = TDA1 + TDA2 + TDA3 TDB = TDB1 + TDB2 …etc… MINIMAL RISK MANOEUVER (MRM) : Several MRM types (A-Type, B-Type,…) will potentially exist, depending from the context : => Each MRMA, MRMB… may be differentiated. OVERRIDE & TAKE-OVER (OR & TO) : Several OR and/or TO types (A-Type, B-Type, etc…) will potentially exist.: => Each ORA / ORB / TOA / TOB / TOC… may be differentiated. STATUS/MODE OF THE SYSTEM Several status and/or modes will potentially exist : => OFF (“disengaged”), STAND-BY, ACTIVE, FAILURE, LIMITED, TRANSITION,… TRANSITION DEMAND (TD) : Several Transition Demand types will potentially exist, depending from the context : A-Type for “comfortable/planned” situations, like end of the Use-Case, and B-Type for other “unplanned” situations, C-Type ?... The “warning cascade” could vary from TDA and TDB depending on the needs and requirements and each component of the TD cascade, may be stored independently, because released through different channels, like “visual”, “audible”, “haptic” for example. => Each Transition Demand may be stored as a cascade of several signals : TDA = TDA1 + TDA2 + TDA3 TDB = TDB1 + TDB2 …etc… STATUS/MODE OF THE SYSTEM Several status and/or modes will potentially exist : => OFF (“disengaged”), STAND-BY, ACTIVE, FAILURE, LIMITED, TRANSITION,… TRANSITION DEMAND (TD) : Several Transition Demand types will potentially exist, depending from the context : A-Type for “comfortable/planned” situations, like end of the Use-Case, and B-Type for other “unplanned” situations, C-Type ?... The “warning cascade” could vary from TDA and TDB depending on the needs and requirements and each component of the TD cascade, may be stored independently, because released through different channels, like “visual”, “audible”, “haptic” for example. => Each Transition Demand may be stored as a cascade of several signals : TDA = TDA1 + TDA2 + TDA3 TDB = TDB1 + TDB2 …etc… MINIMAL RISK MANOEUVER (MRM) : Several MRM types (A-Type, B-Type,…) will potentially exist, depending from the context : => Each MRMA, MRMB… may be differentiated.

ACCIDENT RECONSTRUCTION DSSAD : complementary & independent to EDR « Different data storage systems for different purposes » In the case of an accident with inflation of at least one airbag, the complementary Event Data Recorder (EDR) system will provide many additional information with its usual possibilities and limitations : With trigger : ADS data and Detailed EDR data (record @ trigger event) Trigger: Airbag deployment & strong deceleration (Δv > 8 km/h within 150 ms as in US part 563 EDR) Without trigger : ADS data only ( including timestamp / continuous [3] month storage) Incident/accident without EDR trigger AD system data ON / OFF ADS is active WHO WAS DRIVING TD No TD TO No MRM MRM [3 month] storage of ADS data 5s before crash Detailed EDR data ACCIDENT RECONSTRUCTION Additionnal data Case of an Accident with EDR trigger

ACCIDENT RECONSTRUCTION Data Storage context : Only DSSAD applies to AD only REGULATED OPTIONAL (NO TECHNICAL REGULATION) Accident Emergency Call System (GPS/Galileo/Glonass position, GMT time stamped, retention system status, VIN… Light Vehicles M1/N1 « other data » Video scene recording, insurrance system data, fleet management tool data, other personnal data (depending on regional privacy laws)… ACCIDENT RECONSTRUCTION « US » EDR speed, accelerations, restraint systems deployment,… trigger time stamped “It might be important to collect data in retrieval format about who was in control and of what throughout the operation in case of an unexpected event that could impact road traffic safety.” (WP1 – IGEAD – 07-04 – Guidance for Automated Vehicles – discussion paper) All Vehicles equipped with Lev 3, 4 or 5 AUTOMATED DRIVING SYSTEMS DSSAD System status/mode, Transition Demands from system HMI, Driver’s Override & Take Over, MRM activations WHO WAS DRIVING

DSSAD (All vehicles with ADS) CONCLUSION : a strategy for DSSAD EDR (M1/N1) DSSAD (All vehicles with ADS) Purpose Supporting crash analysis and reconstruction Support legal information needs on vehicle control (Driver/System) How Record data when triggered (momentaneous) Store data over a longer period What data Data relevant to crash analysis Vehicle speed Vehicle Speed reduction Engine throttle Service brake Ignition Airbag deployment .. Data relevant to vehicle control: AD system ON/OFF Transition Demand Take Over Minimum Risk Manoeuver Repective data timestamps Reference FMVSS 49 CFR Part 563 To be discussed (OICA proposal available) Application “conventional vehicle” Applicable No need “vehicle with Automated Driving function” (LEV3, 4 & 5) Proposed strategy for Automated Driving functionalities: Implement the concept of DSSAD in ACSF B2 Level 3 – highway application (short term) & in “horizontal regulation on Automated Driving” (mid term)

DATA STORAGE FOR AUTOMATED DRIVING ANNEXES

DSSAD : Glossary of terms Data : data to be displayed or utilized by some CPUs of the vehicle (e.g. « speed of vehicle » is the information that is displayed to the driver through the speedometer, with tolerance as given by UNECE R39. It is not the absolute speed of the car) recording data : keeping the instant value of several continuous information or an instant message (both available in the vehicle’s CAN or ECUs) in a volatil memory. These data may be recorded and overwitten continuously : they are not available after a while, if not stored. Storing data : keeping the recorded data in a non-volatil memory for future retrieval or « read only » access. Trigger : parameter or signal, which threshold is achieved or exceeded when a significant safety related event occurs. DSSAD : Data Storage System for Automated Driving, which aims at making clear « who was driving before (and possibly after) a significant safety related event » and « who was requested to drive » (it can be different, especially during transition driving sequences. EDR : Event Data Recorder, which aims at a better understanding of the retention system action and vehicle conditions durong a severe crash. EDR is described in North American CFR Part 563. AECS : Accident Emergency Call System, which aims at providing a Public Safety Answering Point with a set of data concerning a severe crash that just occured. AECS are described in European e-Call regulation, Russian ERA-Glonass regulation, and will be in UNECE Reg. Significant safety related event : Event that can put human beings in danger. Some of these may be subject to retention system deployment, some others not. Some of these may be subject to emergency manoeuver before impact and some others may not. Minimal Risk Manoeuver should be performed without emergency manoeuver, and without impact, but it is however considered as a significant safety related event. Minimal risk manoeuvre : procedure aimed at minimizing risks in traffic, which is automatically performed by the system (e.g. when the driver does not respond to a “transition demand”). Emergency Manoeuvre : manoeuvre performed by the system in case of a sudden unexpected event in which the vehicle is in imminent danger to collide with another object, with the purpose to avoid or mitigate a collision.

ANNEX 2 : Detailed principle of the DSSAD As it is proposed to be stored and available for [3 months] or [25.000] flags (the first achieved of both), the DSSAD can always bring the answer to the question “who was driving ?” to the authorized person or administration. Determination of “who is allowed to access the data” may vary from a country to another. It should remain under the responsibility of the OEM to decide the right technical solution in order to restrict access to the authorized person/administration only, and to guaranty that the Read Only Data cannot be corrupted. Maximum number of elementary events to be stored by the system remains to be decided. ( 25.000 ? ) (considering an average number of 5 elementary events per sequence of use : 25.000 = 50 sequences (of an average 5 events) / day , during 100 days)

ANNEX 2 : Detailed principle of the DSSAD Use the Powerpoint version With animations for better understanding of the concept. These data are not available any longer because they were stored but storage is now too old From [3 months] ago, all information is always available, with time stamp When the driver Takes Over after being requested, the system turns OFF When the driver does not respond to TD, the system proceeds to a MRM When the MRM is finished, the system turns OFF ON OFF ON OFF ON OFF ON OFF ON/OFF STATUS TAKE-OVER A-Type B-Type B-Type TRANSITION DEMAND MRM Who was requested to drive ? Unknown if older than [3 months] ago SYSTEM DRIVER SYSTEM DRIVER SYSTEM DRIVER Who was actually driving ? …even if the traffic violation occured 2 or 3 months ago… When the driver decides to Take Over it, the system turns OFF When the MRM is engaged, the system turns OFF as soon as the driver Takes Over. When there is a traffic violation, it is possible to determine who was driving at that time… ON OFF ON OFF ON OFF ON/OFF STATUS TAKE-OVER A-Type TRANSITION DEMAND MRM Who was requested to drive ? DRIVER SYSTEM DRIVER SYSTEM DRIVER SYSTEM DRIVER Who was actually driving ?

DSSAD : Important considerations regarding previous slide The previous slide illustrates the concept of DSSAD, as proposed by the cluster n°2. For simplification of the drawing, some hypothesis were considered, which do not necessarily reflect the future conclusions and detailed requirements that will be established regarding SAE Lv3 & above systems. Simplifications considered in this slide are : 1- the system only has 2 possible status : ON (active) and OFF (disengaged), 2- the Transition Demand (TD) is only “one shot” and A-type or B-type only, 3- the driver directly Takes Over (TO) the system, without any preliminary Over-Ride and/or Transition Sequence 4- the system automatically switches to OFF as soon as the driver takes over or the MRM is finished, 5- there is only one MRM type that is engaged [X] seconds after the TD in the case there was no TO by the driver Reality will be a little bit more complicated, but it does not change the concept itself. The detail of the set of data to be stored will be possible to establish only after the requirements regarding the principles to be followed by these systems are given by the future dedicated regulation. NB : All the potential STATUS/MODES OF THE SYSTEM, and definitions of OVERRIDE & TAKE-OVER, that are given in the glossary of terms, were inspired by the ACSF draft for E-systems, as it exists today. As so, they are only indicative, and modifications could be introduced by future regulation on these systems.