Continue to Site

Welcome to our site!

Electro Tech is an online community (with over 170,000 members) who enjoy talking about and building electronic circuits, projects and gadgets. To participate you need to register. Registration is free. Click here to register now.

  • Welcome to our site! Electro Tech is an online community (with over 170,000 members) who enjoy talking about and building electronic circuits, projects and gadgets. To participate you need to register. Registration is free. Click here to register now.

Help needed with designing a safety circuit to ignite a pyrotechnic device

Status
Not open for further replies.

ih96

New Member
Hi, I have been given a project to design a circuit which will ignite a pyrotechnic flare after a certain sequence of events has been detected. The events which must be detected are:

-A specific signal transitions from a short circuit to an open circuit.
-A short pulse signal from a separate detector is received.
-A 5V logic signal transitions from logic 0 to logic 1.

Additionally, the sequence in which these events occur is unknown.

I have a massive interest in electronics but only a limited knowledge which I have gained from my university course (Physics), so I am struggling to know where to begin with this project. I need advice on which components the circuit should contain in order to detect these events and if wiring them in a particular way may work better than others. I'm kind of viewing this as a learning experience, any suggestions or explanations offered will be thoroughly appreciated. I will do my best to try to understand!
 
Welcome to ETO, ih96!

Probably the easiest (and cheapest) way into this is with a small uC (like an Arduino Micro, with an appropriate program) and a simple network of transistor or FET switches for completing the pyrotechnics ignition circuit. I say "easiest" because of the variable sequence of inputs and timing issues.

There are, of course, other options as well.
 
A specific signal transitions from a short circuit to an open circuit.
Is that a short to ground, or to some other voltage rail?
A short pulse signal from a separate detector is received.
Positive-going or negative-going? What voltage, duration?
A 5V logic signal transitions from logic 0 to logic 1.
Does it then stay at logic 1 indefinitely?
 
One thing I think Alec has missed out is do these events have to occur within a certain time period ? So for example if 2 of the three events occur within a 1 second period can the third event occur after a year and trigger the output. It often helps to explain what the exact purpose of the equipment is.

Les.
 
Is that a short to ground, or to some other voltage rail?

Positive-going or negative-going? What voltage, duration?

Does it then stay at logic 1 indefinitely?

It's a short to ground and the logic signal does stay at logic 1 thereafter. I don't know about the short pulse, that's all the information I was given.


One thing I think Alec has missed out is do these events have to occur within a certain time period ? So for example if 2 of the three events occur within a 1 second period can the third event occur after a year and trigger the output. It often helps to explain what the exact purpose of the equipment is.

Les.

Hi, sorry about that, I should have explained the context. The purpose of the flare is to ignite a missile motor once it is a safe distance from the launch aircraft. From this, I assumed that the events would happen within a fairly short time period. It seems like it should be a requirement of the circuit that the flare is only ignited if the events occur in a short time frame, but there are no time frames specified by the task.
 
I think I would avoid using a microcontroller in such a critical application. We are baically looking at three transitions to trigger the event. My first thought was to pass each of the thee signals (After inverting if reqired.) through a differentiator (A capacitor and resistor.) to produce s short pulse to trigger a flipflop. I rejected this as we would have to be sure that the three flipflops were in the reset state at power up. This would not be too difficult and could be achived with a capacitor between the supply rail and the reset inputs. The set output of the three flipflops would be connected to a three input AND gate which would drive the gate of a power mosfet. The next thought to try to make it less sensitive to false triggering was to use the pulses from the differentiators to trigger three low power SCRs (Such as a 2N5060) The anodes of the SCRs would go to a 3 input NOR gate (Which would perform the function of a 3 input NAND gate with active low inputs.) The third idea is to use the pulses from the differentiators to drive three transistors that would blow three low current SMD fuses. If one side of each fuse was connected to ground and the other side connected via a diode (Cathode to the fuse.) to the gate of the power mosfet which had a pull up resistor to the gate then until all three fuses had been blown the mosfet gate would be held low. I think this would be the least likely to be falsly triggered.

Les.
 
Taking a modular approach, it sounds like three different input signal conditioners, one of which needs a flipflop, followed by one 3-in AND gate or equivalent, followed by a set-reset flipflop that has a power-on reset, followed by a driver for the flare.

1. What is the power supply voltage for the logic circuit?
2. What is the power supply voltage for the flare igniter?
3. What is the current required by the igniter?
4. What open circuit voltage and short circuit current can the short/open circuit signal source handle?

What are your circuit breadboarding and/or soldering skills? This looks like two chips, one output transistor, and a few misc. parts. If the open circuit stays open and the 5 V logic signal stays at a logic 1, then 1/2 of a dual flipflop latches the pulse input. Its output is AND-ed with the other two inputs. When all three are logic 1's, that clocks the other half of the flipflop to drive the output transistor. An R-C timing network acts as a power-on reset to make sure everything starts up in the off condition.

Sound about right?

ak
 
Here's a little something to chew on after dinner. It looks more complex than it actually is, partly because of three external transient suppression networks. These might go away with more information about the input signals and the operating environment.

ak
Flare-Igniter-1-c.gif
 

Attachments

  • Flare-Igniter-1-c.pdf
    13.6 KB · Views: 176
Hi AK,
The above circuit would trigger if the 5 volt level started out as high and there was no short to ground to start with when the pulse occured. As the OP used the term "transitions from" I interpreted the requirement as needing to see the transitions not just the static levels. I think you need a flipflop to look for the transition on all three inputs. (You would then not need the flipflop on the input to the mosfet.)

Les.
 
Also, Q1 is an obvious single point failure, if it conducts for spurious reasons, the igniter fires.

I would ask the OP, is this a serious development for a real device or an academic study?

If this is for a real device which can go bang and hurt people in a big way, an internet forum is a dubious venue for a design meeting.
I am sorry to introduce a bit of a negative outlook to this, but this is not a trivial task.

JimB.
 
-A specific signal transitions from a short circuit to an open circuit.
-A short pulse signal from a separate detector is received.
-A 5V logic signal transitions from logic 0 to logic 1.

Additionally, the sequence in which these events occur is unknown.
My Emphasis.
The purpose of the flare is to ignite a missile motor once it is a safe distance from the launch aircraft.
This description sounds very sequential, i.e.,
1. launch (from aircraft) start timer
2. delay (for distance and/or safety)
3. trigger ignition.

Is this correct or am I missing something? If correct, some very simple 555 timers will do the job.

<EDIT> Just saw your post, Jim, and I have the same misgivings.
 
Les - I didn't read it that way, but I see your point. The OP needs to fill in the stability of the signals at startup. There is a 1 second power on reset period to let the inputs stabilize in the no-fire conditions. If they are not clearly defined in the first second, then input transition detectors are needed. I'd use differentiators feeding sections of a 4043/4044, and diode-gate the result into the output driver. Or replace everything with a single ULN2803.

ak
 
Hi, sorry about that, I should have explained the context. The purpose of the flare is to ignite a missile motor once it is a safe distance from the launch aircraft.

There are several aspects to this thread which make me feel uneasy, and so I am temporarily locking the thread to further replies until is has been discussed by the moderators.

JimB
 
Having raised this thread in the moderator forum, and received a plausible explanation (by private conversation) for the topic from the OP (ih96).
It is basically an "interview question", to discuss the safe release of a missile from an aircraft.

I am thus inclined to allow the thread to continue.

The thread is unlocked.

JimB
 
The key to any good design is clear unambiguous specifications. Also for reliability, the inputs must ignore noise and contact bounce. From my days in solid rocket fuel payloads, there is always a 2 stage sequence minimum, to ARM then FIRE. The excitation current and duration of each stage must exceed any worst case noise transient from an adjacent wire current even under a fault condition.
The fire switch must have safeguards from accidental switchng.

The actual igniter component activated by a relay is called a squid which burns like a piece of nichrome wire with sufficient energy to ignite the propellant. In larger rockets it may be a two stage squid where a nichrome wire heats up rapidly to ignite a small solid propellant like a model rocket motor, which then ignites a larger motor.

But the arm and fire controls must be better defined to avoid ambiguity , ensure safety and reliability. Airplanes use shorting plugs to disarm devices on the ground, which require manual removal as the 1st of 3 stages.
 
I think I would avoid using a microcontroller in such a critical application. We are baically looking at three transitions to trigger the event. My first thought was to pass each of the thee signals (After inverting if reqired.) through a differentiator (A capacitor and resistor.) to produce s short pulse to trigger a flipflop. I rejected this as we would have to be sure that the three flipflops were in the reset state at power up. This would not be too difficult and could be achived with a capacitor between the supply rail and the reset inputs. The set output of the three flipflops would be connected to a three input AND gate which would drive the gate of a power mosfet. The next thought to try to make it less sensitive to false triggering was to use the pulses from the differentiators to trigger three low power SCRs (Such as a 2N5060) The anodes of the SCRs would go to a 3 input NOR gate (Which would perform the function of a 3 input NAND gate with active low inputs.) The third idea is to use the pulses from the differentiators to drive three transistors that would blow three low current SMD fuses. If one side of each fuse was connected to ground and the other side connected via a diode (Cathode to the fuse.) to the gate of the power mosfet which had a pull up resistor to the gate then until all three fuses had been blown the mosfet gate would be held low. I think this would be the least likely to be falsly triggered.

Les.

Thanks so much for offering multiple suggestions and explaining them all so well. :) I think (hope) that interviewees are expected to give more basic solutions than yours as it is an interview for an internship so everyone applying will be a student with no actual experience in industry. I may be wrong, as I have such a limited knowledge of electronics, but your solutions seem to me to be at a higher level than what would be expected. Do you think it would be possible to simplify any of your ideas? Your first suggestion is the one I can follow best, and so my current thinking is to try to design the circuit to have 3 latches that would each be set by the 3 events, and for their inputs to be directed to an AND gate that initiates the pyrotechnic only when all 3 events have occurred.

Taking a modular approach, it sounds like three different input signal conditioners, one of which needs a flipflop, followed by one 3-in AND gate or equivalent, followed by a set-reset flipflop that has a power-on reset, followed by a driver for the flare.

1. What is the power supply voltage for the logic circuit?
2. What is the power supply voltage for the flare igniter?
3. What is the current required by the igniter?
4. What open circuit voltage and short circuit current can the short/open circuit signal source handle?

What are your circuit breadboarding and/or soldering skills? This looks like two chips, one output transistor, and a few misc. parts. If the open circuit stays open and the 5 V logic signal stays at a logic 1, then 1/2 of a dual flipflop latches the pulse input. Its output is AND-ed with the other two inputs. When all three are logic 1's, that clocks the other half of the flipflop to drive the output transistor. An R-C timing network acts as a power-on reset to make sure everything starts up in the off condition.

Sound about right?

ak

Hi, thanks for the help, the circuit you posted has given me a much better idea of how the 3 ways of detecting the events can be brought together. :) As it turns out, I was meant to be sent a datasheet detailing the requirements of the pyrotechnic device, but it was missing from the e-mail containing the presentation task. I have contacted them requesting the datasheet but I probably won't get it until the 4th of January now. I'm a little worried as I have to send them the presentation by the 5th, I don't know if I should use the specifications from a known device and explain that was what I used? I wasn't really given much information, so I can't answer 1 or 4 either. :( Sorry.


The key to any good design is clear unambiguous specifications. Also for reliability, the inputs must ignore noise and contact bounce. From my days in solid rocket fuel payloads, there is always a 2 stage sequence minimum, to ARM then FIRE. The excitation current and duration of each stage must exceed any worst case noise transient from an adjacent wire current even under a fault condition.
The fire switch must have safeguards from accidental switchng.

The actual igniter component activated by a relay is called a squid which burns like a piece of nichrome wire with sufficient energy to ignite the propellant. In larger rockets it may be a two stage squid where a nichrome wire heats up rapidly to ignite a small solid propellant like a model rocket motor, which then ignites a larger motor.

But the arm and fire controls must be better defined to avoid ambiguity , ensure safety and reliability. Airplanes use shorting plugs to disarm devices on the ground, which require manual removal as the 1st of 3 stages.

Yeah, that makes sense. Since I don't know which order the events may occur in, but the device must automatically initiate when they have, would it be correct to say that the first 2 events would arm the device and the 3rd would fire it? If so, how can I include a safeguard for the fire switch?
 
safegaurd?

Your choice, depending on consequence of misfire.

Beware of all the causes risks I outlined.
upload_2015-12-29_16-23-38.jpeg


This for example would be a bad choice as the contacts are rated >2A and thus not gold plated and thus prone to logic level failures from oxidation.
 
U1 through U3 are 555s due to inherent switch bounce advantages. All circuit components from V1 to the right are in the flare. V2 and the "Flare release SW" are on the launch platform. V1 and V2 voltage levels are arbitrary. Follow best circuit design criteria for 555s chosen.

The initial "SAFE" state of the circuit would be:
"Arming SW" OFF. "Flare release SW" ON, "DISABLE LINE" attached to flare circuit (this forces a positive bias on the trigger of U1, ensuring NO OUTPUT from U1 on power up).
Theory of operation:

Time -1 - "Arming SW" closed. U1 ONLY powered up.
TIME 0 - Device release. A switch (or plug removal) removes the +12vdc bias on the trigger of U1, forcing its output HIGH which immediately:
TIME 1 - powers up U2 and U3.
TIME 2 - U2's output goes HIGH for a duration determined by R4 and C5. When U2 times out:
TIME 3 - U2's output goes LOW which puts a negative pulse on U3's trigger, forcing U3's output HIGH, which:
TIME 4 - has a duration (to ensure the flare's proper ignition) set by R6 and C7. This output would feed a small relay or transistor/FET switch enabling a separate, isolated third power source for the ignition heater.

upload_2015-12-29_16-14-9.png


If something other than ignition delay after launch is needed, this circuit will have to be modified.
 
If the goal is to design a real fail safe firing mechanism, then there has to be complete isolation between the various stages. Even a common power supply is a single point of failure that could result in a false launch. I think to design a real world solution (with real world consequences to any errors), you would need isolated power sources (perhaps a common charging supply with isolated battery supplies), and separate boards to isolate any possible crosstalk, ground bounce, static electricity false triggers and the like. I would want to see relays as the final component of each stage. One pole of the relay lighting up the indicator light for ARM and TRIGGER, and the other pole of the relay connected in series with the firing relay.

I've done some designs where any false triggers could be fatal. And standard logic design with sequential logic stages were not acceptable.

Fun to think about though. Hopefully assuming this is just a thought piece.

-Jim
 
I also was into model rockets a while back. Although not fatal, one can be horribly hurt by an accidental firing.
So safety is crucial, too.

So I agree with previous posters that the safeguards not only should be redundant but independent.

A microcontroller or sequential logic, if used, should be only used as an initial arming mechanism.
 
Status
Not open for further replies.

Latest threads

New Articles From Microcontroller Tips

Back
Top