230423 BMS Safety and Fault Management for Lithium Ion Batteries

Welcome to the Stoffel Systems Insights video series.
I'm Eric Stoffel, president of Stoffel Systems.
Today's topic is BMS safety and fault management.
As we discussed in a previous video, one of the primary roles of a BMS in a lithium-ion battery pack is to maintain safe operation,
to prevent fires, prevent explosions, prevent
So how does a BMS actually do that?
Well, there are a number of conditions that the BMS is monitoring.
So, for example, going back to our 3S1P battery pack we discussed in Video 1, 3S1P,
the BMS is monitoring the voltage of all three cells connected in series.
So, for example, this cell could be reporting a voltage of 3.650 volts.
This cell could be reporting a voltage of 3.675 volts.
And this cell, a little bit of an outlier, could be reporting a voltage of 3.812 volts, for example.
And the BMS is monitoring that and is able to detect that at any given time.
So why is this important?
Well, if we draw a diagram showing the temperature of the lithium-ion cells on the x-axis and the voltage of the cells on the y-axis,
we can diagram out where the safe operating envelope,
or safe operating area, rather, of the cells are, and that's denoted by this box here.
So this region is the SOA, or safe operating area of the lithium ion cells.
And how do you define that?
Well, down on the x-axis, this point here, which corresponds to this side of the square,
is the minimum safe temperature that you can operate the cells at.
So for example, some cells will have a minimum temperature of negative 20 degrees C.
On the other side of the square of the SOA is the maximum operating temperature of the cells.
In this case, a typical example is about 55 degrees C. And so you want to keep all your cells within this temperature range.
On the y-axis, on the lower bound of the SOA, we have the lowest safe voltage for the battery cells,
and this is 2.5 volts typically for say NMC chemistries.
And on the high side, we have 4.2 volts, which is also a typical maximum safe or maximum charge voltage for lithium ion cells.
So within this box, you want to keep all of your cells individually within this area to prevent safety events.
So what happens if you actually get a cell that goes outside of this safe area?
Well, if you start getting into the over-temperature region, this is over-temperature.
This is where you get something called thermal runaway,
where a lithium ion cell will start internally heating and actually can run away with its temperature so that it'll go from 80 to 90 to 100, 200, 400,
600 degrees C, and literally melt down.
Lithium ion cells, when fully charged and have thermal runaway, they get so hot they can actually melt through aluminum.
It's a very damaging and very dangerous condition.
So we really want to protect against this thermal runaway event.
So that's the over-temperature side.
What about on the overcharge side?
So this is if you have a lithium ion cell that goes above, say, 4.2 volts per cell.
If you start climbing to 4.4, 4.5, 4.6, what you do is you enter into what's called the overcharge regime.
And what this can trigger is, in effect, it can actually trigger a thermal runaway because the cell no longer can safely hold that charge.
And so both of these areas, this entire region here, denoted by the red,
is a dangerous area where you can get fire, explosion, venting, other problems you definitely want to avoid.
So the BMS very much needs to prevent cells from getting outside of this area.
But on the other side, I'm going to move to the blue pen here, what if you go down here?
So you have a lithium ion cell that goes below 2.5 volts, not under load, so an open circuit voltage.
Well, what you would have here is you would have what's called the overdischarge condition.
And this is where the electrochemistry of the lithium ion cell is no longer safe, in that you can actually have something called dendritic growth,
which is little microfilaments
of conductive material that will actually create shorts within a cell.
And that, as you can imagine, when fully charged, could lead to a thermal runaway or explosion and fire venting.
You want to avoid that.
The other thing that it can do is if you overdischarge, you can also get lithium plating, which can reduce the overall capacity of a cell.
So you have safety implications and reliability implications of going in this region.
Likewise, if you go to what's called the under-temperature case, this is where you have a cell that's less than,
say, negative 20 degrees C, and you're still trying to charge or discharge.
And at these cold temperatures,
the electrochemistry within the cell is no longer able to actually move the ions from the anode to the cathode or vice versa,
so you're actually not able to efficiently get charge into or out of the cell.
And this can also lead to lithium plating and the issues that we just discussed with the overdischarge scenario.
So how do you avoid getting your battery pack into these conditions in the first place?
Well, that's the job of the BMS.
The BMS is going to be monitoring the condition of all the lithium-ion cells in the system.
So for example, as we discussed over here, each of these lithium-ion cells in series has a different voltage,
so the BMS needs to be looking at every single voltage to make sure that it stays within this safe range.
The reason I drew another box within this box is because you always want to have some margin in your fault and safety system
against what's really a dangerous condition versus what the BMS is actually going to protect against.
So you might want to have a threshold of 100 millivolts, 5 degrees C, something like that.
So you need to look at what are the safety limits as defined by the cell manufacturer,
and then what are the safety limits derated that you want to actually implement in the BMS.
And so what are the actual faults that the BMS is looking for?
So to protect against the overcharge condition, we have an overvoltage fault, or an OV fault.
So you see a cell OV fault in the BMS that's protecting against this condition.
This direction, we have an overtemperature fault, or OT fault.
So the BMS would detect that one or more cells are getting above a safe temperature and shut down operation.
Going this direction, we have a cell undervoltage fault, denoted by UV.
And then going this direction, we have a cell undertemperature fault, denoted by UT.
And so you can have cell OV, cell OT, cell UV, and cell UT faults.
And this, remember, this has to be for every single cell in the system,
so you can't just look at a single cell and assume that it's going to be safe.
You have to look at every single cell, and if one cell is getting too hot, too overcharged,
too overdischarged, you need to shut down or derate operation of the system.
So how does the BMS actually communicate this to the rest of the system?
Well, just drawing a quick diagram over here, say we have a scenario where we've got our three cells connected in series here,
we've got a disconnect switch, and our BMS.
The BMS is monitoring these conditions, the voltages, the temperatures, and the current,
but it also is controlling this disconnect relay, contactor, or solid-state switch.
And this allows the BMS to disconnect itself from the external application in case the external application is malfunctioning.
So for example, typically, you will have a BMS that will communicate via its communication interface to the external system saying,
one of the cells is getting too hot, or one or more of the cells is getting too overcharged, do not charge me any further.
It is the responsibility of the system controller to obey the BMS limit.
Now if it does not do that, and for example, it's malfunctioning, it's broken, the software is written incorrectly,
then you have a situation where the BMS independently needs to be able to disconnect itself from the load,
or from the charger, and protect the pack.
So in this situation, assume that this motor controller is generating regenerative braking or something,
so it's dumping current into this battery, and it's not obeying the limits set by the BMS,
then the BMS needs to open this contactor, cease all operation, and trigger a fault,
which would then either require some sort of fault recovery sequence, or a reset of the operation.
So it's very important that you have a disconnect that the BMS can control independently of the external application.
So this provides a general summary of the primary safety functions of a BMS.
In a future video, we'll cover more advanced faults, including isolation faults and other features,
but for now, this gives you a sense of the primary safety features that are required.
Thank you for watching, we'll see you on another video.

本栏目推荐文章
• Introducing the incident management
• App-Calibre Book Management-Linux 安装
• imagex.exe 在较新的 Windows 版本中已被 DISM（Deployment Image Servicing and Management）工具所取代
• 初中英语优秀范文100篇-039School Safety-校园安全
• Cisco Secure Firewall Management Center Virtual 7.4.1 - 思科 Firepower 管理中心
• ZIMP - Session Management
• POLIR-Management-TYPES of decisions
• RabbltMQ Management使用
• 开源CMS （Content Management System）内容管理系统 => ECM （Enterprise Content Management）企业内容管理
• Power Management Strategies【ChatGPT】

Management Batteries Lithium 230423 Safetymanagement batteries lithium 230423 230423 lithium batteries safety journey safety 212e abc 题解journey safety 212e security safety management management-decision