0

So, I'm fiddling with a design for a widget, and one of the "fun" parts is to ensure that power is reliably cut without human intervention. Power is normally controlled by relays, which have at least a theoretical potential to experience contact welding and therefore fail to open when the coil is de-energized.

It occurred to me that it ought to at least be theoretically possible to, say, stick a fuse in the whole thing and rig something to create a deliberate short (thus melting the fuse and interrupting power) if the relay fails to open.

Is there any existing art for such a setup?

vu2nan
  • 15,929
  • 1
  • 14
  • 42
Matthew
  • 481
  • 2
  • 12
  • 1
    Crowbar circuit. Or another relay which is NC which you exclusively use to disconnect in such cases. – Wesley Lee Jan 25 '23 at 21:18
  • 1
    If you're worried about contact welding, you might also want to look into whether a snubber circuit at the contacts is appropriate for your application. – vir Jan 25 '23 at 21:34
  • Use quality relays within their specification? The manufacturer has already figured all this out. – Harper - Reinstate Monica Jan 26 '23 at 22:47
  • @Harper-ReinstateMonica, I considered including "...or am I being overly paranoid?" in the question. OTOH, manufacturers also encourage the use of fail-safes when failure to perform could be hazardous. After all, components *do* sometimes fail to perform as expected. – Matthew Jan 27 '23 at 17:52
  • Have you looked into hybrid relays? – winny Jan 31 '23 at 07:54
  • Why not just put two relays in series? And, especially if this is a DC application, heavily derate their usage. – SteveSh Jan 31 '23 at 12:46
  • @SteveSh, it's not DC, and... do *you* have an affordable, preferably force-guided relay that can handle 50A or more? (Anyway, I *have* relays in series. I'm still paranoid, particularly as I'm not aware of anything other than luck that would prevent a cascade failure. *Maybe* I'm overly paranoid, but if I can add this particular fail-safe at a reasonable cost, I'm inclined to do so.) – Matthew Jan 31 '23 at 15:17
  • @winny, unless I'm missing something, besides introducing additional failure modes (that are not as readily detected), those would add *significant* complexity. With FGRs it's fairly easy to detect a contact-welding failure and trigger the last-ditch fail-safe. – Matthew Jan 31 '23 at 15:27
  • The ones I've seen were totally integrated, so all the heavy lifting is done internally. The MOSFET will take all switching stresses and the mechanical relay only suffers from conduction losses but switches at zero current each time. Failures can still occur, but risk of contacts welding is practically eliminated. – winny Jan 31 '23 at 16:53
  • @winny, well, as usual the problem seems to be finding something that's both rated for 15-20A and doesn't cost a fortune. Also, I'd lose the ability to verify state. If you have *specific* suggestions, however, I'm happy to look into them. – Matthew Jan 31 '23 at 17:13
  • Voltage? AC or DC? – winny Jan 31 '23 at 21:40
  • 1
    @winny, I'm switching US mains (120VAC). I have 5V and 12V available for coil control, though I can use mains for that also if necessary. – Matthew Jan 31 '23 at 21:53

5 Answers5

1

It's called a "crowbar circuit" because it's like throwing a crowbar across the terminals of the power supply.

Elliot Alderson
  • 31,192
  • 5
  • 29
  • 67
  • 1
    Hmm. This is *partly* useful, at least inasmuch as validating the idea of deliberately blowing a fuse. It doesn't seem to apply to *relay contact welding*, however. For one, as best I can determine, that would ideally include some sort of timing circuit. – Matthew Jan 26 '23 at 15:08
1

Is enough energy guaranteed to be available to operate the fuse?
It may not. Typically these circuits are last in line of a number of protection circuits. Eg: relays, circuit breakers and trip coils.

Since when this circuit or device does fail, it will ignite and cause a fire.

Things that do exist for this purpose are pyrotechnic fuses. The fuse is coupled with a small explosive that you can trigger. They are highly specialized and not for your average widget.

Jeroen3
  • 21,976
  • 36
  • 73
  • So, *notionally* the failure condition here isn't "too much power". Although, that *is* what's most likely to cause contact welding, and your question whether I can even draw enough current to break the fuse is valid. (Indeed, doing so "safely" resulted in [this follow-up](https://electronics.stackexchange.com/questions/651764).) Alas, pyrotechnic fuses are, as you say, exotic. I'm probably going to go with creating a deliberate ground fault instead and hoping the breaker will do what the relays didn't. – Matthew Jan 31 '23 at 16:31
0

Microwave oven door switches are typically set up such that there are two contacts operated sequentially, one in series with the MOT such that it is ONLY closed if the door is shut, and the other wired directly across the transformer primary to eat the fuse if the first contact fails to open.

It is a very well conceived piece of very cheap safety interlocking.

For relay use, you may wish to investigate the 'Force guided contact' relays from the likes of Pansonic that can be used as part of a solution. These are actually made for the solar inverter market, but are mains rated and have the desired safety characteristics. For industrial safety relays, most of the factory automation vendors have product in this space.

Dan Mills
  • 17,266
  • 1
  • 20
  • 38
  • I'm actually planning on Elesta SIP 512s. (I've had pretty abysmal luck finding anything rated for more than 10A. The Eleasta's are rated for 12A/16A and I plan to gang three of the poles. Not all four, because for some reason the fourth has less electrical isolation.) – Matthew Jan 31 '23 at 16:42
  • Note - Relays more than an amp or two of rated capacity are sometimes (usually) called power contactors. This terminology may depend of the industry. – SteveSh Jan 31 '23 at 22:30
0

It should be obvious that you cannot guarantee 100% correct operation (that is, the current flow being interrupted when commanded). You may be able, with different design techniques be able to come up with a 99%, 99.9%, 99.999% solution, but you'll never be able to reach 100%.

That being the case, I think you need to take a more structured approach, bringing some of the tools from reliability engineering to bear on the problem.

Here's a rough outline of what I think needs to be done.

First you need to define what you mean by success. How often does the current need to be interrupted? Once a minute? Once an hour? Once a day? And over how long a period of time. One year, 10 years?

This gives you an estimate of how many times your current interrupter needs to operate. Lets say you need to do this 3,000 times over a ten year period, just to put some number down on paper.

Then you need to determine your probability of success Ps over ten years. Remember, it can never be 100%. Let's make that 99.9%.

Now you start laying out implementation options. Start with a single properly rated relay. What is it's reliability in your application, or it's FIT (Failures in Time) rate. From this you can calculated the expected Ps. Is it sufficient?

If not, you can look more reliable parts. Or look at architecture changes, such as putting two such relays in series. This improves your Ps significantly. Let's say a given relay is determined to be 99% reliable in the above scenario, reliable means being able to interrupt the current. That means there's a 1% chance that it won't perform as needed. If you put two such relays in series, the interrupter's Ps is now 99.99%.

SteveSh
  • 9,672
  • 2
  • 14
  • 31
0

Try a 2nd relay in series, and monitor if any of them fail. Possibly use a different make/type of relay, maybe mosfet.

Or you could use the 2nd relay to cause a short circuit and blow the fuse, although it's hard to do auto test it.

But you are right everything will fail eventually, the question does it cause harm/damage or not.

Eva4684
  • 1