Enhanced Protection & Safety Features for High-Rel Power Supplies

The design of high-reliability systems encompasses the use of fault tolerant design techniques, the selection of suitable components to meet the anticipated environmental conditions and compliance to standards.


Requirements of High-Reliability Power Systems

In a perfect world, a high-reliability system should be designed to avoid single point failures and provide a means of isolating faults in such a way that operation may continue perhaps at a reduced performance level. It should also be able to contain faults to avoid propagation to downstream or upstream electronics.

Built-in redundancy, either in the form of parallel circuits that share the load actively or that wait in a standby until a failure occurs, is one solution. In each case, fault detection and management requires additional overhead circuitry contributing to the overall complexity and cost. Some systems also create dissimilar parallel circuits to add diversity and avoid the risk of a common failure mechanism; this is the case for some aircraft flight control systems.

Increasing system complexity places a greater burden on the power supply performance so high conversion efficiency and good thermal management are critical as for every 10°C rise in junction temperature the IC lifetime is approximately halved. As we shall see, new feature-rich power supply ICs and dedicated power management functions now provide increased protection to the IC itself and the surrounding system.

Power Regulator Safety Features

Voltage regulators have seen increasingly more accurate and sophisticated forms of current limiting to avoid excessive output currents damaging the device itself or downstream components. It is also fairly common to find internal protection circuitry including reverse battery protection, current limiting, thermal limiting and reverse current protection.

One product that provides an example of improvements in both process technology and in safety features is the LTC7801 DC/DC Switching Controller, it can safely sustain input voltages up to 150V and implements a protection feature that inhibits switching when the input voltage rises above a programmable operating range. This functionality simplifies the input supply transient protection circuitry reducing component count and solution size. The output is also well protected with an overvoltage comparator that guards against voltage overshoots while a foldback current limiter controls power dissipation during overcurrent and short-circuit fault conditions.

Figure 1. LTC7801 High Voltage Step Down DC/DC Controller

The physical packaging aspects of safety are also addressed by offering package options with widely spaced pins to avoid the danger of arcing between adjacent high voltage and low voltage pins. The breakdown voltage reduces with lower air pressure so unpressurized aircraft applications can select the LTC3895 that offers the same functions and performance as the LTC7801 but with a 0.68mm double pin spacing package option.

Some products such as the fault tolerant LT3007 linear regulator are also available with so-called FMEA (Failure Mode and Effects Analysis) compliant pinout where the output stays at or below the regulation voltage if adjacent pins are shorted together or if a pin is left floating.

Controlling Multiple Input Sources

Power supply systems that contain the main supply and a redundant backup with perhaps an external auxiliary supply need a system to arbitrate which supply has priority and to monitor their status. Furthermore, it must protect the system from cross-conducting and back-feeding during source switching. Single chip ICs such as the LTC4417, provide one solution automatically selecting the source based on validation of user-defined supply thresholds for each input.

An alternative approach is to share the load between two input sources that operate simultaneously, increasing reliability by reducing the burden on each source and at the same time providing protection against failure of one source if they are each suitably sized to support the full load requirement. In the past, a simple but inefficient diode-OR arrangement might have been adopted but that required each supply to have active control to balance the loading. Figure 2 shows how this can now be accomplished with a single chip solution. The LTC4370 is a current sharing controller with reverse blocking that prevents a fault in one supply, bringing down the power system.

Figure 2. LTC4370 Dual Redundant Power Source Sharing

Transient and Circuit Protection

Military and aircraft electronics must conform to transient protection specifications such as MIL-STD-1275 (vehicles) and MIL-STD-704 / DO-160 (aircraft). However, protection from voltage surges, spikes, and ripple is desirable in any high-reliability system and there are products that are dedicated to that function such at LT4364.
There are also a wide variety of circuit protection functions available including products such as the LTC4368, a 100V Bidirectional Circuit Breaker that includes protection from power supply voltages that may be too high, too low, or even negative and from overcurrent faults in both forward and reverse directions.

Figure 3. LTC4368 Bidirectional Circuit Breaker with Protection

In these examples, we can observe how new products with increasingly sophisticated protection and safety feature sets can simplify the application circuit design and reduce solution size.

Digital Power System Management

New products are combining the advantages of analogue power regulation with digital control over an I2C-based PMBus interface to enable remote management of power supply systems. Telemetry and diagnostics data can be used to monitor load conditions, read die temperature and provide access for trimming and margining to very high accuracy, maximizing system stability, efficiency, and reliability.

One concern with digital power supply management is the complexity of software, however, LTC3815 implements a simplified PMBus “Lite” command set, with no on-chip non-volatile memory or microcontroller it simplifies design while providing the benefits of digital control and monitoring.

As previously mentioned good thermal control is essential for reliability and the LTC3815 has two levels of thermal thresholds and two levels of responses. When the internal die temperature exceeds 150°C, the overtemperature condition is flagged to the PMBus and the ALERT pin pulls low to alert the PMBus master. If the temperature continues to rise and exceeds 170°C, the LTC3815 shuts down all circuitry, including output regulation until the overtemperature condition has cleared.
Such systems that can report their status offer the opportunity to move from time-based maintenance schedules to condition-based maintenance and can potentially highlight performance degradation prior to system fault conditions taking hold.

Isolated Systems

High-reliability power supply systems often include an isolation barrier to protect the power buses from faults in downstream line replaceable units. Increasing numbers of sensors and actuators are also driving demand for smaller, locally isolated power supplies and data interfaces to reduce noise-induced problems from ground loops and common mode interference. There are now complete galvanic isolated BGA module solutions to simplify design and increase reliability. The LTM9100 Isolated Switch Controller is an all-in-one solution for controlling, protecting, and monitoring high voltage power supplies up to 1000VDC. A 5kVRMS galvanic isolation barrier separates the digital interface from the switch controller, driving an external N-channel MOSFET or IGBT switch. Isolated digital measurements of load current, bus voltage, and temperature are accessed via the I2C/ SMBus interface, enabling power and energy monitoring of the high voltage bus.

Figure 4. LTM9100 Isolated Switch Controller with Telemetry

Component Selection

Most of this article has been dedicated to new functions that simplify designing high-reliability power supplies or product features that protect the device from fault conditions or mistreatment. However, it is critical not to overlook the importance of component quality and of selecting the correct grade of the component for the anticipated environmental conditions. For example, Analog Devices Military Plastic grade provides 100% tested and guaranteed performance over -55°C to +125°C, avoiding the need for costly rescreening or characterization of the component in the application circuit where very harsh conditions are anticipated.


Design of high-reliability power supplies has been simplified by user programmable features, more sophisticated on-chip protection mechanisms and improved integration that reduce the overall solution footprint. Digital Power System Management provides the means to remotely monitor and control power systems and to further improve efficiency and reliability. Finally, selecting the correct grade of the component from a reputable supplier will reduce the chance of quality and reliability issues.

By Steve Munns, Mil-Aero Marketing Manager, Linear Technology Corp. (Now Part of Analog Device)