As drivers back out of the driving task, when transported automatically by an intelligent car for a longer time, they are not always able to react properly, if a driver take over request occurs. This paper presents two ways, how to deal with this problem within the scope of a functional safety concept. Thereto, the difference between fully automatic and autonomous driving assistance systems is explained. Afterwards two different strategies to reach a safe state in consequence of a system boundary crossing are proposed. In the first case the fall back state is reached by a driver take over, in the second case by an automatic, active fail-safe mechanism. Subsequently the necessary components for monitoring and reaching a safe state and their embedment in a basic, functional architecture of a driving assistance system are described. In this context, special regard is paid to aspects of redundancy as well. In the end it is concluded, that the safety concept proposed here is crucial for guaranteeing enduring safety in an automatically driving car and in consequence for making automatic driving functions commercially ready for serial production.
展开▼
