I am trying to put together a total system that is intrinsically safe and I'm pretty concerned about the microcontroller. I've never designed anything intrinsically safe before so I am trying to get a handle on this on the fly. Currently I am using an Arduino Pro Mini 3.3V and I will need to keep to relatively the same small size for my application. I'm planning on using a 19Ah battery that outputs 3.6V to power the board. I won't be able to use an explosion proof box because the box will need to be submerged.
Are there any microcontrollers out there that are already intrinsically safe? If not, would it be possible to design a circuit around the AT Mega chip that would be intrinsically safe and give me the same functionality that I get from an Arduino? Thanks for any insight!
I would think boxing the electronics is the only way to make them intrinsically safe. You say the project cannot be boxed as it's submerged but what is it submerged in as some liquid/gas environments will not be component friendly so need encasing in something.
I was planning on putting the components in an IP68 (waterproof) box which I believe would mean that the box cannot be explosion proof as well. I'd think that an explosion proof box would be able to keep most liquids out anyways so maybe covering the electronics inside in epoxy and having the signals I need come out of the epoxy through wire?
Physical harm, the code on the board is not relevant to intrinsic safety.
From wikipedia:
Intrinsic safety (IS) is a protection technique for safe operation of electrical equipment in hazardous areas by limiting the energy available for ignition
Basically the circuit can't be able to store enough energy to cause a spark and ignite flammable substances in the surroundings. For example, in a mixture of Hydrogen an air only 20uJ of energy is required to cause an ignition. I'm not certain what exact energy level I am limited to but I am searching to try to find out...I think that the most possible stored energy for the Arduino Pro Mini, if I am using 3.6V as a source, would be somewhere around 70uJ but I'm not totally sure, that was just me looking at the capacitors. I'm also not sure if I could just use a shunt diode safety barrier to connect to the Arduino voltage input to keep it IS or not.
Well if I make a mistake and it makes it far enough to where it could potentially hurt someone then somewhere along the line someone else made a mistake. Everything that I do will be checked by someone smarter than I am, but if there isn't a solution then it's going to get scrapped.
If you are trying to design something that has issues of legal liability you should write to Atmel to get a formal statement of compliance from them (personally I doubt if they will give you one).
Just out of curiosity what voltage would you need to charge a 0.1 microfarad capacitor to in order for it to have 1 micro Joule of energy?
The equation to use is E=(1/2)CV^2 so solve for V and I get ~1.41V. If you're interested in the theory behind capacitors wikipedia is never a bad place to start.
Looking at the schematic there are a couple of 10uF and then a few 0.1uF capacitors on the board I'm using now. I haven't gone through a detailed look at all the chips yet to see what an overall schematic looks like but I think that might be my next step. I doubt Atmel would give me anything either.
I think we can forget about the capacitors - or any other "electronic" component here. The battery is the primary hazard here; you have specified a nineteen Ampere-hour battery, I wonder whether you actually meant 1.9Ah because 19Ah is a serious piece of work.
It is not a matter of the energy stored in the capacitors due to their capacity, but the ability of the battery to dump energy into a faulty component. I actually fancy most of us here have had the experience of a PC which goes "bang" and crashes, only to operate normally when power cycled and on inspection, one of the substandard (tantalum or aluminium) electrolytics has mostly or completely vanished.
For an intrinsically safe system you can never use tantalum capacitors because they can fail short circuit. You need to look at the failure mode and consequences of all components. However you only need to consider the failure of one component.
The other thing you should avoid is sparks of any sort. This means that relays and contacts on switches need to be of the sealed type. You can't use brushed DC motors, or anything that makes or breaks a circuit.
However, the main thing is the enclosure. You can also spray the circuit with conformal coating.
Are there any microcontrollers out there that are already intrinsically safe?
No because it is not a function of the micro controller, it is the way the electronic circuit is designed and physically constructed.
Paul__B:
The battery is the primary hazard here; you have specified a nineteen Ampere-hour battery, I wonder whether you actually meant 1.9Ah because 19Ah is a serious piece of work.
This is the battery I was planning on using, and I thought the more important factor would be discharge rate (which I should have said at the beginning).
However you only need to consider the failure of one component.
I assume you mean any one component that could lead to a short or cause a spark?
This means that relays and contacts on switches need to be of the sealed type.
tparty: This is the battery I was planning on using, and I thought the more important factor would be discharge rate (which I should have said at the beginning).
Yeah - just look at that green writing entitled "WARNING" on the spec sheet!
The current ratings on the battery are the limits you should impose, nowhere near what the battery can deliver if overloaded/ short-circuited, thus the warnings. Lithium batteries are renowned for overheating and exploding if short-circuited - or even if not short-circuited but develop an internal fault. Of course we use them and it is uncommon, but that is why the heavier ones are fitted with protection circuitry - and that (19 Ah) is a quite heavy one for sure.
Essentially, you need to build it well, and put it (including the battery) in a casing that is both waterproof and explosion proof (since the two requirements are virtually identical; "explosion proof" means gas-proof and reinforced/ sturdy; if it is gas-proof then it is waterproof) - die-cast material with silicone gaskets and wiring passing out through proper glands.
No IP ratings are for enclosures. Relay contacts can come specifically intrinsically safe rated.
Are you going to have this intrinsically safe rating confirmed by a test house? If so I should talk to them before you get much further.
Ah, thanks for clarification. I am planning on putting this through a test house, just hoping for a better idea of what I need to do to make it work first.
Paul__B:
Essentially, you need to build it well, and put it (including the battery) in a casing that is both waterproof and explosion proof (since the two requirements are virtually identical; "explosion proof" means gas-proof and reinforced/ sturdy; if it is gas-proof then it is waterproof)
not quite true. in the rc hobby its common to store lithum batteries in a surplus ammo case. however the most violent explosion ever posted on that forum was just such a setup. and it WAS vented. just not vented enough. few fragments were recovered. similar "events" with similar capacity packs in open containers merely hiss and fizzle for a few minutes.
amateur rocket enthusiasts like myself quickly learn what happens when nozzle aperture is too small for hot gas buildup. imo the more fragile the casing the safer it is. wide open if at all possible and if not then easily unsealed.
john1993:
not quite true. in the rc hobby its common to store lithum batteries in a surplus ammo case. however the most violent explosion ever posted on that forum was just such a setup. and it WAS vented. just not vented enough. few fragments were recovered. similar "events" with similar capacity packs in open containers merely hiss and fizzle for a few minutes.
amateur rocket enthusiasts like myself quickly learn what happens when nozzle aperture is too small for hot gas buildup. imo the more fragile the casing the safer it is. wide open if at all possible and if not then easily unsealed.
Suspect you have a different concept of "explosion proof" than is meant here. The OP is referring to equipment operating in a potentially explosive atmosphere - such as traditionally, a mine or an operating theatre in the "old" days of volatile anaesthetics such as ether or cyclopropane. The requirement is that the explosive gases must not be able to enter the enclosure and be ignited by a spark from the electronics resulting in not only breach of the enclosure, but a catastrophic explosion of the whole facility.
That is not correct. The last time I held an intrinsically safe device in my hands, the enclosure had large louvers. The printed circuit board and components were clearly visible. The design was such that there was simply not enough energy available to cause an ignition. Because the operating environment was not corrosive and did not include liquids there was no need to seal the device from the environment.
In @tparty's case, the battery clearly has to be separated from the explosive environment. Due to a lack of detail, it's impossible to say if the rest of his circuit also has to be.