SKYAID
New 
Mission
Overview   
Details    
Medical   
Watch   
Heart attack  
Stroke    
World health  
Emergency
Cost effective
Media 
- Site Map 

SKYCAR   
Details   
Overview  
VTOL   
Airline   
Military   
Transportation
Images 
- Site Map

Search

Translate 
  8 languages
 

Skycar safety requires redundant software, hardware, sensors, and communications.

Safety thru redundancy

Skycar system must be ultrasafe, but we want to avoid being constrained by old software development methods. The FAA methods would take much longer, would be more costly, and produce a system which would be less capable and perhaps less safe (deterministic code is unable to adapt to changing conditions). Reminder: FAA is so slow to change that their Air Traffic Control system is now the world largest consumer of vacuum tubes.

Boeing commercial aircraft safety requires 10**9 hours between total system failure. Since Skycars will have 50X fewer passengers (5 instead of 250) Skycars could have a failure every 10**8 hours and still have a smaller fatality rate than for commercial jets. However, I believe that the Skycars can be designed to have a failure rate similar to jet aircraft. Such a 10**9 safety level would require use of the airframe parachute only once every 1,000 days for a 100,000 vehicle fleet which would be averaging 10 hours a day of flying time.

Redundant engines

A typical jet engine may fail once in every 10,000 take-offs. If a Moller engine has the same reliability as a jet engine and all engines were needed, then the airframe parachute would need to be deployed once every 10,000 take-offs. The Skycar design appears to allow for 2 independent engines failures – which would allow 80,000,000 take-offs between deployment of the airframe parachute. (Assuming 200 take-offs/day, this would be over 1,000 years per Skycar)

Redundant processors

I anticipate having about 30 processors in each of three locations on a Skycar. Only 20 of the 30 would be operational concurrently. Each important task would be assigned to the three different locations of the Skycar. The total weight of all processing systems would be of about 100 pounds. By the time of fleet operation each processor will probably operate at approximately 1,000 MHz (1 GHz) and have 500MB of error correcting memory.

In addition, there might be intelligent subsystems – e.g. each nacelle could have its own set of processors.

The use of cold spare processors will maximize the time between maintenance. People will not have to remove and replace a processor each time there is a failure. This philosophy of delayed maintenance also allows time to confirm faults and investigate their causes.

Probably not permit use of any rotating memory on a vibrating Skycar.

Redundant sensors

Even if all sensor systems are inoperable, a Skycar should be able to fly blind by asking for help from other Skycars and/or ground support. Expect to use sensor fusion software to get the best estimate from variety of sensors, some of which can be noisy or even missing. Skycars sensor fusion would estimate of location by fusing inputs from Loran, GPS, GLOnass (Russian GPS), electronic maps, radar, other Skycars, and inertial navigation.

Redundant pilot

As of 1999 the Skycar pilot is restricted to a subset of visual flight rules. By the end of phase 1 I would expect to have a system which can fly itself most, but not all of the time. By the end of phase 3 (see below) I would expect that the pilot would be redundant – somewhat similar to a human operating a totally automated elevator.

Redundant Power

Each of the 8 Skycar engines have an electric generator. The power has to be distributed to the electronic such that several engines can shut down without total loss of power. I would anticipate having an AC power distribution system. Probably have a power distribution frequency somewhere between 50KHz and 1MHz, which is high enough so as to reduce the size and weight of the power transformers, yet so high as to loose efficiency. Note: this crossover point between weight savings and efficiency was 800Hz in WWII.

Redundant on-board communications

Broadcast data

PULson – should allow each Skycar source to radio broadcast to all data consumers on the Skycar. This uses a spread-spectrum technology to transmit information as a set of time modulated pulses (not sine waves). The monocycle pulses are approximately 1 nanosecond in duration and are separated by 100 to 1000 nanoseconds. URL = www.time-domain.com. The PULson current technology allows for 4 concurrent receivers, which we will want to expand to 15-30 concurrent receivers for Skycar system use.

Serial Data Bus

For very high reliability systems it is unreasonable to use parallel data transmission – there just are too many ways for some of the data to become bad. The following serial data transmission systems are in use or have been tried by Boeing
1) Inductive bus – used on 777 (ARINC 629)
2) Fiber Optic communications almost made it onto the Boeing 777 in 1991.
3) 1 transmitter, multiple receivers – used on all other Boeing jets. (ARINC 429)

Skycar Development Phases

Phase I = visual flight rules
Few moving parts, none critical to flight
Redundant engines and computers
Land anywhere
Air frame parachute
Move rapidly in any direction - avoiding other things in the air

Phase II = piloted commercial use
Electronic flight rules (take-off, landing, etc.)
Obstacle avoidance radar
Weather Radar
Fly defensively (avoid other objects in the air)
Continuous vehicle monitoring
Many location inputs combined: GPS, LORAN, INS, etc.

Phase III = widespread use, autonomous, all weather
Unpiloted flight - eliminating human error
Never run out of fuel
Mid air rescue/aide by other Skycars
Computer aided inspection and maintenance

by Henry Lahore Nov 1999