Detection of false reporting in a smart battery system

Abstract

A method of detecting false state information reported by a battery unit, wherein the battery unit comprises a monitoring system configured to monitor and report state information of the battery unit. A log of state information reported by the battery unit is inspected in order to determine whether or not there is a change in state information which is inconsistent with normal operation of the battery unit. If there is a change in state information which is inconsistent with normal operation of the battery unit, then it is determined that the battery unit has reported false state information.

Claims

1. A method of detecting reporting of false electrical performance data by battery units operating within an energy storage and supply system comprising a tank containing a plurality of randomly packed battery units, the tank having electrical contacts for either drawing energy from battery units or supplying energy to battery units within the tank during normal use, the method comprising: receiving from each of the battery units, data reporting energy claimed to have been extracted from or supplied to the battery unit; measuring the actual total energy extracted from or supplied to the plurality of battery units; and comparing the reported data and the measured data to determine whether or not the battery units are reporting false electrical performance data.

2. A method according to claim 1 and comprising, following determination that the battery units are reporting false electrical performance data, analysing electrical performance data reported by each of the plurality of battery units to determine which of the battery units is reporting false data.

3. A method according to claim 2 and comprising, following determination of which battery unit is reporting false electrical performance data, disconnecting that battery unit from the electrical storage and supply system or disabling that battery unit.

4. A method according to claim 2, wherein determining which of the plurality of battery units is reporting false data comprises, for each of the plurality of battery units, comparing a current reported by the battery unit to current reported by other battery units connected in series to that battery unit.

5. A method according to claim 1, wherein the method is performed at a server.

6. A computer program comprising computer readable code which, when run on an apparatus, causes the apparatus to perform a method according to claim 1.

7. Apparatus configured to detect reporting of false electrical performance data by battery units operating within an energy storage and supply system comprising a tank containing a plurality of randomly packed battery units, the tank having electrical contacts for either drawing energy from battery units or supplying energy to battery units within the tank during normal use, the apparatus comprising: a communication unit configured to communicate with the battery units and the electrical storage and supply system; an anomaly detection unit configured to, for each of the battery units: receive from each of the battery units, data reporting energy claimed to have been extracted from or supplied to the battery unit; measure the actual total energy extracted from or supplied to the plurality of battery units; and compare the reported data and the measured data to determine whether or not the battery units are reporting false electrical performance data.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

(1) FIG. 1 shows a schematic of a smart battery system;

(2) FIG. 2 shows a server on which services according to various of the examples may be implemented;

(3) FIG. 3 is a flowchart of an anomaly detection process according to an example;

(4) FIG. 4 is a flowchart of an anomaly detection process according to a further example.

DETAILED DESCRIPTION

(5) System Overview

(6) The smart battery system according to this example comprises the following active parts, as shown in FIG. 1. Further details of each part are provided later in this example. A plurality of battery units 100 (BUs). These are typically provided and used in several groups, each in a separate container, such as “electric tanks” of battery unit powered devices (e.g. the electric vehicles) or storage/charging containers at service stations. A plurality of electric tanks 101, each including an electric tank control unit 102 (ETCU), which is controlling battery units located in a certain electric tank. The electric tanks act as storage containers for the battery units, and connect them to the load of the battery powered devices to provide power, or to the power supply of a service station or an external power supply to charge the batteries. The battery units may be randomly packed within the electric tank. Their orientation and location may be unknown a priori, i.e. at the point at which they are loaded into the tank. A plurality of battery unit powered devices 103, such as the electric vehicles, each with an electric tank. Optionally one or more service stations 104, which are configured to take depleted battery units from the electric tanks and transfer charged battery units into the containers from the storage/charging container. The depleted battery units are charged so that they can be used to supply further vehicles, or may be discarded if they are judged to be no longer viable. Each service station comprises an electric tank, with an ETCU. In general, for the purposes of this disclosure, the service stations can be considered as equivalent to the battery powered devices (except that some environmental sensors will not apply—e.g. a service station is unlikely to accelerate). A database and administration server 105, which comprises: A database DB which maintains administrative and usage history information of the battery units in the system. The administrative information may comprise, for example, the owner of the battery unit, the control profile of the battery unit, hardware and/or software configuration information of the battery unit, valuation history of the battery unit, and/or a unique identifier for the battery unit. The usage history information may comprise for example state of charge, amount of charge/discharge cycles, min or max charging/discharging current, temperature, etc. A valuation service VS which is configured to provide a transaction value for a battery unit when given usage history information and hardware and/or software configuration information of the battery unit. An anomaly detection service AD which is configured to detect possibly falsified or abnormal usage history information received from the battery units, electric tanks, electric vehicles and/or service stations.

(7) Battery Units

(8) The present battery units are preferably multi-contact area units, whose outer power delivery contact areas are selectively connectable to terminals of the energy reservoir by programming. Such units are described in more detail in granted patent GB2518196.

(9) Typically many such battery units will be connected in a single electric tank to form a power source. The connection is achieved by programing of the connections between battery unit contacts following random packing of the battery units into the electric tank. The battery units, even if randomly packed inside a tank, can be connected in series and/or in parallel, forming “strings” of many units. Each “string” is a set of battery units connected in series.

(10) All battery units shall have secure data connection to ETCU which can be used to send battery unit usage log information to the centralized computer system. Information may be used for monitoring and anomaly detection purposes.

(11) All battery units monitor and record data, which may include hardware and/or software data, administrative data, and/or state information. The battery-related data may comprise for example some or all of the following data: Battery unit identification code Battery unit security data access control key data access control algorithm identifier authentication key data (if different from e.g. access control key data) authentication algorithm identifier authorization key data (if different from e.g. access control key data) authorization algorithm identifier Battery unit hardware data, such as type of the battery unit (incl. e.g. type identifier and/or parameters defining size, shape, number/placement of contacts, IP classification, cooling, or shell material(s)) type of energy reservoir (incl. e.g. type identifier and/or parameters defining chemistry, capacity, power/current/voltage hard limits) type of processing unit (incl. e.g type identifier and/or detailed feature/performance parameters) type of cryptoprocessor (incl. e.g. type identifier and/or detailed feature/performance parameters) type of memory unit (incl. e.g. type identifier and/or detailed feature/performance parameters) Battery unit software data, such as operating system (firmware) identifier operating system (firmware) version information Battery unit control profile data (=envelope), including e.g. control profile identifier allowed charge and/or discharge limits allowed maximum current limit maximum charge and/or discharge cycle limiters information relating to authorization of allowed charge and/or discharge entities authorization validity and/or expiry data logging level data alarm threshold data Battery unit present administrative data, such as unit issuer unit owner unit holder authorization state Battery unit administrative data log, such as issuer history ownership history holder history data access (memory read/write) history authentication history authorization history valuation history Battery unit state information such as energy reservoir full capacity energy present capacity cycle count wear level environmental sensor readings internal resistance Battery unit state information log, such as discharge log (event-based and/or cumulative) charge log (event-based and/or cumulative, potentially with separate records for home and service station charges separately) environmental state log operation failure history alarm history

(12) The state information is monitored by a monitoring system. The quantities measured may include: charge/discharge cycle count; charge/discharge current; charge/discharge voltage; charge/discharge power; charge/discharge time; energy reservoir charge capacity; energy reservoir charge stored; internal resistance of the energy reservoir; acceleration experienced by the battery; shock experienced by the battery; humidity; temperature; operation failures.

(13) The measured state information is stored in a state information log in memory, so that it can be provided to the reporting device for communication to the valuation service.

(14) Any of these values may be the subject of false reporting by the battery unit.

(15) Electric Vehicles and Electric Tanks

(16) Electric vehicles and electric tanks suitable for the present system are described in detail in patents GB2518196 and GB2418197, and summarized below. It will be appreciated that while electric vehicles are used as an example herein, the electric tank may be used for other devices.

(17) The electric tank provides power to EVs engine via a power bus and the EVs control system is connected to the ETCU of the tank via a message bus such as CAN.

(18) The ETCU shall have secure data connection to centralized computer system which can be used to send electric tank usage log information to the centralized computer system. Information may be used for monitoring and anomaly detection purposes.

(19) The ETCU may store and send to centralized computer unit usage log information such as but not limited to: charge/discharge current charged/discharged energy GPS position information environmental sensor readings operational failure data battery unit positions battery unit mapping information hardware and/or software information of the EV, ETCU, and/or electric tank

(20) The ETCU communicates locally with all the battery units located in the electric tank and collects the battery unit usage log data described under the previous heading. The ETCU may have limited amount of storage memory compared to the centralized computer system which means that it typically only stores a short-term log of the data. On the other hand the ECTU has more detailed knowledge of the battery unit positions and relationships than the centralized computer system.

(21) The ECTU shall have secure data connection to centralized computer system which can be used to send electric vehicle usage log information to the centralized computer system. Information may be used for monitoring and anomaly detection purposes.

(22) The electric vehicle may store and send to centralized computer unit usage log information such as but not limited to: charge/discharge current charged/discharged energy GPS position information environmental sensor readings operational failure data (including crash data)

(23) Service Stations

(24) Service stations and battery unit dispensers suitable for the present use are described in detail in patent GB2516120, and summarized below.

(25) Service station is capable of swapping depleted battery units out from the EV's electric tank and inserting fully charged battery units to the tank in few minutes. Depleted battery units are then inspected and authenticated. Battery units which pass the inspection and authentication are moved to charging and storage container, where the battery units are charged before they are ready to be swapped again. Charging of the battery units is controlled by the ETCU of the charging and storage container.

(26) The ETCU of the service station has the same features as the ETCU of the electric vehicle—except that some environmental sensors are not appropriate (e.g. there would be no need for GPS positioning or accelerometers, as the service station will not move).

(27) Database

(28) As shown in FIG. 2, the database and administration server comprises a processor 201, a memory unit 202 containing the database structure in computer-readable form and programs for the operation of the valuation service and anomaly detection service, and a communication unit 203 for internal communication with the valuation service and anomaly detection service and external communication with electric vehicles, electric tanks, service stations and battery units. While the database, valuation service, and anomaly detection service are considered as being present on a single server in this example, the skilled person will appreciate that these may be implemented on separate servers with separate processors, memory, and communication units.

(29) The communication unit of the database server preferably uses for external communication a secure (authenticated and encrypted) communication channel, such as a TLS connection over the internet or cellular network in order to communicate with electric vehicles, electric tanks, service stations and battery units.

(30) The data stored in the database may comprise all or a selected portion of the data contained in the memories of the battery units, provided in suitable data fields such as: Battery unit identification Owner information Authentication and security keys Usage profile information, which can be used to control battery unit usage Historical battery unit usage log information described above Historical battery usage log information from the electric tank described above Historical battery usage log information from the electric vehicle described above Historical battery usage log information from the service station described above

(31) Valuation Service

(32) The data processing unit runs a valuation program stored in the memory unit. The program takes as inputs a battery unit usage log information and hardware and/or software configuration information relating to a battery unit, and outputs a transaction value for the battery unit. The battery unit usage log information is obtained from the battery unit to the database, and contains usage and environmental data as detailed in the previous section describing the battery units. The hardware and/or software configuration information is obtained from the database using the unique identifier of the battery unit.

(33) The hardware and/or software configuration information may comprise: Details about the battery unit such as: battery chemistry initial charge capacity end-of-life charge capacity initial peak output power end-of-life peak output power environmental tolerances Details about other battery unit hardware such as device firmware version device chipset version manufacturing date refurbishment/repair log available sensors

(34) The output from the valuation is a transaction value for the battery unit. The transaction value is not necessarily a monetary value, but it is an indication of the wear, suitability for purpose, and expected remaining life of the battery unit which will affect the monetary value of the unit. The transaction value may be formed of multiple 5 scores, e.g. a score representing the battery unit's suitability for high peak power applications, a score representing the battery unit's suitability for low power, long endurance applications, etc. Alternatively, the transaction value may comprise a single score and an indication of the applications to which that score relates.

(35) Anomaly Detection Service

(36) The data processing unit runs an anomaly detection program stored in the memory unit. The program takes as inputs a battery unit usage log information, electric vehicle usage log information, electric tank usage log information and service station usage log information.

(37) The battery unit usage log information is obtained from the battery unit to the database, and contains usage and environmental data as detailed in the previous section describing the battery units. The hardware and/or software configuration information is obtained from the database using the unique identifier of the battery unit.

(38) The electric vehicle battery usage log information is obtained from the electric vehicle to the database, and contains usage and environmental data as detailed in the previous section describing the electric vehicle. The hardware and/or software configuration information is obtained from the database using the unique identifier of the electric vehicle.

(39) The electric tank usage log information is obtained from the electric tank to the database, and contains usage and environmental data as detailed in the previous section describing the electric tank. The hardware and/or software configuration information is obtained from the database using the unique identifier of the electric tank.

(40) Anomaly detection service can also obtain from the database the relations between battery units, electric tanks, electric vehicles and/or service stations. Certain battery unit is located at certain electric tank or service stations container. There is also relation between certain electric tank and electric vehicle.

(41) Anomaly Detection Algorithm

(42) Broadly speaking, there are two ways that the data received from a battery unit or electric tank can be checked. Firstly, the data can be checked against a log of data previously received from the battery unit or electric tank. Secondly, the data can be checked against data received from related devices, e.g. battery units or electric tanks in proximity to or in electrical contact with the device being checked.

(43) In the first case, the log is examined for changes in state information which are inconsistent with normal operation—e.g. which would not be physically possible for the battery unit. A flowchart showing this approach is presented in FIG. 3: S301: A log of state information for a battery unit is inspected. This log may be received from the battery unit, or may be recorded at the database from individual reports of state information received from the battery unit. S302: It is determined whether the log contains a change in state information which is inconsistent with normal operation (as discussed further in the examples below). S303: If there is such a change, then it is determined that the battery unit has reported false data. S304: If there is no such change, then further checks may be performed (e.g. according to the second approach).

(44) Several examples of this approach are presented below.

(45) The anomaly detection service may check the stored values of the charge/discharge cycle count. It can only increase over time, if decrease in cycle count variable is detected it is a clear indication of fraudulent manipulation of the information log data.

(46) The anomaly detection service may check the stored values of the internal resistance. It can only increase over time, if decrease in the internal resistance variable is detected it is a clear indication of fraudulent manipulation of the information log data.

(47) The anomaly detection service may also examine the log data of an electric tank and recognize anomalies in different variables stored to the log. The anomaly detection service may check the stored values of the charged and discharged energy and compare the values stored to electric vehicles usage log information. Energy consumption can be also compared to the GPS position information. Electric vehicles speed and driving distance should match to the energy consumption reported. If a difference greater than a pre-defined threshold is detected it is a clear indication of fraudulent manipulation of the information log data.

(48) The anomaly detection service may also calculate from the longer term usage log data an average daily usage pattern of the electric vehicle. If the daily usage differs a lot from long term average pattern it may be indication of fraudulent manipulation of the information log data.

(49) The anomaly detection service may also check that the battery unit's charging and discharging energy values are matching over time. In this comparison anomaly detection service needs to take into account the internal power consumption of the battery unit's control circuit and self-discharging of the battery cell in case of longer unused period of the electric vehicle.

(50) The anomaly detection service may also check that the electric tank's charging and discharging energy values are matching over time. In this comparison anomaly detection service needs to take into account the internal power consumption of the ETCU, internal power consumption of the battery unit's control circuit and self-discharging of the battery cell in case of longer unused period of the electric vehicle.

(51) In the second case, the data received from a plurality of devices (i.e. battery units, electric tanks, and devices which draw power from electric tanks), and a comparison is made of the data received from different devices to detect anomalies. A flowchart showing this approach is presented in FIG. 4: S401: State information received from a battery unit is compared with state information reported by other connected or nearby devices. For example, these may be the electric tank or electric vehicle in which the battery unit is stored, other battery units in the electric tank, or other battery units electrically connected to the battery unit. S402: It is determined there is an inconsistency in state information reported by different devices. S403: If there is such an inconsistency, then it is determined that the battery unit has reported false data. S404: If there is no such inconsistency, then further checks may be performed (e.g. according to the second approach).

(52) For example, usage log information may be obtained related to an EV, its electric tank and battery units inside the electric tank. Then the anomaly detection service sums the charged and/or discharged energy amount of all the battery units located in the electric tank (as reported by the battery units themselves). That sum is compared to the charged and/or discharged energy amount information found from usage information logs of the electric tank and electric vehicle.

(53) Since the battery units have small internal integrated control units, which takes its power from the battery unit's energy reservoir this small battery units internal power consumption needs to be taken into account when comparing the reported energy usage information between battery units, electric tank and electric vehicle.

(54) If anomaly detection service finds that the difference between the sum of battery unit usage log information and electric tank and electric vehicle usage log information is bigger than pre-defined threshold value it raises an alarm.

(55) Similar checks may be done for the voltages and currents reported by battery units—the total voltage across a string of battery units should be the same as that reported by the electric tank, and all battery units in a string should have the same current (unless the string splits into multiple parallel strings, in which case the total current of the parallel strings should be the same before and after the split). Other such similar checks will be apparent to the skilled person from commonly known properties of electrical circuits.

(56) If anomaly detection alarm has been raised and electric tank has sent mapping and position information of the battery units to the centralized computer system, anomaly detection service may analyze further the mapping and position information and find exactly which battery unit is sending the falsified or incorrect information. Alternatively, in response to detection of an anomaly with an unspecified battery unit in the tank, the anomaly detection service may request mapping and position information of the battery units from the electric tank so that a determination of which battery unit is reporting false state information can be made.

(57) The anomaly detection service may check the stored values of the temperature for the battery units. The temperature values of each battery unit usage log may be compared to the temperature values reported by the other neighboring battery units, and/or to the temperature values reported by the electric tank or electric vehicle. If the temperature value is significantly lower than the other reference values it is a clear indication of fraudulent manipulation of the information log data.

(58) Anomaly Detection in Electric Tank

(59) Certain anomaly detection operations may be performed either by an anomaly detection service running in the electric tank itself, or at the central anomaly detection service.

(60) The anomaly detection algorithm of the electric tank has access to battery unit usage log information locally stored to the electric tank's memory. It has also access to the information of the exact positions of battery units inside the electric tank and how the battery units are mapped to power strings inside the electric tank.

(61) The anomaly detection algorithm of the electric tank may check that all battery units connected to the same string are reporting the same charging/discharging current that electric tank management unit is measuring from the DC-DC converter handling the corresponding battery unit string.

(62) The anomaly detection algorithm of the electric tank may also check that the charged/discharged energy reported by all the battery units connected to the same string matches to the power input/output measured from the DC-DC converter handling the corresponding battery unit string.

(63) The anomaly detection algorithm of the electric tank may also check that the environmental sensor values like temperature reported by the battery unit matches to the environmental values reported by the battery units positioned nearby.

(64) One important task for anomaly detection in electric tank is to periodically check if there have been unexpected changes in the content of the electric tank. Normally battery units inside the electric tank are changed only during the swap executed by the service station. Failing battery units may also be changed manually by a technician during the electric vehicles maintenance. In these cases electric tank management unit will be informed about the identities of the replaced battery units.

(65) For batteries which are randomly packed in the electric tank, such as those disclosed in GB2518196 and GB2418197, the anomaly detection algorithm of the electric tank may run periodically remapping of the battery units inside the electric tank. This means that the positions of all the battery units are re-measured. The anomaly detection algorithm of the electric tank may then compare the mapping results to the previous mapping results. This will reveal if there have been battery units removed or added without notifying the electric tank management unit. It will also reveal if there is no change in the identities or amount of the battery units but the positions have been shuffled, which should not happen in normal conditions.

(66) Reactions Based on Anomaly Detection

(67) Data collection, processing and storage for anomaly detection can be also designed to include reactions. These reactions are based on the output of the data processing and may be executed either requiring user confirmation or automatically.

(68) The system collects events and patterns that emerge over time. These events are then analyzed and appropriate reactions are defined for the events that require them. For example, system may detect malfunction of certain types of battery units across the system and reacts by sending a request to administrator to verify the situation. In some cases reaction may be sending to the owner of the battery units a message, which describes the detected anomaly and recommends to contact the service point. In critical cases the system may also be configured to perform forced deactivation of the affected battery units, minimizing the risk of wider system malfunction.