Wireless Launchpad Part 2: Safety Codes

Saftey by Design

These are all the mentions of rocketry launch saftey codes with relation to ingition systems that I could find.

NAR Saftey Code Excerpt:

Ignition System. I will launch my rockets with an electrical launch system and electrical motor igniters. My launch system will have a safety interlock in series with the launch switch, and will use a launch switch that returns to the “off” position when released.

NFPA 1127 Code for High Power Rocketry

4.13.1 A high powered rocket shall be launched using an ignition system this is remotely controlled, is electrically operated, and contains a launching switch that returns to the “off” position when released.

4.13.2 The ignition system shall contain a removable saftey interlock device in series with the launch switch.

4.13.3 The launch system and ignitor combination shall be designed, installed and operated so that liftoff of the rocket occurs within 3 seconds of actuation of the launch system.

Tripoli Saftey Code Excerpt

Cites NFPA 1127, also including the below stipulations:

A-5 A rocket motor shall not be ignited by using: a. A switch that uses mercury. b. “Pressure roller” switches

N.B. I’m interested to know what event caused these Additional Rulings.

UKRA Saftey Code

2.3.1 Igniter Rules … Any igniter should ignite the rocket within three seconds of the power being applied to the igniter. Continuity tests on any motor ignition system should not be carried out whilst the igniter is fitted in the motor, unless the continuity test is an integral part of a count down sequence. … When an igniter test is carried out, a clear and audible warning and countdown should be given of the test, and the tester should not carry out the test until all people who are likely to see or hear the test are fully alerted and prepared for the test.

2.5 Launch Controllers An electrical ignition system must be used which allows for remote operation of the igniter firing. … The launch controller must include a safety key to immobilise the system when removed. This key should only be in place at the time of the launch and is to be removed immediately after an ignition attempt, especially in the event of a misfire. The safety key must not be capable of being removed leaving the controller in a live firing mode. The firing circuit must only be live for a brief period sufficient to fire the igniter and must then return to an open circuit. Where a firing button is used, it must return to the off position when released.

4.2 Launching An electrical ignition system must be used which allows for remote operation of the igniter firing. The device should be operated from at least the minimum safe distance as determined by the total impulse of the rocket motor(s) according to the Safe Distance Table given above. This distance can be shortened with the express permission of the RSO as per section 2.5. Any igniter should ignite the rocket within three seconds of the power being applied to the igniter. UKRA currently only recommend the use of hardwired launch systems. However, progress in stable digital control systems over recent years mean that clubs are can to use radio-controlled systems should they wish to do so. UKRA recommends that such systems are thoroughly checked and tested prior to use.

There are two main concerns/rule-interpretations with this wireless, app-driven launch system which are not necessarily trivially solved or expected-to-be-trivially solved by an RSO.

  1. Hackability (deliberate or through electrical interference) of the wireless medium
  2. “Removable” series launch-button interlock/key

(1) Can be easily solved via a sensible choice of communication medium, as discussed in part 1.

(2) Is probably more of a contentious point. My interpretation is that the wording of these safety codes is legacy in its use of “physical” words, but very relevant and pertinent in its implications for safety.

I think there are two points here:

There should be a cermeony (inserting the key) which makes it obvious and unabiguous that you are entering firing mode. Mentally this is an intentional and deliberate action which you are hopefully doing after obeying all of the various other, previous setup saftey steps.

The Firing mechanism should be “removable” or “disableable” so that it is difficult to accidentally trigger a Fire event.

I’m confident that a combination of difficult-to-accidentally-trigger user interface, finger print authentication and rapid inactivity timeouts not only meet the spirit of all of the above saftey criteria, but actually go much further than most personal and club launch systems.

In part 3 I’ll outline the design for the overall system and discuss the safety features in more detail.

