ASCT-90 Advanced Flight Control System

A high-integrity fly-by-wire flight control system designed for advanced subsonic civil transports, integrating primary and secondary flight controls with automated envelope protection and multi-redundant bus architectures.

Level: system

Created: April 10, 2026

By: Creopus AI

Engineering Artifacts (7)

Requirements (1)

Requirements — Generate system-level requirements for ASCT-90 Advanced Flight Control System [general]

Capture high-performance UAV market
Generate $15M revenue in 3 years
Achieve certification to aviation safety standards
Dual-redundant high-performance processor with deterministic 2 kHz control loops, hosting real-time operating system and safety-critical firmware.
Integrates IMU, GNSS, air-data, and optional vision sensors using EKF/UKF to deliver high-rate, high-accuracy state estimates.
Provides redundant CAN, PWM, and analog outputs to control servos, motors, and hydraulic actuators with fail-over capability.
Monitors health of both FCCs, performs cross-checking, and executes automatic fail-over within 5 ms upon fault detection.
State Estimation Processing
Command Validation and Blending
Health Monitoring and Fault Reporting
Mission Planning and Trajectory Generation
Maximum BOM cost per unit $500
System weight ≤2.5 kg
Development timeline ≤18 months
Component sourcing limited to qualified suppliers
Complex multi-sensor integration
Regulatory certification delays
Supply chain disruption for ASIC component
Cybersecurity breach
COTS components have >5-year end-of-life support
Airframe provides vibration-isolated mounting
Target market is civilian aerospace
Development team has RTOS expertise

SWOT Analysis (1)

SWOT Analysis — Derived from source artifacts [general]

Dual-redundant high-performance processor with deterministic 2 kHz control loops (SYS-AAFC-SR-001) provides fault-tolerant real-time performance critical for UAV autopilot.
Integrated sensor fusion subsystem (IMU, GNSS, air-data, optional vision) using EKF/UKF (SYS-AAFC-SR-002) delivers high-rate, high-accuracy state estimates meeting 0.1% RMS error requirement.
Redundancy Management & Health Monitoring (SYS-AAFC-SR-004) enables automatic fail-over within 5 ms, supporting the MTBF target of 10 000 flight hours (SYS-AAFC-REL-001).
Cost-effective COTS component strategy (SYS-AAFC-CTR-001) keeps BOM ≤ $500 while meeting weight ≤ 2.5 kg (SYS-AAFC-CTR-002) and power ≤ 25 W (SYS-AAFC-PRF-003), ensuring competitive pricing.
Full compliance with aviation safety standards (DO‑178C, DO‑254, IEC 61508) (SYS-AAFC-BR-003) and secure communications (mutual X.509 authentication, AES‑256‑GCM encryption, secure boot) (SYS-AAFC-SEC-001, SYS-AAFC-SEC-002, SYS-AAFC-SEC-003) provides a strong certification foundation and cyber-resilience.
Reliance on a single-source ASIC for high-speed sensor processing (SYS-AAFC-RSK-003) creates a supply-chain vulnerability if the component faces shortages or obsolescence.
Complex multi-sensor integration risk (SYS-AAFC-RSK-001) may lead to unforeseen timing, data-fusion, and latency issues, threatening the 5 ms processing deadline (SYS-AAFC-FR-001).
Tight 18-month development timeline (SYS-AAFC-CTR-003) combined with parallel development streams may strain resources and increase risk of schedule slip, especially for certification activities (SYS-AAFC-RSK-002).
The $500 BOM constraint limits ability to adopt higher-performance or emerging components, potentially capping future scalability or feature expansion.
Limited qualified supplier base (SYS-AAFC-CTR-004) raises risk of component shortages and longer lead times, especially under industry-wide semiconductor shortages noted in automotive research.
Growing high-performance UAV market (SYS-AAFC-BR-001) driven by demand for autonomous delivery, inspection, and defense applications parallels automotive trends of increased connectivity and autonomy.
Integration of AI/ML edge capabilities into the FCC can enhance trajectory planning and adaptive control, aligning with industry shift toward AI-enabled navigation.
Regulatory tailwinds such as FAA Part 23 and CE marking (SYS-AAFC-REG-001, SYS-AAFC-REG-002) create a clear pathway for certification, allowing early market entry before competitors.
Partnerships with sensor manufacturers and UAV platform integrators can expand ecosystem reach, especially as the automotive sector demonstrates successful collaborations for connected vehicle technologies.
Declining costs of high-performance processors and memory (global semiconductor trends) may enable future upgrades while staying within the $500 BOM limit, mitigating current cost constraints.
Ongoing semiconductor shortages (auto industry research) threaten availability of the ASIC and other high-performance components, potentially delaying production.
Established aerospace flight control vendors and low-cost open-source UAV controllers pose strong competitive pressure, especially if they offer faster certification cycles.
Evolving safety and cybersecurity regulations (e.g., stricter ITAR/export controls, emerging UAV data‑privacy standards) could increase compliance costs and limit market access.
Potential cybersecurity breaches (SYS-AAFC-RSK-004) could damage brand reputation and lead to liability, despite existing security measures.
Economic downturns or reduced defense spending could shrink the target civilian UAV market, affecting the $15 M revenue goal (SYS-AAFC-BR-002).

Block Diagram (1)

Block Diagram — Block Diagram derived from requirements [general]

Block diagram showing major functional subsystems, data and power flows, and linkage to source requirements.
Power Management
Provides regulated 28V power, surge protection, and idle power management
Flight Control Computer (FCC)
Dual-redundant processor running RTOS, executing control loops, state estimation, command validation, health reporting and secure boot
Sensor Fusion Subsystem
Integrates IMU, GNSS, air-data, and vision sensors using EKF/UKF to produce high-rate state estimates
Actuator Interface Module
Provides redundant CAN, PWM and analog outputs to servos, motors, and hydraulic actuators with fail-over capability
Redundancy Management & Health Monitoring
Monitors health of FCCs and subsystems, performs cross-checking, and handles automatic fail-over within 5 ms
Communication Interface
Handles CAN High-Speed bus, Gigabit Ethernet, telemetry radio and secure Wi‑Fi for data exchange, encryption, and OTA updates
Data Logging & Storage
Records flight data at 100 Hz, stores mission plans up to 500 waypoints, retains logs for 30 days on 8 GB flash
User Interface
Primary cockpit touchscreen and ground control GUI, supports multilingual UI, visual/ audible alerts, and mission planning
Security Module
Provides mutual X.509 authentication, AES‑256‑GCM telemetry encryption, and secure boot signature verification
IMU Sensor
Provides 6‑DOF inertial measurements
GNSS Sensor
Provides GNSS position, velocity, time
Air Data Sensor
Provides static pressure, dynamic pressure and temperature for air data
Vision Sensor
Optional camera providing visual data for sensor fusion

DVP (1)

DVP — DVP derived from source artifacts [general]

State Estimation Processing Latency Test
Verify that the Flight Control Computer processes sensor data (IMU, GNSS) at ≥200 Hz using EKF and outputs navigation state within 5 ms for 99 % of samples with state error ≤0.1 % RMS under nominal conditions.
Processing latency ≤5 ms for ≥99 % of 10,000 samples; State error RMS ≠0.1 % under nominal conditions.
Command Validation and Blending Latency Test
Validate that pilot or ground‑station commands are verified, blended with autopilot setpoints, and actuator commands are generated within 2 ms end‑to‑end, with invalid commands rejected and safe mode engaged.
End‑to‑end command latency ≤2 ms for 99 % of commands; invalid commands are rejected and safe mode engaged within 1 ms.
Health Monitoring Fault Detection and Reporting Test
Confirm that the health monitoring subsystem detects faults within 10 ms, broadcasts fault status with error code, timestamp, and severity, and initiates safe mode within 20 ms.
Fault detection latency ≤10 ms; fault message includes error code, timestamp, severity; safe mode engaged ≤20 ms after fault detection.
Redundant FCC Fail‑Over and Fail‑Safe Actuation Test
Validate that loss of a primary Flight Control Computer does not affect control functionality and that fail‑safe actuation (nose‑down, throttle idle) occurs within 100 ms on critical fault.
Control continues with no loss of functionality; actuator command continuity maintained within 5 ms; fail‑safe actuation executed ≤100 ms on critical fault.
Secure Boot Validation Test
Ensure that the FCC verifies digital signatures of firmware images at boot; boot succeeds only with valid signatures and aborts with tampered or unsigned images.
Boot succeeds only with valid signature; boot aborts and logs error for invalid/unsigned images; no execution of unauthorized code.
Mutual Authentication and Telemetry Encryption Test
Validate mutual X.509 certificate authentication for external interfaces and verify AES‑256‑GCM encryption of telemetry; test both successful and failure scenarios.
Handshake succeeds only with valid certificates; telemetry packets are encrypted (no plaintext visible) and only decryptable with correct key; failed handshake results in connection termination.
Power Supply Voltage Range and Surge Protection Test
Confirm stable operation across the specified input voltage range (24 V–36 V) and verify that a 150 % voltage surge for 10 ms does not cause permanent damage.
System operates correctly across voltage range; no permanent fault after surge; system restarts within 2 s with normal operation.
Control Loop Latency and Data Throughput Benchmark
Measure closed‑loop latency from sensor input to actuator output (target ≤2 ms) and verify sustained data throughput of ≥500 MB/s for combined sensor and video streams.
Closed‑loop latency ≤2 ms for 99 % of cycles; sustained throughput ≥500 MB/s for at least 10 min with <0.1 % packet loss.
Temperature Cycling (Operational Range) Test
Expose units to temperature extremes of –40 °C to +85 °C and verify functional performance after each extreme.
All functional tests (state estimation, control loop) pass after each temperature extreme; no permanent degradation observed.
Vibration and Shock Resistance Test
Verify mechanical integrity and functional reliability under sinusoidal and random vibration, and shock per MIL‑STD‑810G.
No mechanical failure, no intermittent electrical contacts, and functional performance unchanged after test.
EMC Radiated Emissions and Susceptibility Test
Confirm compliance with RTCA/DO‑160 electromagnetic compatibility requirements for radiated emissions and susceptibility.
Emissions below RTCA/DO‑160 limits; no functional disruption in susceptibility test up to 10 V/m.
OTA Firmware Update Validation Test
Verify secure Over‑The‑Air firmware update process under live flight conditions, ensuring no interruption of control functions and proper authentication.
Firmware updates complete within 5 min; flight control continues without interruption; post‑update functional tests pass; unauthorized firmware is rejected.

Flowchart (2)

Flowchart — Flowchart — System Power-On Secure Boot (derived from requirements) [general]

AI Generated Flowchart
Power Applied
Check Input Voltage (SYS-AAFC-PWR-001)
Is Voltage within 24‑36 V? (SYS-AAFC-PWR-001)
Voltage Fault Handling (Abort) (SYS-AAFC-PWR-001)
Secure Boot – Verify Firmware Signatures (SYS-AAFC-SEC-003)
Are Firmware Signatures Valid? (SYS-AAFC-SEC-003)
Secure Boot Failure Handling (Abort) (SYS-AAFC-SEC-003)
Initialize RTOS (SYS-AAFC-SR-001)
RTOS Initialization Successful? (SYS-AAFC-SR-001)
RTOS Init Failure Handling (Abort) (SYS-AAFC-SR-001)
Health Check & Redundancy Management (SYS-AAFC-SR-004, SYS-AAFC-REL-002)
System Ready? (SYS-AAFC-SR-004, SYS-AAFC-FR-003)
System Ready Failure Handling (Abort) (SYS-AAFC-SR-004)
Ready
Abort

Flowchart — Flowchart — Sensor Fusion State Estimation (derived from requirements) [general]

AI Generated Flowchart
Start Sensor Fusion
Initialize Sensor Fusion Subsystem (SYS-AAFC-SR-002)
Acquire High-Rate Sensor Data (IMU, GNSS, Air‑Data, Vision) (SYS-AAFC-FR-001)
Is Sensor Data Valid? (SYS-AAFC-FR-003)
Report Sensor Fault & Switch to Redundant Sensor (SYS-AAFC-FR-003)
Execute EKF/UKF Algorithm (State Estimation) (SYS-AAFC-FR-001)
Processing Time ≤ 5 ms? (SYS-AAFC-FR-001)
Log Latency Violation & Engage Degraded Mode (SYS-AAFC-FR-003 & SYS-AAFC-REL-003)
Publish Navigation State to Control Loops (SYS-AAFC-FR-001)
End Sensor Fusion

BOM Completion (1)

BOM Completion — BOM derived from block diagram [general]

High‑performance ARM Cortex‑M7 MCU, 400 MHz, 2 MB Flash, 1 MB SRAM, automotive‑grade (AEC‑Q100)
Manufacturer: STMicroelectronics
Wide‑input buck‑boost DC‑DC controller (4.5‑55 V) for regulated 28 V output, automotive‑qualified
Manufacturer: Texas Instruments
CAN FD transceiver, dual‑channel, AEC‑Q100 qualified, supports 2 Mbps FD and 1 Mbps classic
Manufacturer: NXP Semiconductors
Gigabit Ethernet PHY, automotive‑grade, supports IEEE 802.3bz, low‑power, 48‑pin QFN
Manufacturer: Texas Instruments
802.11ac Wi‑Fi and Bluetooth 5.0 combo module, integrated antenna, secure boot support
Manufacturer: Qualcomm
Sub‑GHz 300‑960 MHz RF transceiver, up to 125 mW output, integrated antenna matching, suitable for telemetry link
Manufacturer: Silicon Labs
8 GB eMMC 5.0, 52‑pin BGA, automotive grade (AEC‑Q100), 400 MB/s read, 90 MB/s write
Manufacturer: Micron Technology
6‑DOF IMU (accelerometer + gyroscope), ±16 g / ±2000 dps, low noise, automotive‑grade
Manufacturer: Bosch Sensortec
Dual‑frequency GNSS module (L1/L2), 10 Hz update, built‑in antenna, automotive‑grade (AEC‑Q100)
Manufacturer: u-blox
High‑precision digital barometric pressure sensor (30 mBar) with temperature output, automotive grade
Manufacturer: TE Connectivity
1 MP global shutter image sensor, 720 p @ 60 fps, low power, automotive‑grade
Manufacturer: OmniVision Technologies
16‑channel 12‑bit PWM/servo driver, I2C interface, automotive‑grade
Manufacturer: NXP Semiconductors
Secure authentication chip, ECC‑256, AES‑256‑GCM, secure boot signature verification, AEC‑Q100
Manufacturer: Microchip Technology
RJ45 modular connector with integrated magnetics, 8‑position, panel mount
Manufacturer: Molex
2‑position 4‑pin board‑to‑board shielded connector for CAN bus, high‑reliability
Manufacturer: Molex
USB‑C receptacle, 24 V rated, 5 A, surface‑mount
Manufacturer: Amphenol
4.3‑inch TFT LCD, 480 × 272, 30 mW power, panel‑mounted
Manufacturer: Sharp
I2C multi‑touch controller, up to 5‑point, automotive qualified
Manufacturer: FocalTech
Aluminium enclosure, 250 mm × 180 mm × 80 mm, IP55, laser cut
Manufacturer: Hammond Manufacturing
Aluminum extruded heat sink, 4.5 × 2.5 × 1.5 in, with mounting holes for PCB
Manufacturer: Wakefield