System and method for GNSS in-band authenticated position determination

US 9,217,792 B2
Filed: 08/13/2010
Issued: 12/22/2015
Est. Priority Date: 08/14/2009
Status: Active Grant

First Claim

Patent Images

1. A GNSS In-Band Authentication system comprising:

a GNSS ground segment;

a GNSS user segment comprising at least one GNSS receiver; and

a GNSS space segment comprising a GNSS satellite constellation transmitting ephemeris data in a C/A message on the L1 band, wherein one or more GNSS satellites are designated authentication support (DAS) satellites and transmit a special status signal, intentionally corrupted ephemeris data and an intentionally corrupted C/A signal including a pseudo-random error on the L1 band;

wherein the at least one GNSS receiver is configured to calculate its own position using GNSS satellites in the GNSS satellite constellation other than the one or more DAS satellites, determine authentication ranges to the one or more DAS satellites within a field of view of a GNSS receiver, determine the GNSS time of the position, and transmit a position report comprising at least its calculated own position, position time, and the determined authentication range for the one or more DAS satellites within a field of view of the GNSS receiver to a surveillance system, andwherein the surveillance system is configured to receive the position report, compute verification ranges to the one or more DAS satellites using the reported position of the at least one GNSS receiver, uncorrupted ephemeris data for each of the one or more DAS satellites, and position time, compare the computed verification ranges to the determined authentication ranges in the received position report, and verify the reported position of the at least one GNSS receiver when the computed verification ranges and the determined authentication ranges in the received position report are within a predetermined tolerance range.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides a system and method for determining the authenticity of reported positions of GNSS receivers, such as aircraft equipped with GPS positioning devices, and provides an in-band verification capability for GNSS positions by tasking one or more GNSS satellites as designated authentication support (DAS) satellites that transmit corrupted ephemeris data in a pseudo-random error corrupted C/A signal on the L1 band, and the GNSS receivers determine authentication ranges to the DAS satellites and transmit the DAS authentication ranges as part of their position report. The surveillance system can verify the authenticity by comparing the transmitted authentication ranges to true authentication ranges determined using actual ephemeris data and the known C/A code pseudo-random error for the DAS satellites.

Citations

40 Claims

1. A GNSS In-Band Authentication system comprising:
- a GNSS ground segment;
  
  a GNSS user segment comprising at least one GNSS receiver; and
  
  a GNSS space segment comprising a GNSS satellite constellation transmitting ephemeris data in a C/A message on the L1 band, wherein one or more GNSS satellites are designated authentication support (DAS) satellites and transmit a special status signal, intentionally corrupted ephemeris data and an intentionally corrupted C/A signal including a pseudo-random error on the L1 band;
  
  wherein the at least one GNSS receiver is configured to calculate its own position using GNSS satellites in the GNSS satellite constellation other than the one or more DAS satellites, determine authentication ranges to the one or more DAS satellites within a field of view of a GNSS receiver, determine the GNSS time of the position, and transmit a position report comprising at least its calculated own position, position time, and the determined authentication range for the one or more DAS satellites within a field of view of the GNSS receiver to a surveillance system, andwherein the surveillance system is configured to receive the position report, compute verification ranges to the one or more DAS satellites using the reported position of the at least one GNSS receiver, uncorrupted ephemeris data for each of the one or more DAS satellites, and position time, compare the computed verification ranges to the determined authentication ranges in the received position report, and verify the reported position of the at least one GNSS receiver when the computed verification ranges and the determined authentication ranges in the received position report are within a predetermined tolerance range.
- View Dependent Claims (2, 3, 4, 5, 8, 9, 10, 11, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 2. The GNSS In-Band Authentication system of claim 1, wherein the surveillance system is configured to access uncorrupted ephemeris data and uncorrupted C/A data for the one or more DAS satellites to compute verification ranges.
  - 3. The GNSS In-Band Authentication system of claim 2, wherein the pseudo-random error injected into in the C/A code is generated using a GPS selective availability scheme.
  - 4. The GNSS In-Band Authentication system of claim 1, wherein the at least one receiver is eon to use the ephemeris data transmitted by GNSS to determine a pseudo range according to the following equation:
    - R_p1=R₁+R_bwhere;
      
      R_p1is the measured pseudo range to satellite P₁;
      
      R₁is the actual range to satellite P₁; and
      
      R_bis the satellite pseudo range bias.
  - 5. The GNSS In-Band Authentication system of claim 1, wherein the at least one GNSS receiver is configured to calculate the authentication tune for the one or more DAS satellites using the following equation:
    - AR pseudo range=AR+R_b, or
      AR=AR pseudo range−
      
      R_bwhere;
      
      AR is the estimated range (authentication range) to DAS satellite;
      
      R_bis the satellite pseudo range bias; and
      
      AR pseudo range is the measured pseudo range to the DAS satellite including the satellite pseudo range bias.
  - 8. The GNSS In-Band Authentication system of claim 1, wherein the one or more DAS satellites are configured to transmit correct ephemeris data on the P(Y) code signal on the L2 band.
  - 9. The GNSS In-Band Authentication system of claim 1, wherein the position report includes authentication ranges to two DAS satellites.
  - 10. The GNSS In-Band Authentication system of claim 1, wherein the position report is an ADS-B report.
  - 11. The GNSS In-Band Authentication system of claim 10, wherein the surveillance system is configured to use the authentication ranges to the one or more DAS satellites to verify the validity of the reported position of the at least one GNSS receiver.
  - 15. The GNSS In-Band Authentication system of claim 1, wherein for information push applications, the authentication system is configured to use the authentication range as a public key to decrypt data encrypted by a private key generated from the verification range to one or more DAS satellites.
  - 16. The GNSS In-Band Authentication system of claim 15, wherein data is encrypted using a DAS satellite position and a known position of a designated receiving unit and transmitted to the designated receiving unit, and only the designated receiving unit at the known position can decrypt the received data.
  - 17. The GNSS In-Band Authentication system of claim 1, wherein the authentication system is configured to allow a credit card user to designate one or more locations as valid for on-line credit card transactions, and use the DAS authentication ranges as a physical location verification layer for an additional security layer for authorizing on-line transactions from only the one or more designated locations.
  - 18. The GNSS In-Band Authentication system of claim 1, wherein the authentication system is configured to allow a user to designate one or more locations as valid personal locations, and use the DAS authentication ranges as a physical location verification layer as an additional security layer for an enhanced electronic signature verification to the one or more designated locations.
  - 19. The GNSS In-Band Authentication system of claim 1, wherein the authentication system is configured to allow a user to designate one or more locations as valid WLAN access locations, and use the DAS authentication ranges as a physical location verification layer to restrict access to the WLAN to the one or more designated locations.
  - 20. The GNSS In-Band Authentication system of claim 1, wherein the authentication system is configured to allow a user to designate one or more locations as valid WAN/WiMax access locations, and use the DAS authentication ranges as a physical location verification layer to restrict access to the WAN/WiMax to the one or more designated locations.
  - 21. The GNSS In-Band Authentication system of claim 1, wherein the authentication system is configured to allow a user to designate one or more locations as valid to receive satellite broadcasting, and use the DAS authentication ranges as a physical location verification layer to restrict receiving satellite broadcasting to the one or more designated locations.
  - 22. The GNSS In-Band Authentication system of claim 1, wherein the surveillance system is configured to transmit the received position report from the GNSS receiver to a third party authenticator and the third party authenticator computes verification ranges to the one or more DAS satellites from the reported position of the GNSS receiver, and compare the computed verification ranges to the reported authentication ranges and transmit a verification to the surveillance system when the computed verification ranges and the verification ranges in the received position report are within a predetermined tolerance.
  - 23. The GNSS In-Band Authentication system of claim 1, wherein the authentication system is configured to store at least the reported GNSS position, the position time and authentication range in an archive and detect alterations to the position records by comparing the altered position derived range to the DAS satellite to the stored authentication range at the position time.

6. The GNSS In-Band Authentication system of claim wherein the surveillance system is configured to receive the position report transmits the position report to a third party authenticator and request the third party authenticator to verify the position report of the at least one GNSS receiver.
- View Dependent Claims (7)
- - 7. The GNSS In-Band Authentication system of claim 6, wherein the third party authenticator accesses uncorrupted ephemeris data and uncorrupted C/A code data for the one or more DAS satellites to compute verification ranges.

12. The GNSS In-Band Authentication system of claim wherein the authentication system is configured to use DAS authentication ranges are used as a secure position selective communication (PSC) layer.
- View Dependent Claims (13, 14)
- - 13. The GNSS In-Band Authentication system of claim 12, wherein the PSC layer provides a secure communications channel that is only available at predetermined locations, wherein each user attempting to link to the secure communications channel reports its own position, and wherein the reported position is compared to the predetermined locations before the user is granted access to the secure communications channel.
  - 14. The GNSS In-Band Authentication system of claim 12, wherein the PSC layer is used with other cryptographic layers to secure communications channels.

24. A method of providing GNSS In-Band Authentication, the method comprising:
- transmitting ephemeris data in a C/A message on the L1 band from GNSS satellites in a GNSS satellite constellation, wherein one or more GNSS satellites are designated authentication support (DAS) satellites and transmit a special status signal and intentionally corrupted ephemeris data and an intentionally corrupted C/A signal including a pseudo-random error on the L1 band;
  
  receiving ephemeris data on the at least one GNSS receiver in a GNSS user segment, wherein the at least one GNSS receiver;
  
  calculates its own position using GNSS satellites in the GNSS satellite constellation other than the one or more DAS satellites,determines authentication ranges to the one or more DAS satellites within a field of view of a GNSS receiver and position time, andtransmits a position report comprising at least its calculated own position, position time, and the determined authentication range and DAS satellite identification information for the one or more DAS satellites within a field of view of the GNSS receiver to a surveillance system;
  
  wherein the surveillance system;
  
  receives the position report transmitted by the at least one GNSS receiver,computes verification ranges to the one or more DAS satellites using the reported position of the at least one GNSS receiver, uncorrupted ephemeris data for each of the one or more DAS satellites, and position time,compares the computed verification ranges to the determined authentication ranges in the received position report, andverifies the reported position of the at least one GNSS receiver when the computed verification ranges and the determined authentication ranges in the received position report are within a predetermined tolerance range.
- View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
- - 25. The GNSS In-Band Authentication method of claim 24, wherein the surveillance system accesses the uncorrupted ephemeris data and uncorrupted C/A code without the pseudo-random error for the one or more DAS satellites to compute verification ranges.
  - 26. The GNSS In-Band Authentication method of claim 24, wherein the position report includes authentication ranges to two DAS satellites.
  - 27. The GNSS In-Band Authentication system of claim 24, wherein the surveillance system receives the position report, transmits the position report to a third party authenticator, and requests the third party authenticator to verify the position report of the at least one GNSS receiver.
  - 28. The GNSS In-Band Authentication system of claim 27, wherein the third party authenticator accesses actual ephemeris and APN information for the one or more DAS satellites to compute verification ranges.
  - 29. The GNSS In-Band Authentication method of claim 24, wherein the DAS authentication ranges to the one or more DAS satellites are used as a secure position selective communication (PSC) layer.
  - 30. The GNSS In-Band Authentication method of claim 29, further comprising providing a secure communications channel that is only available at predetermined locations, each user attempting to link to the secure communications channel reports their position, and the reported position is compared to the predetermined locations by the PSC layer before the user is granted access to the secure communications channel.
  - 31. The GNSS In-Band Authentication method of claim 24, wherein the PSC layer is used with other cryptographic layers to secure communications channels.
  - 32. The GNSS In-Band Authentication method of claim 24, further comprising, for information push applications, using the authentication range to one DAS satellite as a public key to decrypt data encrypted by a private key generated using a secret range to the DAS satellite known to the surveillance system.
  - 33. The GNSS In-Band Authentication method of claim 32, wherein data is encrypted using one DAS satellite position and a known position of a designated receiving unit and transmitted to the designated receiving unit, and only the designated receiving unit at the known position can decrypt the received data.
  - 34. The GNSS In-Band Authentication method of claim 24, wherein a credit card user designates one or more locations as valid for on-line credit card transactions, and the DAS authentication ranges are used as a physical location verification layer for an additional security layer for authorizing on-line transactions from only the one or more locations.
  - 35. The GNSS In-Band Authentication method of claim 24, wherein a user designates one or more locations as valid personal locations, and the DAS authentication ranges are used as a physical location verification layer as an additional security layer for an enhanced electronic signature verification to the one or more locations.
  - 36. The GNSS In-Band Authentication method of claim 24 wherein a user designates one or more locations as valid WLAN access locations, and the DAS authentication ranges are used as a physical location verification layer to restrict access to the WLAN to the one or more locations.
  - 37. The GNSS In-Band Authentication method of claim 24, wherein a user designates one or more locations as valid WAN/WiMax access locations, and the DAS authentication ranges are used as a physical location verification layer to restrict access to the WAN/WiMax to the one or more locations.
  - 38. The GNSS In-Band Authentication method of claim 24, wherein a user designates one or more locations as valid to receive satellite broadcasting, and the DAS authentication ranges are used as a physical location verification layer to restrict receiving satellite broadcasting to the one or more locations.
  - 39. The GNSS In-Band Authentication method of claim 24, wherein the surveillance system transmits the received position report from the GNSS receiver to a third party authenticator and the third party authenticator computes verification ranges to the one or more DAS satellites from the reported position of the GNSS receiver, and compares the computed verification ranges to the reported authentication ranges and transmits a verification to the surveillance system when the computed verification ranges and the verification ranges in the received position report are within a predetermined tolerance.
  - 40. The GNSS In-Band Authentication method of claim 24, wherein at least the reported GNSS position, the position time and authentication range are stored in an archive and alterations to the position records are detected by comparing the altered position derived range to the DAS satellite to the stored authentication range at the position time.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Saab Inc (Saab AB)
Original Assignee
Saab Sensis Corp. (Saab AB)
Inventors
Wu, Ryan Haoyun
Primary Examiner(s)
Adams, Tashiana
Assistant Examiner(s)
Mull, Fred H

Application Number

US13/383,515
Publication Number

US 20120133552A1
Time in Patent Office

1,957 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G01S 19/10   providing dedicated supplem...

G01S 19/18   Military applications

G01S 19/20   Integrity monitoring, fault...

G01S 19/21   Interference related issues...

G01S 19/215   issues related to spoofing

System and method for GNSS in-band authenticated position determination

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for GNSS in-band authenticated position determination

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links