Combined Integrity of GPS and Galileo
Working Papers explore the technical and scientific themes that underpin GNSS programs and applications. This regular column is coordinated by Prof. Dr.-Ing. Günter Hein. Contact Prof. Hein at Guenter.Hein@unibw-muenchen.de
Integrity as the measure of trust placed in the correctness of the information provided by navigation systems is clearly one key factor of safety critical applications, such as precision landing procedures and precise maritime harbor applications. With the existing protection level concept employed by SBAS + GPS and the computation of the integrity risk at the alarm limit used within the upcoming Galileo baseline integrity concept, two different approaches will be available within the near future. Although both concepts share the same objective to describe the integrity of a user — and therefore have several basics in common — each respective system’s usage of information provided by the other concept is not foreseen. This column examines GPS and Galileo integrity methods and proposes an algorithm for a combined integrity approach using data from both, as well as practical issues of implementation and computation of associated protection levels.
Integrity denotes the measure of trust placed in the correctness of the information provided by navigation systems. Safety critical applications require integrity measures to indicate with what level of confidence the navigation information may be used.
Although the existing protection level concept employed by satellite-based augmentation system (SBAS) combined with GPS provides one method to estimate this level of trust, the upcoming Galileo system will employ a different approach — computation of the integrity risk at the alarm limit. Thus, two different approaches will be available within the near future. However, neither the SBAS + GPS method nor the Galileo plan makes use of any additional information provided by other integrity data sources.
This column presents an algorithm and demonstration of a combined integrity approach using data from both integrity concepts. The algorithm is based on the integrity data available on the user side. The presentation will also explore practical implementation issues and the computation of protection levels for calculated integrity risks.
Visions of Integrity
Currently, the SBAS + GPS integrity concept is the only existing source of integrity information for GNSS users on a regional basis. In the form of the Wide Area Augmentation System (WAAS) this concept has been successfully implemented in North America and will be available in Europe through the European Geostationary Navigation Overlay System (EGNOS) within the near future.
A second approach to provide integrity information is foreseen within the current Galileo baseline integrity concept, which is intended to work on a global basis. Both concepts provide different information and use different methods to calculate the integrity measure. The SBAS + GPS approach provides both a horizontal protection level (HPL) and a vertical protection level (VPL), while the Galileo approach calculates the overall integrity risk, PHMI.
Nevertheless, neither the SBAS + GPS integrity concept nor the Galileo integrity plan takes into account the integrity information provided by the other system. This has two consequences: Not incorporating additional information from the other system reduces the complexity of the integrity algorithms, and, as a result, simplifies the certification process because only the system itself has to be certified.
The main disadvantage of a “single system integrity algorithm” is that all modern GNSSs share most of their working principles and provide mostly equivalent measurement data, while at the same time suffering from similar propagation and measurement errors. As a result, the transmitted information needed for integrity assessment is comparable, similar, or even identical.
This system commonality does not justify neglect the additional data even if they are provided by different integrity sources, because the more measurements and integrity information are utilized the better the knowledge of the derived user integrity will be. The only remaining restriction is that the additional integrity source has to be trustworthy and certified.
In this column, after reviewing both integrity concepts in terms of similarities, differences, and basic definitions, we will present combined algorithms using simultaneous data from the SBAS + GPS and the Galileo integrity concept. As background to our discussion of these algorithms, the sidebar “User Integrity Concepts” discusses several key properties of the SBAS + GPS and Galileo integrity concepts.
In general both integrity concepts share basic principles such as signal-in-space (SIS) error and user-to-satellite geometry. Moreover, the fault-free allocation tree within the Galileo integrity concept is very similar to the SBAS + GPS integrity concept, except for (a) the representation of the final result, and (b) the non-fixed allocation for the different protection domains in Galileo.
In order to provide an adequate comparison, we describe the outcome of the SBAS + GPS algorithm in terms of integrity risks (IR) at the alarm limit (AL) and the outcome of the baseline Galileo integrity concept is described in terms of protection levels (PL) at given integrity risks.
Our analysis will demonstrate that protection levels and integrity risks at the alert limit are mathematically an inversion of the same concept but cannot be compared directly. Particularly, different allocations of horizontal and vertical integrity risks allow the user to obtain a family of inverse points to the given horizontal and vertical protection levels.
To facilitate the comparison between SBAS+GPS and Galileo integrity concepts, a numerical implementation is presented that transforms integrity risks into protection levels and vice versa.
In addition to the combined integrity algorithms, the current baseline for the Galileo integrity concept was reviewed carefully and also implemented stand-alone. An outcome of the conducted simulations shows that, up to now, a major point missing in the Galileo integrity concept is the sustained consideration of non–signal-in-space (SIS) errors.
Within publicly available studies only signal-in-space accuracy (SISA) and signal-in-space monitoring accuracy (SISMA) have been simulated and used to derive the theoretical performance of the Galileo integrity concept.
The column presents the integrity risk calculation regarding non-SIS failure sources because these error components are part of the final user integrity risk as well. The results of the tests carried out in this scope suggest that the fulfilment of the required system performance of the current Galileo baseline integrity concept will be challenging for the maximum allowed SISA, SISMA, and local error contributions.
Direct and Indirect Integrity Formulations
The GPS + SBAS and Galileo integrity formulations are complementary. GPS + SBAS results in protection levels to given integrity risks, while the Galileo integrity formulation results in integrity risks for given alarm limits. The HPL specifies the maximum allowable horizontal deviation for which the a priori specified integrity risk can be granted and the VPL specifies the corresponding vertical value.
. . .
Deriving Integrity Risks for GPS + SBAS Measurements
. . .
Combined Use of Integrity Information
. . .
On the other hand, according to the RTCA MOPS, the SBAS + GPS integrity concept states that all GPS satellites that are spuriously considered healthy by the SBAS ground segment only cause a fixed, geometry-independent integrity risk.
. . .
Integrity Simulation Tool
. . .
. . .
Inverting strategies for shifting protection level formulations to integrity risk formulations provide a better comparability of Galileo integrity with SBAS + GPS integrity. Using the most simple inversion strategy — inversion with fixed allocations — one has to pay the price of gradually reduced system availability. Inverting strategies with variable allocations show better results.
The conservative joint of the different integrity risk allocation trees results in an additional additive and geometry-independent integrity risk component for all GPS satellites. The simulation results demonstrate that this additive term in the combined algorithm does not deplete the geometry and redundancy induced advantages. Consequently, combined use of integrity information outperforms either single system used alone.
Beginning October 2009, the EGNOS open service was declared to be operational. Although it provides the same information compared to the future EGNOS SoL service, the EGNOS open service definition document underscores the fact that SoL users should not use EGNOS for safety critical purposes, until the EGNOS SIS and its operator are certified for SoL purposes.
The EGNOS certification process will be closed out mid-year, not allowing until this time the possibility to define SBAS procedures in Europe. This demonstrates the discrepancy between provided and certified integrity data. The combined use of different integrity sources presented in this column shows that enhancements in both availability and achievable protection levels can be expected.
Nevertheless it is the solely decision of all involved service providers to jointly define and certify combined integrity processing schemes, combined equipment regulatory and combined procedures. Also, the providers have to jointly keep the liability for the combined system.
For the complete story, including figures, graphs, and images, please download the PDF of the article, above.
Copyright © 2017 Gibbons Media & Research LLC, all rights reserved.