Editor’s Note: Inside GNSS recently sat down with technical and executive experts from Iridium following the launch of the company’s new PNT ASIC.
This milestone interview provided first-hand insight into the rationale, engineering process, and industry impact of embedding authenticated positioning and timing directly in silicon. By engaging with Iridium’s team immediately after their announcement, Inside GNSS was able to explore not only the technical foundations but also the architectural philosophy behind a device-level resilience paradigm—highlighting how the new ASIC transforms authentication from a bolt-on solution into an integral building block for future GNSS-dependent systems. Crucially, the conversation also details the ASIC’s role as a standalone solution: when GNSS signals are unavailable or denied, Iridium PNT provides an independent, continuously available source of trusted time and position, suitable for deployment in challenging or adversarial environments.
Iridium’s announcement of a complementary PNT ASIC marks a decisive shift in how resilience will be engineered into future positioning, navigation, and timing systems. For decades, resilience was something integrators bolted on after the fact—an architectural bandage applied once jamming and spoofing became a system-level concern. With Iridium now placing its authenticated timing/location service directly into an ASIC, resilience is being treated not as an accessory, but as a foundation-level design element. The company is not moving down-stack to compete with GNSS silicon, but to embed resilience alongside it. The difference is subtle but substantial: GNSS remains the most common primary navigation source, but Iridium becomes a cryptographically anchored continuity layer available even when GNSS is denied, blocked, or manipulated.
Why Silicon, and Why Now
The strategic rationale for the ASIC did not originate with the announcement. As Iridium VP of PNT, Rohit Braggs noted during the interview with Inside GNSS, the work “has been underway in silicon for three years, but the architectural decision that pointed us here predates that effort.” The more PNT becomes software-defined, Braggs observed, the more its trust boundary has drifted upward into firmware and the cloud—precisely where adversaries are most effective. A design that protects authenticity at the physical layer re-centers PNT resilience where it is least susceptible to manipulation.
It marks the first time Iridium has delivered signal authentication as a built-in hardware feature rather than an external layer.
That represents a philosophical shift as much as a technical one. “Lowering the bar of access was a design goal from the beginning,” Braggs explained. The legacy model required integrators to evaluate specialized modems, design external modules, or stand up custom RF front ends. In contrast, an ASIC can be socketed the way GNSS silicon is—“allowing resilience to become part of the board,” not an attached accessory. The result is not just smaller bill of materials cost, but a fundamentally different adoption curve: instead of resilience only being added by the most motivated system architects, it now becomes available to any engineer already designing for GNSS.
Iridium’s decision therefore signals a deeper industry realignment. The market has matured to the point where resilience is not a “value-added layer,” but a gating requirement for infrastructure that needs provable assurance. As Braggs summarized, “the real inflection point was when the integration burden became the barrier, not the technology. We solved the technology years ago. Silicon solves the barrier.”
The Engineering Premise
Technically, the ASIC supports both stand-alone authenticated timing and location validation, or dual-mode operation alongside GNSS. That dual-mode architecture is crucial: Iridium is not replacing navigation; it is stabilizing its trust boundary. A GNSS receiver can still derive primary position with high precision, while Iridium ensures that time—and therefore navigation integrity—cannot be subverted.
“Think of it as hardening the baseline,” Braggs said. “GNSS still does what GNSS does best. We give you authenticated time and a second source of position truth to detect manipulation.” In practical terms, this lets an embedded system differentiate between environmental degradation and adversarial intent, something GNSS cannot do alone without an external trust anchor. It also future-proofs the design: as threat pressure evolves, authentication remains rooted in physical-layer cryptography rather than firmware mitigations that can be bypassed.
There is an important architectural nuance here—Iridium is not providing a precision location substitute, but a continuously available reference against which GNSS-derived navigation can be validated. That is the core distinction that shifts resilience from an external failover to an active co-source inside the timing chain. With the ASIC serving as a companion trust layer, navigation from GNSS is no longer a “single point of truth,” but a value that can be checked against authenticated time and position provenance.
When GNSS signals are entirely unavailable, the Iridium PNT service provides a primary source of both time and position, not merely a backup. This enables deployment in environments where GNSS access is persistently denied or impossible, positioning the ASIC as a self-sufficient solution for resilient navigation and timing. While most implementations will leverage Iridium PNT as a co-source for GNSS validation, its capability as a standalone reference ensures robust operation in demanding or adversarial conditions.
This embedded-resilience posture becomes especially relevant as integrators harden platforms that cannot rely on cloud-based augmentation in a contested environment. In those conditions, authentication must exist locally, on hardware, without requiring a network handshake. “Resilience only matters if it can survive isolation,” Braggs emphasized. “The ASIC ensures that trust holds even when the broader system is cut off from everything except sky access.”
Building for Contested Environments
The ASIC was validated under a series of adversarial profiles that go beyond the simplistic jammer tests typically shown in demonstrations. Braggs explained that the goal was to treat GNSS not as “jammed or not jammed,” but as “trustworthy or untrustworthy.” Several categories of manipulation were tested, including time drift, delayed replay, false-lock scenarios, dynamic sweep spoofing, and mixed-vector jamming.
The results were less about signal persistence and more about fidelity of authentication. In Braggs’s words: “We did not focus on brute-force survivability. We focused on whether the integrity signal continued to serve as an anchor when GNSS became misleading.” If a system can still produce a navigation solution but can no longer guarantee its authenticity, then availability without trust becomes an attack surface rather than a feature.
This is the point at which hardware-anchored authentication becomes different from firmware-layer monitoring. In a spoofing attack, firmware still sees a valid signal lock; hardware sees a manipulation because time provenance no longer aligns with authenticated reference. “Detection and rejection are not the same,” Braggs said. “With silicon, we don’t just see the problem—we have a root of trust that lets us adjudicate it.”
Where Trust Lives in the Hardware Stack
One of the most consequential aspects of embedding Iridium authentication in silicon is that the trust anchor now exists at the same level of the hardware stack as the clock itself. In GNSS design, when trust lives above hardware—in middleware, firmware, or application logic—it remains vulnerable to a sufficiently advanced attacker who can shape the upstream signal environment. This ASIC relocates the trust function to the base of the chain, beneath firmware arbitration.
The relocation significance is large: it changes the blast radius of a spoofing attack. Instead of allowing manipulated timing to propagate upward into the navigation layer, the silicon terminates the attempt at the trust boundary before the rest of the stack is exposed. Trust is no longer inferred from downstream behavior; it is established through cryptographic verification tied to signal origin.
That distinction is what enables the ASIC to serve as a trustworthy fallback even when GNSS is not merely degraded but intentionally manipulated. The system can still determine whether what it is seeing is “real enough” to incorporate or must be discarded—often referred to as survivability; in practice it is closer to continuable correctness.
The Adoption Curve
Because the ASIC collapses the integration burden, the earliest adopters will likely be those with the most to lose from downtime or timing drift—telecom, maritime, finance, energy distribution, and government/critical infrastructure platforms. These sectors have historically viewed resilience as a cost or an afterthought; the shift to silicon turns it into an embedded default. “Once it’s part of the board, the conversation changes,” Braggs observed. “Designers don’t need a second procurement cycle to add trust. It ships with trust.”
This also changes how OEMs evaluate risk. If the ASIC delivers authenticated timing and fallback location natively, the threshold for adopting a multi-layer architecture lowers. Engineering teams do not need to allocate PCB space for a separate security module or rearchitect the design around external trust injectors. In effect, the ASIC is not competing against other protected timing solutions—it is competing against the time, cost and complexity of integrating them.
The critical advantage for the integrator is predictability. A system architect can now call resilience a property of the hardware rather than a dependency on network-connected assurance services. Whether the platform is running without external synchronization, experiencing partial GNSS denial, or encountering a plausible spoofing environment, the trust layer continues to hold. The ASIC is therefore less about added performance than about preserving a trustworthy operating state.
Where It Fits in the C-PNT Architecture
Because Iridium’s authenticated service is globally available, the ASIC also helps unify architectures across regions that otherwise differ in terrestrial augmentation infrastructure or national regulatory posture. It gives system architects a stable design reference independent of sovereign spectrum dependencies. “We don’t assume the operating environment is predictable,” Braggs said. “We assume it becomes adversarial and design for that baseline.” The ASIC is therefore not a diversity measure; it is a continuity-of-trust measure.
This aligns closely with Protect–Toughen–Augment (PTA) models emerging in both U.S. and EU guidance—but with a key distinction: it executes PTA “inside the device,” not via external network dependence. Instead of requiring an operator to select a resilience overlay, the ASIC makes resilience intrinsic. That framing is likely to influence future standards and procurement language, where embedded authentication becomes a default rather than a specialization.
From a system-design perspective, the ASIC operates most logically as a trust floor. Engineers can still layer multi-constellation GNSS, terrestrial timing, or fiber-based holdover on top. What Iridium adds is the assurance that the foundation layer cannot be spoofed into an untrustworthy state that misleads every other layer above it. The ASIC also establishes a platform for future enhancements in precision and positional performance as Iridium continues to invest in advancing its PNT service capability.
The OEM On-Ramp
Although Iridium has not positioned the ASIC as a licensing play first, the architecture allows for future integration into third-party GNSS receiver silicon. That creates a clean path for long-term adoption without requiring perpetual dual-component sourcing. The earliest systems will likely appear as discrete socketed components; the second wave will arrive when resilience is treated as baseline silicon capability.
In the interview, Braggs was explicit that Iridium intends this to become a normal part of design, not a specialized component: “When resilience is something you only add to the highest-risk platforms, it will always lag the threat. When you embed it at design-level, the ecosystem shifts forward to anticipate the threat.”
Design kits and reference implementations will drive the first wave of adoption, particularly among integrators who have already encountered operational jamming and spoofing pressure. The more interesting transformation, however, will occur when manufacturers adopt the ASIC not because they have already seen contested conditions, but because they no longer view resilience as a discretionary trade.
A Different Baseline for Resilience
For the broader PNT community, the significance of Iridium’s ASIC is not that another protected service has entered the market; it is that protection is now available at the same level as the componentry that needs it most. Trust ceases to be an afterthought and becomes a build-time property. In practical engineering terms, this closes the posture gap between “functionally available” and “proven authentic.”
The Technical Horizon
Over time, resilience ceases to be a contingency measure and becomes a specification: the trust anchor is embedded alongside the timing reference in the hardware component bill-of-materials. By enabling trust to be integrated from the outset, the Iridium PNT ASIC becomes a primary element in achieving system-level resilience, rather than an afterthought for contingency planning.
