Page 43 - 卫星导航2021年第1-2合期
P. 43
Du et al. Satell Navig (2021) 2:3 Page 10 of 22
tions can be used to bridge small communications investigated over many years. GNSS integrity can be
outages, with quality degradation over time (Hadas monitored at system-level or user-level or both. Basic
and Bosy 2015; El-Mowafy et al. 2017). system-level integrity messages that are broadcast by
GNSS satellites can be generated by on-board monitors
(Viðarsson et al. 2001; Weiss et al. 2010), or uploaded by
GNSS integrity concept and approaches the GNSS control segment, monitoring only satellite and
Defnition and indicators of GNSS integrity signal faults (Kovach et al. 2008). Additional integrity
Integrity is a critical requirement for navigation and real- information can be provided by augmentation systems,
time positioning, for both safety–critical and liability- including Ground Based Augmentation System (GBAS)
critical applications, since potential threats and faults to and SBAS, by comparing the ground truth of the moni-
GNSS positioning may have serious consequences (Kealy toring station with the position solution computed using
2011; Zhu et al. 2018). Te integrity concept was frst the GNSS Signal-in-Space (SIS) (Langley 1999; Ochieng
developed in the feld of civil aviation and is defned as “a et al. 2003; Speidel et al. 2013). Te SIS integrity infor-
measure of the trust that can be placed in the correctness mation, e.g. User Rang Accuracy (URA), can be used for
of the information supplied by a navigation system” (U.S. user-level integrity monitoring (Federal Aviation Admin-
Department of Defense et al. 2008). It includes both the istration 2010). In addition to satellite and signal faults,
ability to provide valid and timely warnings to users when GBAS and SBAS are also capable of monitoring the fail-
the system should not be used and the fundamental reli- ures corresponding to the medium (atmosphere), e.g.
ability to avoid such circumstances (U.S. Department of ionospheric anomaly.
Defense et al. 2008; Kovach et al. 2008). User-level integrity monitoring can be performed using
Integrity can be characterised by the following main approaches such as Receiver Autonomous Integrity Mon-
parameters (International Civil Aviation Organization itoring (RAIM). RAIM techniques typically include two
(ICAO) 2006; Navipedia 2011a; Radio Technical Com- procedures (Navipedia 2011b): (1) Fault Detection and
mission for Aeronautics (RTCA) 2006): Exclusion (FDE), and (2) PL is computed and compared
against an AL. It should be noted that: (1) PL depends on
• Alert Limit (AL) Te maximum acceptable position satellite geometry and nominal error characteristic (sto-
error, beyond which an alert should be triggered. It chastic model), rather than real measurements, and thus
can be further characterised as Horizontal AL (HAL) are predictable (RTCA 2006); (2) PL should be recom-
and Vertical AL (VAL). puted after fault exclusion.
• Time to Alert (TTA) Te maximum time allowed Te RAIM algorithms developed for aviation can be
before raising an alert since the system exceeds the categorised into two classes according to the FDE tech-
tolerance level. nique used: residual-based RAIM and solution-separa-
• Integrity Risk (IR) Te probability (per time unit) that tion RAIM (Gunning et al. 2018; Speidel et al. 2013). Te
the position error exceeds the AL. traditional RAIM approaches rely on the consistency
• Protection Level (PL) An estimate of the upper bound checks of redundant measurements. Tese algorithms
of position error given the probability no larger than are generally based on weighted least squares residuals
the required IR. Similarly, Horizontal PL (HPL) and or equivalent variants, e.g. parity method (Brown 1996;
Vertical PL (VPL) can be specifed separately. Parkinson and Axelrad 1988; Walter and Enge 1995).
Te traditional RAIM assumes that there is only one
AL, TTA and IR are usually prescribed as integrity faulty measurement at any one time. As a result, it is only
requirements, while PL is calculated by users or by the capable of detecting a single fault. In contrast, Advanced
monitoring system. Te computed PL is then compared RAIM (ARAIM) based on Multiple Hypothesis Solution
with AL and actual position error (if known) to deter- Separation (MHSS) can deal with multi-dimensional
mine whether (Navipedia 2011a): faults (Blanch et al. 2012). ARAIM tests all possible fault
modes in the position domain to perform FDE and PL
calculations, with explicit integrity risk allocation accord-
(a) the system is unavailable (when PL > AL); and,
(b) an integrity event occurs (when PE > PL). ing to a threat model that includes multiple faults (Blanch
et al. 2012, 2015; EU-U.S. Cooperation on Satellite Navi-
gation 2016). Te potential of multi-constellation, multi-
frequency GNSS observations can thus be fully exploited
GNSS integrity monitoring procedures and methods by ARAIM, increasing data redundancy signifcantly.
Te integrity monitoring techniques, methodologies However, the computational load of ARAIM is very high
and algorithms for code-based navigation have been due to the need to test each fault mode (i.e. a possible
