GPS III Integrity Concept

Karl Kovach, John Dobyne, Mark Crews, Calvin Miles

Abstract:	embodied by the Block III satellites and the nextgeneration operational control system (“OCX”). The integrity concept for GPS III has evolved significantly from the integrity concept for GPS II (i.e., Block II satellites and the current operational control system). The GPS III integrity concept is built around signal-in-space (SIS) fault prevention internal to the GPS Space and Control Segments instead of SIS fault detection and warning by external augmentation methods. The origins of the GPS III integrity concept are traced back to a synthesis of the GPS II Integrity Failure Modes and Effects Analysis (IFMEA) results and the integrity definition promulgated by the International Civil Aviation Organization (ICAO). The GPS IFMEA results showed the two significant threats to signal-in-space (SIS) integrity are run-away clock faults onboard the Navstar satellites and errors in the data uploaded by the ground control system. In the Space and Control Segments, the GPS III approach to integrity implementation calls for the Block III satellites and the OCX to assure the integrity of their own functions by preventing failures from occurring in the first place. The GPS III satellites will be equipped with a built-in monitoring capability to observe an impending clock runoff failure or on-board processing anomaly, rapidly disable the affected output SIS(s), and report the problem to the OCX for corrective action. The primary means of rapidly disabling an output SIS is to transmit non-standard code in lieu of the standard Pseudorandom Noise (PRN) code signal. By observing the onset of satellite anomalies on board, the SIS can be disabled before a potential integrity failure can occur. Integrity within the OCX will be focused on validating commands and uploads before they are transmitted to the satellites, thereby preventing errors from propagating to the satellites and thence to the output SIS(s). The OCX will still be responsible for observing, estimating, and correcting the naturally occurring slow drift satellite clock errors and ephemeris errors that are undetectable aboard the satellites like the current Control Segment does today. For the SIS, the GPS III integrity approach incorporates the existing User Range Accuracy (URA) parameters in the navigation (NAV) messages rather than adding new URA-like parameters. A new single-bit Integrity Status Flag (ISF) in the NAV messages for each SIS will be used to indicate the level of integrity assurance provided for the URA parameters so that the receiver can distinguish between the legacy (1 - 1 x 10-5/hr/SIS) level of integrity and the assured (1 - 1 x 10-8/hr/SIS) level of integrity. To take advantage of the GPS III integrity concept, receiving equipment will need to use position domain integrity algorithms similar to those defined in RTCA/DO-229. The receiver would calculate a real-time estimate of the Protection Level (PL), and would compare the PL to the integrity requirement for the current operation, the Alert Limit (AL). For example, if the PL equaled or exceeded the AL, the receiver would issue a warning to the user and/or using systems that the integrity of the current position solution was not acceptable for the operation being performed. This paper includes a brief overview of some “protection level equations” that future GPS receivers can utilize to fully exploit GPS III integrity. As with any system, integrity is not just a product of the functions of the system, it is also a product of the assurance processes used to develop the system. GPS III is being developed using integrity assurance processes patterned after those used for aircraft. Specifically, analyses will be conducted using guidance provided in the Society of Automotive Engineers (SAE) Aerospace Recommended Practice (ARP) 4754, "Certification Considerations for Highly-Integrated or Complex Aircraft Systems," and SAE ARP 4761, "Guidelines and Methods for Conducting the Safety Assessment Process on Civil Airborne Systems and Equipment." Similarly, software and hardware development will be conducted using guidance provided in RTCA DO-278, "Guidelines for Communication, Navigation, Surveillance, and Air Traffic Management (CNS/ATM) Systems Software Integrity Assurance" and RTCA DO-254, "Design Assurance Guidance for Airborne Electronic Hardware."
Published in:	Proceedings of the 21st International Technical Meeting of the Satellite Division of The Institute of Navigation (ION GNSS 2008) September 16 - 19, 2008 Savannah International Convention Center Savannah, GA
Pages:	2250 - 2257
Cite this article:	Kovach, Karl, Dobyne, John, Crews, Mark, Miles, Calvin, "GPS III Integrity Concept," Proceedings of the 21st International Technical Meeting of the Satellite Division of The Institute of Navigation (ION GNSS 2008), Savannah, GA, September 2008, pp. 2250-2257.
Full Paper:	ION Members/Non-Members: 1 Download Credit Sign In