U.S. patent application number 13/277535 was filed with the patent office on 2012-02-09 for arrangement with means for ensuring bona fide of received signals.
Invention is credited to David S. De Lorenzo, Per K. Enge, Peter Levin, Sherman C. Lo.
Application Number | 20120032841 13/277535 |
Document ID | / |
Family ID | 43062057 |
Filed Date | 2012-02-09 |
United States Patent
Application |
20120032841 |
Kind Code |
A1 |
Levin; Peter ; et
al. |
February 9, 2012 |
Arrangement With Means for Ensuring Bona Fide of Received
Signals
Abstract
An arrangement including a receiver that receives a plurality of
signals from different source that are modulated with a common
carrier, where each signal of the signals experiences a transit
delay and Doppler frequency shift before reaching the receiver. The
receiver includes means, such as a directional antenna, to ensure
that the received signals are bona fide, or at least not subject to
the same bogus signal or signals to which a second receiver may be
subjected. The arrangement further includes means for processing a
signal derived from the signals received by the receiver with
signals provided by a supplicant module to reach a conclusion about
the bona fide of the signals provided by the supplicant module.
Inventors: |
Levin; Peter; (Newtonville,
MA) ; De Lorenzo; David S.; (Palo Alto, CA) ;
Enge; Per K.; (Mountain View, CA) ; Lo; Sherman
C.; (San Mateo, CA) |
Family ID: |
43062057 |
Appl. No.: |
13/277535 |
Filed: |
October 20, 2011 |
Related U.S. Patent Documents
|
|
|
|
|
|
Application
Number |
Filing Date |
Patent Number |
|
|
12012470 |
Feb 2, 2008 |
8068054 |
|
|
13277535 |
|
|
|
|
Current U.S.
Class: |
342/357.4 |
Current CPC
Class: |
G01S 19/29 20130101;
G01S 19/21 20130101 |
Class at
Publication: |
342/357.4 |
International
Class: |
G01S 19/03 20100101
G01S019/03 |
Claims
1. A method for use by an apparatus in conjunction with a system of
earth-orbiting satellites in which each satellite transmits a
global positioning system signal containing data that is encoded
using a first code, which is publicly known, and that is also
encoded using a second code, which is not known to said server, the
method comprising: accepting a commingled signal from a terrestrial
supplicant system the commingled signal being a frequency-shifted
version of a superposition of the satellite signals, as received by
said supplicant system during one or more particular time
intervals, the signals in said superposition including said first
code and said second code; a server of said apparatus receiving
said particular ones of the signals that were transmitted from
respective ones of the satellites, for said one or more particular
time intervals, and storing in a memory signals related to the
signals received by said server where said related signals include
said first code and said second code; and determining terrestrial
locus of the supplicant system based on knowledge of the
terrestrial location of the server and results of a correlation
between a first signal that is a version of the accepted commingled
signal and a second signal that is a version of at least three of
said GPS signals received by the server.
2. The method of claim 1 wherein said accepting and said
determining is performed in said server.
3. The method of claim 1 wherein said apparatus comprises said
server and a processing device that is remote to said server, and
said determining is performed in said processing device.
4. The method of claim 1 wherein each of said satellite signals
occupies a particular frequency band about a carrier of a first
frequency, and the accepted commingled signal is a version of said
transmitted satellite signals as received by said supplicant system
at said particular time that occupies a frequency band that is
substantially the same width as said particular frequency band, but
shifted to a second carrier of a frequency that is significantly
lower than said first frequency.
5. The method of claim 4 wherein the second frequency of said
down-shifted carrier is close to zero.
6. The method of claim 1 wherein an indication of said one or more
particular time intervals is received by the server from the
supplicant system.
7. The method of claim 1 further comprising receiving an assertion
regarding terrestrial position of said supplicant system, and said
determining reaches a conclusion, based on the determined
terrestrial locus, whether the assertion is to be confirmed.
8. The method of claim 7 further comprising acting on said
conclusion.
9. The method of claim 8 where said acting comprises sending said
conclusion to a remote apparatus.
10. An arrangement employed in conjunction with a system of
earth-orbiting satellites in which each satellite transmits a
global positioning system signal containing data that is encoded
using a first code, which is publicly known, and that is also
encoded using a second code, which is not known to said server,
comprising: a communications module for accepting a commingled
signal transmitted from a terrestrial supplicant system over a
communications channel, the commingled signal being a
frequency-shifted version of a superposition of a plurality of the
GPS signals transmitted from respective ones of the satellites, as
received by said supplicant system during particular one or more
time intervals, the signals in said superposition including said
first code and said second code; a receiver in a server of said
arrangement for receiving said plurality of the GPS signals for
said particular one or more time intervals; a processor in said
server for developing processed signals that correspond to the
signals received by said server, wherein said processed signals
contain said first code and said second code; memory in said server
for storing said processed signals; and a computation module for
determining terrestrial locus of the supplicant system based on
knowledge of the terrestrial location of the server and results of
a correlation between a first signal that is a version of the
accepted commingled signal, and a second signal that is obtained
from said memory.
11. The arrangement of claim 10 further comprising an antenna
arrangement coupled to said receiver, where the antenna arrangement
is constructed to enable it being directed to respond well to
signals from certain spatial directions and to not respond well to
signals from other spatial directions.
12. The arrangement of claim 10 where said communication module is
within said server.
13. The arrangement of claim 10 wherein said communication modules
and said computation module are within said server.
14. The arrangement of claim 13 further comprising a remote client
apparatus to which said computation module sends information.
15. The arrangement of claim 10 further comprising a client
apparatus that is remote to said server, and said computation
modules is within said client apparatus.
16. The arrangement of claim 10 where said computation module
reaches a conclusion, based on a received assertion regarding
terrestrial position of said supplicant system, and said determined
terrestrial locus, whether the assertion is to be confirmed.
Description
[0001] This application is a continuation of U.S. patent
application Ser. No. 12/012,470, file Feb. 2, 2008.
BACKGROUND OF THE INVENTION
[0002] This invention relates to global positioning, and more
particularly to the issue of confidence that a user has in global
positioning information that equipment may provide. In the context
of this disclosure, global positioning encompasses the absolute
geo-location as well are the relative location of one object
relative to another object.
[0003] There are numerous electronic ways by which global
positioning may be provided. Some are terrestrial, and some are
based on satellites. A satellite system that currently is most
commonly used is the Global Positioning System (GPS), and it is
quite well known in the sense that many people have GPS receivers
that assist them in determining their physical location. GPS uses a
collection of satellites that are arranged to orbit the Earth so
that at least four satellites are always within the reception range
of a receiver, at any point on the globe. One of the signals that
the satellites transmit is a signal at frequency L1, which is used
as a carrier to modulate a data signal that is itself modulated
with a Code Division Multiple Access (CDMA) code, commonly referred
to as the C/A code. The CDMA code that is used by each satellite is
unique to the satellite, but it is publicly known, which allows the
receiver to discriminate, or detect, the individual signal of each
of the satellites in the presence of signals from the other
satellites and in the presence of noise. Actually, each satellite
transmits at least one other signal, employing the same carrier
frequency that is shifted 90 degrees. This second signal is
modulated by another code, known as the P(Y) code. The P(Y) code is
either the P, which is publicly known, or the encrypted Y code.
Today, all satellites use the Y code and, consequently, the
resulting transmitted signal that is encoded with the Y code cannot
be used by anyone other than those who have the decryption
algorithm and the key. Each satellite transmits yet another signal,
on frequency L2, but the disclosure herein focuses on frequency L1
only. It should be understood that the principles disclosed herein
apply to L1, L2, or any of the new frequencies that are planned for
satellite navigation.
[0004] Because the invention that is disclosed herein is
illustrated by way of an example that is based on the pervasive GPS
system, the following gives an abbreviated review of the GPS
signals and the processing that takes place in a conventional GPS
receiver. It should be kept in mind that the deficiency in the GPS
system that is mentioned later is found in all other non-encrypted
systems, and that the applicability of the invention disclosed
herein extends beyond the GPS system. It should be kept in mind,
therefore, that terms referring to global positioning (without
initial letters being capitalized) refer to the terms generically,
and not necessarily solely to GPS.
[0005] A conventional GPS receiver, shown in FIG. 1, simultaneously
receives a number of satellite signals on frequency L1, where the
signal transmitted by satellite n can be expressed as
S.sub.transmitted=A.sup.nD.sup.n(t)x.sub.C/A.sup.n(t)cos(2.pi.(f.sub.L1)-
t+.phi..sub.1+B.sup.nD.sup.n(t)x.sub.Y.sup.n(t)sin(2.pi.(f.sub.L1)t+.phi..-
sub.1) (1)
where D.sup.n(t) is the data signal, x.sub.C/A.sup.n(t) is the C/A
code signal assigned to satellite n, f.sub.L1 is the frequency of
the carrier, and .phi..sub.1 is the phase of the carrier relative
to the beginning of the data and code signals.
[0006] A GPS receiver can engage in the processing of signals as if
all of the possible satellites are present but, of course, some of
the satellites are not within range of the GPS receiver's antenna
so the processing results for those satellites are not viable. The
following analysis follows the signal of only one satellite and,
for sake of simplicity, superscript n is omitted from the
equations, and the C/A subscript is shortened to C.
[0007] The transmitted signal is subjected to transit time delay to
the receiver, .tau., and the signal that is received by a
receiver's antenna experiences a Doppler frequency shift, f.sub.D,
due to the satellite's movement in its orbit and possible receiver
motion. Also, the transmitter and the receiver do not have a common
clock, which means that even when the transmitter and the receiver
clocks are at identical frequency, there is, nevertheless, a phase
difference between them. Thus, the received signal thus can be
expressed as
S.sub.received=(AD(t-.tau.)x.sub.C(t-.tau.)cos(2.pi.(f.sub.L1+f.sub.D)(t-
-.tau.)+.phi..sub.1)+BD(t-.tau.)x.sub.Y(t-.tau.)sin(2.pi.(f.sub.L1+f.sub.D-
)(t-.tau.)+.phi..sub.1) (2)
or simplified to
S.sub.received=(AD(t-.tau.)x.sub.C(t-.tau.)cos(2.pi.(f.sub.L1+f.sub.D)t+-
.phi..sub.1-.phi..sub.2)+BD(t-.tau.)x.sub.Y(t-.tau.)sin(2.pi.(f.sub.L1+f.s-
ub.D)t)+.phi..sub.1-.phi..sub.2) (3)
[0008] As shown in FIG. 1, the received signal is amplified in
element 10, conventionally downshifted to a preselected
intermediate frequency (IF) by multiplying the received signal in
element 12 by signal
sin(2.pi.(f.sub.L1-f.sub.IF)t+.phi..sub.3) (4)
and passing the resulting signal through low pass filter 15. The
signal of equation (4) is generated from reference oscillator 20 by
frequency synthesizer 22, where .phi..sub.3 is the phase of the
locally generated signal (relative to the beginning of the data and
code signals at the transmitting satellite which, of course, is
unknown). The result at the output of the low pass filter is
S.sub.downshifted=AD(t-.tau.)x.sub.C(t-.tau.)cos(2.pi.(f.sub.IF+f.sub.D)-
t+.phi..sub.1-.phi..sub.2-.phi..sub.3)+BD(t-.tau.)x.sub.Y(t-.tau.)sin(2.pi-
.(f.sub.IF+f.sub.D)t+.phi..sub.1-.phi..sub.2-.phi..sub.3) (5)
or simplified to
S.sub.downshifted=AD(t-.tau.)x.sub.C(t-.tau.)cos(2.pi.(f.sub.IF+f.sub.D)-
t+.theta..sub.1)+BD(t-.tau.)x.sub.Y(t-.tau.)sin(2.pi.(f.sub.IF+f.sub.D)t+.-
theta..sub.1). (6)
[0009] It may be noted that the above-described use of downshifting
by use of an IF modulator 12 and low pass filter 15 is
illustrative, and that the A/D can be connected directly to
amplifier 10 and controlled to generate a digital signal as if it
were downshifted as shown in FIG. 1.
[0010] The output signal of low pass filter 15 is digitized in A/D
converter 18 and applied to a combination of processor 100 and
associated memory 110 where the remainder of the processing takes
place.
[0011] The processing begins with a signal acquisition (software)
module that includes a code generator element and a carrier
generation module. The code generation module develops signal
x.sub.C(t-{circumflex over (.tau.)}), (7)
where {circumflex over (.tau.)} is an estimate of .tau., and the
carrier generator module creates two signals that may be viewed as
the phasor
.PSI.=cos 2.pi.(f.sub.IF+{circumflex over (f)}.sub.D)t+{circumflex
over (.theta.)}.sub.1)-i sin 2.pi.(f.sub.IF+{circumflex over
(f)}.sub.D)t+{circumflex over (.theta.)}.sub.1), (8)
where {circumflex over (f)}.sub.D is an estimate of the Doppler
frequency shift {circumflex over (f)}.sub.D, and {circumflex over
(.theta.)}.sub.1 is an estimate of the phase .theta..sub.1.
Multiplying the received (and downshifted) signal of equation (6)
by the code signal of equation (7) and the phasor of equation (8)
and then integrating the product over a preselected interval that
is long enough to reliably detect a correlation peak (for example,
more than one period of the C/A code) yields:
.intg.F.sub.C.PSI.
cos(2.pi.(f.sub.IF+f.sub.D)t+.theta..sub.1)]+.intg..PSI.
sin(2.pi.(f.sub.IF+f.sub.D)t+.theta..sub.1)] (9)
where
F.sub.C=AD(t-.tau.)x.sub.C(t-.tau.)x.sub.C(t-{circumflex over
(.tau.)}) and
F.sub.Y=BD(t-.tau.)x.sub.Y(t-.tau.)x.sub.Y(t-.tau.)x.sub.C(t-{circumf-
lex over (.tau.)}) (10)
Equation (9) expands to
S I + iS Q = .intg. F C { cos ( 2 .pi. ( f IF + f ^ D ) t + .theta.
^ 1 ) cos ( 2 .pi. ( f IF + f D ) t + .theta. 1 ) - i sin ( 2 .pi.
( f IF + f ^ D ) t + .theta. ^ 1 ) cos ( 2 .pi. ( f IF + f D ) t +
.theta. 1 ) } + .intg. F Y { cos ( 2 .pi. ( f IF + f ^ D ) t +
.theta. ^ 1 ) sin ( 2 .pi. ( f IF + f D ) t + .theta. 1 ) - i sin (
2 .pi. ( f IF + f ^ D ) t + .theta. ^ 1 ) sin ( 2 .pi. ( f IF + f D
) t + .theta. 1 ) } ( 11 ) ##EQU00001##
or to
S I + S Q = .intg. F C { cos ( 2 .pi. ( 2 f IF + f D + f ^ D ) t +
.theta. 1 + .theta. ^ 1 ) + cos ( 2 .pi. ( f D - f ^ D ) t +
.theta. 1 - .theta. ^ 1 ) - sin ( 2 .pi. ( 2 f IF + f D + f ^ D ) t
+ .theta. 1 + .theta. ^ 1 ) + sin ( 2 .pi. ( f D - f ^ D ) t +
.theta. 1 - .theta. ^ 1 ) } + .intg. F Y { sin ( 2 .pi. ( 2 f IF +
f D + f ^ D ) t + .theta. 1 + .theta. ^ 1 ) + sin ( 2 .pi. ( f D -
f ^ D ) t + .theta. 1 - .theta. ^ 1 ) + cos ( 2 .pi. ( 2 f IF + f D
+ f ^ D ) t + .theta. 1 + .theta. ^ 1 ) - cos ( 2 .pi. ( f D - f ^
D ) t + .theta. 1 - .theta. ^ 1 ) } . ( 12 ) ##EQU00002##
Since, as indicated above,
F.sub.Y=BD(t-.tau.)x.sub.Y(t-.tau.)x.sub.C(t-{circumflex over
(.tau.)}), (t (13)
and the C/A code is orthogonal to the Y code, the second integral
of equation (12) yields zero. Also, the integration acts like a low
pass filter that discards the high frequency signals of cos
2.pi.(2f.sub.IF+f.sub.D+{circumflex over (f)}.sub.D)t and sin
2.pi.(2f.sub.IF+f.sub.D+{circumflex over (f)}.sub.D)t, leaving
S I + iS Q = .intg. F C { + cos ( 2 .pi. ( f D - f ^ D ) t +
.theta. 1 - .theta. ^ 1 ) + i sin ( 2 .pi. ( f D - f ^ D ) t +
.theta. 1 - .theta. ^ 1 ) } . ( 14 ) ##EQU00003##
It can be demonstrated that S.sub.I.sup.2+S.sub.Q.sup.2 equals
S I 2 + S Q 2 = ( .intg. F C cos ( 2 .pi. ( f D - f ^ D ) t +
.theta. 1 - .theta. ^ 1 ) ) 2 + ( .intg. F C cos ( 2 .pi. ( f D - f
^ D ) t + .theta. 1 - .theta. ^ 1 ) ) 2 = ( .intg. F C cos 2 .pi. (
f D - f ^ D ) t ) 2 + ( .intg. F C sin 2 .pi. ( f D - f ^ D ) t ) 2
( 15 ) ##EQU00004##
which is independent of (.theta..sub.1-{circumflex over
(.theta.)}.sub.1). It can be also demonstrated that good estimates
for {circumflex over (.tau.)}, and f.sub.D are attained when code
generation module is adjusted as to introduce a delay, {circumflex
over (.tau.)}, and the carrier generator module is adjusted as to
the introduced {circumflex over (f)}.sub.D so as to maximize
S.sub.I.sup.2+S.sub.Q.sup.2.
[0012] For the more visually inclined reader, FIG. 2 shows a
diagrammatic representation of the processing that takes place in
the acquisition module.
[0013] The task of the acquisition module is to come up with a
first-cut approximation of the delay and the Doppler frequency
shift. A refinement of the approximations takes place in a tracking
module, whose function is to both refine the estimates and track
the changes in .tau., f.sub.D and .theta..sub.1 as conditions
change, and whose diagrammatic representation is shown in FIG.
3.
[0014] The tracking module contains a phase lock loop comprising
multiplier 31 that multiplies the S.sub.downshifted signal of
equation (6) by the phasor of equation (8) provided by numerically
controlled oscillator (carrier NCO) 32. The output of multiplier 31
is multiplied in multiplier 33 by the code signal obtained from
code generator 38. The output of multiplier 33 is integrated in
module 34 and applied to discriminator 35, which develops a carrier
error signal (.theta..sub.1-{circumflex over (.theta.)}) that
controls the frequency of the carrier NCO.
[0015] The output of multiplier 31 is also applied to multiplier
36, where it is multiplied by the code signal that is generated by
element 38, but delayed by half of the duration of code C/A chip;
i.e.,
x.sub.C(t-{circumflex over (.tau.)}-T.sub.C/2), (16)
and to multiplier 37, where it is multiplied by the code signal
that is generated by element 38, but advanced by half of the
duration of code C/A chip; i.e.,
x.sub.C(t-{circumflex over (.tau.)}+T.sub.C/2). (17)
The outputs of multipliers 36 and 37 are integrated in elements 41
and 42, respectively, and applied to discriminator 39 which
develops a delay error signal (.tau.-{circumflex over (.tau.)})
that is applied to code generator 38, controlling the frequency of
the clock that generates the code.
[0016] While in both elements 32 and 38 the frequency of a clock is
controlled by the respective discriminators, the result is that the
generated carrier frequency phasor that is applied to multiplier 31
is in the form
cos(2.pi.(f.sub.IF+{circumflex over (f)}.sub.D)t+{circumflex over
(.theta.)}.sub.1)-i sin(2.pi.(f.sub.IF+{circumflex over
(f)}.sub.D)t+{circumflex over (.theta.)}.sub.1) (18)
with the approximations {circumflex over (f)}.sub.D and {circumflex
over (.theta.)}.sub.1 tracking closely the f.sub.D and
.theta..sub.1 of equation (6), and the generated code
x.sub.C(t-{circumflex over (.tau.)}) (19)
has a {circumflex over (.tau.)} that is a close estimate of
.tau..
[0017] The code and the carrier measurement are applied to
subsequent modules (not shown) that decode the navigation message,
determine satellite ephemeris, and compute the pseudo-range, and
with corresponding pseudo-ranges obtained by processing other
satellites, the physical location of the receiver is computed
(through quadralateration) and displayed.
[0018] All of the above is conventional, and the reader is invited
to peruse the book "Global Positioning System" by Misra and Enge,
Ganga-Jamuna Press, 2006 for further details. In general, the GPS
literature is enormous. It describes alternate implementation to
the above, where, for example, the code and carrier removal
processes described by equations (7), (8) and (9) are done in
different order. It also describes implementations that use
correlator spacings other than those chosen in equations (16) and
(17). The literature is also replete with discriminator strategies
that differ from the simple "early minus late" strategy described
here.
[0019] In commercial applications the C/A code is publicly known
and, consequently, GPS receivers are vulnerable to spoofing. A
hostile party can generate a facsimile of one or more satellite
signals that carry incorrect information, and a GPS receiver that
accepts the bogus signals will compute an incorrect position and,
in fact, may be caused to compute a position that the hostile party
wishes to have the receiver compute. However, spoofing is not a
problem for those who are able to use the Y code because this code
is not publicly known, so a hostile party cannot create a signal
that appears bona fide. This problem is not unique to GPS
receivers, of course. It is endemic to all global positioning
systems that rely on insecure signals.
[0020] The primary object of this disclosure is to create a method
and a means for having confidence that a global position
computation, or an assertion based on a global position, is bona
fide.
[0021] Another object of this disclosure is a receiver that is
adapted to provide a signal that can be authenticated as to source
of the received signal, with the consequence of the authentication
of the source being that geographical position of the receiver is
also determined with certainty.
SUMMARY OF THE INVENTION
[0022] The above and other objectives are achieved, and an advance
in the art is realized with a receiver that receives a plurality of
signals that are modulated with a common carrier, where each signal
of said signals originates at a different source and experiences a
transit delay and Doppler frequency shift before reaching the
receiver, and where the transit delay and Doppler frequency shift
are related to position and movement of each of the respective
sources. In addition, the receiver includes means, such as a
directional antenna, to ensure that the received signals are bona
fide, or at least not subject to the same bogus signal or signals
to which a second receiver may be subjected. In one illustrative
embodiment, the receiver includes a port for outputting a
downshifted digital representation of the signal, or outputting a
signal that results from processing the received signal. In another
illustrative embodiment the receiver includes a port for receiving
signals from that second receiver, and processes the signals for
the receiver with the signals of the second receiver to reach a
conclusion about the bona fide of the signals of the second
receiver.
BRIEF DESCRIPTION OF THE DRAWING
[0023] FIG. 1 is a block diagram of a GPS receiver;
[0024] FIG. 2 is a block diagram illustrating the processing
performed in an acquisition module of a GPS receiver;
[0025] FIG. 3 is a block diagram illustrating the processing
performed in a tracking module of a GPS receiver;
[0026] FIG. 4 depicts an arrangement where a first GPS receiving
unit that is constructed in accord with the principles disclosed
herein and which is embedded in a portable computer of an employee
is communicating to a second GPS receiving unit that is
correspondingly constructed in accord with the principles disclosed
herein in a gateway to an employer's data network;
[0027] FIG. 5 illustrates the processing within the second GPS
receiver when the first receiver obtains good estimates of transit
delay, Doppler frequency shift and carrier phase shift, and
provides a signal to the second GPS receiver with carrier wipeoff
already carried out;
[0028] FIG. 6 illustrates the processing within the second GPS
receiver when the first receiver obtains good estimates of transit
delay, Doppler frequency shift and carrier phase shift, and
provides to the second GPS receiver a the raw signal that contains
information about all satellites whose signals are received by the
first GPS receiver, and the transit delay, Doppler frequency shift
and carrier phase shift estimates of all of those satellites;
[0029] FIG. 7 illustrates the processing within the second GPS
receiver when the signal that the first GPS receiver sends is the
raw signal only; and
[0030] FIG. 8 presents an illustrative example of a three party
embodiment of this invention, involving a supplicant, a resource,
and an authentication authority.
DETAILED DESCRIPTION
[0031] An important realization that is disclosed herein is that
given a signal from a source that comprises a secure, though
unknown, component and a corresponding known but not secure
component, where both the known and unknown components are
similarly affected by physical conditions and those effects are
computed for the known component, it is possible to authenticate
the known component by using a second signal that is a changed
version of the signal from the source--where either the second
signal or the given signal is known to be bona fide--through use of
the unknown components of the given signal and of the second
signal.
[0032] The following applies this insight to the problem where the
source is one or more satellites that output signals which are used
for various purposes, including global positioning; and more
particularly to the aforementioned problem in the context of the
Global Positioning System. It should be understood, however, that
the principles disclosed herein are not limited to the illustrative
embodiment presented below.
[0033] FIG. 4 represents one illustrative embodiment of the
invention disclosed herein, where unit 201 is a GPS receiver that
is modified in accord with the principles disclosed herein and
which, illustratively, is embedded in portable computer 200 of an
employee. For security reasons, the employer of this employee
wishes to preclude access by that portable computer relative to at
least some of the employer's resources (e.g., files pertaining to
some project) unless that portable computer is at one of the
employer's numerous locations. Therefore the employer installs unit
301 in gateway 300, which is the point of entry to the employer's
data network of the employer, and unit 301 is a GPS receiver that
is also modified in accord with the principles disclosed herein.
For the illustrative example of FIG. 4, it is presumed that the
employer is satisfied that receiver 301 receives bona fide
satellite signals.
[0034] In addition to units 201 and 301, FIG. 4 includes a
communication link 30 by which communication can flow between units
201 and 301. For purposes of the global location authentication
that is described below, the communication link does not need to be
secure. It is expected, however, that in some applications this
link will need to be secure; for example, where this communication
link is also used to send back authorizations.
[0035] Unit 201 receives the signals from a number of satellites
and processes them as described above to compute the global
position of unit 201 based on the received signals. In the course
of processing the signal of satellite n, the signal of equation
(12) is developed, and as part of developing this signal unit 201
creates a signal that corresponds to the received (and downshifted)
signal of equation (6) multiplied by the phasor of equation (8).
That is, unit 201 creates the signal (downshifted, carrier wipeoff
relative to satellite n, but not C/A code wipeoff):
A A D A ( t - .tau. A ) x C A ( t - .tau. A ) { cos ( 2 .pi. ( 2 f
IF + f D A + f ^ D A ) t + .theta. 1 A + .theta. ^ 1 A ) + cos ( 2
.pi. ( f D A - f ^ D A ) t + .theta. 1 A - .theta. ^ 1 A ) - i sin
( 2 .pi. ( 2 f IF + f D A + f ^ D A ) t + .theta. 1 A + .theta. ^ 1
A ) + i sin ( 2 .pi. ( f D A - f ^ D A ) t + .theta. 1 A - .theta.
^ 1 A ) } + B A D A ( t - .tau. A ) x Y A ( t - .tau. A ) { sin ( 2
.pi. ( 2 f IF + f D A + f ^ D A ) t + .theta. 1 A + .theta. ^ 1 A )
+ sin ( 2 .pi. ( f D A - f ^ D A ) t + .theta. 1 A - .theta. ^ 1 A
) + i cos ( 2 .pi. ( 2 f IF + f D A + f ^ D A ) t + .theta. 1 A +
.theta. ^ 1 A ) - i cos ( 2 .pi. ( f D A - f ^ D A ) t + .theta. 1
A - .theta. ^ 1 A ) } . ( 20 ) ##EQU00005##
where the superscript A designates the signal of unit 201.
[0036] A low pass filter discards the terms with frequency on the
order of 2.pi.f.sub.IF, leaving
A A D A ( t - .tau. A ) x C A ( t - .tau. A ) { cos ( 2 .pi. ( f D
A - f ^ D A ) t + .theta. 1 A - .theta. ^ 1 A ) + i sin ( 2 .pi. (
f D A - f ^ D A ) t + .theta. 1 A - .theta. ^ 1 A ) } + B A D A ( t
- .tau. A ) x Y A ( t - .tau. A ) { sin ( 2 .pi. ( f D A - f ^ D A
) t + .theta. 1 A - .theta. ^ 1 A ) - i cos ( 2 .pi. ( f D A - f ^
D A ) t + .theta. 1 A - .theta. ^ 1 A ) } ( 21 ) ##EQU00006##
which can be written as
S.sub.I.sup.A+iS.sub.Q.sup.A (22)
where
S.sub.I.sup.A=A.sup.AD.sup.A(t-.tau..sup.A)x.sub.C.sup.A(t-.tau..sup.A)c-
os(2.pi.(f.sub.D.sup.A-{circumflex over
(f)}.sub.D.sup.A)t+.theta..sub.1.sup.A-{circumflex over
(.theta.)}.sub.1.sup.A)+B.sup.AD.sup.A(t-.tau..sup.A)x.sub.Y.sup.A(t-.tau-
..sup.A)sin(2.pi.(f.sub.D.sup.A-{circumflex over
(f)}.sub.D.sup.A)t+.theta..sub.1.sup.A)t+.theta..sub.1.sup.A-{circumflex
over (.theta.)}.sub.1.sup.A) (23)
and
S.sub.Q.sup.A=A.sup.AD.sup.A(t-.tau..sup.A)x.sub.C.sup.A(t-.tau..sup.A)s-
in(2.pi.(f.sub.D.sup.A-{circumflex over
(f)}.sub.D.sup.A)t+.theta..sub.1.sup.A-{circumflex over
(.theta.)}.sub.1.sup.A)-B.sup.AD.sup.A(t-.tau..sup.A)x.sub.Y.sup.A(t-.tau-
..sup.A)cos(2.pi.(f.sub.D.sup.A-{circumflex over
(f)}.sub.D.sup.A)t+.theta..sub.1.sup.A)t+.theta..sub.1.sup.A-{circumflex
over (.theta.)}.sub.1.sup.A) (24)
Approach A
[0037] In accordance with a first approach, unit 201 sends the
quadrature signal of equation (24) to unit 301 over link 30,
together with identification of the satellite whose signal the sent
signal represents.
[0038] Unit 301 develops a similar signal; that is,
S.sub.Q.sup.B=A.sup.BD.sup.B(t-.tau..sup.Bx.sub.C.sup.B(t-.tau..sup.B(t--
.tau..sup.B)sin(2.pi.(f.sub.D.sup.B-{circumflex over
(f)}.sub.D.sup.B)t+.theta..sub.1.sup.B-{circumflex over
(.theta.)}.sub.1.sup.B)-B.sup.BD.sup.B(t-.tau..sup.B)x.sub.Y.sup.B(t-.tau-
..sup.B)cos(2.pi.(f.sub.D.sup.B-{circumflex over
(f)}.sub.D.sup.B)t+.theta..sub.1.sup.B-{circumflex over
(.theta.)}.sub.1.sup.B). (25)
[0039] The transit time from a satellite to unit 201, .tau..sup.A,
is different from the transit time from the same satellite to unit
301, .tau..sup.B, so in accord with the first approach, the signal
received from unit 201 is delayed by .delta., where .delta. may be
a positive or negative quantity, and a product of the signals
S.sub.Q.sup.A(delayed) and S.sub.Q.sup.B is integrated; i.e.,
S = .intg. [ S Q A ( delayed ) .times. S Q B ] = [ { A A D A ( t -
.tau. A - .delta. ) x C A ( t - .tau. A - .delta. ) sin ( 2 .pi. (
f D A - f ^ D A ) ( t - .delta. ) + .theta. 1 A - .theta. ^ 1 A ) -
B A D A ( t - .tau. A - .delta. ) x Y A ( t - .tau. A - .delta. )
cos ( 2 .pi. ( f D A - f ^ D A ) t + .theta. 1 A - .theta. ^ 1 A )
} .times. { A B D B ( t - .tau. B ) x C B ( t - .tau. B ) sin ( 2
.pi. ( f D B - f ^ D B ) t + .theta. 1 B - .theta. ^ 1 B ) - B B D
B ( t - .tau. B ) x Y B ( t - .tau. B ) cos ( 2 .pi. ( f D B - f ^
D B ) t + .theta. 1 B - .theta. ^ 1 B ) } ] ( 26 ) ##EQU00007##
which can be written in more manageable form as
S=.intg.[XU-YU-XW+YW] (27)
where
X=A.sup.AD.sup.A(t-.tau..sup.A-.delta.)x.sub.C.sup.A(t-.tau..sup.A-.delt-
a.)sin(2.pi.(f.sub.D.sup.A-{circumflex over
(f)}.sub.D.sup.A)t+.theta..sub.1.sup.A-{circumflex over
(.theta.)}.sub.1.sup.A) (28)
Y=B.sup.AD.sup.A(t-.tau..sup.A-.delta.)x.sub.Y.sup.A(t-.tau..sup.A-.delt-
a.)cos(2.pi.(f.sub.D.sup.A-{circumflex over
(f)}.sub.D.sup.A)t+.theta..sub.1.sup.A-{circumflex over
(.theta.)}.sub.1.sup.A) (29)
U=A.sup.BD.sup.B(t-.tau..sup.B)x.sub.C.sup.B(t-.tau..sup.B)sin(2.pi.(f.s-
ub.D.sup.B-{circumflex over
(f)}.sub.D.sup.B)t+.theta..sub.1.sup.B-{circumflex over
(.theta.)}.sub.1.sup.B) (30)
and
W=B.sup.BD.sup.B(t-.tau..sup.B)x.sub.Y.sup.B(t-.tau..sup.B)cos(2.pi.(f.s-
ub.B.sup.B-{circumflex over
(f)}.sub.D.sup.B)t+.theta..sub.1.sup.B-{circumflex over
(.theta.)}.sub.1.sup.B). (31)
[0040] As indicated above, the estimates of .tau..sup.A,
{circumflex over (f)}.sub.D.sup.A, and {circumflex over
(.theta.)}.sub.1.sup.A, are quite good, and so are the estimates of
.tau..sup.B, {circumflex over (f)}.sub.D.sup.B, and {circumflex
over (.theta.)}.sub.1.sup.b. Given accurate information about the
phase shifts, unit 301 can perform coherent demodulation.
Consequently, over the integration interval that needs to be
employed for equation (26), the sin( ) terms can be replaced with 0
(i.e., X=U=0), and the cos( ) terms can be replaced with their
respective coefficients. This leads to
S=B.sup.AB.sup.B.intg.D.sup.A(t-.tau..sup.A-.delta.)D.sup.B(t-.tau..sup.-
B)x.sub.Y.sup.A(t-.tau..sup.A-.delta.)x.sub.Y.sup.B(t-.tau..sup.B).
(32)
Clearly, when the signal of unit 301 is bona fide and,
therefore,
[0041] x.sub.Y.sup.B(t-.tau..sup.B) is equal to
x.sub.Y.sup.At-.tau..sup.A),
[0042] D.sup.A(t-.tau..sup.A) is equal to D.sup.B(t-.tau..sup.B),
and
[0043] (D.sup.B(t-.tau..sup.B)).sup.2=1, because the message
signal, D, can only have .+-.1 values. Thus, the value of S in
equation (32) is maximum when .delta.=.tau..sup.B-.tau..sup.A;
i.e.,
S=B.sup.AB.sup.B, (33)
[0044] Thus, without knowing the Y code signal x.sub.y (t-.tau.),
the arrangement of FIG. 4 executes a method that recognizes--by the
value of S for different values of .delta.--when a signal that is
received by unit 201 and a signal that is received by unit 301
originate from a given source that outputs a signal that is
modulated with a signal x.sub.y(t-.tau.), when that is the case;
and conversely, recognizes when one of the signals is not from the
given source.
[0045] One can appreciate that the receiver shown in FIG. 1
includes processor 100 and memory 110 that operate on digital
signals and, therefore, can be implemented in a programmed general
purpose processor. Similarly, unit 201 can include hardware
elements that correspond to elements 10, 12, 15, 18, 20 and 22, and
employ the computing power of portable computer 200 to carry out
the various calculations disclosed above, which in the FIG. 1
embodiment would be performed in element 100 and its associated
memory 110. The software that is necessary in unit 201 to augment
the conventional receiver advantageously implements a filter to
develop the signal of equation (24) from the signal of equation
(20), and a module for sending to line 30 the signal of equation
(24), and the identity of the satellite whose signal is represented
by the sent signal. This extremely modest addition to the software
is quite simple, which a skilled artisan can create without undue
experimentation in any one of a number of techniques that are well
known in the art.
[0046] The modification to the GPS receiver in unit 301 is somewhat
greater than in unit 201, but still quite simple to implement in a
programmed general purpose processor (which may be part of the
processor that gateway 200 employs). FIG. 5 diagrammatically shows
unit 301 to include a port to receive the signal sent by unit 201,
a delay unit 21 that is responsive to the equation (25) signal, and
a correlation module 25 that is responsive to the delayed signal at
the output of delay unit 21 and to the signal of equation (25) that
is extracted from the signals that the conventional GPS receiver
creates in the course of determining its global position.
[0047] The correlation unit computes the integral of equation (26)
with function S=function A( ), and provides the developed value S
to controller module 23. The correlation function provides an
indication of the degree to which signal A, with some delay, is the
same as signal B. When they are indeed the same, then the
correlation outputs a high value, or a peak. Bogus signals, even
when they are somewhat similar to the authentic signal, will result
in lower correlation value regardless of what delay is chosen. One
simple way, therefore, is to compare the strongest correlation peak
to the next strongest peak. This is illustrated by the following
function that module 23 executes:
TABLE-US-00001 for .delta. (-N,+N,.sub..DELTA.N) do Call S=function
A(.delta.) If S > S.sub.highWaterMark then { S.sub.nextHighest =
S.sub.highWaterMark S.sub.highWaterMark = S } Done if
(S.sub.highWaterMark / S.sub.nextHighest) > Threshold then
output "OK" else output "NOT OK" end if
where N is greater than the expected delay difference
(.tau..sup.B-.tau..sup.A) and .DELTA.N is the increment that a
designer might choose to employ in seeking the maximum in the
correlation function of equation (26). Of course, if unit 201 were
to send the value of {circumflex over (.tau.)}.sup.B along with the
signal of equation (24) then the range of N can be reduced
significantly because it would be expected to find a maximum at
.delta.=0.
[0048] It should be noted that the above is just one embodiment of
the test that is performed on the correlation results. It may be
noted, for example, that in embodiments that employ high sampling
rates several large peaks may appear, but those peak are artifacts,
and in such embodiments other tests are typically employed that
factor in the sampling rate (as related to .DELTA.N) and the
relative position of the peaks, to determine which points to
compare for the threshold.
[0049] It is recognized that in order to compute a global position,
the signal of more than one satellite must be used. Therefore,
authenticating the signal of one satellite, as disclosed above,
does not, ipso facto, guarantee that unit 201 is not impacted by a
bogus signal relative to the signal of another satellite that it is
using for its global position computations. If it is so impacted,
then one cannot trust its assertion regarding its global position.
However, time can be divided into fairly long-duration frames, and
during each frame a different one of the signals that unit 201
employs can be sent to unit 301 for authentication. If all of the
signals are authenticated, then one can trust that the position
asserted by unit 201 is valid in the sense that it has not been
compromised by a hostile party causing it to receive bogus
signals.
[0050] It should also be noted that the location can be computed
using more than the minimum number of satellites (4 satellites to
compute latitude, longitude, elevation and GPS time) and that not
all of the satellite signals need to be authenticated. Having a
majority of the signals authenticated can be used to test the
consistency of non-authenticated signals, provided that the
location estimate reported by unit 201 agrees with the location
estimate developed using a subset of authenticated satellites.
[0051] Once confidence is gained about the signals provided by unit
201 that are used to compute a global position of unit 201 then one
can also have confidence in an identification of the global
position by unit 201 as asserted by unit 201. This assumes, of
course, that unit 201 does compute its global position (in a
completely conventional way) and reports its position to unit
301.
[0052] Alternatively, instead of trusting unit 201's assertion of
its position, it is possible to have unit 301 compute the position
of unit 201. This secure position determination is achieved by unit
201 sending the equation (24) signals of a number of satellites
that is necessary to compute a position. Noting that the 8
determined relative to a satellite informs of the transit delay
from the satellite to unit 201 (.tau..sup.B=.tau..sup.A+.delta.),
given a sufficient number of transit delays (combined with unit
301's global position and information about the satellites'
locations) the global position of unit 201 can be ascertained
through conventional calculations.
[0053] It may be appreciated that authenticating an asserted
position, or securely determining a position, does not need to be
done continually. At times the global position of unit 201 is
immaterial. At other times, one can assume that unit 201 has not
significantly wandered off the authenticated position. Therefore,
in many applications it is acceptable if unit 201 sends only a
signal segment, or snapshot, to unit 301. In other applications it
may be advisable to send a signal snapshot on some regular
basis.
[0054] It should be appreciated that the FIG. 4 arrangement where
unit 201 is within computer 200 and utilizes the computing power
that is otherwise available in the computer is merely illustrative.
Unit 201 may have the full computing capabilities within itself
(note the processor in unit 201), and it may be a stand-alone item,
an item that is pluggable into a device such as portable 200, or it
may be permanently (or semi-permanently) attached to an article and
so transported from place to place; e.g., attached to a shipping
container.
[0055] It should also be appreciated that unit 201 may contain a
memory for storing one or more signal segments (raw, or processed),
and the stored information may be communicated to unit 301 at some
later time (i.e., a non-real time operation) by relatively direct
connection; that is, without the use of a communication network
that is shown in FIG. 4. The transfer of information may be
initiated by a push-button switch in unit 201 (not explicitly shown
in FIG. 4), by an electronic instruction from unit 301, by
physically transferring the memory from unit 203 (see FIG. 7) to an
appropriate connector on unit 301, or by some other conventional
means.
[0056] The above discloses an arrangement where unit 201 sends to
unit 301 the signal of equation (24), which is the signal after
carrier wipeoff relative to satellite n. When sending the signals
of M satellites, M such signals need to be sent. There are
certainly applications where this is acceptable but if the M
signals need to be sent concurrently, then the bandwidth of path 30
must be M times greater than the bandwidth required to send one
signal.
[0057] In an alternative embodiment, shown in FIG. 6, rather than
sending quadrature channel signal as described above, unit 201
sends to unit 302 the raw data and also sends the computed Doppler
frequency and carrier phase estimates for at least each of the
satellites that is used in computing its global position. The
difference between unit 301 and 302 is that in unit 302 the raw
data and the estimates are processed in processor 24 to develop the
quadrature channel signal of equation (24). The bandwidth
requirement (for sending the signal from unit 201 to unit 301) is
essentially unchanged from the bandwidth needed for one satellite
signal.
[0058] In some applications a small size for the device (unit 200
in FIG. 4) may be more important than the ability of the device to
know its own global position. Indeed, in some applications it may
be totally unimportant for the GPS receiver to know its location
but, rather, it may suffice for the other receiver (e.g., unit 301
in FIG. 4) to know where unit 200 is, or has been. In other words,
there are applications where it may not be necessary for the GPS
receiver do the processing that is associated determining its
global position. To that end, unit 203 (FIG. 7) needs to merely
send its raw signal to receiver 303 (FIG. 7), or record signal
segments internally for future delivery to unit 303.
Approach B
[0059] FIG. 7 depicts an arrangement with the GPS receiver 203 that
is optionally devoid of the processing that involves carrier
wipeoff and code wipeoff. The receiver, 203, only downshifts the
received signal and sends this raw data to receiver 303 (without
any delay, Doppler shift, or phase estimates), together, perhaps
with some general information about its presumed (or asserted)
location. The raw data might be sent immediately, or stored in a
local memory, and sent at a later time. In other words, the signal
that is provided to receiver 303 by receiver 203 is:
S.sub.downshifted.sup.A=A.sup.AD.sup.A(t-.tau..sup.A)x.sub.C.sup.A(t-.ta-
u..sup.A)cos(2.pi.(f.sub.IF-f.sub.D.sup.A)t+.theta..sub.1.sup.A)+BD(t-.tau-
..sub.A)x.sub.Y.sup.A(t-.tau..sup.A)sin(2.pi.(f.sub.IF+f.sub.D.sup.A)t+.th-
eta..sub.1.sup.A) (34)
and a rough location information which, from satellite orbit tables
that are publicly known, an estimate {circumflex over
(f)}.sub.D.sup.A is obtained. The rough information may be in the
form of an assertion as to the location of receiver 203. It is
recognized that no information is available about the value of
.theta..sup.A, and that the estimate {circumflex over
(f)}.sub.D.sup.A is likely to be inaccurate but it is nevertheless
helpful, as is demonstrated below. Absent information about
.theta..sup.A, processor 24 executes non-coherent demodulation and
multiplies the incoming signal by
cos 2.pi.(f.sub.IF+{circumflex over (f)}.sub.D.sup.A)t+i sin
2.pi.(f.sub.IF+{circumflex over (f)}.sub.D.sup.A)t (35)
to result in
A A D A ( t - .tau. A ) x C A ( t - .tau. A ) { cos ( 2 .pi. ( 2 f
IF + f D A + f ^ D A ) t + .theta. 1 A ) + cos ( 2 .pi. ( f D A - f
^ D A ) t + .theta. 1 A ) - i sin ( 2 .pi. ( 2 f IF + f D A + f ^ D
A ) t + .theta. 1 A ) + i sin ( 2 .pi. ( f D A - f ^ D A ) t +
.theta. 1 A ) } + B A D A ( t - .tau. A ) x Y A ( t - .tau. A ) {
sin ( 2 .pi. ( 2 f IF + f D A + f ^ D A ) t + .theta. 1 A ) + sin (
2 .pi. ( f D A - f ^ D A ) t + .theta. 1 A ) + i cos ( 2 .pi. ( 2 f
IF + f D A + f ^ D A ) t + .theta. 1 A ) - i cos ( 2 .pi. ( f D A -
f ^ D A ) t + .theta. 1 A ) } ( 36 ) ##EQU00008##
and recognizing that a later integration operation operates as a
low pass filter that discards the signal components that include
the 2f.sub.IF, frequency, equation (34) can be simplified to
S.sub.I.sup.A+S.sub.Q.sup.A=(W+X)+i(Y-Z) (37)
where
W=A.sup.AD.sup.A(t-.tau..sup.A)x.sub.C.sup.A(t-.tau..sup.A)cos(2.pi.(f.s-
ub.D.sup.A-{circumflex over (f)}.sub.D.sup.A)t+.theta..sub.1.sup.A)
(38)
X=B.sup.AD.sup.A(t-.tau..sup.A)x.sub.Y.sup.A(t-.tau..sup.A)sin(2.pi.(f.s-
ub.D.sup.A-{circumflex over (f)}.sub.D.sup.A)t+.theta..sub.1.sup.A)
(39)
Y=A.sup.AD.sup.A(t-.tau..sup.A)x.sub.C.sup.A(t-.tau..sup.A)sin(2.pi.(f.s-
ub.D.sup.A-{circumflex over (f)}.sub.D.sup.A)t+.theta..sub.1.sup.A)
(40)
and
Z=B.sup.AD.sup.A(t-.tau..sup.A)x.sub.Y.sup.A(t-.tau..sup.A)cos(2.pi.(f.s-
ub.D.sup.A-{circumflex over
(f)}.sub.D.sup.A)t+.theta..sub.1.sup.A). (41)
[0060] Delay element 21 of FIG. 7 introduces delay 8, and element
26 in the FIG. 7 embodiment executes the integration
S = ( .intg. S I A ( delayed ) .times. S Q B ) 2 + ( .intg. S Q A (
delayed ) .times. S Q B ) 2 . ( 42 ) ##EQU00009##
[0061] Noting that equation (25) specifies S.sub.Q.sup.B, which can
be expressed by
S.sub.Q.sup.B=U+V
where
U=A.sup.BD.sup.B(t-.tau..sup.B)x.sub.C.sup.B(t-{circumflex over
(.tau.)}.sup.B)sin(2.pi.(f.sub.D.sup.B-{circumflex over
(f)}.sub.D.sup.B)t+.theta..sub.1.sup.B-{circumflex over
(.theta.)}.sub.1.sup.B) (43)
and
V=-B.sup.BD.sup.B(t-.tau..sup.B)x.sub.Y.sup.B(t-{circumflex over
(.tau.)}.sup.B)cos(2.pi.(f.sub.D.sup.B-{circumflex over
(f)}.sub.D.sup.B)t+.theta..sub.1.sup.B-{circumflex over
(.theta.)}.sub.1.sup.B), (44)
equation (42) can be expressed as
S = ( .intg. ( W ' U + W ' V + X ' U + X ' V ) ) 2 + ( .intg. ( Y '
U + Y ' V + Z ' U + Z ' V ) ) 2 ( 45 ) ##EQU00010##
where the primed variables (e.g., W) are the delayed version of the
unprimed variables (e.g., W).
[0062] A number of observations and approximations can be made that
reduce the complexity of equation (45). [0063] Since the
approximations of the Doppler frequency and carrier phase shift for
unit 303 signal are good, the U term can be replaced by 0, and the
cos( ) term in the V term can be replaced by 1. [0064] The W and
the Y terms have the x.sub.C.sup.A(t-.tau..sup.A) code signal
multiplier whereas the V term has the x.sub.Y.sup.B(t-{circumflex
over (.tau.)}.sup.B) code signal multiplier, and since the two
codes are orthogonal to each other, the contributions of the WV and
the YV terms to the integral is roughly 0 [0065] As indicated
above, the estimate {circumflex over (f)}.sub.D.sup.A is not
necessarily an accurate estimate, but even it if a rough estimate,
the resulting trigonometric function varies slowly relative to the
chip rate of the Y code, which allows the non-trigonometric factors
that are common to XV and ZV to be factored out, and then the sum
of squared sin( ) and cos( ) terms that remain can be replaced by
1.
[0066] The above allows reducing equation (45) to
S=B.sup.AB.sup.B.intg.D.sup.A(t-.tau..sup.A-.delta.)D.sup.B(t-.SIGMA..su-
p.B)x.sub.Y.sup.A(t-.tau..sub.A-.delta.)x.sub.Y.sup.B(t-{circumflex
over (.tau.)}.sup.B), (46)
so it is quite clear that the integration result exhibits a maximum
when .tau..sup.A+.delta.={circumflex over (.tau.)}.sup.B and the
code x.sub.Y.sup.A(t)=x.sub.Y.sup.B(t).
[0067] As before, controller 23 finds the delay 8 that provides the
peak value of S, and compares it to other values in order to
determine whether the signal send by unit 203 contains a bona fide
signal from that particular satellite for which the processing
operation of equation (46) was just executed.
[0068] Needless to say, Approaches A and B, described above, are
simply two preferred implementations and many variations exist. For
example, unit 201 could send C/A code information as well as Y code
information. In this case, unit 301 could determine the relative
timing, .delta.=.tau..sub.B-.tau..sup.A, for the C/A code as well
as the Y code and insist that they agree. Other variations exist.
Under Approach A, unit 201 performs code and carrier wipeoff and
unit 301 coherently demodulates the data. Under Approach B, unit
201 does not perform code or carrier wipeoff. Rather, it sends,
more primitive, downshifted data, and unit 301 performs
non-coherent demodulation. This pairing is mutable. In other words,
unit 201 could send downshifted data and unit 301 could perform
coherent demodulation.
[0069] The software with which one might wish to implement a
particular embodiment of the invention disclosed herein is fairly
simple to implement; though, of course, it takes time to create, as
all software does. Notwithstanding the fact that the software
needed to implement the invention disclosed herein is totally
straight forward and can be easily implemented without undue
experimentation by any person skilled in the art, to assist the
reader, an appendix is included herein of an actual embodiment.
[0070] The above illustrative embodiment has the first receiver in
a portable computer and the second receiver in gateway that is
remote from the portable computer. Perhaps it should be mentioned
explicitly that the assumption is that the signal received by
receiver 301 is not impacted by a bogus signal to which the
portable computer may be subjected. A mere physical separation,
when it is big enough so that the receivers are not subjected to
the signal of a given (bogus) source, tends to insure this
situation because a hostile party is not likely to be able to send
a bogus signal to portable 200 and to also send an appropriate
replica of the same bogus signal to receiver 301. Additionally,
receiver 301 can take steps to insure that this does not happen by,
for example, using antennas that are electronically directed to
respond well to signals only from certain directions (where the
satellites are expected to be) and to not respond well to signals
from other directions.
[0071] The above illustrative embodiment focuses on the processing
being done in gateway 300. This makes sense for the illustrative
embodiment, but it should be realized that other embodiments are
certainly possible where it may be desirable to perform the
processing in a moving unit that contains the receiver that outputs
signal A and which potentially is under electronic attack (e.g., an
airplane), for example, where the action in response to the
authentication takes place in moving unit and/or when there are so
many moving units that processing in the unit that generates signal
B might overload the capability of the processor that is available
at that location.
[0072] It should also be noted that the receiver that generates
signal B does not need to be stationary because, as indicated
above, mutual authentication is possible if the distance between
the two receivers is big enough so that the receivers are not
subjected to the signal of a given (bogus) source.
[0073] The above illustrative embodiment is a two party example
(portable 200 and gateway 300). FIG. 8 presents an illustrative
example of a three party embodiment, involving a supplicant (e.g.,
portable 200), a resource (e.g., gateway 300) and an authentication
authority. Signal A is provided by the supplicant, signal B is
provided by the authentication authority and the processing is
performed in any of the three locations, depending on the
particular application and the desires of the parties. It may be
noted that just as there is a memory in unit 201 of FIG. 4 for
storing time segments of data, unit 301 can also include a memory
for storing raw or processed data; particularly for applications
where the at least some of the authentication processing is perform
in other than the authentication authority.
[0074] One advantage of the FIG. 8 embodiment is that it
efficiently supports many supplicant-resource pairs because it
requires no GPS receiving or sophisticated processing by the
resource, and because the authentication authority can afford to
make greater efforts to insure that its signal B is authentic. For
example, the supplicants can be bank customers, and the resources
can be banks High powered satellite antennas that are highly
directional are expensive, and banks generally would be happy to
not have to invest in such antennas but allow an authentication
authority to guarantee that signal B is authentic. The
authentication authority, on the other hand, can afford to employ
expensive antenna arrangements and other techniques to insure the
bona fide of signal B because the cost may be amortized over many
customers of the authentication authority.
[0075] In addition (or in lieu of) using very directional antennas,
the authentication authority can be located at some physically
remote location that is secure from transmission by hostile
parties. The remoteness makes it more likely than not that a
hostile party will not succeed in transmitting to the directional
antennas, and it will almost certainly ensure that whatever hostile
signal is transmitted to units 201 will not correspond to the
hostile signals to which the authentication authority might be
subjected. By contrast, banks are situated in locations that are
readily accessible to all.
[0076] Further, the authentication authority can be located
permanently at its secure location and can make the effort to know
its own global position with great accuracy, in contrast to banks
that sometimes change locations. This allows the authentication
authority to compute its location from the received signals and by
comparing the computed location with the known location it can
confirm that its received signals are bona fide. Moreover, since
the authentication of a location is effectively decided by
comparing an asserted location to a location computed relative to
the location of the authentication authority, an accurate location
of the authentication authority is important.
[0077] Further still, the authentication authority can itself
receive other signals that it can process to confirm the bona fide
of its signal B--for example, from locations that are greatly
removed from the authentication authority location that receives
signal B, or from other systems (e.g., LORAN).
[0078] In yet another improvement, the authentication authority has
a number of facilities, at different locations around the globe,
and the signal B that is used for processing is from a location
that is selected truly randomly (in contrast to pseudorandomly)
from among the different locations.
[0079] It should be noted that in the above example of bank
customers, banks, and an authentication authority, the banks may be
satisfied to direct customers to send signal A to the
authentication authority and have the authentication authority
provide the bank (via a securely transmitted message) the location
of the supplicant customer and a confirmation that the location is
authentic. Presumably, this would allow the bank to proceed with
the transaction in which the bank customer wishes to engage. On the
other hand, the bank may wish to merely receive signal B from the
authentication authority and itself accept signal A from its
customers and itself do the processing. In the first case, the
processing is done at the authentication authority, while in the
second case the processing is done at the resource.
[0080] Thus useful embodiments exist where the processing is
performed in the supplicant's equipment, in the resource's
equipment, or in the authentication authority equipment.
[0081] By way of example and not by way of limitation, the
following illustrates a number of applications, in addition to the
applications described above, to which the principles disclosed
herein are applicable.
Information & Asset Protection: Determine location of a device,
such as portable computer 201, and allow operation of that device
or access to sensitive information on the device only if the device
is at an authorized location or within an authorized zone.
Financial Transaction assurance: Verify that the person (or agent)
at the other end of a communication channel is really who the
person claims to be, by verifying that the communication originates
from a known, authorized, and secure location. Fraud Detection
& Non-repudiation: Check whether a transaction originated from
where it claims to have originated, and thereby acquire a
confirmation that a document to which an electronic signature is
affixed (or other means of verifying a transaction/communication)
really did originate from where the message claims to have
originated. Asset Tracking & Route Auditing: Confirm where an
object is and/or recreate the route that the object followed during
a chosen time span (e.g., while being transported)--by recording
signal segments and later processing the signal segments. Internet
& Online Security: Confirm that a party that provides
information or seeks information (e.g., a web server) is located at
a particular spot, which location presumably can be checked against
online public databases or printed (and presumably
secure/unmodified) versions of databases. Secure Electronic
communication: Use location to verify identity and to increase
security of cryptographic key exchange between two or more parties.
This includes distribution of encryption/decryption keys (either
symmetric or asymmetric), where only a supplicant with the correct
geo-location can obtain the cryptographic key; or even more
securely, where the key is never communicated directly, even in
encrypted form, and only a supplicant with the correct geo-location
can determine the cryptographic key. Smartcards & Access
Control: Confirm location during an access-request transaction with
a centralized access-granting authority.
* * * * *