The Institute of Navigation (ION) is a not-for-profit organization advancing Positioning, Navigation and Timing (PNT). ION’s international membership is drawn from many sources including professional navigators, engineers, physicists, mathematicians, astronomers, cartographers, photogrammetrists, meteorologists, educators, geodesists, surveyors, general aviation and airline pilots, mariners and anyone interested in position-determining systems. Corporate members include corporations, civil and military government agencies, private scientific and technical institutions, universities and training academies, and consulting firms.

Session E3a: All-Source Intelligent PNT Methods

Defining an Integrity Metric for Diverse, Multi-Sensor PNT Devices
John Fischer, Safran Navigation and Timing
Date/Time: Thursday, Sep. 14, 9:43 a.m.

Much work has been done on integrity monitoring for GNSS Receivers. Many very useful Advanced Receiver Autonomous Integrity Monitoring (ARAIM) techniques have been defined. The aviation industry has integrity metrics for navigation with four parameters: Alert Limit, Integrity Risk, Time to Alert, and Protection Level. One can specify a protection level, decomposed into horizontal and vertical, above which an alert will be asserted if the limit is exceeded. The Integrity Risk is the probability that this limit could be exceeded without an alert assertion. With all its vulnerabilities, GNSS has proven to be very dependable for safe navigation because of these protective integrity measures.
However, there are many applications that do not have a specific protection level limit but still need to know quantitatively how much they can trust the published PNT solution from a sensor. Other applications do not have the safety of life concerns as aviation does, and therefore do not need their reporting as conservatively designed, but rather need more insight into the trust level at various accuracies.


A PNT report is typically from a combination of multiple, diverse sensors – for example, a GNSS receiver with IMU plus a lidar sensor. Each individual sensor has their own unique limitations and failure modes, but in combination, offer a higher trust level because they are diverse. The trust of each sensor will also vary based on operating environment. Smoke and fog will affect the lidar but not the other two; RF interference affects the receiver only; shock and vibration may affect all three to varying degrees. Besides operating environment, there may be threats acting on these sensors – GNSS spoofing or network hacking, which can undermine trust. These external operating conditions are not always known by the sensors themselves but can arrive from other sources. Intelligently combining all this information can lead to a more accurate trust indication.


In this presentation, we suggest some ideas to take the Integrity Risk metric beyond just a Protection Level Alert and consider these other factors. We will explore concept of a diversity distance among redundant sensors and how quantifying this distance can lead to a more accurate integrity value. Combining the Integrity Risk reported by each individual sensor along with the diversity factor, the environmental and threat factors, could yield a more in-depth measure of trust.


For a metric to be meaningful and useful, it needs to be well-defined and universally accepted. The work of the US Department of Homeland Security to establish a Resiliency Framework and the subsequent on-going work of the IEEE P1952 committee to codify a standard are all steps in that direction. For this conference, with a wider audience, we hope to explore enhancements. The problem of establishing of precise values for these metrics is ripe for AI machine learning methods once the parameters are well-defined. At this stage, we will start with “natural intelligence” methods – leveraging the human experience of experts in PNT sensors to create initial values for these parameters which then can be refined through collecting big data sets and applying machine learning methods later.