ENJPKO
ENJPKO
Products
Solutions
Customers
Resources
Company
Get Started
Back to Resources

Blog

Enhancing Automotive Safety Through Precision GNSS: A Deep Dive into Trust and Integrity

Automotive Integrity

Precision GNSS can add incredible value to ADAS and autonomous operations, if only the safety, reliability, and availability of this technology can meet the rigorous standards of automotive OEMs. Learn how Swift has built an end-to-end integrity system for precise GNSS positioning to deliver the confidence required for safety-critical automotive applications.

The use of Autonomous Driver Assistance Systems (ADAS) and autonomous operations are increasing dramatically in the automotive industry, but safety remains a critical hurdle. While there are many L1-2 ADAS technologies in production today to provide assistance and partial automation, higher levels of autonomy are typically restricted to confined areas and very limited driving scenarios. Key to the adoption of greater levels of autonomy is a comprehensive and highly trustworthy set of sensors working in tight coordination. The automotive sensor suite is fine tuned to combine perception and positioning signals (such as radar, LiDAR, cameras, GNSS, IMU and wheel ticks) to achieve precise localization, planning, and motion control. And while GNSS has a critical role to play in autonomous operations, concerns about the trustworthiness of the GNSS signal remain. 

Unpacking Trust Issues in GNSS

Uncorrected GNSS observations enable position estimation with an accuracy of approximately three meters, which falls short of the lane-level precision required for autonomous driving. Drifts in the satellites’ clock and orbit, signal delays caused by atmospheric conditions, and reflected signals introduce errors that degrade the accuracy of these raw observations. Corrections can be applied to these observations to improve the position accuracy down to just a few centimeters, but performance can still vary based on a number of factors in the environment, particularly in dense urban areas. When it comes to automotive safety, “most of the time” is not good enough. How can OEMs trust that the GNSS data they’re feeding into their systems is accurate, available, and safe enough to depend on?

Accuracy vs Integrity

GNSS accuracy is typically represented in terms of standard deviations on a normal distribution. Headlines boasting five centimeter accuracy often neglect to specify that it’s the accuracy at one sigma (68%) on the bell curve. That means nearly one third of the time the accuracy is worse than five centimeters, and occasionally it is much worse. OEMs require a much higher confidence level in the output of a GNSS system to be able to use that data to assist localization for L3+ autonomy. That’s where integrity comes in.

Integrity is the measure of trust that can be placed in the correctness of the information supplied by the GNSS system. 

  • An alert limit is established to define the accuracy required by the automotive system using the position for a particular use case
  • Integrity is expressed in terms of protection levels, or the accuracy that is guaranteed with exceedingly high confidence
  • That confidence is measured in integrity risk, which is the probability that the system produces a position outside of the protection level

Alert Limit and Protection Level

For an automotive system to trust the GNSS accuracy for a given use case, the protection level must be smaller than the alert limit and the integrity risk must meet the safety requirements of that use case. 

The alert limit required in different scenarios may vary, but tends to fall within 1-3 meters. So for a given scenario where an alert limit of two meters is required, it doesn’t matter if a GNSS system can deliver five centimeter accuracy with a confidence of 68%, it only matters that it can deliver sub two meter accuracy with a guarantee.

Calculating the Integrity of the GNSS System

A precise and safe GNSS system will leverage a GNSS receiver and a positioning engine running locally inside the vehicle and a corrections service that communicates with the receiver to deliver GNSS corrections. In order for the positioning engine to calculate a protection level, it needs to know the error distribution of the corrections. This means the corrections service can’t simply provide a combined correction term, it must provide a disaggregated set of corrections for each type of error (eg, clock, orbit, atmospheric irregularities, etc) along with bounds.

When you combine a high quality positioning engine, such as Swift’s Starling, with a high quality corrections service that delivers disaggregated corrections, such as Swift’s Skylark, you can achieve the protection levels required for L3+ autonomy with very low levels of integrity risk.

Proving Integrity

It’s not enough to simply trust that a well designed solution will reliably deliver the promised results, integrity guarantees must be tested and proven. But in an environment where the integrity risk must be reduced to a vanishingly small level (as low as 10-7 failures per hour in some cases), conducting road tests isn’t sufficient. It would require billions of miles driven to prove such a small integrity risk.

Swift starts the testing process by defining scenarios and operational environments and then conducting road tests, but we don’t stop there. We capture the radio frequency (RF) signals from the antennas and a slew of outputs from the receivers, and then replay the signals to racks of devices in a hardware-in-the-loop test as well as a cloud-based software-in-the-loop test that enable us to simulate millions of test hours monthly. We further expand the conditions we test by injecting faults into the data to ensure that our products are tolerant to rare but safety-impacting events.

Automotive Integrity Standards

Of course it’s not just the GNSS system that is subject to strict safety standards, each system within the vehicle has its own set of requirements for safe autonomous operations. How to develop functionally safe products for the automotive market is set by the ISO 26262 standard. The standard dictates that, for the use cases Swift targets, products must meet the ASIL B(D) level, combining with other ASIL B systems in the vehicle to reach the overall ASIL D level, which is the highest safety rating.

There’s just one catch in all this – the ISO 26262 standard specifically states that it applies to “electrical and electronic systems within road vehicles” and the GNSS integrity calculations above leverage a cloud-based service. There are currently no industry standards for cloud safety. If integrity is all about trust, how can a vehicle manufacturer trust a system that depends on services for which no industry safety standards exist?

Bringing Safety to the Cloud

Although there are no automotive industry standards for cloud-based components within an autonomous system, the cloud has gained widespread adoption across many industries and best practices exist. For instance, cloud services can be architected with redundancy, automated load balancing, and containerized workloads that scale to meet demand. These strategies are used extensively in Software as a Service (SaaS) solutions, and can be leveraged by GNSS corrections services as well to ensure reliability.

Additionally, even though ISO 26262 was not designed for the cloud, the standards can still be applied to cloud software development. Swift has developed our cloud corrections service in accordance with a large number of industry standards to give customers confidence in the reliability of the positioning solution, including:

  • ISO 20000 (Information technology - service management)
  • ISO 27001 (Data security)
  • ISO 21434 (Automotive cybersecurity)
  • ISO 26262 (Automotive functional safety)
  • ISO 21448 (Safety of the intended functionality)

Automotive Applications for Precise Positioning

Having gained trust in the accuracy of precise GNSS positioning, OEMs now have a powerful tool in their automotive sensor suite that can help their safe autonomous operations. We can now start to go outside of the designated spaces and achieve safe autonomy in feature sparse environments where perception-based sensors are less effective. We can enable a new era of vehicle-to-everything (V2X) communication where autonomous vehicles can safely operate in congested areas. We can dramatically increase the number of roads that are mapped to HD levels by tapping into the precise location data provided by the vehicles. With highly trustworthy precise absolute positioning as part of the automotive sensor suite, full autonomy is within reach.

Want to learn more about precise positioning for automotive or other safety-critical applications? Get in touch with us to speak to a GNSS expert.

© 2024 Swift Navigation, Inc. All rights reserved  |  Terms & Conditions  |  Privacy Policy  |  Do Not Accept Cookies  |  Return/Refund Policy