Inside GNSS Media & Research

NOV-DEC 2017

Issue link: http://insidegnss.epubxp.com/i/906409

Contents of this Issue

Navigation

Page 42 of 67

www.insidegnss.com N O V E M B E R / D E C E M B E R 2 0 1 7 Inside GNSS 43 lessons learned in cockpit design to avoid information overload are key. • while Automatic Dependent Sur- veillance-Broadcast (ADS-B) will be mandatory on all aircra by 2020, a petition for proposed rule making has been issued to mandate Vehicle- to-Vehicle (V2V) and Vehicle-to- Infrastructure (V2I) by the same date. (ADS-B is a situational aware- ness system for collision avoidance, through which aircraft share their positions with Air Traffic Control and with other aircra.) • GNS S/ I NS nav igat ion s ystems , which are extensively used in safety- critical aircra navigation, are also being investigated for HAVs. • overall safety standards also have similarities for aircraft and HAVs, which are discussed again below. e focus of this article is on navi- gation safety. In aviation navigation, safety is assessed in terms of integrity (as well as accuracy, continuity, and availability, which are not discussed for brevity). Integrity is a measure of trust in sensor information: integrity risk is the probability of undetected sensor errors causing unacceptably large posi- tioning uncertainty (See RTCA Special Committee 159, "Minimum Aviation System Per forma nce Sta ndards for the Local Area Augmentation System (LAAS), Additional Resources"). is top-level quantif iable performance metric is sensor- and platform-inde- pendent, and can thus be used to set certifiable requirements on individual system components to achieve and prove an overall level of safety. e multiple separate efforts towards achieving Levels 3-to-5 HAVs reveal a compelling lack of coordination towards a common, uniform, quantifiable safety goal. Integrity can be used as an objec- tive performance metric for open, trans- parent comparison and categorization across manufacturers. It can also pro- vide a governmental regulating agency performance and testing standards for HAV certification, which would help accelerate the development, growth, and maturation of such HAVs, as displayed in Figure 3 . Moreover, t he Federa l Av iat ion A d m i n i s t r a t i o n (FA A) ha s de vel- o p e d a n a l y t i c a l methods to evaluate integrity. This pro- vides the means to: • qu a nt i f y s a fe- t y of e x i s t i n g m u l t i - s e n s o r systems under a variety of oper- at i ng env iron- ments, thereby r e d u c i n g t h e need for experi- mental testing • allocate safety requirements to indi- vidual system components to achieve an overall target level of safety, there- by enabling design for safety • perform risk prediction, which is a key operational feature to enable hazard avoidance maneuvers Several methods have been estab- lished to predict the integrity risk in GNSS-based av iat ion applicat ions, which are instrumental in ensuring the safety of pilots and crew. As an example, Figure 4 illustrates a simplified definition of the integrity risk for aircra landing applications. The aircraft positioning prediction is uncertain because of sen- sor measurement noise. An alert limit (AL) requirement box is represented around the predicted aircra position. is AL is set by the certification author- ity, i.e., by the FAA in this application. Simply put, the risk of the actual aircra position being outside the AL box is the integrity risk. (In practice, the most challenging part of risk prediction is to account for potentially undetected sen- sor faults, such as excessive GNSS satel- lite clock dri.) Unfortunately, the same methods do not directly apply to HAVs, because ground vehicles operate under sky- obstructed areas where GNSS signals can be altered or blocked by buildings and trees. In general, the HAV environ- ment is much more unpredictable than the aircra's, for reasons that include: • a changing environment: traffic lights, construction, impact of rain on road adherence, sensor masking and occlusions, • environmental diversity: intersection topography, road conditions, mark- ings on ground, various traffic signs • road users that may interfere with HAV motion: other cars, trucks, pedestrians, bicyclists, etc. • comparatively large number of car manufacturers, equipment suppliers, and vehicle models, as well as with shorter model cycles than aircra, causing wide variations in vehicle age and maintenance levels • non-uniform vehicle and road regu- lations at both the state and federal levels in the U.S. coupled with dif- ferent international standardization processes FIGURE 3 Motivation and outcomes for using analytical integrity evalu- ation methods to quantify and predict safety. Create a mathematically rigorous method to evaluate APV navigation integrity Reduces time to operational capability Creates metric to compare and evaluate APV safety across manufacturers Identifies unsafe conditions Provides regulating agencies to clear metrics for APV certification FIGURE 4 Safety Risk Prediction Concept. To ensure safety, the predicted vehicle position must be within a predefined acceptable limit called the "alert limit" (AL) box. Integrity is the proba- bility of the vehicle being inside the box while accounting for both nominal sensor errors and faults. The AL box is an order of magnitude smaller for HAV than it is for aircraft applications. Current position Predicted position Current time pose Alert Limit Requirement Alert limit requirement box Predicted future time pose

Articles in this issue

Links on this page

view archives of Inside GNSS Media & Research - NOV-DEC 2017