Patent Grant
7995644
1. Field of the Invention
An apparatus, system, method and computer program product for private ranging between at least two devices in radio communications with each other. In particular, an apparatus, system, method and computer program product for private ranging between at least two devices communicating via ultra wideband (UWB) protocols.
2. Background of the Invention
There is a growing demand for location awareness in short range radio networks, particularly UWT networks. Location awareness implies that the location of the devices is known. Typically, the location of the devices becomes known using radio ranging.
UWB or, digital pulse wireless is a wireless technology for transmitting large amounts of digital data over a wide spectrum of frequency bands with very low power for a short distance. Ultra wideband radio signals not only can carry a huge amount of data over a distance up to 230 feet at very low power (less than 0.5 milliwatts), but have the ability to carry signals through doors and other obstacles that tend to reflect signals having more limited bandwidths and a higher power.
Ultra wideband signals are broadcast concurrently as digital pulses that are timed very precisely on a carrier signal across a very wide spectrum of frequencies. A transmitter and a receiver are synchronized to send and receive pulses with an accuracy of trillionths of a second. On any particular frequency, the ultra wideband signal has less power than normal and anticipated background noise. Theoretically, interference with conventional radio signals is negligible.
Ultra wideband communication has two main types of application:
UWB applications communicate in accordance with a protocol stack as shown in
As shown in
As a specific example, consider a time-of-arrival (TOA) based ranging system. First at the MAC layer of the originator, A, the range request is generated and passed to the PHY layer. Then, the PHY transmits the range packet to the device 220. The device 220 receives the range packet and sends the response packet 240 to device A. Assume that the elapsed time between the departure time of A's message and the arrival time of the reply from device 220 at device 210 is Tr. The time Tr can be approximated as Tr=2Tf+Tt
To meet the need for improved and private location awareness in UWB, an IEEE 802.15.4a Task Group (TG) has been established to develop a UWB-based physical (PHY) layer standard with a precision ranging capability. An UWB signal has a relative bandwidth larger than 20% or absolute bandwidth of at least 500 MHz. One type of an UWB system is an impulse radio (IR). IR uses extremely short duration pulses to generate signal waveforms, and allows fine time resolution of channel multipath characteristics, which is important in identifying the line of sight signal for precision ranging. If a ranging process does not involve MAC layers, then the process is called fast ranging.
In UWB ranging, the goal is to accurately estimate the distance between two devices. In a paper by J-Y. Lee and R. A. Scholtz, “Ranging in a dense multipath environment using an UWB radio link,” IEEE Trans. Select Areas in Communications, vol. 20, issue 9, pp. 1677-1683, December 2002, the entire contents of which is incorporated by reference, a time-of-arrival (TOA)-based ranging scheme using an ultra-wideband (UWB) radio link is described. That ranging scheme implements a search process for the detection of a direct path signal in the presence of dense multipath, utilizing generalized maximum-likelihood (GML) estimation. Models for critical parameters in the process are based on statistical analysis of propagation data. The process is tested on another independent set of propagation measurements. That UWB ranging system uses a correlator and a parallel sampler with a high-speed measurement capability in the transceiver to accomplish two-way ranging in the absence of synchronized clocks.
In a paper by S. Gezici, Z. Tian, G. B. Giannakis, H. Kobayashi, A. M. Molisch, H. V Poor, Z. Sahinoglu, “Localization Via UWB Radios,” IEEE Signal Pro. Magazine, v.22, n. 4, pp. 70-84, July 2005, the entire contents of which is incorporated by reference, localization techniques relying on wireless ultra-wideband (UWB) signaling are described. Various localization alternatives are considered and the UWB time-of-arrival based one is found to have a highest ranging accuracy.
The challenges in UWB positioning problems, such as multiple-access interference, multipath and non-line-of-sight propagation are presented along with the fundamental limits for time-of-arrival estimation and time-of-arrival-based positioning. To reduce the complexity of optimal schemes achieving those limits, suboptimal alternatives have been developed and analyzed. Moreover, a hybrid scheme that incorporates time-of-arrival and signal strength measurements is known investigated.
In the prior art, mainly signal waveform design and development of signal edge detection techniques have been described. Also various range measurement techniques are available. The two well-studied are Time of Arrival (TOA) and Time Difference of Arrival (TDOA). The TOA requires an exchange of a pair of messages between two devices to eliminate clock offsets, while the TDOA relies on arrival-time differences of messages from two sources. The accuracy of a range estimate depends on the speed at which the message exchanges occur. It is typical for a ranging system to have a very fast response to a message at the receiving device due to a small fast around time. However, this ability to have a fast turn around time poses many design problems, where one of these design problems concerns security.
Patent Publication No. 2005/0166040 describes a method for enabling secure communications between multiple devices. That document describes a method for generating and sending a message from a first device. The method includes the steps of: determining a message including an action; generating an authentication code on the basis of the action and a parameter, the parameter being indicative of an attribute of the action; and sending the message and authentication code from the first entity. The method maps various actions to various parameters, and then an authentication code is assigned to the parameters. However, for private ranging, authentication alone is insufficient, because message exchanges happen between the physical layers of involved devices.
Patent Publication No. 2005/0073433 describes precision measuring collision avoidance system and refers to two-way message exchanges for distance estimation. However, that document does not address security or any means to decrease the turn around time.
Patent Publication No. 2005/0078626 describes a method and system for detecting the position of a mobile unit in a multi-path environment. The document describes an order of message flows between mobile stations, a server and a base station, and wireless communication means. The base station sends a wireless signal to the wireless communication means requesting the transmission of a specific wireless signal. The wireless communication means sends a wireless signal in response to this request to the base station. The method obtains different signals with multi-path characteristics on receivers by a wireless receiver capable of sending and receiving to and from different antenna positions used by the mobile stations and by measuring the timing of wireless signals exchanged among the base station and the wireless receivers. However, that document does not address security aspects in ranging.
Patent Publication No. 2003/0076239 describes a method for locating moving objects. At least one interrogator arranged in a stationary position relative to a path of movement of an object, and the interrogator transmits an electromagnetic signal within a reading range. The moving object carries at least one transponder, which transmits a response signal to the transmitted signal. The interrogator receives and evaluates the response signal. The transponder's response signal contains information identifying the transponder. However, that document does not address security aspects in ranging.
Patent Publication No. 2002/0097184 describes a method in which the location of a radio frequency emitting target device, in absolute or relative GPS coordinates, from a single airborne platform is determined. The method is shown to prevent single and multiple GPS jammers from being able to jam conventional GPS signals. The method uses a signal processing technique, which emulates an antenna moving at very high velocities to induce a virtual Doppler shift on signals incident upon a linear antenna array, and relates the virtual Doppler shift to the signal direction of arrival. That method prevents jamming during GPS based positioning. However, that document does not describe private ranging.
Patent Publication No. 2005/0136892 describes a system and method providing secure authentication of a wireless communication channel for a vehicle telematics device that includes detecting a wireless access point within radio range of a telematics device, requesting authentication information for the access point through a first secure communication channel to a call center, receiving authentication information for the wireless access point from the call center through the first secure communication channel, and providing authentication information for the telematics device to the wireless access point through a second secure communication channel. However, that approach requires the use of specially established secure channels, thus incurring an operational overhead complexity and expense.
Patent Publication No. 2004/0209598 describes a method and apparatus for establishing secure wireless links between a handset and a base station in a wireless telephone systems. The method for generating a secure wireless link between a handset and a base station includes initiating a linking procedure, generating a security code, displaying the security code at the base station, entering the security code into the handset and then establishing a radio frequency link between the handset and the base station utilizing the security code. However, that method requires direct user involvement and does not provide for private ranging.
Patent Publication No. 2003/0139190 describes a method and apparatus for providing authenticated, secure, communication between a gaming host communicating via radio frequency (RF) sub-carriers to a remote user device in another location. Location of the remote user device and the host server are determined by accessing signals generated by either Global Positioning System (GPS) satellites, or by terrestrial radio broadcast stations, through a process known as radio frequency trilateration. Player authentication (identity verification) is determined by use of a personal identification number. In GPS based positioning, a GPS receiver receives signals from multiple satellites. Each satellite transmits a unique signal assigned to it so-called signature. The signature consists of pseudo-random noise (PRN) code. That unique identifier is repeated and serves the purposes of identification and signal transit time measurement. Any receiver receives the same signal from the same satellite. GPS does not vary the waveform from a ranging operation to another. In GPS, messages are not exchanged, and signal transmission is one-way from the satellites to the receivers. Thus, GPS does not support two-way ranging.
An apparatus, system, method and computer program product for secure ranging between at least two devices in radio communications with each other. In particular, an apparatus, system, method and computer program product for secure ranging between at least two devices communicating via ultra wideband (UWB) protocols. Either ternary-IR or time-hope-IR sequences are used for ranging and security.
A first device transmits a range packet. A second device responds to the range packet after a delay time known only to the first and second devices. The delay time can be selected randomly by either to the first device or the second device and made known to the other device in an encrypted notification packet.
A more complete appreciation of the invention and many of the attendant advantages thereof will be readily obtained as the same becomes better understood by reference to the following detailed description when considered in connection with the accompanying drawings, wherein like reference numerals designate identical or corresponding parts throughout the several views, and:
As described above, conventional authentication techniques are insufficient for private ranging in wireless communications networks, because the ranging is performed on an unencrypted preamble of a packet. Therefore, conventional techniques for authenticating an originator at a MAC layer, and then doing fast ranging at PHY layers does not guarantee privacy.
As discovered by the present inventors, one effective way to achieve private ranging is that an originator device and a target device determine a ranging preamble waveform and structure. In order to ac this, the originator device randomly manipulates a preamble of a range packet. How the preamble is manipulated by the originator device can be transmitted to the target device within a payload of a range notification packet. The target device can optionally acknowledge the range notification packet. After the preamble of the range packet is known to both devices, the devices can form and exchange range packets at the PHY layer, as shown in
In
As shown in detail in
Either upon receiving the ACK indication 568 or after a predetermined time from when the range request 550 was generated, the originating device media access controller 510 generates a range packet 570 which is received and processed by the originating physical layer controller 520. Upon receipt of the range packet, the originator physical layer controller 520 transmits the range packet 330 to the receiving device physical layer controller 530 of the target device. The receiving device physical controller 530 responds to the range packet 330 after the turn around delay time 585, and transmits the response range packet 330 to the originator device, which is received and processed by the originating device physical controller 520.
The turn around delay time 585 can be predetermined by the originator device and included in the range notification packet 300. Alternatively, the target device 320 determines the turn-around delay time 585, and transmits the delay time to the originator device before or after transmitting the response range packet 330 back to the originator device 310.
The originating device physical controller 520 can also generate a range confirmation signal 590 for the originating device access controller 510.
I. Packet Design
In the present invention, two packet types are used to support private ranging: a range notification packet, and a range packet.
A. Range Notification Packet
This packet includes the form of a ranging preamble the target device should expect from the originator device and informs the target device about the format of the response range packet the target device should use. The ranging preamble can be manipulated by varying its length L, using a different base sequence Si from a sequence pool S, such that SiεS, and applying a random circular shift k to the selected base sequence to generate Sik. In addition, the nominal pulse repetition interval (PRI) Tc can be changed via other manipulations that are known only to the originator and target devices, such as time hopping or a drifting local clock. The settings of these variables is included in the payload of the range notification packet (see
In one option, instead of transmitting the sequence Si itself from or to the originating device, an index corresponding to the sequence Si can be transmitted. The target device is expected to form the responded range packet 330 in compliance with the same settings. Therefore, the settings provided in the range notification packet can be saved by the target device. The merits of such manipulations are discussed together with Ternary-IR and TH-IR waveforms in the next section.
To further enhance privacy, the range notification packet can also be used to modify the operation of the target device by specifying the turn around delay time. In this case, the originator device can specify the turn around delay time to be used by the target device. Alternatively, the turn-around delay time is determined by the target, and reported to the originator after before or after the range packet exchanges is performed.
B. Range packet
The structure of the range packet 330 is shown in
The number of Sik symbols within the SYNC field determines achievable processing gain according to the preamble length and the symbol duration. V. Brethour, “Proposed-classes-ranging-service,” IEEE 802.15.4a TG, 15-05-0221-02-004a, May 2005, specifies three preamble lengths: 4 ms, 1 ms and 500 μs. The number of suggested symbol repetitions in the preamble can be determined by dividing the preamble length by the symbol duration. Averaging over multiple symbols increases the signal to noise ratio (SNR) and hence identification of the first arriving multipath is easier. As a result, the accuracy of range estimation is improved.
If the sequence Si is a time hop sequence, then a hopping generator (not shown) generates the hopping sequence.
A ranging preamble generator 840 generates the preamble 860 that includes the ranging sequence 830. The ranging preamble is appended to data by a range packet formatter 870. The range packet 330 is then transmitted to the target 320. Details of a ternary-IR and a TH-IR sequence Si are described below.
II. Waveform Structure
The structure of a transmitted waveform is important for the performance of any ranging scheme. In the present invention, two different signaling waveforms that support private ranging are described.
The structure of the waveform should consider the following constraints.
Both ternary impulse radio (ternary-IR) and time-hop impulse radio (TH-IR) signal waveforms can satisfy these three constraints. The notations to analytically express transmit preamble waveforms are as follows; Nsym is the number of symbols in the preamble of the range packet, ω is the transmitted pulse shape of unit energy, Tsym is the symbol duration, T, is the nominal PRI—also referred to as the frame duration in TH-IR, and Np is the total number of pulses per symbol.
A. Ternary-IR
With Ternary-IR sequences, the transmit preamble waveform ri,k(ter) (t) can be expressed as
where di,j(k)ε{−1, 0, 1} is the k-shifted ternary coefficient for the jth pulse in the sequence Si. Ternary sequences that have optimal autocorrelation characteristics are described by I. Lakkis in “15-05-0456-01-004a-pulse-compression,” IEEE 802.15.4a Technical Contribution, July 2005, San Francisco, the entire contents of which is incorporated by reference. Unfortunately, as shown in
Shifting a ternary sequence by k causes the peak of its periodic correlation to also shift by k chip duration. Assume that pulse repetition interval Tc=30 ns and k=1. Then, the peak of the correlation of the original sequence with its periodically repeated shifted version is off by 30 ns. Thus, it is possible to use the k-shift feature of ternary sequences as a security tool. Devices that are unaware of the shift in the received sequences would make a range error of ckTc in meters, where c=3·106 M/s.
The effect of shifting ternary sequences is shown in
By incorporating a random shift, we increase the degree of freedom in sequence selection to 186 for length-31 sequences, and 635 for length-127 sequences. If only the originator device determines the range to a target device, the turn-around delay time does not have to be included in the range notification packet, but it is important that the originator device factors in the round-trip time of the range packet.
B. Time Hop-IR
In a typical TH-IR scheme, a symbol is divided into equal time intervals Tc, and in each interval a single pulse is transmitted. The position of a pulse within a frame is determined according to a time-hopping sequence. Such a TH-IR transmit signal waveform can be expressed as
where cjε1, −1 are the polarity scrambling coefficients for spectral smoothing, Th(j) is the time hopping duration in jth frame. Th(j) should be limited to Th(j)<Tc−E(τdelay) to prevent inter-pulse interference, where E(τdelay) is the expected delay spread of the channel.
When the time-hopping code is known only to the originator and the target device, ranging can be performed privately. Therefore, the range notification packet should specify a time-hopping sequence {Th(1), Th(2), . . . Th(Np)} in its Si field, and the same code should be used to generate range packet preambles.
In
Numerous modifications and variations of the present invention are possible in light of the above teachings. It is therefore to be understood that within the scope of the appended claims, the invention may be practiced otherwise than as specifically described herein.
The present application is claims priority to U.S. provisional application 60/706,434, filed on Aug. 9, 2005, the entire contents of which is incorporated herein by reference.
| Filing Document | Filing Date | Country | Kind | 371c Date |
|---|---|---|---|---|
| PCT/US2005/041118 | 11/10/2005 | WO | 00 | 4/10/2008 |
| Publishing Document | Publishing Date | Country | Kind |
|---|---|---|---|
| WO2007/021292 | 2/22/2007 | WO | A |
| Number | Name | Date | Kind |
|---|---|---|---|
| 6665333 | McCrady et al. | Dec 2003 | B2 |
| 7529551 | Tanaka et al. | May 2009 | B2 |
| 7602339 | Fullerton et al. | Oct 2009 | B2 |
| 20020097184 | Mayersak | Jul 2002 | A1 |
| 20030076239 | Wenzel | Apr 2003 | A1 |
| 20030139190 | Steelberg | Jul 2003 | A1 |
| 20030151506 | Luccketti | Aug 2003 | A1 |
| 20040209598 | Beamish | Oct 2004 | A1 |
| 20050078626 | Ogino | Apr 2005 | A1 |
| 20050136892 | Oesterling | Jun 2005 | A1 |
| Number | Date | Country |
|---|---|---|
| 2004-258009 | Sep 2004 | JP |
| 9639749 | Dec 1996 | WO |
| Number | Date | Country | |
|---|---|---|---|
| 20080259896 A1 | Oct 2008 | US |
| Number | Date | Country | |
|---|---|---|---|
| 60706434 | Aug 2005 | US |
