WO2004052027A2 - System and method for locating sources of unknown wireless radio signals - Google Patents

System and method for locating sources of unknown wireless radio signals Download PDF

Info

Publication number
WO2004052027A2
WO2004052027A2 PCT/US2003/037185 US0337185W WO2004052027A2 WO 2004052027 A2 WO2004052027 A2 WO 2004052027A2 US 0337185 W US0337185 W US 0337185W WO 2004052027 A2 WO2004052027 A2 WO 2004052027A2
Authority
WO
WIPO (PCT)
Prior art keywords
signal
wireless radio
arrival
location
radio
Prior art date
Application number
PCT/US2003/037185
Other languages
French (fr)
Other versions
WO2004052027A3 (en
Inventor
Neil R. Diener
Andrew D. Floam
Gary L. Sugar
David S. Kloper
Original Assignee
Cognio, Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US10/409,563 external-priority patent/US20050003828A1/en
Application filed by Cognio, Inc filed Critical Cognio, Inc
Priority to AU2003294416A priority Critical patent/AU2003294416A1/en
Publication of WO2004052027A2 publication Critical patent/WO2004052027A2/en
Publication of WO2004052027A3 publication Critical patent/WO2004052027A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W24/00Supervisory, monitoring or testing arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W64/00Locating users or terminals or network equipment for network management purposes, e.g. mobility management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W24/00Supervisory, monitoring or testing arrangements
    • H04W24/08Testing, supervising or monitoring using real traffic

Definitions

  • Radio location measurement techniques are known in the art. Many of these techniques require one or more of: recognition of special location signals, dedicated and cost-additive hardware resources, and higher speed processing in what is preferred to be a lower cost wireless device.
  • the aforementioned co- pending non-provisional application is directed to location measurement techniques that do not require that measurements at each known location be time- synchronized.
  • an interfering signal source may be activated which can affect the performance of some desired radio communication, such as an IEEE 802.11 wireless local area network (WLAN).
  • WLAN wireless local area network
  • Techniques are needed to locate the source of a signal that is of an unknown or arbitrary type, such as sources of signal transmissions for which a signal correlator is not known or available.
  • a system and method are provided for determining the location of a source (target device) of a wireless radio signal of an unknown or arbitrary type for which a signal correlator is not known or available.
  • the wireless radio signal ⁇ transmitted by the target device is received at a plurality of known locations to generate receive sample data representative thereof at each known location.
  • Receive signal data samples associated with the wireless radio signal at one of the plurality of known locations is selected to be used as a reference waveform. For example, data concerning the reception of the wireless radio signal at each known location is compared to determine the known location that best receives it.
  • the receive signal data samples obtained at the known location that best receives the target device signal is used as the reference waveform.
  • a variety of criteria may be used to select the receive signal data samples to be used as the reference waveform.
  • a measurement experiment is run in which the target device's signal is followed or preceded relatively close in time by a transmission of a reference signal.
  • the reference signal and the target device's signal are received at the plurality of known locations.
  • the reference waveform is used to correlate against the received signal data obtained at each known location to determine the time of arrival of the target device's signal.
  • the time difference between arrival of the target device's signal and arrival of the reference signal at each of the known locations is computed.
  • a location of the target device is computed based on the time difference of arrival measurements at the plurality of known locations.
  • FIG. 1 is a block diagram of a wireless environment in which location measurement may be useful.
  • FIG. 2 is a flow chart for a procedure to locate a source of a wireless radio signal for which a correlator is not known or available.
  • FIG. 3 is a diagram that shows how receive signal samples of the wireless radio signal at a terminal are used as a reference waveform to correlate against the received wireless radio signal at other reference terminals.
  • FIG. 4 is an exemplary block diagram of a terminal that is useful in the location measurement techniques described herein.
  • FIG. 5 is a block diagram of a component useful in a terminal, where the component has a memory to store data useful in the location measurement techniques described herein.
  • FIG. 6 is a timing diagram showing a process for collecting location measurement data to locate a target terminal (TT).
  • FIGs. 7 and 8 are timing diagrams illustrating techniques to locate target terminals that do not necessarily obey the same communication protocol rules as a master reference terminal (MRT).
  • MRT master reference terminal
  • FIG. 9 is a diagram illustrating the equations used to compute the location of a terminal using time difference of arrival measurements.
  • FIG. 10 is a block diagram of another type of terminal having multiple antennas that is useful for enhanced location measurement techniques.
  • FIG. 11 is a block diagram showing one of two possible positions of the TT with respect to a reference terminal (RT).
  • FIGs. 12 and 13 are block diagrams of other location measurement configurations possible with the use of terminals having multiple antennas.
  • FIG. 14 is a diagram showing an exemplary coverage map of a wireless network that can be created using the techniques described herein.
  • FIG. 1 illustrates a wireless radio environment 10 having multiple tenninals.
  • the environment 10 maybe, for example, an IEEE 802.11 WLAN, and the terminals may be access points (APs) or stations (STAs). It is useful to know the location of various terminals for security and other network management reasons.
  • a rogue device (STA or AP) may attempt to access the network, and if so, it would be desirable to locate it.
  • the device to be located may be a non- WLAN device, such as a cordless phone, microwave oven, BluetoothTM device, or even a device of an unknown type etc., that operates in the same frequency band as the WLAN terminals, potentially interfering with the WLAN operation. It would be desirable to locate an interfering device.
  • AP access points
  • STAs stations
  • FIG. 1 illustrates a wireless radio environment 10 having multiple tenninals.
  • the environment 10 maybe, for example, an IEEE 802.11 WLAN, and the terminals may be access points (APs) or stations (STAs).
  • a target terminal (TT) 100 is the device (also called a target device) whose location u is to be measured.
  • the known location may consist of one antenna of a multi-antenna RT.
  • a computing device such as a network server (NS) 400, is coupled to each RT using a wired network connection or a wireless network connection directly or through one of the other terminals (such as the MRT 230) that may also act as an AP.
  • the location measurement process involves using time difference of arrival (TDOA) measurements at two or more known locations. Any terminal at a known or unknown location in the general proximity of the TT transmits a first radio signal.
  • TDOA time difference of arrival
  • the MRT 230 transmits a first (radio) signal.
  • the TT 100 transmits a second (radio) signal.
  • the first signal may be transmitted before or after the second signal.
  • the arrival of the first signal and the second signal at two or more known locations e.g., RTs including the MRT 230
  • the TDOA measurements are then used to compute the location of the TT 100.
  • the advantage of this process is that the clocks of the various devices used for measurement do not need to be synchronized, which in many cases would require additional hardware or software processing.
  • This process may be performed in an indoor or outdoor wireless radio environment.
  • the locations of the MRT 230 and RTs 200, 210 and 220 are known through a priori knowledge, such as by physical measurement, through the use of global positioning systems (GPS) or through the use of the techniques described herein.
  • GPS global positioning systems
  • the TT transmitted a signal of a known type for which the RTs and/or NS had a correlator available to correlate to it in order to precisely determine time of arrival of the TT's signal, for computing the TDOA measurements.
  • the TT's signal may be unknown to the RTs such that they do not have a correlator available to correlate to it.
  • signal correlators are used to precisely determine the occurrence of a particular type of signal, and as such are useful to precisely determine time of arrival of a signal
  • the TT may be a completely rogue or unknown device, or the TT may be a device of a generally known type transmitting a signal with a known modulation type, but the TT is transmitting one or more signals (packet, frame or message types, etc.) for which the RTs do not have a correlator.
  • the NS 400 is a computing device (e.g., PC, server computer, etc.) that comprises a processor 410 and executes a location computation process 430 described hereinafter.
  • the NS 410 may also execute a correlation process 420 that is described hereinafter.
  • the correlation process 420 determines the time of arrival measurements of the various signals, and may also compute the TDOA data from the time of arrival data, or the TDOA computation is performed by a separate process.
  • the location computation process 430 uses the TDOA data to compute the location of the TT 100.
  • the correlation process for data collected at each of several RTs 200, 210 and 220 may be executed in the NS 400, or may be executed in the RTs 200, 210 and 220 themselves on an embedded or hosted processor.
  • the computations that the RTs and/or NS perform may be done entirely in software and in non-real-time, saving significant costs in silicon area which would otherwise be required in a terminal device.
  • the TDOA measurements may be computed by cross-correlating the received waveform with a very long reference waveform. Noise averaging due to a long correlator enhances the measurement SNR, but does not increase the silicon area/device cost since the correlator is implemented in software.
  • the signals received by the RTs can be relatively weak because the correlation process 420 applied to that data can be powerful enough (since it can be executed on a computer, e.g., NS) to extract the important time of arrival information from the captured data at each RT.
  • a computer e.g., NS
  • any RT such as the
  • MRT that has sufficient processing capability may perform the correlation and even location measurement computations.
  • RTs would be sent to that RT.
  • Terminals having this capability are hereinafter referred to as "collaborative" devices or terminals, and terminals that do not have this capability are referred to as non-collaborative devices or terminals.
  • the number of required time difference of arrival measurements at different known locations depends on the availability of other factors, but in general, measurements need to be made at at least two known locations.
  • Table 1 below shows the number of measurements that are needed depending on other factors, such as whether one coordinate of the TT is known or the TT is a collaborative device. In all of the cases identified in the table below, there will be location ambiguity because the equations that are solved for the location computations will yield two solutions. The correct one of the two solutions needs to be chosen. As described hereinafter, there are at least two options to deal with this location ambiguity. First, a TDOA can be taken at an additional known location (e.g., RT). Second, a hypothesis test can be performed to identify the correct location solution. Examples of hypothesis tests are described hereinafter in conjunction with FIG. 10. Table 1 : Minimum Number of Known Locations for Locating a TT Given Other Factors
  • FIG. 2 a flow chart is shown for a process useful when the TT
  • the RTs or NS (after processing data captured by the RTs) have determined that the TT signal is a type for which the RTs or NS do not have a signal correlator that can be used to precisely determine time of arrival of the TT signal, h step 2000, the RTs that are in sufficient proximity to the TT 100 will receive the TT's transmission.
  • the RTs will generate information describing the received TT transmission, such as signal pulse characteristics, including pulse power (signal strength), pulse bandwidth, pulse center frequency, pulse duration, etc. An example of a component capable of generating this information is described hereinafter.
  • the RTs will transmit some or all of the TT-descriptive information (or alternatively the captured data itself) to the MRT and or NS.
  • the MRT or NS will compare the TT-descriptive inforaiation (or raw captured data) of each RT to determine which RT likely captures the best sampled data of the received TT signal.
  • the best sampled data may be the one that has one or more of the greatest received signal strength or power, longest duration, widest bandwidth, etc. That RT is designated RT* and the samples it obtains of received TT signals is used to as a reference waveform to determine time of arrival of the TT signal at each RT.
  • a location measurement procedure is run.
  • the NS or MRT may determine based on observed activity of the TT that it transmits periodically. If the TT transmits periodically, the NS or MRT can predict when the next TT transmission will occur and send a signal to the RTs to alert them of the time and duration of an impending location measurement experiment.
  • the MRT will then transmit a first signal just prior to or after the TT transmission in order to allow the RTs to receive both the first signal and the TT's signal (the second signal) and capture data related to their reception of each signal. If the TT is determined to be an aperiodic transmitter, then there are several ways of capturing sufficient data.
  • a first method is for the NS to command the MRT to perform a trial and error process whereby the MRT alerts the RTs to begin capturing data periodically for a certain time duration, and the MRT will transmit a first signal on that periodic basis in order to attempt to capture a TT transmission after the first signal.
  • the RTs will come up periodically and receive energy to capture data that includes the MRT's first signal and eventually the TT's second signal thereafter.
  • a second technique is to alert the RTs to capture data in response to, and for a time duration following, detecting the TT's signal. This would involve the RTs triggering by received signal strength of the TT's signal, and using a mark some time period into the TT's signal as a reference point. The MRT would transmit the first signal periodically and its arrival would also be captured at the RTs during this time period.
  • a third technique is for the NS or MRT to put the RTs in a continuous capture mode whereby the RTs store sample data continuously (in a circular buffer) and stop storing once they detect the MRT's signal.
  • the data captured at the RTs would eventually include arrival of the TT's signal as well as arrival of the MRT's signal, sufficient to generate TDOA data.
  • Another technique for setting up and executing the location operation is as follows.
  • the NS 400 sends a set-up message to each of the RTs 200 and 210 that are to be used in the location process.
  • the set-up message will include the address of the MRT 230, the frequency channel to be used for the location operation and information advising the MRT 230 to configure the pulse detector(s) in its SAGE block to generate a trigger signal upon detecting the TT's signal.
  • the MRT 230 and RTs 200 and 210 will configure themselves, and send a ready signal to the NS 400 or MRT 230.
  • the MRT 230 transmits a Probe
  • Request frame (a frame that is part of the IEEE 802.11 communication standard) or another frame that can be uniquely identified by each RT in their snapshot buffers.
  • the MRT 230 will compute the time delay between receiving the TT signal and sending the Probe Request frame.
  • the RTs 200 and 210 will be continuously capturing receive signal data and will use the Probe Request frame data in the snapshot buffer as a marker for where to look back in the buffer for the
  • the RTs 200 and 210 will terminate further capturing of data a short period of time later upon detecting the Probe Request frame.
  • the MRT 230 will send the time delay information it computed to the RT 200 and 210 so that the RTs can use it to locate the TT signal in their buffers with respect to the Probe Request frame.
  • the MRT 230 and RTs 200 and 210 will determine the time of arrival of the TT signal and the time of arrival of the Probe Request frame, and from that information compute the TDOA between the signals.
  • the MRT and RTs will send the TDOA data to the NS 4000, where the location is computed based on the TDOA data, or if preferable, the MRT may compute the location based on the TDOA data.
  • the data is processed in step 2030 to generate the TDOA data for each RT.
  • the reference waveform samples captured at RT* are used to correlate or compare against the data captured by the other RTs for the received second signal to determine time of arrival of the TT signal at each RT.
  • the RT* may send the reference waveform samples to each RT (or the NS may distribute the reference waveform samples to each RT) to enable each RT to correlate against captured receive signal data from the second signal to generate the TDOA data.
  • Each RT would already have a correlator to correlate to the first signal from the MRT, or the NS would perform that correlation.
  • the first signal is an IEEE 802.11 frame, such as a request-to-send (RTS) frame or a probe request frame which all of the RTs are capable of receiving and recognizing assuming they are all compliant with the
  • each RT may send its captured data for the second signal to the NS to allow the NS to correlate against the captured data for the second signal using the reference waveform samples obtained from the RT* in order to generate the TDOA data (after determimng the time of arrival of the first signal computed by the corresponding RT or by the NS).
  • the latter case requires that each RT sends all of its captured data to the NS, whereas the former case requires that the NS or RT* send the reference waveform samples to each RT to perform the correlation and compute the TDOA data.
  • the location of the TT is computed using the TDOA data obtained by each RT.
  • FIG. 3 illustrates an example of the reference waveform samples generated by RT*.
  • the output digital sample data from an analog-digital-converter in RT* for energy received for a TT transmission may resemble something like the graph shown in FIG. 3.
  • the reference waveform samples are compared against the received signal samples to determine time of arrival of the TT signal (and ultimately TDOA between the first and second signals).
  • the time of arrival of the TT signal may be with respect to a subset of samples of the received waveform determined to be distinguishable and easily identifiable.
  • a marker or reference point may be identified in the samples to select a subset of the entire waveform sample set, such as samples for a 100 ⁇ sec time period portion of the entire waveform.
  • the data samples of the entire received TT transmission can be used for correlation.
  • RT* may demodulate the received TT transmission to obtain the recovered data.
  • RT* may send the recovered data to the other RTs (or to the NS which in turn sends it to the other RTs) which re-modulate it to produce the reference waveform samples used to correlate against the captured data of the TT.
  • FIG. 4 is a block diagram of an exemplary RT or MRT. Any device that has an analog-to-digital converter (ADC) and access to its digital output, or access to the analog output of the receiver portion of the radio receiver may be made a collaborative device, insofar as the receiver output can be digitized and stored for the time interval(s) of interest.
  • ADC analog-to-digital converter
  • the terminal includes a radio receiver 308 that receives signals via an antenna 312.
  • An MRT (and the RTs as well) may have the ability to transmit and receive and therefore may have a radio transmitter 310 (which may be part of a radio transceiver that integrates the radio receiver and radio transmitter).
  • a switch 309 may couple the radio receiver or radio transmitter 310 to the antenna 312.
  • a baseband section 320 (which may be a separate integrated circuit) may be coupled to the ADCs 322 and DACs 324 via an RF interface 326.
  • Baseband signal processing may be performed in a baseband physical block (PHY) 328 in firmware.
  • PHY baseband physical block
  • a memory 332 is provided that is coupled to receive the digital output of the ADC 322 and may be any storage element or buffer memory capable of storing output of the ADC 322. It need not reside in the baseband section 320 proper.
  • the memory 332 should be large enough to store at least a portion of a first signal sent by the MRT and a portion of a second signal sent by the TT, as well as other miscellaneous information in the time interval between the signals. Examples of these signals are described further hereinafter.
  • the memory 332 may store the digital input samples to the DAC 324 that are used to transmit a first signal (in order to identify a reference time point of the first signal), as well as the digital output samples of the ADC 322 representing a received second signal (in order to identify a reference time point of the second signal).
  • the memory 332 may be part of a real-time spectrum analysis engine component called the SAGE 500.
  • the SAGE 500 is described in more detail hereinafter in conjunction with FIG. 5.
  • Higher level processing capability may be provided in an embedded processor 340 that executes, among other functions, a correlation process 342 like the one referred to above that may be performed by the NS.
  • the embedded processor 340 may execute instructions stored in a ROM 344 and/or RAM 346.
  • the baseband section 320 may be coupled to a host device 350 via a suitable interface 348, such as a universal serial bus (USB), PCI/Cardbus, or even an Ethernet connection/port.
  • a suitable interface 348 such as a universal serial bus (USB), PCI/Cardbus, or even an Ethernet connection/port.
  • the host device 350 has a host processor 352 that may also execute, among other functions, a correlation process 354.
  • the correlation process 354 in the host device 350 is the same as the correlation process
  • the correlation process 354 is the process that uses the reference waveform (determined as described above in conjunction with FIGs. 2 and 3) for determining time of arrival of the TT signal. In most cases, a signal correlator will be available and used in the correlation process 354 (342 or 420) for the first signal.
  • FIG. 4 A further variation is shown in which the RT may have the capability to execute the location computation process 430 in its embedded processor 340 or hosted processor 352 using the TDOA information obtained locally and collected (by wired or wireless link) from other RTs.
  • the SAGE 500 has the capability of generating characteristics of received signals that can be supplied to the NS by each RT to determine which RT should be considered RT*.
  • the SAGE 500 comprises a spectrum analyzer 510, a signal detector 520, a snapshot buffer 530 and a universal signal synchronizer 540.
  • the SAGE 500 receives digital data representing the output of an ADC (which may be included in the RF interface 326).
  • the spectrum analyzer 520 generates data representing a real-time spectrogram of a bandwidth of radio frequency (RF) spectrum, such as, for example, up to 100 MHz.
  • the output of the SA 520 may comprise power values for each of a plurality of frequency bins that spans a portion or substantially the entire frequency spectrum of interest.
  • the signal detector 520 detects signal pulses in the frequency band that satisfy a set of configurable pulse characteristics and outputs pulse event data for those detected pulses.
  • the pulse event data may include one or more of the start time, duration, power, center frequency and bandwidth of each detected pulse.
  • the signal detector 520 also provides pulse trigger outputs which may be used to enable/disable the collection of information by the snapshot buffer 530.
  • the signal detector 520 may include one or more pulse detectors each configured to detect pulses that satisfy a certain set of criteria.
  • the signal detector 520 may comprise a peak detector that detects power level above a certain threshold in a frequency bin of data output by the spectrum analyzer 510, and a pulse detector coupled to the peak detector that detects from the peak information pulses that meet the configured criteria.
  • the pulse event data output by the signal detector may be useful in determining the periodic or aperiodic nature of a signal whose source is to be located, or to classify by type (frequency hopper, cordless telephone, BluetoothTM, IEEE 802.1 lx, infant monitor, unknown, etc.) of signal to be located. Knowing the type of the signal to be located, or at least its transmit behavior, can be useful in deciding on what type of signaling process to use in order to obtain TDOA measurements to locate the source of the signal. Examples of signal classification techniques are described in commonly assigned and co-pending U.S. Application No. 10/246,364, filed September 18, 2002, entitled "System and Method for Signal Classification of Signals in a Frequency Band," U.S. Application No.
  • the signal detector 520 and spectrum analyzer 510 may be used to provide characteristic information of signals occurring in the frequency band, such as transmission of a TT.
  • Each RT may send data describing these characteristics to the NS to allow the NS to determine which RT should be designated RT*.
  • the snapshot buffer 530 is a memory that stores a set of raw digital receive data which is useful for the reasons described above.
  • the snapshot buffer 530 operates in a circular buffer fashion can be triggered to begin sample collection by either the signal detector 520 or from an external trigger source using the snapshot trigger signal SB TRIG.
  • the snapshot buffer 530 has two modes of operation: pre-store mode and post-store mode.
  • pre-store mode the snapshot buffer 300 writes continuously to the DPR 550 and stops writing and interrupts the embedded processor 340 when a snapshot trigger signal is detected.
  • a post-store mode the DPR write operation begins only after a trigger is detected.
  • a combination pre- and post-store scenario may be created to capture samples of the receive data signals both before and after a snapshot trigger condition.
  • the snapshot buffer 530 is an example of a controllable memory device that can store raw ADC data samples associated with received TT transmissions at an RT.
  • RT may send these samples to the NS to allow the NS to determine which RT should be RT*, together with (or without) signal characteristic information that can be generated by the spectrum analyzer 510 and signal detector 520.
  • the universal signal synchronizer 540 synchronizes to periodic signal sources, such as BluetoothTM SCO headsets and cordless phones.
  • the USS 540 interfaces with medium access control (MAC) logic 560 that manages scheduling of packet transmissions in the frequency band according to a MAC protocol, such as, for example, the IEEE 802.11 protocols.
  • the MAC logic 560 may generate the snapshot trigger signal SB_TRIG upon detecting a particular signal, such as the first signal transmitted by the MRT (e.g., an RTS) based on what the MAC logic 560 processes. This may be a useful feature for the location measurements techniques described herein, but it is not required.
  • the embedded processor 340 interfaces with the SAGE 500 to receive spectrum information output by the SAGE 500, and to control certain operational parameters of the SAGE 500.
  • the embedded processor 340 interfaces with SAGE 500 through the DPR 550 and the control registers 570.
  • the SAGE 500 interfaces with the embedded processor 340 through a memory interface (17F) 580 that is coupled to the DPR 550.
  • the SAGE 500 is a sub-system useful in a radio device to perform pulse level analysis of energy detected in a radio frequency band.
  • One feature of the SAGE 500 is to capture raw receive signal data in a memory (e.g., snapshot buffer).
  • the snapshot trigger signal that causes the memory to store data may be supplied by a suitably configured pulse detector forming a part of the signal detector component of the SAGE 500 (that is responsive to a signal pulse representative of the occurrence of the first signal), or from MAC logic that tracks the MAC protocol activity associated with signals communicated between devices in the frequency band and detects occurrence of the first signal. Further details on the SAGE 500 are disclosed in commonly assigned co-pending U.S. Application No. 10/246,365, filed September 18, 2002, entitled "System and Method for Real-
  • the location measurement process involves transmitting a first signal (also called the reference signal), that may be an outbound signal, from a terminal in the general proximity of the TT.
  • the first signal may be transmitted by the MRT at a known location, but may be transmitted also from a terminal whose location is not known.
  • TDOA measurements are computed between some reference point of the first signal and some reference point of the second signal (the wireless radio signal transmitted by the target device) at each of the known locations (e.g., at least two RTs, one of which may be the MRT). This time difference of arrival information is used to compute the location of the TT.
  • FIG. 6 illustrates a process 600 to obtain measurement data pertaining to the location of a TT in an environment such as that shown in FIG. 1.
  • signals that are transmitted by a device are indicated in solid lines and signals that are received by a device are indicated in dotted lines.
  • the NS identifies the appropriate RTs for the measurement process, and in step 610, sends a "start measurement" message to the MRT and RTs directing them to capture ADC receive signal data beginning at time T seconds from the arrival time of the NS message (T can be approximately 100 ms).
  • the various techniques for dealing with periodic TT transmission and aperiodic TT transmissions are described above.
  • the following description in conjunction with FIG. 6 assumes that the occurrence of the next TT can be predicted and the first signal is sent in advance of that transmission in the measurement experiment. It should be understood that if the terminal from where the first signal is transmitted is at an unknown location, then the "start measurement" message would be sent to that terminal and to the other RTs used in the measurement process. Instead of starting the memory to capture at a fixed time after the NS "start measurement” message, the pre-store/post-store features of the snapshot buffer 530 may be used in the RTs (thereby making it a variable trigger and reducing memory allocation requirements for the memory).
  • the MAC logic detects the first signal (e.g., RTS), and in response issues a SB_TRIG signal that is coupled to the buffer to start post-storing samples.
  • Still another alternative is for the MRT, or other terminal that will send the first signal, to coordinate the measurement, instead of the NS, by sending the "start measurement" message to the RTs to prepare for the measurement.
  • the "start measurement” technique is that if an RT or TT is relatively far from the MRT, the remote RT or TT will experience decreased signal-to-noise performance in correlating to the first signal. Therefore, if the RTs know in advance of an impending measurement, their memories can be activated before the first signal/second signal exchange, allowing sufficient capture of the data.
  • the MRT sends a first signal.
  • the first signal may be, for example, a request to send (RTS) packet used as part of the IEEE 802.1 lx communication standard assuming the RTs are 802.1 lx enabled.
  • RTS request to send
  • the MRT needs to note when the first signal was sent. One way to do this is to capture for storage in the memory the digital data representing the first signal that is supplied to the DAC input and when it was coupled to the DAC.
  • the TT transmission (the second signal) occurs.
  • the MRT and RTs receive and store receive signal data associated with the first and second signals in their memories.
  • FIG. 6 shows that the complete measurement interval extends from the beginning of a first signal to the beginning of the subsequent second signal.
  • the measurement interval need not be this long.
  • a shorter measurement interval may extend from just before the end of the first signal to just beyond the beginning of the subsequent second signal.
  • the ⁇ t that is measured is from a reference point (e.g., the end) of the first signal to a reference point (e.g., the beginning) of the second signal at the
  • the advantage of this measurement interval is that less data storage in the memory is required, which, among other things, reduces the memory allocation requirements.
  • FIGs. 7 and 8 show how to locate a TT 100 that does not operate with the same communication standard as the MRT 230 or other terminal that sends the first signal, useful for the reasons described above in conjunction with FIG. 2.
  • the TT 100 may be any non-802.11 device.
  • the TT 100 may be a device that transmits periodically or aperiodically.
  • the approximate transmit behavior (periodic or aperiodic) of the TT 100 is determined by listening at an RT to the TT's transmissions over time.
  • the TT 100 may be a cordless phone, BluetoothTM device, etc. that transmits periodically. Some cordless phones transmit periodically approximately every 10 ms.
  • FIG. 7 shows the transmission behavior of a TT that transmits periodically
  • FIG. 8 shows the transmission behavior of a TT that transmits aperiodically.
  • the first signal may be sent immediately before or after the TT's transmission, allowing the RTs to capture in their memories both the first signal and the second signal transmitted by the TT 100. Because the TT is periodic, the NS or MRT 230 (or other terminal) knows when to alert the RTs of an impending measurement cycle.
  • FIG. 7 shows that the first signal is transmitted just before the TT's transmission so that the measurement interval may extend from just before the MRT transmission to just after the TT transmission.
  • the TDOA information with respect to the MRT's first signal and the TT's second signal at two or more known locations is obtained in a manner similar to that described above.
  • the computations referred to above in connection with FIG. 6 (and described in more detail hereinafter) may then be performed in a similar manner to determine the location of the TT 100.
  • the first signal may be a periodic signal, such as any sync signal or pulse used by many communication standards that all RTs will receive as well as the TT's signal.
  • the IEEE 802.11 standard employs a Beacon interval to alert unassociated devices about the existence of a network. Even though the TT's transmission time may not be predictable, there will inevitably be a time interval where the periodic first signal will precede or follow the TT's transmission, sufficient to allow the RTs to obtain TDOA measurements.
  • the NS or MRT (or other terminal) can predict when a measurement interval will occur in order to alert the RTs of it so they know when to begin capturing data.
  • the terminal sending the first signal has the ability to communicate with the TT using the TT's communication protocol, then the terminal (e.g., MRT 230) can, for example, transmit a packet that the TT responds to with an ACK packet, and this exchange can be used to capture TDOA measurements at the RTs.
  • the RTs may send their captured receive signal data to the NS (either by wired or wireless link). If the RTs perform the correlation process locally, they send (either by wired or wireless link) the computed values ⁇ tj ⁇ to the NS.
  • the MRT uses a similar technique and reports ⁇ t 1 to the NS (or sends the captured receive signal data necessary for the NS to compute ⁇ ti).
  • ⁇ ti is the difference in arrival time between the second signal the MRT receives from the TT and the first signal that the MRT transmitted from one of its antennas.
  • the NS computes the location of the TT by solving the following equation for u and t:
  • the NS may take into account geometrical dilution of precision (GDOP) due to ill-conditioned Jacobian matrices.
  • Another approach to solving equation (1) is a closed-form approach which produces two candidate solutions for the location of the TT.
  • Many closed form approaches are known in the art.
  • An example of a closed-form approach is described in the paper Processing of Pseudorange Measurements: An Exact and Iterative Algorithm for the GPS Single Point Positioning, N. Crocetto et al., Proceedings of the Workshop International Cooperation and Technology Transfer - ISPRS Commission VI, Working Group 3, Perugia, 16-20 February 1998, pp. 134-
  • the accuracy of the measurements may be improved by determining the frequency error of the MRT clock.
  • One way to improve the frequency error is for the NS to send to the MRT start count and stop count signals separated by a fixed time period for several iterations to determine the frequency error in PPM of the
  • the basic location measurement principles described above can be adapted for conditions under which TDOA measurements need to be made at only 3 or as few as 2 known locations.
  • one coordinate of the TT is known (e.g., a vertical position for same-floor measurements)
  • TDOA measurements at only 3 known locations are required to solve equations (1) & (2) since the z-coordinate of the position vector u is known.
  • FIG. 10 illustrates a block diagram of a terminal (MRT, RT and/or TT) useful in variations to the process shown in FIG. 6 and for performing a hypothesis test to resolve location ambiguity in solving equation (1).
  • FIG. 10 is similar to that of FIG. 4, except that the terminal has multiple (e.g., 2 or more) antennas 312(1), 312(2) through 312(N) and multiple (e.g., 2 or more) radio receivers 308(1), 308(2) through 308(N) each of which can process a signal for a corresponding one of the antennas.
  • the RT is also an MRT or TT, it may include multiple radio transmitters 310(1), 310(2) to 310(N) associated with a corresponding antenna.
  • MIMO multiple-input multiple-output
  • CBF composite beamforming
  • the CBF process computes and applies transmit weights against component signals (of one or more transmit signal(s)) that are sent simultaneously via individual antennas to another device. Likewise, the CBF process computes and applies receive weights against component signals (of one or more receive signals(s)) that are received via individual antennas from another device.
  • transmit weights against component signals of one or more transmit signal(s)
  • receive weights against component signals of one or more receive signals(s)
  • the antennas receive the (e.g., the first signal and the second signal) received by each of the antennas.
  • the MRT computes the quantity
  • Techniques to generate weights that direct a beam from a multiple antemia (or antenna array) device to a particular location are well known in the art, and are therefore not described herein.
  • this angle of arrival technique may not work, but there are several other techniques known in the art (and thus not described herein) that can be used to resolve the proper location from the two solutions.
  • the position of the TT is modeled to be a random vector U that can take on either position u ⁇ > or Uo' with equal probability.
  • Each RT has a plurality of antennas to at least receive signals, and specifically the capability to store data associated with the signal transmitted by the TT (referred to as the "second signal" above) and received at each of its plurality of antennas.
  • the channel response between the plurality of antennas of the RT; and the TT depends on the position U of the TT.
  • H r(U,Uj) is the candidate channel response vector between RTj and the TT at position U and is a function -T of U and Ui. Since U is random, H is a discrete random vector that is either -T(uo, uj) or r(uo', Uj).
  • the distances between the TT antenna(s) at each candidate position u 0 and uo' and each antenna of RTj is known because, by definition, the position of the RT (and specifically each of the RTj's antennas) are known. Assuming a line-of-sight
  • the candidate channel response vectors r(uo, U J ), r(uo', U J ) for RTj can be computed using this information for the candidate positions uo and u ⁇ of the TT.
  • the LOS channel is used as an estimate.
  • Each RT need not have the same number (M) of antennas.
  • the NS computes the two candidate channel response vectors T(uo, Ui), r(u 0 ', u;) for each
  • the NS selects as the TT position the position u that maximizes the conditional probability:
  • the NS may normalize vectors ; and hi such that
  • the vectors gi and h; are not normalized, the RTs that are closer to the actual position of the TT contribute more to the sum than without normalization.
  • angle-of-arrival e.g., phase
  • the RT can generate relative phase information at each antenna when receiving the second signal from the TT at each antenna.
  • a confidence score can be assigned to the two candidate locations u 0 or Uo' for the perspective of that RT.
  • the confidence score may be a "soft" decision that varies between two values (e.g., -1, to 1) or a hard decision (e.g., 0 or 1).
  • the confidence scores for all RTs are summed to produce a total score to select one of the two candidate positions as the actual position of the TT.
  • the MRT or TT has multiple antennas, similar to the block diagram shown in FIG. 10.
  • the MRT may use one antenna path to transmit the first signal, and use another path to simultaneously receive the first signal and store the ADC samples of the first signal it in its memory.
  • the TT may use one antenna path to transmit the second signal, and use another path to simultaneously receive the second signal, and store the ADC samples of it in its memory.
  • TT may store in its memory the digital input to its DAC that are used to transmit the second signal.
  • FIGs. 12 and 13 illustrate other ways to obtain reference time difference of arrival measurements in order to perform the location computations described above in conjunction with FIG. 6. Again, reference is made to Table 1 above.
  • an RT such as the MRT 230, has at least four antennas 312(1), 312(2), 312(3) and 312(4) and multiple radio receivers, giving it the ability to detect the second signal separately at each antenna, as described above in conjunction with FIG. 10.
  • the time of arrival measurements at each of the antennas of the MRT may be used to perform the measurement computations. Under these conditions, no other RT is needed for the measurement process.
  • FIG. 13 there are one or two RTs 200 and 210 each having two antennas.
  • the TDOA measurements at each of the two antennas of each RT can be obtained and used for the location computations.
  • FIGs. 12 and 13 as explained in Table 1, if one coordinate (e.g., the vertical position (z)) of the TT is known and the TT is a collaborative device, then the measurements at each of two antennas of an RT can be obtained and used to compute the remaining two coordinates (e.g., x and y). Consequently, TDOA measurements can be obtained all at a single device.
  • the MRT 230 may also transmit the first signal used in the measurement process using one of its two or more antennas, and it can receive the first signal at each of its other two or more antennas where the second signal from the TT will also be received.
  • the entire location measurement process can be initiated from a single device.
  • that single device e.g., MRT 230
  • MRT 230 may have capability to execute both the correlation process and the location computation process locally such that the TDOA measurements can be obtained and the location of the TT computed at a single device.
  • a multiple antenna RT e.g., MRT
  • FIG. 14 shows an example of a coverage map that can be generated using the location measurement techniques described herein.
  • the coverage map integrates the locations of multiple devices into a visual display of an area, such as an office space.
  • the coverage map may show the locations of APs and STAs as well as areas of no coverage and areas of interference.
  • One application is to locate devices associated with problems or security breaches, which have particular utility in large multiple- AP enterprise type WLANs. For example, if a device is determined to be operating without authority in a WLAN, its location can be determined to disable that device.
  • a WLAN AP could attempt to go active in an existing WLAN environment using an identifier, such as a service set identifier (SSID) that is not authorized. When such an AP begins transmitting, its SSID can be captured and compared against a database of valid SSIDs to determine whether it is a valid AP. If it is not a valid AP, then its location can be determined to disable it.
  • SSID service set identifier
  • a fraudulent STA associates with a STA masquerading as a valid STA using the MAC address of a valid STA
  • techniques can be used to determine if its signal pulse profile matches the signal pulse profile of the valid STA (based on stored data). When there is a mismatch, then the fraudulent STA can be located and disabled.
  • Still another application is to use device location as an indicator of whether the device is a valid or authorized device.
  • a so called "parking lot" attack on a WLAN occurs when a device outside the normal perimeter of a building associates with a WLAN inside a building or premises, possibly breaching security to a wired network server.
  • the location of all devices in a WLAN can be tracked. If a device is outside a predetermined boundary, an alert can be generated that indicates a possible unauthorized device receiving signals on the WLAN.
  • FIG. 14 shows an example for displaying on a coverage map an icon where a device has been detected outside a boundary indicated at reference numeral 1000. Actions can be taken to disable that device.
  • a device may be permitted to roam further from the normal coverage area of the WLAN if it can supply a suitable password or authorization code (that matches a code in a database) in response to an request sent to the device when it is determined that its location is outside the predetermined boundary.
  • a suitable password or authorization code that matches a code in a database
  • Still another application of location measurement is to detect when there is an unauthorized user obtaining access to a WLAN from a location outside of an authorized region.
  • the location a source of interference can be located using the techniques described herein.
  • a denial-of-service attack on a wireless network may take the form of a powerful noise signal being emitted.
  • the source ofthat emitter can be located using these techniques.
  • Another example is determining the location of an interfering signal.
  • an interfering signal may be any non- WLAN signal that transmits on a periodic or aperiodic basis.
  • a method for determining a location of a source of a wireless radio signal comprising steps of: receiving the wireless radio signal at a plurality of known locations to generate receive signal sample data representative thereof at each known location; using the receive signal sample data obtained at one of the known locations as a reference waveform, determining the time of arrival of the wireless radio signal at each of the known locations; computing the time difference between the time of arrival of the wireless radio signal and time of arrival of a reference signal at each of the known locations; and determining a location of the source of the wireless radio signal based on the time difference of arrival measurements at the plurality of known locations.
  • a system for determining the location of a target device that transmits a wireless radio signal, comprising: a plurality of radio devices that act as reference terminals and receive radio signals at corresponding known locations; and a computing device (e.g., a server) coupled to the plurality of radio devices that computes a location of the source of the wireless radio signal based on time differences between arrival of the wireless radio signal and a reference signal at each of the radio devices, wherein arrival of the wireless radio signal at each of the radio devices is determined using receive signal sample data of the wireless radio signal at one of the radio devices as a reference waveform.
  • a computing device e.g., a server
  • Each of the reference terminals has, among other components, a radio receiver and a memory to store the data associated with their reception of the signals to enable determination of the precise time of arrival of the signals.
  • a processor readable medium is provided that is encoded with instructions that, when executed by a processor, cause the processor to compute a location of a radio device based on a first time difference between arrival of a first signal at a first known location and arrival of a second signal transmitted by the radio device at the first known location, and at least a second time difference between arrival of the first signal at a second known location and arrival of the second signal at the second known location, where samples of the second signal received at one of the first and second known locations are used as a reference waveform to correlate to the second signal in order to determine time of arrival of the second signal.
  • the above description is intended by way of example only.

Abstract

A system and method for determining the location of a source (target device) of a wireless radio signal of an unknown or arbitrary type for which a signal correlator is not known or available. The target device’s signal is received at a plurality of known locations to generate receive sample data representative thereof at each known location. Receive signal data samples associated with the target device’s signal at one of the plurality of known locations is selected to be used as a reference waveform. For example, information concerning the target device’s signal received at each known location is compared to determine the known location that best receives it. The receive signal sample data obtained by the known location that best receives the target device’s signal is used as the reference signal. The reference signal and the target device’s signal are received at the plurality of known locations. The reference waveform is used to correlate against the received signal data obtained at each known location to determine the time of arrival of the target device’s signal. The time difference between arrival of the target device’s signal and arrival of the reference signal at each of the known locations is computed. A location of the source of the wireless radio signal is computed based on the time difference of arrival measurements at the plurality of known locations.

Description

SYSTEM AND METHOD FOR LOCATING SOURCES OF UNKNOWN
WIRELESS RADIO SIGNALS
This application claims priority to U.S. Provisional Application No. 60/469,647 filed May 12, 2003 and to U.S. Provisional Application No. 60/319,737 filed November 27, 2002, is a continuation-in-part of U.S. Application No. 10/409,563, filed April 8, 2003. The entirety of each of these applications is incorporated herein by reference.
BACKGROUND OF THE INVENTION
Radio location measurement techniques are known in the art. Many of these techniques require one or more of: recognition of special location signals, dedicated and cost-additive hardware resources, and higher speed processing in what is preferred to be a lower cost wireless device. The aforementioned co- pending non-provisional application is directed to location measurement techniques that do not require that measurements at each known location be time- synchronized.
It is possible that in the frequency band and locality where radio communication operation is occurring, an interfering signal source may be activated which can affect the performance of some desired radio communication, such as an IEEE 802.11 wireless local area network (WLAN). hi this case, it would be desirable to locate that signal source in order to investigate it further and/or re-position other radio communication devices around it. However, if the transmissions of the signal source are not of a known type, current location measurement techniques are not readily applicable.
Techniques are needed to locate the source of a signal that is of an unknown or arbitrary type, such as sources of signal transmissions for which a signal correlator is not known or available.
SUMMARY OF THE INVENTION
Briefly, a system and method are provided for determining the location of a source (target device) of a wireless radio signal of an unknown or arbitrary type for which a signal correlator is not known or available. The wireless radio signal ϊ transmitted by the target device is received at a plurality of known locations to generate receive sample data representative thereof at each known location. Receive signal data samples associated with the wireless radio signal at one of the plurality of known locations is selected to be used as a reference waveform. For example, data concerning the reception of the wireless radio signal at each known location is compared to determine the known location that best receives it. The receive signal data samples obtained at the known location that best receives the target device signal is used as the reference waveform. A variety of criteria may be used to select the receive signal data samples to be used as the reference waveform. A measurement experiment is run in which the target device's signal is followed or preceded relatively close in time by a transmission of a reference signal. The reference signal and the target device's signal are received at the plurality of known locations. The reference waveform is used to correlate against the received signal data obtained at each known location to determine the time of arrival of the target device's signal. The time difference between arrival of the target device's signal and arrival of the reference signal at each of the known locations is computed. A location of the target device is computed based on the time difference of arrival measurements at the plurality of known locations.
Other objects and advantages of the present invention will become more readily apparent when reference is made to the following description in conjunction with the accompanying drawings.
BRIEF DESCRIPTION OF THE DRAWINGS
FIG. 1 is a block diagram of a wireless environment in which location measurement may be useful.
FIG. 2 is a flow chart for a procedure to locate a source of a wireless radio signal for which a correlator is not known or available.
FIG. 3 is a diagram that shows how receive signal samples of the wireless radio signal at a terminal are used as a reference waveform to correlate against the received wireless radio signal at other reference terminals.
FIG. 4 is an exemplary block diagram of a terminal that is useful in the location measurement techniques described herein. FIG. 5 is a block diagram of a component useful in a terminal, where the component has a memory to store data useful in the location measurement techniques described herein.
FIG. 6 is a timing diagram showing a process for collecting location measurement data to locate a target terminal (TT).
FIGs. 7 and 8 are timing diagrams illustrating techniques to locate target terminals that do not necessarily obey the same communication protocol rules as a master reference terminal (MRT).
FIG. 9 is a diagram illustrating the equations used to compute the location of a terminal using time difference of arrival measurements.
FIG. 10 is a block diagram of another type of terminal having multiple antennas that is useful for enhanced location measurement techniques.
FIG. 11 is a block diagram showing one of two possible positions of the TT with respect to a reference terminal (RT). FIGs. 12 and 13 are block diagrams of other location measurement configurations possible with the use of terminals having multiple antennas.
FIG. 14 is a diagram showing an exemplary coverage map of a wireless network that can be created using the techniques described herein.
DETAILED DESCRIPTION OF THE DRAWINGS
The Location Measurement Process Generally
FIG. 1 illustrates a wireless radio environment 10 having multiple tenninals. The environment 10 maybe, for example, an IEEE 802.11 WLAN, and the terminals may be access points (APs) or stations (STAs). It is useful to know the location of various terminals for security and other network management reasons. A rogue device (STA or AP) may attempt to access the network, and if so, it would be desirable to locate it. Alternatively, the device to be located may be a non- WLAN device, such as a cordless phone, microwave oven, Bluetooth™ device, or even a device of an unknown type etc., that operates in the same frequency band as the WLAN terminals, potentially interfering with the WLAN operation. It would be desirable to locate an interfering device. In FIG. 1, a target terminal (TT) 100 is the device (also called a target device) whose location u is to be measured. There are one or more reference terminals (RTs) 200, 210 and 220 (e.g., AP or STA) each at a known location Uj =
[XJ, yϊ, Zj]), and a master reference terminal (MRT) 230 (e.g., AP or STA) at a known location u ). Alternatively, as will be described hereinafter, the known location may consist of one antenna of a multi-antenna RT. A computing device, such as a network server (NS) 400, is coupled to each RT using a wired network connection or a wireless network connection directly or through one of the other terminals (such as the MRT 230) that may also act as an AP. Generally, the location measurement process involves using time difference of arrival (TDOA) measurements at two or more known locations. Any terminal at a known or unknown location in the general proximity of the TT transmits a first radio signal. For example, the MRT 230 transmits a first (radio) signal. The TT 100 transmits a second (radio) signal. The first signal may be transmitted before or after the second signal. The arrival of the first signal and the second signal at two or more known locations (e.g., RTs including the MRT 230) is determined and a time difference is computed for each known location. The TDOA measurements are then used to compute the location of the TT 100. The advantage of this process is that the clocks of the various devices used for measurement do not need to be synchronized, which in many cases would require additional hardware or software processing. Moreover, it is possible, but not required, to execute the computations performed by the location process entirely in non-real-time using software. This process may be performed in an indoor or outdoor wireless radio environment. The locations of the MRT 230 and RTs 200, 210 and 220 are known through a priori knowledge, such as by physical measurement, through the use of global positioning systems (GPS) or through the use of the techniques described herein.
In the aforementioned co-pending and commonly assigned applications it was assumed that the TT transmitted a signal of a known type for which the RTs and/or NS had a correlator available to correlate to it in order to precisely determine time of arrival of the TT's signal, for computing the TDOA measurements. However, the TT's signal may be unknown to the RTs such that they do not have a correlator available to correlate to it. As is known in the art, signal correlators are used to precisely determine the occurrence of a particular type of signal, and as such are useful to precisely determine time of arrival of a signal
(or of some reference point in that signal). Techniques are provided herein to locate sources of radio signals in which the devices used in the measurement process do not have a signal correlator or correlation process for the TT signal used in the measurement process. For example, the TT may be a completely rogue or unknown device, or the TT may be a device of a generally known type transmitting a signal with a known modulation type, but the TT is transmitting one or more signals (packet, frame or message types, etc.) for which the RTs do not have a correlator.
The NS 400 is a computing device (e.g., PC, server computer, etc.) that comprises a processor 410 and executes a location computation process 430 described hereinafter. The NS 410 may also execute a correlation process 420 that is described hereinafter. The correlation process 420 determines the time of arrival measurements of the various signals, and may also compute the TDOA data from the time of arrival data, or the TDOA computation is performed by a separate process. The location computation process 430 uses the TDOA data to compute the location of the TT 100. The correlation process for data collected at each of several RTs 200, 210 and 220 may be executed in the NS 400, or may be executed in the RTs 200, 210 and 220 themselves on an embedded or hosted processor. In any case, the computations that the RTs and/or NS perform may be done entirely in software and in non-real-time, saving significant costs in silicon area which would otherwise be required in a terminal device. The TDOA measurements may be computed by cross-correlating the received waveform with a very long reference waveform. Noise averaging due to a long correlator enhances the measurement SNR, but does not increase the silicon area/device cost since the correlator is implemented in software. An advantage of using a computing resource (and software) that may have greater processing capability than any of the RTs to perform the correlation process 420 and the location computation process 430 is that the RTs can be very inexpensive radio receiver devices, in a most basic form. In addition, the signals received by the RTs can be relatively weak because the correlation process 420 applied to that data can be powerful enough (since it can be executed on a computer, e.g., NS) to extract the important time of arrival information from the captured data at each RT. However, any RT (such as the
MRT) that has sufficient processing capability may perform the correlation and even location measurement computations. The data or measurements at the other
RTs would be sent to that RT.
One or more of the RTs 200, 210 and 220 and the MRT 230 shown in FIG.
1 have the capability of capturing and storing in a memory receive signal data output by the radio receiver of the device beginning at a specified time and for a specified time period. Terminals having this capability are hereinafter referred to as "collaborative" devices or terminals, and terminals that do not have this capability are referred to as non-collaborative devices or terminals.
The number of required time difference of arrival measurements at different known locations depends on the availability of other factors, but in general, measurements need to be made at at least two known locations. Table 1 below shows the number of measurements that are needed depending on other factors, such as whether one coordinate of the TT is known or the TT is a collaborative device. In all of the cases identified in the table below, there will be location ambiguity because the equations that are solved for the location computations will yield two solutions. The correct one of the two solutions needs to be chosen. As described hereinafter, there are at least two options to deal with this location ambiguity. First, a TDOA can be taken at an additional known location (e.g., RT). Second, a hypothesis test can be performed to identify the correct location solution. Examples of hypothesis tests are described hereinafter in conjunction with FIG. 10. Table 1 : Minimum Number of Known Locations for Locating a TT Given Other Factors
Figure imgf000009_0001
Turning to FIG. 2, a flow chart is shown for a process useful when the TT
100 has been transmitting and from its transmissions, the RTs or NS (after processing data captured by the RTs) have determined that the TT signal is a type for which the RTs or NS do not have a signal correlator that can be used to precisely determine time of arrival of the TT signal, h step 2000, the RTs that are in sufficient proximity to the TT 100 will receive the TT's transmission. The RTs will generate information describing the received TT transmission, such as signal pulse characteristics, including pulse power (signal strength), pulse bandwidth, pulse center frequency, pulse duration, etc. An example of a component capable of generating this information is described hereinafter. The RTs will transmit some or all of the TT-descriptive information (or alternatively the captured data itself) to the MRT and or NS. In step 2010, the MRT or NS will compare the TT-descriptive inforaiation (or raw captured data) of each RT to determine which RT likely captures the best sampled data of the received TT signal. The best sampled data may be the one that has one or more of the greatest received signal strength or power, longest duration, widest bandwidth, etc. That RT is designated RT* and the samples it obtains of received TT signals is used to as a reference waveform to determine time of arrival of the TT signal at each RT.
Once RT* has been designated, in step 2020, a location measurement procedure is run. The NS or MRT may determine based on observed activity of the TT that it transmits periodically. If the TT transmits periodically, the NS or MRT can predict when the next TT transmission will occur and send a signal to the RTs to alert them of the time and duration of an impending location measurement experiment. The MRT will then transmit a first signal just prior to or after the TT transmission in order to allow the RTs to receive both the first signal and the TT's signal (the second signal) and capture data related to their reception of each signal. If the TT is determined to be an aperiodic transmitter, then there are several ways of capturing sufficient data. A first method is for the NS to command the MRT to perform a trial and error process whereby the MRT alerts the RTs to begin capturing data periodically for a certain time duration, and the MRT will transmit a first signal on that periodic basis in order to attempt to capture a TT transmission after the first signal. The RTs will come up periodically and receive energy to capture data that includes the MRT's first signal and eventually the TT's second signal thereafter.
A second technique is to alert the RTs to capture data in response to, and for a time duration following, detecting the TT's signal. This would involve the RTs triggering by received signal strength of the TT's signal, and using a mark some time period into the TT's signal as a reference point. The MRT would transmit the first signal periodically and its arrival would also be captured at the RTs during this time period. A third technique is for the NS or MRT to put the RTs in a continuous capture mode whereby the RTs store sample data continuously (in a circular buffer) and stop storing once they detect the MRT's signal. The data captured at the RTs would eventually include arrival of the TT's signal as well as arrival of the MRT's signal, sufficient to generate TDOA data. Another technique for setting up and executing the location operation is as follows. The NS 400 sends a set-up message to each of the RTs 200 and 210 that are to be used in the location process. The set-up message will include the address of the MRT 230, the frequency channel to be used for the location operation and information advising the MRT 230 to configure the pulse detector(s) in its SAGE block to generate a trigger signal upon detecting the TT's signal. The MRT 230 and RTs 200 and 210 will configure themselves, and send a ready signal to the NS 400 or MRT 230. In response to detecting the TT signal, the MRT 230 transmits a Probe
Request frame (a frame that is part of the IEEE 802.11 communication standard) or another frame that can be uniquely identified by each RT in their snapshot buffers.
In doing so, the MRT 230 will compute the time delay between receiving the TT signal and sending the Probe Request frame. The RTs 200 and 210 will be continuously capturing receive signal data and will use the Probe Request frame data in the snapshot buffer as a marker for where to look back in the buffer for the
TT signal. The RTs 200 and 210 will terminate further capturing of data a short period of time later upon detecting the Probe Request frame. The MRT 230 will send the time delay information it computed to the RT 200 and 210 so that the RTs can use it to locate the TT signal in their buffers with respect to the Probe Request frame.
Using a suitable reference waveform for the TT signal as described above in conjunction with FIGs. 2 and 3, the MRT 230 and RTs 200 and 210 will determine the time of arrival of the TT signal and the time of arrival of the Probe Request frame, and from that information compute the TDOA between the signals. The MRT and RTs will send the TDOA data to the NS 4000, where the location is computed based on the TDOA data, or if preferable, the MRT may compute the location based on the TDOA data. Once the location measurement experiment has been run in step 2020 and the RTs have captured data representing reception of the first and second signals, the data is processed in step 2030 to generate the TDOA data for each RT. The reference waveform samples captured at RT* are used to correlate or compare against the data captured by the other RTs for the received second signal to determine time of arrival of the TT signal at each RT.
In step 2030, the RT* may send the reference waveform samples to each RT (or the NS may distribute the reference waveform samples to each RT) to enable each RT to correlate against captured receive signal data from the second signal to generate the TDOA data. Each RT would already have a correlator to correlate to the first signal from the MRT, or the NS would perform that correlation. For example, the first signal is an IEEE 802.11 frame, such as a request-to-send (RTS) frame or a probe request frame which all of the RTs are capable of receiving and recognizing assuming they are all compliant with the
IEEE 802.11 standard. Alternatively, each RT may send its captured data for the second signal to the NS to allow the NS to correlate against the captured data for the second signal using the reference waveform samples obtained from the RT* in order to generate the TDOA data (after determimng the time of arrival of the first signal computed by the corresponding RT or by the NS). The latter case requires that each RT sends all of its captured data to the NS, whereas the former case requires that the NS or RT* send the reference waveform samples to each RT to perform the correlation and compute the TDOA data. In step 2040, the location of the TT is computed using the TDOA data obtained by each RT.
It is possible that the location measurement process may be repeated several times (using the same or different RT as RT*) in order to obtain an accurate location measurement for the TT. FIG. 3 illustrates an example of the reference waveform samples generated by RT*. The output digital sample data from an analog-digital-converter in RT* for energy received for a TT transmission may resemble something like the graph shown in FIG. 3. The reference waveform samples are compared against the received signal samples to determine time of arrival of the TT signal (and ultimately TDOA between the first and second signals). The time of arrival of the TT signal may be with respect to a subset of samples of the received waveform determined to be distinguishable and easily identifiable. For example, a marker or reference point may be identified in the samples to select a subset of the entire waveform sample set, such as samples for a 100 μsec time period portion of the entire waveform. On the other hand, the data samples of the entire received TT transmission can be used for correlation.
As an alternative, if the baseband modulation of the TT's signal is known (but a correlator for the particular packet type sent by the TT is not), RT* may demodulate the received TT transmission to obtain the recovered data. RT* may send the recovered data to the other RTs (or to the NS which in turn sends it to the other RTs) which re-modulate it to produce the reference waveform samples used to correlate against the captured data of the TT. Exemplary Collaborative Devices
FIG. 4 is a block diagram of an exemplary RT or MRT. Any device that has an analog-to-digital converter (ADC) and access to its digital output, or access to the analog output of the receiver portion of the radio receiver may be made a collaborative device, insofar as the receiver output can be digitized and stored for the time interval(s) of interest.
The terminal includes a radio receiver 308 that receives signals via an antenna 312. An MRT (and the RTs as well) may have the ability to transmit and receive and therefore may have a radio transmitter 310 (which may be part of a radio transceiver that integrates the radio receiver and radio transmitter). A switch 309 may couple the radio receiver or radio transmitter 310 to the antenna 312. A baseband section 320 (which may be a separate integrated circuit) may be coupled to the ADCs 322 and DACs 324 via an RF interface 326. Baseband signal processing may be performed in a baseband physical block (PHY) 328 in firmware. A memory 332 is provided that is coupled to receive the digital output of the ADC 322 and may be any storage element or buffer memory capable of storing output of the ADC 322. It need not reside in the baseband section 320 proper. The memory 332 should be large enough to store at least a portion of a first signal sent by the MRT and a portion of a second signal sent by the TT, as well as other miscellaneous information in the time interval between the signals. Examples of these signals are described further hereinafter. In the case where the terminal is the MRT 230, the memory 332 may store the digital input samples to the DAC 324 that are used to transmit a first signal (in order to identify a reference time point of the first signal), as well as the digital output samples of the ADC 322 representing a received second signal (in order to identify a reference time point of the second signal). The memory 332 may be part of a real-time spectrum analysis engine component called the SAGE 500. The SAGE 500 is described in more detail hereinafter in conjunction with FIG. 5. Higher level processing capability may be provided in an embedded processor 340 that executes, among other functions, a correlation process 342 like the one referred to above that may be performed by the NS. The embedded processor 340 may execute instructions stored in a ROM 344 and/or RAM 346.
The baseband section 320 may be coupled to a host device 350 via a suitable interface 348, such as a universal serial bus (USB), PCI/Cardbus, or even an Ethernet connection/port. The host device 350 has a host processor 352 that may also execute, among other functions, a correlation process 354. The correlation process 354 in the host device 350 is the same as the correlation process
342 in the embedded processor 340 which is the same as the correlation process
420 in the NS 400. It need not be performed in all locations, but only in one of these locations. The correlation process 354 (342 or 420) is the process that uses the reference waveform (determined as described above in conjunction with FIGs. 2 and 3) for determining time of arrival of the TT signal. In most cases, a signal correlator will be available and used in the correlation process 354 (342 or 420) for the first signal. A further variation is shown in FIG. 4 in which the RT may have the capability to execute the location computation process 430 in its embedded processor 340 or hosted processor 352 using the TDOA information obtained locally and collected (by wired or wireless link) from other RTs.
One example of a system that includes a memory useful in a terminal to make it collaborative is a real-time spectrum analysis engine (SAGE) 500 shown in FIG. 5. Moreover, the SAGE 500 has the capability of generating characteristics of received signals that can be supplied to the NS by each RT to determine which RT should be considered RT*. The SAGE 500 comprises a spectrum analyzer 510, a signal detector 520, a snapshot buffer 530 and a universal signal synchronizer 540. The SAGE 500 receives digital data representing the output of an ADC (which may be included in the RF interface 326). The spectrum analyzer 520 generates data representing a real-time spectrogram of a bandwidth of radio frequency (RF) spectrum, such as, for example, up to 100 MHz. The output of the SA 520 may comprise power values for each of a plurality of frequency bins that spans a portion or substantially the entire frequency spectrum of interest.
The signal detector 520 detects signal pulses in the frequency band that satisfy a set of configurable pulse characteristics and outputs pulse event data for those detected pulses. The pulse event data may include one or more of the start time, duration, power, center frequency and bandwidth of each detected pulse. The signal detector 520 also provides pulse trigger outputs which may be used to enable/disable the collection of information by the snapshot buffer 530. The signal detector 520 may include one or more pulse detectors each configured to detect pulses that satisfy a certain set of criteria. The signal detector 520 may comprise a peak detector that detects power level above a certain threshold in a frequency bin of data output by the spectrum analyzer 510, and a pulse detector coupled to the peak detector that detects from the peak information pulses that meet the configured criteria. The pulse event data output by the signal detector may be useful in determining the periodic or aperiodic nature of a signal whose source is to be located, or to classify by type (frequency hopper, cordless telephone, Bluetooth™, IEEE 802.1 lx, infant monitor, unknown, etc.) of signal to be located. Knowing the type of the signal to be located, or at least its transmit behavior, can be useful in deciding on what type of signaling process to use in order to obtain TDOA measurements to locate the source of the signal. Examples of signal classification techniques are described in commonly assigned and co-pending U.S. Application No. 10/246,364, filed September 18, 2002, entitled "System and Method for Signal Classification of Signals in a Frequency Band," U.S. Application No. 10/420,362, filed April 22, 2003 and entitled "System and Method for Classifying Signals Occurring in a Frequency Band," and U.S. Application No. 10/628,603, filed July 28, 2003 and entitled "System and Method for Classifying Signals Using Timing Templates, Power Templates and Other Techniques."
Thus, the signal detector 520 and spectrum analyzer 510 may be used to provide characteristic information of signals occurring in the frequency band, such as transmission of a TT. Each RT may send data describing these characteristics to the NS to allow the NS to determine which RT should be designated RT*.
The snapshot buffer 530 is a memory that stores a set of raw digital receive data which is useful for the reasons described above. The snapshot buffer 530 operates in a circular buffer fashion can be triggered to begin sample collection by either the signal detector 520 or from an external trigger source using the snapshot trigger signal SB TRIG. Furthermore, the snapshot buffer 530 has two modes of operation: pre-store mode and post-store mode. In a pre-store mode, the snapshot buffer 300 writes continuously to the DPR 550 and stops writing and interrupts the embedded processor 340 when a snapshot trigger signal is detected. In a post-store mode, the DPR write operation begins only after a trigger is detected. A combination pre- and post-store scenario may be created to capture samples of the receive data signals both before and after a snapshot trigger condition. Thus, the snapshot buffer 530 is an example of a controllable memory device that can store raw ADC data samples associated with received TT transmissions at an RT. Each
RT may send these samples to the NS to allow the NS to determine which RT should be RT*, together with (or without) signal characteristic information that can be generated by the spectrum analyzer 510 and signal detector 520.
The universal signal synchronizer 540 synchronizes to periodic signal sources, such as Bluetooth™ SCO headsets and cordless phones. The USS 540 interfaces with medium access control (MAC) logic 560 that manages scheduling of packet transmissions in the frequency band according to a MAC protocol, such as, for example, the IEEE 802.11 protocols. The MAC logic 560 may generate the snapshot trigger signal SB_TRIG upon detecting a particular signal, such as the first signal transmitted by the MRT (e.g., an RTS) based on what the MAC logic 560 processes. This may be a useful feature for the location measurements techniques described herein, but it is not required.
The embedded processor 340 interfaces with the SAGE 500 to receive spectrum information output by the SAGE 500, and to control certain operational parameters of the SAGE 500. The embedded processor 340 interfaces with SAGE 500 through the DPR 550 and the control registers 570. The SAGE 500 interfaces with the embedded processor 340 through a memory interface (17F) 580 that is coupled to the DPR 550.
To summarize, the SAGE 500 is a sub-system useful in a radio device to perform pulse level analysis of energy detected in a radio frequency band. One feature of the SAGE 500 is to capture raw receive signal data in a memory (e.g., snapshot buffer). The snapshot trigger signal that causes the memory to store data may be supplied by a suitably configured pulse detector forming a part of the signal detector component of the SAGE 500 (that is responsive to a signal pulse representative of the occurrence of the first signal), or from MAC logic that tracks the MAC protocol activity associated with signals communicated between devices in the frequency band and detects occurrence of the first signal. Further details on the SAGE 500 are disclosed in commonly assigned co-pending U.S. Application No. 10/246,365, filed September 18, 2002, entitled "System and Method for Real-
Time Spectrum Analysis in a Communication Device," and in commonly assigned co-pending U.S. Application No. 10/420,511, filed April 22, 2003, entitled
"System and Method for Real-Time Spectrum Analysis in a Radio Device," the entirety of both of which is incorporated herein by reference.
The Location Measurement Process in More Detail
The location measurement process involves transmitting a first signal (also called the reference signal), that may be an outbound signal, from a terminal in the general proximity of the TT. The first signal may be transmitted by the MRT at a known location, but may be transmitted also from a terminal whose location is not known. TDOA measurements are computed between some reference point of the first signal and some reference point of the second signal (the wireless radio signal transmitted by the target device) at each of the known locations (e.g., at least two RTs, one of which may be the MRT). This time difference of arrival information is used to compute the location of the TT.
FIG. 6 illustrates a process 600 to obtain measurement data pertaining to the location of a TT in an environment such as that shown in FIG. 1. To facilitate understanding of FIG. 6, signals that are transmitted by a device are indicated in solid lines and signals that are received by a device are indicated in dotted lines. As many as four locations uι-u may be known at the NS, such as for the MRT and the other RTs. Initially, the NS identifies the appropriate RTs for the measurement process, and in step 610, sends a "start measurement" message to the MRT and RTs directing them to capture ADC receive signal data beginning at time T seconds from the arrival time of the NS message (T can be approximately 100 ms). The various techniques for dealing with periodic TT transmission and aperiodic TT transmissions are described above. The following description in conjunction with FIG. 6 assumes that the occurrence of the next TT can be predicted and the first signal is sent in advance of that transmission in the measurement experiment. It should be understood that if the terminal from where the first signal is transmitted is at an unknown location, then the "start measurement" message would be sent to that terminal and to the other RTs used in the measurement process. Instead of starting the memory to capture at a fixed time after the NS "start measurement" message, the pre-store/post-store features of the snapshot buffer 530 may be used in the RTs (thereby making it a variable trigger and reducing memory allocation requirements for the memory). The MAC logic detects the first signal (e.g., RTS), and in response issues a SB_TRIG signal that is coupled to the buffer to start post-storing samples.
Still another alternative is for the MRT, or other terminal that will send the first signal, to coordinate the measurement, instead of the NS, by sending the "start measurement" message to the RTs to prepare for the measurement. One advantage of the "start measurement" technique is that if an RT or TT is relatively far from the MRT, the remote RT or TT will experience decreased signal-to-noise performance in correlating to the first signal. Therefore, if the RTs know in advance of an impending measurement, their memories can be activated before the first signal/second signal exchange, allowing sufficient capture of the data.
T seconds after the arrival time of the NS "start measurement" message at the MRT or other terminal that sends the first signal (advising the MRT and RTs of the impending measurement process), in step 620, the MRT sends a first signal. The first signal may be, for example, a request to send (RTS) packet used as part of the IEEE 802.1 lx communication standard assuming the RTs are 802.1 lx enabled. The MRT needs to note when the first signal was sent. One way to do this is to capture for storage in the memory the digital data representing the first signal that is supplied to the DAC input and when it was coupled to the DAC. Calibration for the delay from the input of the DAC to transmission from the antenna would be computed and many techniques to do this are known in the art, and therefore not described herein. In step 630, the TT transmission (the second signal) occurs. As shown at reference numerals 640, 650 and 660, the MRT and RTs receive and store receive signal data associated with the first and second signals in their memories. FIG. 6 shows that the complete measurement interval extends from the beginning of a first signal to the beginning of the subsequent second signal.
However, the measurement interval need not be this long. A shorter measurement interval may extend from just before the end of the first signal to just beyond the beginning of the subsequent second signal. Using this shorter measurement interval approach, the Δt that is measured is from a reference point (e.g., the end) of the first signal to a reference point (e.g., the beginning) of the second signal at the
MRT and each RT. The advantage of this measurement interval is that less data storage in the memory is required, which, among other things, reduces the memory allocation requirements.
FIGs. 7 and 8 show how to locate a TT 100 that does not operate with the same communication standard as the MRT 230 or other terminal that sends the first signal, useful for the reasons described above in conjunction with FIG. 2. For example, if the MRT 230 uses the IEEE 802.11 communication protocol, the TT 100 may be any non-802.11 device. The TT 100 may be a device that transmits periodically or aperiodically. The approximate transmit behavior (periodic or aperiodic) of the TT 100 is determined by listening at an RT to the TT's transmissions over time. For example, the TT 100 may be a cordless phone, Bluetooth™ device, etc. that transmits periodically. Some cordless phones transmit periodically approximately every 10 ms. FIG. 7 shows the transmission behavior of a TT that transmits periodically, and FIG. 8 shows the transmission behavior of a TT that transmits aperiodically.
Techniques to detect a periodic signal are disclosed in the aforementioned co-pending application related to a spectrum analysis engine. When the transmit behavior of the TT (through signal classification or other techniques) can be determined, then the signaling technique used to locate that TT can be adjusted accordingly.
For example, if it is determined that the TT has periodic transmission behavior and its transmit timing is determined, the first signal may be sent immediately before or after the TT's transmission, allowing the RTs to capture in their memories both the first signal and the second signal transmitted by the TT 100. Because the TT is periodic, the NS or MRT 230 (or other terminal) knows when to alert the RTs of an impending measurement cycle. FIG. 7 shows that the first signal is transmitted just before the TT's transmission so that the measurement interval may extend from just before the MRT transmission to just after the TT transmission. The TDOA information with respect to the MRT's first signal and the TT's second signal at two or more known locations is obtained in a manner similar to that described above. The computations referred to above in connection with FIG. 6 (and described in more detail hereinafter) may then be performed in a similar manner to determine the location of the TT 100.
With reference to FIG. 8, if the TT 100 is determined to have an aperiodic transmission behavior, the first signal may be a periodic signal, such as any sync signal or pulse used by many communication standards that all RTs will receive as well as the TT's signal. For example, the IEEE 802.11 standard employs a Beacon interval to alert unassociated devices about the existence of a network. Even though the TT's transmission time may not be predictable, there will inevitably be a time interval where the periodic first signal will precede or follow the TT's transmission, sufficient to allow the RTs to obtain TDOA measurements. Also, using a periodic first signal allows the NS or MRT (or other terminal) to predict when a measurement interval will occur in order to alert the RTs of it so they know when to begin capturing data. On the other hand, if the terminal sending the first signal has the ability to communicate with the TT using the TT's communication protocol, then the terminal (e.g., MRT 230) can, for example, transmit a packet that the TT responds to with an ACK packet, and this exchange can be used to capture TDOA measurements at the RTs.
In the event that the correlation processes are performed at the NS, the RTs may send their captured receive signal data to the NS (either by wired or wireless link). If the RTs perform the correlation process locally, they send (either by wired or wireless link) the computed values {Δtj} to the NS.
If the first signal is sent by a terminal at a known location, such as the MRT, then the MRT uses a similar technique and reports Δt1 to the NS (or sends the captured receive signal data necessary for the NS to compute Δti). Δti is the difference in arrival time between the second signal the MRT receives from the TT and the first signal that the MRT transmitted from one of its antennas. Using Δt;, i=l,.--4- and the known location of the RTs (and optionally the
MRT), the NS computes the location of the TT by solving the following equation for u and t:
||m - u|| - ||ui - UiH + c(t - Δti) = 0, i = l,...,4 (1)
where c is the speed of light, and t is the time of the transmission by the TT. There are many approaches known in the art for solving equation (1). Turning to FIG. 9, one approach involves finding the zero p* of a multidimensional, non-linear function F(p) of 4 variables p = [x, y, z, t]. For ranging measurements, one approach is to linearize F(p) about as follows:
F(pk + p) » F(pk) + J(pk)p,
where J(pk) is the Jacobian of F evaluated at pk, and then to use a Newton iteration to solve F(p) = 0:
Pk+ι = Pk- J(Pk)"1F(pk) (2)
The Jacobian of F for equation (1) is shown in FIG. 9. A single location solution is produced using this iterative approach.
To produce a measurement accuracy of lm or better, a total system timing error of at most 3 ns is desirable. The NS may take into account geometrical dilution of precision (GDOP) due to ill-conditioned Jacobian matrices. The standard deviation of the range estimate due to GDOP can be shown to be s = l/sqrt(trace(JTJ)). If the NS determines that the range variance is too large, it may repeat the experiment using a different set of RTs to improve the precision. It should be noted that the entire RTS and CTS packets need not be processed, so long as enough of the packets are processed in order to achieve the desired SNR. Another approach to solving equation (1) is a closed-form approach which produces two candidate solutions for the location of the TT. Many closed form approaches are known in the art. An example of a closed-form approach is described in the paper Processing of Pseudorange Measurements: An Exact and Iterative Algorithm for the GPS Single Point Positioning, N. Crocetto et al., Proceedings of the Workshop International Cooperation and Technology Transfer - ISPRS Commission VI, Working Group 3, Perugia, 16-20 February 1998, pp. 134-
141, the entirety of which is incorporated herein by reference. Techniques for selecting one of the two candidate locations produced by a closed-form approach are described hereinafter in conjunction with FIG. 11. The accuracy of the measurements may be improved by determining the frequency error of the MRT clock. One way to improve the frequency error is for the NS to send to the MRT start count and stop count signals separated by a fixed time period for several iterations to determine the frequency error in PPM of the
MRT clock. All of the time measurements (at the RTs) are made relative to the MRT clock whose frequency error is known. Other techniques to determine the frequency error of the MRT clock may also be known in the art.
The basic location measurement principles described above can be adapted for conditions under which TDOA measurements need to be made at only 3 or as few as 2 known locations. When one coordinate of the TT is known (e.g., a vertical position for same-floor measurements), TDOA measurements at only 3 known locations are required to solve equations (1) & (2) since the z-coordinate of the position vector u is known.
Furthermore, when the TT is a collaborative device and a 3-D position measurement is desired, TDOA measurements at only 3 known locations are needed. A collaborative TT can capture received signal data to enable a TDOA measurement, e.g., Δt0 = t - ||u - Uι||/c, and that TDOA measurement can be included in the computation of equation (1), where Δt0 is the TDOA measurement derived from the data captured at the TT (assuming in this example that the MRT sends the first signal). This provides one additional equation to the system of equations.
There are also conditions under which TDOA measurements at only 2 known locations are required to make a location measurement. This is the case, for example, when one coordinate of the TT is known (e.g., its vertical position z) and the TT is a collaborative device (assuming again in this example that the MRT sends the first signal). Again, Table 1 above lists the various measurement possibilities depending on what information is available. Resolving; Location Ambiguity
There are actually 2 solutions to equation (1) for u since the solution to the system of equations consists of the intersection of two circles or three spheres.
FIG. 10 illustrates a block diagram of a terminal (MRT, RT and/or TT) useful in variations to the process shown in FIG. 6 and for performing a hypothesis test to resolve location ambiguity in solving equation (1). The block diagram of
FIG. 10 is similar to that of FIG. 4, except that the terminal has multiple (e.g., 2 or more) antennas 312(1), 312(2) through 312(N) and multiple (e.g., 2 or more) radio receivers 308(1), 308(2) through 308(N) each of which can process a signal for a corresponding one of the antennas. If the RT is also an MRT or TT, it may include multiple radio transmitters 310(1), 310(2) to 310(N) associated with a corresponding antenna. One way to deploy multiple radio receivers and multiple radio transmitters is in a multiple-input multiple-output (MIMO) radio transceiver shown at reference numeral 311. In addition, there is an optional composite beamforming (CBF) process 330 in the baseband IC 320 that is used to generate and apply transmit weights to signals to be transmitted and receive weights to received signals. The CBF process is described in more detail in commonly assigned and co-pending US. Application No. 10/174,728, filed June 19, 2002, entitled "System and Method for Antenna Diversity Using Joint Maximal Ratio Combining"; U.S. Application No. 10/174,689, filed June 19, 2002, entitled
"System and Method for Antenna Diversity Using Equal Gain Joint Maximal Ratio Combining"; U.S. Application No. 10/064,482, filed July 18, 2002, entitled "System and Method for Joint Maximal Ratio Combining Using Time Domain Signal Processing", the entirety of all of which are incorporated herein by reference. Briefly, the CBF process computes and applies transmit weights against component signals (of one or more transmit signal(s)) that are sent simultaneously via individual antennas to another device. Likewise, the CBF process computes and applies receive weights against component signals (of one or more receive signals(s)) that are received via individual antennas from another device. An example of a MIMO radio transceiver is disclosed in commonly assigned co- pending U.S. Application No. 10/065,388, filed October 11, 2002, and entitled "Multiple-Input Multiple-Output Radio Transceiver", the entirety of which is incoφorated herein by reference. If each of the MRT, RT and TT are beamforming-capable, then the measurement process shown in FIG. 6 may be repeated multiple times using different transmit weights at the MRT (when transmitting the first signal) and TT (when transmitting the second signal) to mitigate the effects of multi-path. Moreover, a device having multiple antennas and multiple receivers can compute the relative amplitude and phase of a signal
(e.g., the first signal and the second signal) received by each of the antennas.
There are known closed-form solutions to equation (1) that produce two candidate positions, referred to as positions u0 and Uo', of the TT. With reference to FIG. 11, a hypothesis test is described to select the proper one of the two solutions to equation (1) using an MRT 230 with multiple antennas (such as two antennas) 312(1) and 312(2). The MRT 230 generates two transmit antenna vectors Wo and o' associated with its antennas, vector w0 to point a beam to position uo and vector o' to point a beam to position uo'. The MRT 230 then selects the position that produces the highest received signal strength as seen through the corresponding antenna beam. Specifically, if the location of the MRT is ui, then the MRT computes the quantity | < Ui, Wo > | / [ || Ui || || Wo || ] and the quantity | < Uι, w0'> | / [ || uι || || Wo' ||]. If the quantity for o is greater, then u0 is the solution, otherwise, u0' is solution. Techniques to generate weights that direct a beam from a multiple antemia (or antenna array) device to a particular location are well known in the art, and are therefore not described herein. For some situations (e.g., when the location is perpendicular to the MRT's antennas), this angle of arrival technique may not work, but there are several other techniques known in the art (and thus not described herein) that can be used to resolve the proper location from the two solutions.
Another technique for selecting the correct one of the candidate positions u0 or Uo' is described, again with reference to FIGs. 10 and 11. According to this technique, the position of the TT is modeled to be a random vector U that can take on either position u<> or Uo' with equal probability. Some basic definitions and assumptions follow. There are N RTs, individually denoted RTj for i = 1 to N. Each RT has a plurality of antennas to at least receive signals, and specifically the capability to store data associated with the signal transmitted by the TT (referred to as the "second signal" above) and received at each of its plurality of antennas. The channel response between the plurality of antennas of the RT; and the TT depends on the position U of the TT. H = r(U,Uj) is the candidate channel response vector between RTj and the TT at position U and is a function -T of U and Ui. Since U is random, H is a discrete random vector that is either -T(uo, uj) or r(uo', Uj). The distances between the TT antenna(s) at each candidate position u0 and uo' and each antenna of RTj is known because, by definition, the position of the RT (and specifically each of the RTj's antennas) are known. Assuming a line-of-sight
(LOS) channel between the TT and RTj, the candidate channel response vectors r(uo, UJ), r(uo', UJ) for RTj can be computed using this information for the candidate positions uo and u< of the TT. For non-LOS environments, the LOS channel is used as an estimate. G = H + N = r(U,u;) + N, is the channel response (perturbed by estimated noise, assumed to be Gaussian) observed at RTj between the TT and RTj and is a discrete random vector that is a function of the position of the TT and the position of RTi. The observed channel response vector g; for RTj can be determined from the (measured amplitude and phase of the) received second signal from the TT at each antenna j of RTi, where j = 1 to M. Each RT need not have the same number (M) of antennas.
Assuming the positions Uo and uo' have or can be computed using the TDOA information described above, the NS gathers data for the observed channel response vectors at the RTs: gι= G(U, Ui), ..., N= G(U, UN) from the data collection process described above in conjunction with FIG. 4. In addition, the NS computes the two candidate channel response vectors T(uo, Ui), r(u0', u;) for each
The NS selects as the TT position the position u that maximizes the conditional probability:
Figure imgf000025_0001
over u = {uo, Uo'} . The denominator can be ignored because it does not depend on the selection of uo or UQ'. The Pr(U=u) factor in the numerator can be ignored because it is a constant 0.5. Therefore, maximizing the above expression over u is equivalent to maximizing:
fG|u (gl v., N l U) = fN|u (gl - hl "5 gN - hN l U)
Figure imgf000026_0001
This last equation follows because the noise N is assumed to be jointly Gaussian. Therefore, using this equation, maximizing the above probability over {uo, uo'} is equivalent to selecting u0 or uo' that minimizes the sum-of-squared Euclidean distances between the observed channel response vector gi and the candidate channel response vectors h;, i.e., minimizes Σ || h, - j || 2/2σ2, for i = 1 to N. For some applications, the NS may choose to use angle-of-arrival information only, discarding the distance information carried by g and h. In this case, the NS may normalize vectors ; and hi such that | h,d | = | g10 | = 1, for i =1 to N, and j = 1 to M, and thus ignore the amplitude relationship in i and hi and use only the phase relationship (for angle-of-arrival only). When the vectors gi and h; are not normalized, the RTs that are closer to the actual position of the TT contribute more to the sum than without normalization. Again with reference to FIGs. 10 and 11, still another technique to resolve location ambiguity is based on angle-of-arrival (e.g., phase) information obtained at each of the RTs involved in the location measurement. For example, if an RT has multiple antennas, the RT can generate relative phase information at each antenna when receiving the second signal from the TT at each antenna. Using the phase information at each RT, a confidence score can be assigned to the two candidate locations u0 or Uo' for the perspective of that RT. The confidence score may be a "soft" decision that varies between two values (e.g., -1, to 1) or a hard decision (e.g., 0 or 1). The confidence scores for all RTs are summed to produce a total score to select one of the two candidate positions as the actual position of the TT. There is another variation when the MRT or TT has multiple antennas, similar to the block diagram shown in FIG. 10. In order for the MRT to measure the transmit time of the first signal (if the MRT is the terminal that transmits the first signal), the MRT may use one antenna path to transmit the first signal, and use another path to simultaneously receive the first signal and store the ADC samples of the first signal it in its memory. Similarly, the TT may use one antenna path to transmit the second signal, and use another path to simultaneously receive the second signal, and store the ADC samples of it in its memory. Alternatively, the
TT may store in its memory the digital input to its DAC that are used to transmit the second signal.
FIGs. 12 and 13 illustrate other ways to obtain reference time difference of arrival measurements in order to perform the location computations described above in conjunction with FIG. 6. Again, reference is made to Table 1 above. In FIG. 12, an RT, such as the MRT 230, has at least four antennas 312(1), 312(2), 312(3) and 312(4) and multiple radio receivers, giving it the ability to detect the second signal separately at each antenna, as described above in conjunction with FIG. 10. The time of arrival measurements at each of the antennas of the MRT may be used to perform the measurement computations. Under these conditions, no other RT is needed for the measurement process. In FIG. 13, there are one or two RTs 200 and 210 each having two antennas. The TDOA measurements at each of the two antennas of each RT (for a total of up to four measurements) can be obtained and used for the location computations. h FIGs. 12 and 13, as explained in Table 1, if one coordinate (e.g., the vertical position (z)) of the TT is known and the TT is a collaborative device, then the measurements at each of two antennas of an RT can be obtained and used to compute the remaining two coordinates (e.g., x and y). Consequently, TDOA measurements can be obtained all at a single device. Moreover, the MRT 230 may also transmit the first signal used in the measurement process using one of its two or more antennas, and it can receive the first signal at each of its other two or more antennas where the second signal from the TT will also be received. Thus, the entire location measurement process can be initiated from a single device. Further still, that single device, e.g., MRT 230, may have capability to execute both the correlation process and the location computation process locally such that the TDOA measurements can be obtained and the location of the TT computed at a single device. Alternatively, a multiple antenna RT (e.g., MRT) can send captured 2004/052027
26 receive signal data or the TDOA data to the NS where the necessary computations are made.
FIG. 14 shows an example of a coverage map that can be generated using the location measurement techniques described herein. The coverage map integrates the locations of multiple devices into a visual display of an area, such as an office space. The coverage map may show the locations of APs and STAs as well as areas of no coverage and areas of interference.
There are many applications of the location measurement techniques described herein. One application is to locate devices associated with problems or security breaches, which have particular utility in large multiple- AP enterprise type WLANs. For example, if a device is determined to be operating without authority in a WLAN, its location can be determined to disable that device. A WLAN AP could attempt to go active in an existing WLAN environment using an identifier, such as a service set identifier (SSID) that is not authorized. When such an AP begins transmitting, its SSID can be captured and compared against a database of valid SSIDs to determine whether it is a valid AP. If it is not a valid AP, then its location can be determined to disable it. Similarly, if another device, such as a fraudulent STA associates with a STA masquerading as a valid STA using the MAC address of a valid STA, techniques can be used to determine if its signal pulse profile matches the signal pulse profile of the valid STA (based on stored data). When there is a mismatch, then the fraudulent STA can be located and disabled.
Still another application is to use device location as an indicator of whether the device is a valid or authorized device. For example, a so called "parking lot" attack on a WLAN occurs when a device outside the normal perimeter of a building associates with a WLAN inside a building or premises, possibly breaching security to a wired network server. The location of all devices in a WLAN can be tracked. If a device is outside a predetermined boundary, an alert can be generated that indicates a possible unauthorized device receiving signals on the WLAN. FIG. 14 shows an example for displaying on a coverage map an icon where a device has been detected outside a boundary indicated at reference numeral 1000. Actions can be taken to disable that device. It is further possible that a device may be permitted to roam further from the normal coverage area of the WLAN if it can supply a suitable password or authorization code (that matches a code in a database) in response to an request sent to the device when it is determined that its location is outside the predetermined boundary. Still another application of location measurement is to detect when there is an unauthorized user obtaining access to a WLAN from a location outside of an authorized region.
Similarly, the location a source of interference (of any signal type) can be located using the techniques described herein. For example, a denial-of-service attack on a wireless network may take the form of a powerful noise signal being emitted. The source ofthat emitter can be located using these techniques. Another example is determining the location of an interfering signal. To a WLAN, an interfering signal may be any non- WLAN signal that transmits on a periodic or aperiodic basis. When the interference or noise source is located, actions can be taken to avoid that area by other devices, or to disable the noise or interference source.
In summary, a method for determining a location of a source of a wireless radio signal comprising steps of: receiving the wireless radio signal at a plurality of known locations to generate receive signal sample data representative thereof at each known location; using the receive signal sample data obtained at one of the known locations as a reference waveform, determining the time of arrival of the wireless radio signal at each of the known locations; computing the time difference between the time of arrival of the wireless radio signal and time of arrival of a reference signal at each of the known locations; and determining a location of the source of the wireless radio signal based on the time difference of arrival measurements at the plurality of known locations.
Also provided is a method for determining a location of a radio device based on a first time difference between arrival of a first signal at a first known location and arrival of a second signal transmitted by the radio device at the first known location, and at least a second time difference between arrival of the first signal at a second known location and arrival of the second signal at the second known location, where samples of the second signal received at one of the first and second known locations are used as a reference waveform to correlate to the second signal in order to determine time of arrival of the second signal.
Similarly, a system is provided for determining the location of a target device that transmits a wireless radio signal, comprising: a plurality of radio devices that act as reference terminals and receive radio signals at corresponding known locations; and a computing device (e.g., a server) coupled to the plurality of radio devices that computes a location of the source of the wireless radio signal based on time differences between arrival of the wireless radio signal and a reference signal at each of the radio devices, wherein arrival of the wireless radio signal at each of the radio devices is determined using receive signal sample data of the wireless radio signal at one of the radio devices as a reference waveform. Each of the reference terminals has, among other components, a radio receiver and a memory to store the data associated with their reception of the signals to enable determination of the precise time of arrival of the signals. Furthermore, a processor readable medium is provided that is encoded with instructions that, when executed by a processor, cause the processor to compute a location of a radio device based on a first time difference between arrival of a first signal at a first known location and arrival of a second signal transmitted by the radio device at the first known location, and at least a second time difference between arrival of the first signal at a second known location and arrival of the second signal at the second known location, where samples of the second signal received at one of the first and second known locations are used as a reference waveform to correlate to the second signal in order to determine time of arrival of the second signal. The above description is intended by way of example only.

Claims

What is claimed is:
1. A method for determining a location of a source of a wireless radio signal comprising steps of: a. receiving the wireless radio signal at a plurality of known locations to generate receive signal sample data representative thereof at each known location; b. using the receive signal sample data obtained at one of the known locations as a reference waveform, determining the time of arrival of the wireless radio signal, at each of the known locations; c. computing the time difference between the time of arrival of the wireless radio signal and time of arrival of a reference signal at each of the known locations; and d. determining a location of the source of the wireless radio signal based on the time difference of arrival measurements at the plurality of known locations.
2. The method of claim 1, and further comprising the step of generating data associated with reception of the wireless radio signal at each known location, the data including one or more of bandwidth, duration, center frequency and signal strength.
3. The method of claim 2, and further comprising the step of comparing the data associated with reception of the wireless radio signal received at each known location to determine the known location that best receives the wireless radio signal, and wherein the receive signal sample data at the known location that best receives the wireless radio signal is used for the reference waveform.
4. The method of claim 1, and further comprising transmitting the receive signal sample data describing the reference waveform to each of the other known location to enable determination of the time of arrival at those known locations of the wireless radio signal.
5. The method of claim 2, wherein the step of comparing comprises comparing the received signal strength of the wireless radio signal at each of the known locations and selecting as the reference waveform the receive signal sample data at the known location with the strongest received signal strength.
6. The method of claim 1, and further comprising the steps of transmitting the reference signal, and receiving the reference signal at each of the known locations.
7. The method of claim 6, and further comprising the step of transmitting the reference signal from a first known location.
8. The method of claim 7, and further comprising the step of determining that transmissions of the wireless radio signal occur periodically, and wherein the step of transmitting comprises transmitting the reference signal prior to a transmission of the wireless radio signal.
9. The method of claim 7, and further comprising the step of determining that transmissions of the wireless radio signal occur periodically, and wherein the step of transmitting comprises transmitting the reference signal after a transmission of the wireless radio signal.
10. The method of claim 7, and further comprising the step of determining that transmissions of the wireless radio signal occur aperiodically, and further comprising the step of transmitting the reference signal periodically in an attempt to cause a transmission of the reference signal to occur just prior to or after a transmission of the wireless radio signal.
11. The method of claim 7, and further comprising the step of determining that transmissions of the wireless radio signal occur aperiodically, and further comprising steps of transmitting the reference signal periodically, and continuously storing receive signal data at each of the known locations in a circular buffer in an attempt to capture at least one occurrence of a transmission of the wireless radio signal preceded by or followed by the reference signal.
12. The method of claim 7, and further comprising the step of determining that transmissions of the wireless radio signal occur aperiodically, and further comprising steps of transmitting the reference signal periodically, and at each known location triggering the capture of receive signal sample data for a period of time in response to detecting a transmission of the wireless radio signal.
13. The method of claim 1, and further comprising the steps of transmitting the reference signal from a first known location in response to receiving a transmission of the wireless radio signal at the first known location, and transmitting to each of the other known locations data describing the time delay at the first known location between the reception of the transmission of the wireless radio signal and transmission of the reference signal to enable the determination of the time difference of arrival at the other known location between the wireless radio signal and the reference signal.
14. The method of claim 13, wherein the step of transmitting the reference signal comprises transmitting a probe request signal in accordance with an IEEE 802.11 communication standard.
15. The method of claim 7, wherein the step of transmitting comprises transmitting the reference signal multiple times from multiple antennas of a device, each time using different transmit antenna weights.
16. The method of claim 1 , wherein the step of determining produces first and second candidate locations for the target device, and further comprising the step of selecting one of the first and second candidate locations as the actual location of the target device.
17. The method of claim 16, wherein the step of selecting comprises: a. computing an observed channel response between the target device and a plurality of antennas at each of the first and second known locations based on the second signal received at the plurality of antennas at each of the first and second known locations; b. computing candidate channel responses between the plurality of antennas for each of at least the first and second known locations and each of the first and second candidate locations; and c. choosing one of the first and second candidate locations that minimizes a sum-of-squares Euclidean distance between the observed channel response and the candidate channel responses for the first and second known locations, respectively.
18. The method of claim 17, wherein the step of selecting further comprises the step of normalizing the observed channel response and the candidate channel responses to unity.
19. The method of claim 18, wherein the step of selecting comprises steps of generating for each of the first and second known locations, a measure of confidence that one of the candidate locations is the actual location based on angle-of-arrival of the second signal from the target device; and combining the measures of confidence for at least the first and second known locations to select the candidate location with the greatest total measure of confidence.
20. A system for determining the location of a target device that transmits a wireless radio signal, comprising: a. a plurality of radio devices that receive radio signals at corresponding known locations; and b. a computing device coupled to the plurality of radio devices that computes a location of the source of the wireless radio signal based on time differences between arrival of the wireless radio signal and a reference signal at each of the radio devices, wherein arrival of the wireless radio signal at each of the radio devices is determined using receive signal sample data of the wireless radio signal at one of the radio devices as a reference waveform.
21. The system of claim 20, wherein each of the radio devices receives the wireless radio signals and generates receive signal sample data representative thereof, and wherein the computing device selects as the reference waveform one of receive signal sample data from the radio devices.
22. The system of claim 20, wherein the computing device or the respective radio devices correlate receive signal sample data associated with the reference waveform to determine time of arrival of the wireless radio signal at each radio device.
23. The system of claim 20, wherein each of the radio devices generates data describing characteristics associated with its reception of the wireless radio signal, the data including one or more of bandwidth, duration, center frequency and signal strength.
24. The system of claim 23, wherein the computing device compares one or more of the data associated with reception of the wireless radio signal at each of the radio devices to select receive signal sample data as the reference waveform
25. The system of claim 23, wherein the computing device selects the receive signal sample data at the radio device with the strongest received signal strength.
26. The system of claim 22, wherein the computing device sends the receive signal sample data that is selected as the reference waveform to each of the other radio devices, wherein each of the radio devices use the reference waveform to determine the time arrival of the wireless radio signal and to compute the time difference of arrival between the reference waveform and the wireless radio signal.
27. The system of claim 20, wherein a first radio device transmits the reference signal.
28. The system of claim 27, wherein when it is determined that transmissions of the wireless radio signal occur periodically, the first radio device transmits the reference signal prior to a transmission of the wireless radio signal.
29. The system of claim 27, wherein when it is determined that transmissions of the wireless radio signal occur periodically, the first radio device transmits the reference signal after a transmission of the wireless radio signal.
30. The system of claim 27, wherein when it is determined that transmissions of the wireless radio signal occur aperiodically, the first radio device transmits the reference signal periodically in an attempt to cause a transmission of the reference signal to occur just prior to or after a transmission of the wireless radio signal.
31. The system of claim 27, wherein when it is determined that transmissions of the wireless radio signal occur aperiodically, the first radio device transmits the reference signal periodically and the radio devices continuously store receive signal data in a circular buffer in an attempt to capture at least one occurrence of a transmission of the wireless radio signal preceded by or followed by the reference signal.
32. The system of claim 27, wherein when it is determined that transmissions of the wireless radio signal occur aperiodically, the first radio device transmits the reference signal periodically and the radio devices begin capturing receive signal sample data for a period of time in response to detecting a transmission of the wireless radio signal.
33. The system of claim 27, wherein the first radio device transmits the reference signal in response to receiving a transmission of the wireless radio signal.
34. The system of claim 33, wherein the first radio device or the computing device sends to each of the other radio devices data describing the time delay between reception of the transmission of the wireless radio signal at the first radio device and transmission of the reference signal by the first radio device to enable the determination of the time difference of arrival at the other radio devices between the wireless radio signal and the reference signal.
35. The system of claim 20, wherein each of the radio devices comprises a buffer memory that stores receive signal data associated with reception of the reference signal and wireless radio signal from which time difference of arrival of those signals is determined.
36. The system of claim 27, wherein the first radio device transmits as the reference signal a request-to-send (RTS) signal.
37. Tbe system of claim 27, wherein the first radio device transmits as the reference signal a probe request frame in accordance with an IEEE 802.11 communication standard, and wherein the other radio devices are capable of receiving and recognizing the probe request signal.
38. A method for determining a location of a radio device based on a first time difference between arrival of a first signal at a first known location and arrival of a second signal transmitted by the radio device at the first known location, and at least a second time difference between arrival of the first signal at a second known location and arrival of the second signal at the second known location, where samples of the second signal received at one of the first and second known locations are used as a reference waveform to correlate to the second signal in order to determine time of arrival of the second signal.
39. A processor readable medium encoded with instructions that, when executed by a processor, cause the processor to compute a location of a radio device based on a first time difference between arrival of a first signal at a first known location and arrival of a second signal transmitted by the radio device at the first known location, and at least a second time difference between arrival of the first signal at a second known location and arrival of the second signal at the second known location, where samples of the second signal received at one of the first and second known locations are used as a reference waveform to correlate to the second signal in order to determine time of arrival of the second signal.
40. The processor readable medium of claim 39, and further comprising instructions encoded on the medium for comparing data associated with reception of the second signal at the first and second known locations to determine the known location that best receives the second signal, and wherein the receive signal sample data at the known location that best receives the second signal is used for the reference waveform.
PCT/US2003/037185 2002-11-27 2003-11-19 System and method for locating sources of unknown wireless radio signals WO2004052027A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2003294416A AU2003294416A1 (en) 2002-11-27 2003-11-19 System and method for locating sources of unknown wireless radio signals

Applications Claiming Priority (6)

Application Number Priority Date Filing Date Title
US31973702P 2002-11-27 2002-11-27
US60/319,737 2002-11-27
US10/409,563 US20050003828A1 (en) 2002-04-09 2003-04-08 System and method for locating wireless devices in an unsynchronized wireless environment
US10/409,563 2003-04-08
US46964703P 2003-05-12 2003-05-12
US60/469,647 2003-05-12

Publications (2)

Publication Number Publication Date
WO2004052027A2 true WO2004052027A2 (en) 2004-06-17
WO2004052027A3 WO2004052027A3 (en) 2004-11-25

Family

ID=32329806

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2003/037185 WO2004052027A2 (en) 2002-11-27 2003-11-19 System and method for locating sources of unknown wireless radio signals

Country Status (3)

Country Link
US (1) US7006838B2 (en)
AU (1) AU2003294416A1 (en)
WO (1) WO2004052027A2 (en)

Families Citing this family (66)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE60238980D1 (en) * 2002-08-28 2011-03-03 Cambridge Positioning Sys Ltd Improvements in radiolocation systems
TWI247490B (en) * 2003-03-25 2006-01-11 Buffalo Inc Access point
US8971913B2 (en) 2003-06-27 2015-03-03 Qualcomm Incorporated Method and apparatus for wireless network hybrid positioning
US8483717B2 (en) 2003-06-27 2013-07-09 Qualcomm Incorporated Local area network assisted positioning
US7210070B2 (en) * 2003-07-11 2007-04-24 Unisys Corporation Maintenance interface unit for servicing multiprocessor systems
US7412246B2 (en) * 2003-10-06 2008-08-12 Symbol Technologies, Inc. Method and system for improved wlan location
GB0324098D0 (en) * 2003-10-15 2003-11-19 Koninkl Philips Electronics Nv Method and apparatus for indicating the location of an object
GB0327794D0 (en) * 2003-11-29 2003-12-31 Koninkl Philips Electronics Nv Positioning method and apparatus
US8576730B2 (en) * 2004-03-31 2013-11-05 Time Warner, Inc. Method and system for determining locality using network signatures
GB0412260D0 (en) * 2004-06-02 2004-07-07 Ubisense Ltd Tag frequency control
US7319878B2 (en) 2004-06-18 2008-01-15 Qualcomm Incorporated Method and apparatus for determining location of a base station using a plurality of mobile stations in a wireless mobile network
EP1615380A1 (en) * 2004-07-07 2006-01-11 Thomson Multimedia Broadband Belgium Device and process for wireless local area network association
KR100667700B1 (en) * 2004-12-02 2007-01-12 한국전자통신연구원 Terminal of portable internet system and method of transmitting uplink data in terminal
US20060128311A1 (en) * 2004-12-13 2006-06-15 Yohannes Tesfai Matching receive signal strenth data associated with radio emission sources for positioning applications
US7606524B1 (en) * 2005-05-20 2009-10-20 Rockwell Collins, Inc. Integrated monitoring and communications receiver architecture
US7257413B2 (en) * 2005-08-24 2007-08-14 Qualcomm Incorporated Dynamic location almanac for wireless base stations
US20070066308A1 (en) * 2005-09-06 2007-03-22 Oleg Andric Method and apparatus for removing phantom children in an ad-hoc communication system
AU2006225248B2 (en) * 2005-10-10 2007-10-18 Samsung Electronics Co., Ltd. Location service-providing system and deferred location request service-providing method using previously computed location in location service-providing system
US7742456B2 (en) * 2005-11-04 2010-06-22 Symbol Technologies, Inc. System and method for locationing in a communications network
RU2390791C2 (en) 2005-11-07 2010-05-27 Квэлкомм Инкорпорейтед Positioning for wlan and other wireless networks
US7498986B2 (en) * 2005-12-05 2009-03-03 Honeywell International Inc. Methods and systems for locating actuators for improvised explosive devices
US20080002606A1 (en) * 2006-06-30 2008-01-03 David Cheung Identification of wireless devices based on signal characteristics
US8639212B1 (en) * 2006-09-15 2014-01-28 At&T Mobility Ii Llc Mapping cellular coverage of alert areas
US9226257B2 (en) 2006-11-04 2015-12-29 Qualcomm Incorporated Positioning for WLANs and other wireless networks
US7395164B1 (en) * 2006-12-21 2008-07-01 Teradata , Us Inc. Exponential smoothing of aperiodically measured values with staleness reporting
US20080150698A1 (en) * 2006-12-26 2008-06-26 G2 Microsystems, Inc. Radio frequency identification tag with passive and active features
US8886210B1 (en) 2007-01-16 2014-11-11 Cisco Technology, Inc. Resolving ambiguity with respect to locationing and classification of wireless transmitters
US7515104B2 (en) * 2007-01-23 2009-04-07 The Boeing Company Structured array geolocation
WO2008129659A1 (en) * 2007-04-16 2008-10-30 Fujitsu Limited Information distribution apparatus
WO2008129660A1 (en) * 2007-04-16 2008-10-30 Fujitsu Limited Mobile terminal
US8045506B2 (en) * 2007-04-18 2011-10-25 Trueposition, Inc. Sparsed U-TDOA wireless location networks
US20080299994A1 (en) * 2007-06-01 2008-12-04 Motorola, Inc. System and Method for Location Determination for Mobile Clients
US8005487B2 (en) * 2007-06-14 2011-08-23 Intel Corporation Techniques for optimization of location determination in wireless network
US8144600B2 (en) 2008-01-10 2012-03-27 Cisco Technology, Inc. Optimization for wireless access point management
US8335173B2 (en) * 2008-04-11 2012-12-18 Cisco Technology, Inc. Inserting time of departure information in frames to support multi-channel location techniques
US8897801B2 (en) 2008-06-13 2014-11-25 Qualcomm Incorporated Transmission of location information by a transmitter as an aid to location services
US8369305B2 (en) * 2008-06-30 2013-02-05 Cisco Technology, Inc. Correlating multiple detections of wireless devices without a unique identifier
US8046022B2 (en) * 2008-07-08 2011-10-25 Wi-Lan, Inc. Signal transmission parameter control using channel sounding
US8688180B2 (en) 2008-08-06 2014-04-01 Inthinc Technology Solutions, Inc. System and method for detecting use of a wireless device while driving
JP5170251B2 (en) * 2008-10-28 2013-03-27 富士通株式会社 Radio base station apparatus, radio terminal apparatus, radio communication system, and radio communication method using cooperative HARQ communication system
US8688132B2 (en) * 2009-09-07 2014-04-01 Telefonaktiebolaget L M Ericsson (Publ) Sensing wireless transmissions from a licensed user of a licensed spectral resource
US8243626B2 (en) 2009-09-23 2012-08-14 Apple Inc. Estimating user device location in a wireless network
US8150367B1 (en) * 2009-09-30 2012-04-03 Google Inc. System and method of determining a location based on location of detected signals
EP2486423A1 (en) 2009-10-05 2012-08-15 BAE Systems Plc. Improvements relating to navigation systems
EP2327994A1 (en) * 2009-11-27 2011-06-01 BAE Systems PLC Improvements in or relating to tracking radio signal sources
US9057772B1 (en) * 2010-09-27 2015-06-16 Rockwell Collins, Inc. Referenced-based radio frequency feature estimation
CN102253365B (en) * 2011-04-22 2013-04-24 华中科技大学 Indoor positioning method based on estimation of wireless signal source parameters
WO2013123660A1 (en) * 2012-02-23 2013-08-29 Renesas Mobile Corporation Aperiodical discovery channel design for small rrhs
KR101162091B1 (en) 2012-03-16 2012-07-04 국방과학연구소 Method for position estimation of network entry terminal based on dtdma
US8630665B1 (en) * 2012-06-25 2014-01-14 Polaris Wireless, Inc. Estimating the location of a wireless terminal despite apparently reasonable but misleading or erroneous empirical data
US9678194B2 (en) * 2012-08-14 2017-06-13 Qualcomm Incorporated Positioning using observer-based time-of-arrival measurements
CN102869091B (en) * 2012-09-14 2015-01-21 华为技术有限公司 Method and device for determining arrival time of location reference signals
US9055923B2 (en) 2012-10-19 2015-06-16 Carestream Health, Inc. Computed radiography positioning method and system
US9404997B2 (en) * 2013-03-08 2016-08-02 Intel Corporation Communication station and method for time-of-flight positioning using cooperating stations
CN106415306A (en) 2014-06-30 2017-02-15 英特尔公司 Efficient location determination of wireless communication devices using hybrid localization techniques
CN104039011B (en) * 2014-07-02 2017-11-07 保定市天河电子技术有限公司 A kind of localization method and device
US9686064B2 (en) 2015-01-21 2017-06-20 Intel IP Corporation Devices and methods for HARQ-ACK feedback scheme on PUSCH in wireless communication systems
US10383080B2 (en) * 2015-01-26 2019-08-13 Intel IP Corporation Device and method to improve horizontal and vertical positioning accuracy
EP3544343B1 (en) 2015-06-25 2021-11-24 Sony Group Corporation Methods and system for determining a location of a client device, a client device apparatus and a network device apparatus
CN106559870A (en) 2015-09-30 2017-04-05 华为技术有限公司 Localization method and positioner based on wireless network
US10341814B2 (en) 2017-03-17 2019-07-02 SCRRD, Inc. Wireless device detection, tracking, and authentication platform and techniques
US10085118B1 (en) 2017-03-17 2018-09-25 SCRRD, Inc. Wireless device detection, tracking, and authentication platform and techniques
CN110637480A (en) 2017-03-17 2019-12-31 Scrrd公司 Wireless device detection, tracking and authentication platform and techniques
US10779325B2 (en) 2017-08-03 2020-09-15 Mediatek Inc. Methods and apparatus for channel access in mobile communications
US11061104B2 (en) * 2019-05-24 2021-07-13 U-Blox Ag Method and apparatus for positioning with wireless signals
CN114584997B (en) * 2020-11-30 2023-09-19 中移(成都)信息通信科技有限公司 Interference source positioning method, device, equipment and computer storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5600706A (en) * 1992-04-08 1997-02-04 U S West, Inc. Method and system for determining the position of a mobile receiver
US6034622A (en) * 1995-08-18 2000-03-07 Robert A. Levine Location monitoring via implanted radio transmitter
US6088586A (en) * 1996-01-24 2000-07-11 Codem Systems, Inc. System for signaling within a cellular telephone system
US6185429B1 (en) * 1998-07-31 2001-02-06 Motorola, Inc. Method and apparatus for performing a time synchronization of a base site
US6282426B1 (en) * 1999-06-08 2001-08-28 Nokia Mobile Phones Limited Method, and associated apparatus, for determining geographic positioning of a wireless communication station operable in a non-ideal propagation environment
US6453168B1 (en) * 1999-08-02 2002-09-17 Itt Manufacturing Enterprises, Inc Method and apparatus for determining the position of a mobile communication device using low accuracy clocks

Family Cites Families (63)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US39080A (en) * 1863-06-30 Improvement in putting up caustic alkalies
US220765A (en) * 1879-10-21 Improvement in underground telegraphs
US232598A (en) * 1880-09-28 Jesse a
US146871A (en) * 1874-01-27 Improvement in bushings for pump and other cylinders
US6935A (en) * 1849-12-11 Machinery fob turning clothes-pins
US64733A (en) * 1867-05-14 Improvement in claws foe deawing nails
US33600A (en) * 1861-10-29 Improvement in railroad signal-lights
US137453A (en) * 1873-04-01 Improvement in nut-locks
US4173760A (en) 1966-01-24 1979-11-06 The United States Of America As Represented By The Secretary Of The Navy Passive acquisition system
US5191342A (en) 1981-08-06 1993-03-02 The United States Of America As Represented By The Secretary Of The Navy Fix-tracking system
US5008679A (en) 1990-01-31 1991-04-16 Interferometrics Incorporated Method and system for locating an unknown transmitter
US5614914A (en) 1994-09-06 1997-03-25 Interdigital Technology Corporation Wireless telephone distribution system with time and space diversity transmission for determining receiver location
US5594452A (en) 1994-12-01 1997-01-14 Interferometrics, Inc. Method and system for locating an unknown transmitter using calibrated oscillator phases
US5745484A (en) 1995-06-05 1998-04-28 Omnipoint Corporation Efficient communication system using time division multiplexing and timing adjustment control
BR9510640A (en) 1995-09-20 1999-03-16 Secr Defence Method and apparatus for locating the source of an unknown signal received from several signal relays
US5883598A (en) 1995-12-15 1999-03-16 Signatron Technology Corporation Position location system and method
AUPN733395A0 (en) 1995-12-22 1996-01-25 University Of Technology, Sydney Location and tracking system
US6047192A (en) 1996-05-13 2000-04-04 Ksi Inc. Robust, efficient, localization system
US5706010A (en) 1996-05-16 1998-01-06 E-Systems, Inc. Method and apparatus for determining location of an unknown signal transmitter
US5719584A (en) 1996-09-03 1998-02-17 Harris Corporation System and method for determining the geolocation of a transmitter
SE507595C2 (en) 1996-10-17 1998-06-22 Ericsson Telefon Ab L M Method and apparatus for determining the transmission time of a first transmission in relation to a second transmission in a radio medium
US5724047A (en) 1996-11-27 1998-03-03 Hughes Electronics Phase and time-difference precision direction finding system
US5920287A (en) 1997-01-21 1999-07-06 Widata Corporation Radio location system for precisely tracking objects by RF transceiver tags which randomly and repetitively emit wideband identification signals
GB9702153D0 (en) 1997-02-03 1997-03-26 Nokia Telecommunications Oy Doppler direction finder and method of location using doppler direction finder
US6438380B1 (en) 1997-02-28 2002-08-20 Lucent Technologies Inc. System for robust location of a mobile-transmitter
US6069887A (en) 1997-05-28 2000-05-30 Apple Computer, Inc. Method and system for synchronization in a wireless local area network
US5952969A (en) * 1997-08-18 1999-09-14 Telefonakiebolaget L M Ericsson (Publ) Method and system for determining the position of mobile radio terminals
IL121932A (en) 1997-10-09 2000-06-01 Aljadeff Daniel Monitoring method and apparatus
US6671514B1 (en) * 1997-10-16 2003-12-30 Telefonaktiebolaget Lm Ericsson (Publ) System and method for location positioning a mobile station in a CDMA cellular system
FI113896B (en) 1997-11-11 2004-06-30 Nokia Corp A method for determining the location of a mobile station in a distributed manner
EP1064561A4 (en) 1998-01-30 2005-05-18 Widata Corp Radio location system including transceiver tags
US6201499B1 (en) 1998-02-03 2001-03-13 Consair Communications Time difference of arrival measurement system
US6243588B1 (en) * 1998-03-10 2001-06-05 Ericsson Inc. Mobile positioning method for a portable communications device using shortened repetitive bursts
US6353412B1 (en) 1998-03-17 2002-03-05 Qualcomm, Incorporated Method and apparatus for determining position location using reduced number of GPS satellites and synchronized and unsynchronized base stations
US5999129A (en) 1998-06-01 1999-12-07 Litton Systems, Inc. Multiplatform ambiguous phase circle and TDOA protection emitter location
US6246884B1 (en) * 1998-08-19 2001-06-12 Sigmaone Communications Corporation System and method for measuring and locating a mobile station signal in a wireless communication system
KR100322001B1 (en) * 1998-09-16 2002-06-22 윤종용 Device and method for measuring position of mobile station in mobile communication system
US6393294B1 (en) 1998-09-22 2002-05-21 Polaris Wireless, Inc. Location determination using RF fingerprinting
US6266014B1 (en) * 1998-10-09 2001-07-24 Cell-Loc Inc. Methods and apparatus to position a mobile receiver using downlink signals part IV
US20030146871A1 (en) 1998-11-24 2003-08-07 Tracbeam Llc Wireless location using signal direction and time difference of arrival
US6463287B1 (en) 1998-12-30 2002-10-08 Ericsson Inc. Apparatus method and systems relating to a wireless geographical positioning system including a system for monitoring and analyzing characteristics of a wireless telecommunications network
US6184829B1 (en) 1999-01-08 2001-02-06 Trueposition, Inc. Calibration for wireless location system
IL128784A0 (en) 1999-03-01 2001-01-28 Commtrack Ltd Security network and system
US6353744B1 (en) 1999-08-16 2002-03-05 Nortel Networks Limited Method for positioning with low geometrical dilution of position (GDOP)
GB9919525D0 (en) 1999-08-19 1999-10-20 Secr Defence Method and apparatus for locating the source of an unknown signal
US6300905B1 (en) 1999-10-05 2001-10-09 Lucent Technologies Inc. Location finding using a single base station in CDMA/TDMA systems
FR2801682B1 (en) 1999-11-29 2006-09-08 Cit Alcatel METHOD FOR LOCATING A PARASITE TRANSMITTER FOR A SATELLITE TELECOMMUNICATIONS SYSTEM
US6289280B1 (en) 1999-12-10 2001-09-11 Qualcomm Incorporated Method and apparatus for determining an algebraic solution to GPS terrestrial hybrid location system equations
US20010033600A1 (en) 2000-02-28 2001-10-25 Golden Bridge Technology Inc. Sectorized smart antenna system and method
US6567669B1 (en) 2000-03-22 2003-05-20 Agilent Technologies, Inc. Location estimation of one or more transmitters based on signals transmitted therefrom
US6593885B2 (en) 2000-04-27 2003-07-15 Wherenet Corp Low cost DTOA location processing system based on multiple readers-to-single processor architecture
ATE478481T1 (en) 2000-11-14 2010-09-15 Symbol Technologies Inc METHOD AND SYSTEM FOR LOCALIZING A MOBILE TELEPHONE DEVICE
US7039418B2 (en) * 2000-11-16 2006-05-02 Qualcomm Incorporated Position determination in a wireless communication system with detection and compensation for repeaters
FI111901B (en) 2000-12-29 2003-09-30 Ekahau Oy Estimation of position in wireless communication networks
US6621454B1 (en) 2001-05-10 2003-09-16 Vectrad Networks Corporation Adaptive beam pattern antennas system and method for interference mitigation in point to multipoint RF data transmissions
US6618005B2 (en) 2001-06-29 2003-09-09 Intel Corporation Determining wireless device locations
US6515623B2 (en) 2001-06-29 2003-02-04 Motorola, Inc. Enhanced location methodology for a location system
US6590537B2 (en) 2001-07-09 2003-07-08 Fm Bay Local wireless digital tracking network
JP3547412B2 (en) * 2001-07-24 2004-07-28 株式会社日立製作所 Wireless terminal device and positioning system
JP2003070051A (en) * 2001-08-29 2003-03-07 Denso Corp Mobile communication terminal apparatus and program therefor
JP2003116164A (en) 2001-10-03 2003-04-18 Nec Corp Positioning system, positioning server, wireless base station and terminal position estimate method used for the same
US6961541B2 (en) 2002-05-24 2005-11-01 Aeroscout, Inc. Method and apparatus for enhancing security in a wireless network using distance measurement techniques
US20030232598A1 (en) 2002-06-13 2003-12-18 Daniel Aljadeff Method and apparatus for intrusion management in a wireless network using physical location determination

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5600706A (en) * 1992-04-08 1997-02-04 U S West, Inc. Method and system for determining the position of a mobile receiver
US6034622A (en) * 1995-08-18 2000-03-07 Robert A. Levine Location monitoring via implanted radio transmitter
US6088586A (en) * 1996-01-24 2000-07-11 Codem Systems, Inc. System for signaling within a cellular telephone system
US6185429B1 (en) * 1998-07-31 2001-02-06 Motorola, Inc. Method and apparatus for performing a time synchronization of a base site
US6282426B1 (en) * 1999-06-08 2001-08-28 Nokia Mobile Phones Limited Method, and associated apparatus, for determining geographic positioning of a wireless communication station operable in a non-ideal propagation environment
US6453168B1 (en) * 1999-08-02 2002-09-17 Itt Manufacturing Enterprises, Inc Method and apparatus for determining the position of a mobile communication device using low accuracy clocks

Also Published As

Publication number Publication date
WO2004052027A3 (en) 2004-11-25
US7006838B2 (en) 2006-02-28
US20040102198A1 (en) 2004-05-27
AU2003294416A1 (en) 2004-06-23
AU2003294416A8 (en) 2004-06-23

Similar Documents

Publication Publication Date Title
US7006838B2 (en) System and method for locating sources of unknown wireless radio signals
US20050003828A1 (en) System and method for locating wireless devices in an unsynchronized wireless environment
Vaupel et al. Wi-Fi positioning: System considerations and device calibration
US10142778B2 (en) Direction finding for legacy bluetooth devices
US9995818B2 (en) Method, apparatus, and computer program product for processing received signals for locating
EP2375260B1 (en) Locating a source of wireless transmissions from a licensed user of a licensed spectral resource
US9479954B2 (en) Correlating data from multiple spectrum monitors
US8886210B1 (en) Resolving ambiguity with respect to locationing and classification of wireless transmitters
US20100020776A1 (en) Wireless network-based location approximation
US20060128311A1 (en) Matching receive signal strenth data associated with radio emission sources for positioning applications
CN105323774B (en) Techniques to estimate coverage area of Distributed Antenna System (DAS) or repeater system
JP2005536944A (en) Method and system for detecting location in wireless local area network
US20050099942A1 (en) Wireless communication system, wireless communication device and wireless communication method, and computer program
Makki et al. Robust high resolution time of arrival estimation for indoor WLAN ranging
CN115474152A (en) Method and device for positioning target object
Giovanelli et al. Rssi or time-of-flight for bluetooth low energy based localization? an experimental evaluation
Schmidt et al. A performance study of a fast-rate WLAN fingerprint measurement collection method
CN103716855A (en) Data transmission method of wireless workstation of intelligent television
JP2001268622A (en) Method and device for recognizing current position of mobile station, the mobile station, and base station
WO2003088626A2 (en) System and method for locating wireless devices in an unsynchronized wireless environment
Zhou et al. Wiznet: A zigbee-based sensor system for distributed wireless lan performance monitoring
Retscher et al. Performance and accuracy test of the WLAN indoor positioning system" ipos"
CN1787679B (en) Locating method for determining user equipment position for radio network controller
JP5649166B2 (en) Radio wave sensor and data transmission method
Zhou et al. A Cross-region Wireless-synchronization-based TDOA Method for Indoor Positioning Applications

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SK SL TJ TM TN TR TT TZ UA UG US UZ VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): BW GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP