SECURE ULTRA WIDE BAND RANGING

Abstract

A method for use in a wireless communication system comprising a transmitter and a receiver, the method comprising receiving, in the receiver, data comprising a plurality of channel-distorted synchronization codes and plurality of channel-distorted cipher codes, generating a receiver cipher sequence, the receiver cipher sequence comprising a plurality of receiver cipher codes, analyzing the received data to identify correlations between the plurality of channel-distorted cipher codes in the received data and the plurality of receiver cipher codes, accumulating the identified correlations as accumulator data in an accumulator, identifying one or more peaks in the accumulator data, identifying a first correlation peak in the accumulator data that meets one or more criteria and using the first correlation peak to identify the first path of a data packet from the transmitter.

Claims

1. An Ultra-Wide Band (UWB) wireless communication receiver configured to: receive, from a transmitter, data comprising a plurality of channel-distorted cipher codes; generate a receiver cipher sequence, the receiver cipher sequence comprising a plurality of receiver cipher codes; analyze the received data to identify correlations between the plurality of channel-distorted cipher codes in the received data and the plurality of receiver cipher codes; accumulate the identified correlations as accumulator data in an accumulator; identifying one or more peaks in the accumulator data; identify a first correlation peak in the accumulator data that meets one or more criteria; and use the first correlation peak to identify a first path of a data packet from the transmitter; wherein the identifying a first correlation peak in the accumulator data that meets one or more criteria comprises: comparing the one or more peaks to a threshold value to identify a first correlation peak that exceeds the threshold value.

2. The UWB receiver of claim 1, further configured to: apply one or more countermeasure checks to the identified first correlation peak in the accumulator data that meets the one or more criteria; and reject the identified first path and/or reject the data packet if the one or more countermeasure checks are not passed.

3. The UWB receiver of claim 1, further configured to compute the threshold value based on one or more of: length of the cipher sequence; pulse repetition frequency (PRF) of the cipher sequence; transmission power used; configuration of one or more sidelobe minimization receiver algorithms, a required security level; and static configuration of a receiver gain.

4. The UWB receiver of claim 3, further configured to: measure one or more parameters; and compute the threshold value based on the one or more measured parameters.

5. The UWB receiver of claim 4, wherein the one or more parameters are selected from: average noise level in the accumulator; amplitude of the highest peak or peaks in the accumulator data before an expected first path; strength of multipath reflections and a multipath profile; carrier frequency offset, CFO; dynamic behavior of automatic gain control, AGC, applied at the UWB receiver; configuration of an analog-to-digital converter (ADC).

6. The UWB receiver of claim 5, wherein the configuration of the ADC includes converged ADC threshold values.

7. The UWB receiver of claim 3, wherein computing the threshold value comprises setting the threshold value to at least a predetermined minimum threshold value.

8. The UWB receiver of claim 1, wherein the received data further comprises channel-distorted synchronization codes, a start of frame delimiter and/or payload data; and wherein the UWB receiver is configured to identify the first correlation peak in the accumulator data that meets one or more criteria by: recording one or more analog-to-digital output statistics during reception of the channel-distorted cipher codes; recording one or more analog-to-digital output statistics during reception of at least one of the synchronization codes, the start of frame delimiter and the payload data; and wherein the UWB receiver is configured to identify the first correlation peak in the accumulator data that meets one or more criteria by: determining that the value(s) of the one or more statistics during reception of the channel-distorted cipher codes does not differ from the value(s) of the statistics during reception of at least one of the synchronization codes, the start of frame delimiter and the payload data by more than a predetermined difference value.

9. The UWB receiver of claim 1, wherein the received data further comprises channel-distorted synchronization codes, a start of frame delimiter and/or payload data; and wherein the UWB receiver is configured to identify the first correlation peak in the accumulator data that meets one or more criteria by: recording a first set of one or more analog-to-digital output statistics during reception of the channel-distorted cipher codes; and recording a second set of one or more analog-to-digital output statistics during reception of at least one of the synchronization codes, the start of frame delimiter and the payload data; and wherein identifying a first correlation peak in the accumulator data that meets one or more criteria comprises: determining a change in pulse repetition frequency (PRF) between the cipher codes and the at least one of the synchronization codes, the start of frame delimiter and the payload data; scaling the first set of analog-to-digital output statistics based on the determined change; determining that the scaled value(s) of the first set do not differ from the value(s) of the second set by more than a predetermined difference value; or scaling the second set of analog-to-digital output statistics based on the determined change; and determining that the scaled value(s) of the second set do not differ from the value(s) of the first set by more than a predetermined difference value.

10. The UWB receiver of claim 8, wherein the one or more analog-to-digital output statistics are indicative of the energy level of an analog-to-digital converter.

11. The UWB receiver of claim 10, wherein the energy level of the analog-to-digital converter is the rate of energy per unit time.

12. The UWB receiver of claim 1, wherein the receiver cipher sequence comprises a plurality of cipher symbols, and wherein the UWB receiver is configured to analyze the received data by: identifying the correlation strength of each of the plurality of cipher symbols in the receiver cipher sequence with the plurality of channel-distorted cipher codes in the received data; and counting a number of symbols having a correlation strength above a specified minimum correlation strength threshold; and wherein the one or more criteria comprises: a proportion of the symbols in the receiver cipher sequence having a correlation strength above a correlation strength threshold being above a predetermined symbol correlation proportion threshold.

13. The UWB receiver of claim 1, wherein the receiver cipher sequence comprises a plurality of cipher symbols, and wherein the UWB receiver is configured to analyze the received data by: identifying correlation strength and phases of each of the plurality of cipher symbols in the receiver cipher sequence with the plurality of channel-distorted cipher codes in the received data; and counting a number of symbols having a correlation strength above a specified minimum correlation strength threshold and also being within a phase limit; and wherein the one or more criteria comprises: the proportion of the symbols in the receiver cipher sequence having a correlation strength above a correlation strength threshold and also being within a phase limit being above a predetermined symbol correlation proportion threshold.

14. The UWB receiver of claim 1, wherein the one or more criteria is based on monitoring an accumulator growth rate over time.

15. The UWB receiver of claim 14, wherein the accumulator growth rate over time is the growth rate of the first correlation peak or at an expected location of the first path peak in the accumulator data.

16. The UWB receiver of claim 14, configured to monitor the accumulator growth rate over time by: computing a linear growth function based on the accumulator data; and comparing the accumulator growth rate over time with the linear growth function; and wherein one of the one or more criteria comprises the accumulator growth rate diverging from the linear growth function by less than a predetermined growth rate divergence threshold.

17. The UWB receiver of claim 1, further configured to use the first path to calculate time of flight and/or distance between the transmitter and the UWB receiver.

18. The UWB receiver of claim 1, further configured to: accumulate correlations in received channel-distorted synchronization data in a synchronization accumulator; calculate a first time of flight between the transmitter and the UWB receiver based on a first correlation peak in the synchronization accumulator; calculate a second time of flight between the transmitter and receiver based on a first correlation peak in the accumulator data; and wherein calculation of the second time of flight comprises: accepting the second time of flight only if the calculated first time of flight differs from the calculated second time of flight by less than a predetermined time of flight difference threshold.

19. The UWB receiver of claim 1, wherein the channel-distorted cipher codes in the received data correspond to at least a first data packet and a second data packet, and wherein the UWB receiver is further configured to: calculate a first time of flight between the transmitter and the UWB receiver based on the first correlation peak in cipher accumulator data that meets the one or more criteria in the first data packet; calculate a second time of flight between the transmitter and the UWB receiver based on the first correlation peak in the cipher accumulator data that meets the one or more criteria in the second data packet; determine a difference between the calculated first time of flight and the calculated second time of flight; and accept one of the first time of flight or the second time of flight as identifying the first path of a data packet from the transmitter to the UWB receiver only if the calculated first time of flight and the calculated second time of flight differ by less than a predetermined time of flight difference threshold.

20. The UWB receiver of claim 1, configured to identify that a correlation peak in the accumulator data meets one or more criteria by: determining the distribution of the accumulator data in the accumulator prior the correlation peak; and identifying the correlation peak meets one of the one or more criteria if the distribution of the accumulator data in the accumulator has a normal distribution.

21. The UWB receiver of claim 20, configured to determine the distribution of the accumulator data by: calculating a mean noise value (MNV) of the accumulator data prior to the correlation peak; and determining a proportion of accumulator samples in the accumulator data prior to the correlation peak that exceed a threshold multiple of the MNV; and wherein the criteria is based on the proportion of accumulator samples that exceed the threshold multiple of the MNV.

22. The UWB receiver of claim 1, further configured to: calculate a first time of flight between the transmitter and the UWB receiver based on a first correlation peak of a first segment in ciphered accumulator data that meets the one or more criteria; and calculate a second time of flight between the transmitter and the UWB receiver based on a first correlation peak of a second segment in the ciphered accumulator data that meets the one or more criteria; and accept one of the first time of flight and the second time of flight as identifying the first path of a data packet from the transmitter to the UWB receiver only if the calculated first time of flight and the calculated second time of flight differ by less than a predetermined time of flight difference threshold.

23. The UWB receiver of claim 22, wherein the first and second segments are associated with the same data packet.

24. The UWB receiver of claim 1, wherein identified correlations are accumulated in a plurality of accumulators and wherein the UWB receiver is further configured to: identify a plurality of first correlation peaks that meet the one or more criteria, each identified first correlation peak corresponding to one of the plurality of accumulators; and compare a distribution of the accumulator data around each of the identified first correlation peaks; and use the identified plurality of first correlation peaks to identify the first path of a data packet from the transmitter only if the distribution of the accumulator data around each of the identified first correlation peaks is sufficiently similar.

25. The UWB receiver of claim 24, further configured to determine if the distribution of the accumulator data around each of the identified first correlation peaks is sufficiently similar by calculating a measure of the distribution similarity and determine the distribution similarity is within a similarity threshold.

26. The UWB receiver of claim 24, further configured to, prior to determining if the distribution of the accumulator data around each of the identified first correlation peaks is sufficiently similar: normalize the data around each of the identified first correlation peaks based on one or more of: an amplitude of the corresponding correlation peak; a length of a corresponding sequence; and a number of energy pulses detected during accumulation of the corresponding sequence.

27. The UWB receiver of claim 26, wherein the corresponding sequence is a cipher segment or a synchronization sequence.

28. The UWB receiver of claim 1, wherein the received data further comprises a plurality of channel-distorted synchronization codes, and the UWB receiver is further configured to develop a synchronization-based channel estimate from the received data packet based on the plurality of channel-distorted synchronization codes.

29. The UWB receiver of claim 1, further configured to develop a channel estimate from the received data packet based on the plurality of channel-distorted cipher codes.

30. The UWB receiver of claim 1, configured to identify a first correlation peak in the accumulator data that meets one or more criteria by: selecting a channel-matched filter based on a channel estimate; demodulating the received data using the channel-matched filter; and identifying one of the one or more criteria is met if the demodulated data is correct.

31. The UWB receiver of claim 1, wherein identified correlations are accumulated in a plurality of accumulators and the UWB receiver is further configured to: identify a plurality of first correlation peaks that meet the one or more criteria, each identified first correlation peak corresponding to one of the plurality of accumulators; compare the phase of channel estimate data at each of the identified first correlation peaks; and use the identified plurality of first correlation peaks to identify the first path of a data packet from the transmitter only if the phase of the accumulator data at each of the identified first correlation peaks is within a phase difference threshold.

32. The UWB receiver of claim 1, wherein identified correlations are accumulated in a plurality of accumulators and the UWB receiver is further configured to: identify a plurality of first correlation peaks that meet the one or more criteria, each identified first correlation peak corresponding to one of the plurality of accumulators; comparing a phase of channel estimate data at each of the identified first correlation peaks; and use the identified plurality of first correlation peaks to identify the first path of a data packet from the transmitter only if the phase of the accumulator data at each of the identified first correlation peaks is the same or differs by a predetermined phase offset within a phase difference threshold.

33. The UWB receiver of claim 1, wherein the one or more criteria are based on a classification that was learned from a training data set.

34. The UWB receiver of claim 1, further configured to convert the received data from analog to digital using an analog-to-digital converter having resolution restricted to five or fewer levels.

35. The UWB receiver of claim 1, further configured to convert the received data from analog to digital using an analog-to-digital converter having resolution restricted to three or fewer levels.

36. The UWB receiver of claim 1, wherein the received data comprises channel-distorted synchronization codes received prior to receipt of the plurality of channel-distorted cipher codes; wherein the UWB receiver is further configured to: select gain and/or analog-to-digital converter parameter(s) based on the channel-distorted synchronization codes; maintain the selected gain and/or analog-to-digital converter parameter(s) during receipt of the plurality of channel-distorted cipher codes.

37. The UWB receiver of claim 1, wherein the received data comprises channel-distorted synchronization codes, a start of frame delimiter and/or payload data; wherein the UWB receiver is further configured to: read a first set of gain and/or analog-to-digital converter parameter(s) based on the channel-distorted synchronization codes, start of frame delimiter and/or payload data; read a second set of gain and/or analog-to-digital converter parameter(s) based on the received plurality of channel-distorted cipher codes; determine differences between the first set of gain and/or analog-to-digital converter parameter(s) and the second set of gain and/or analog-to-digital converter parameter(s); and use the first correlation peak to identify the first path only if the determined differences do not exceed a predetermined parameter threshold for each of the parameter(s).

38. The UWB receiver of claim 1, further configured to estimate the carrier frequency offset (CFO) based on the received data; calculate the timing offset of the received data to compensate for offset between a clock of the UWB receiver and a clock of the transmitter, wherein the adjustment of the receiving time is based on the estimated CFO and the timing adjustment is limited to a predetermined maximum adjustment; and adjust the timing offset of the received data by no more than the calculated adjustment.

39. The UWB receiver of claim 38, wherein the timing adjustment is based on a predetermined packet duration and/or maximum allowed clock frequency offset (CFO).

40. The UWB receiver of claim 1, further configured to: estimate a first carrier frequency offset estimate associated with the received data; receive a second carrier frequency offset estimate calculated by the transmitter; and compare the first carrier frequency offset estimate and the second carrier frequency offset estimate; wherein one of the one or more criteria is met if the first carrier frequency offset estimate differs from a negative of the second carrier frequency offset estimate by less than a frequency offset difference threshold.

Description

BRIEF DESCRIPTION OF THE DRAWING FIGURES

[0112] Methods and systems for ultra-wideband communications are described by way of example only, in relation to the Figures, wherein:

[0113] FIG. 1 shows an ultra-wideband (UWB) physical layer (PHY) frame structure;

[0114] FIG. 2 shows a UWB frame with a cipher sequence inserted before the payload data;

[0115] FIG. 3 shows a UWB frame with a cipher sequence appended after the payload data portion;

[0116] FIG. 4 shows an example channel count plot from a cipher accumulator;

[0117] FIG. 5 shows another example channel count plot from a cipher accumulator and various possible detection threshold levels;

[0118] FIG. 6 illustrates probabilities of random attacker sequences satisfying an acceptance threshold for various acceptance thresholds;

[0119] FIG. 7 shows false-positive detection rates in the case of a 4096-bit long HRP system;

[0120] FIG. 8 shows an example growth rate of the genuine versus false paths in an accumulator;

[0121] FIG. 9 shows another example growth rate of the genuine versus false paths in an accumulator;

[0122] FIG. 10 shows original and retransmitted sequences in an exemplary attack; and

[0123] FIG. 11 shows a block diagram of an attack on a keyfob and anchor system.

DETAILED DESCRIPTION

[0124] Ultra-wideband (UWB) systems can provide distance determination between a transmitter and a receiver by analyzing the time-of-arrival (TOA) of packets at the receiver. The UWB systems can be characterized by having either low-rate pulses (LRP) or high-rate pulses (HRP). In systems with LRP, the pulses are transmitted at a lower rate (e.g., around 1 MHz), but at higher power per pulse than in systems with HRP (the typical rate of the pulses in systems with HRP can be >64 MHz).

[0125] The IEEE standard 802.15.4-2011 describes a UWB physical layer (PHY) with a frame structure and two way ranging abilities, as shown in FIG. 1. The following abbreviations are used in FIG. 1 and subsequent diagrams to denote certain portions of the frames: [0126] SYNCSync pattern [0127] SFDStart Frame Delimiter [0128] PHRPHY Header

[0129] The Sync pattern is a sequence of symbols forming a frame preamble, which may be based on a predefined code sequence having certain properties that make it useful for channel sounding purposes (including perfect periodic autocorrelation).

[0130] From the ranging security perspective, this structure has the following vulnerabilities: [0131] 1) If the start of the SYNC is known in advance or detected by listening to the packet, the rest of the SYNC is entirely predictable. [0132] 2) The SYNC is periodic (i.e., it repeats the same symbol again and again), so a version which is delayed by just one symbol looks almost identical to the original with no delay. [0133] 3) An attacker could transmit identical SYNC or retransmit the genuine SYNC with such a delay to inject false correlation peaks into the accumulator, thus affecting the ranging procedure.

[0134] While multiple countermeasures are possible to prevent such an attack, an attacker, in theory, could come up with even more sophisticated attacking equipment and mechanisms in order to defeat the countermeasures. In general, the methods described herein deal with a problem of designing an improved first path detection method that allows the receiver to select the true first path originated from a genuine transmitter in a secure way, that is, without false-positive earlier detections (for example, without being triggered by noise peaks, channel types, hardware imperfections, or the attacks).

[0135] In order to address these vulnerabilities and to provide means for more secure channel sounding and ranging, an additional cryptographically-generated (CIPHER) sequence may be appended (or inserted) to the packet. The CIPHER sequence can consist, for example, of pulses of pseudo-random polarity, which would not be repeatable or predictable (for example, the pulses could be generated by a cryptographically secure pseudorandom number generator (CSPRNG)).

[0136] FIG. 2 shows a UWB frame with a cipher sequence inserted before the data. FIG. 3 shows a UWB frame with a cipher sequence appended at the end.

[0137] The cipher contains expected, cryptographically generated pulses (or bits). A typical length of cryptographically generated key (or cipher) can be 32, 64, or 128 in the case of systems with LRP and 4096, 8192 . . . , N*4096 in the case of systems with HRP.

[0138] Due to the much lower number of pulses in systems with LRP, a high level of security can only be achieved if all of the bits (or at least nearly all of the bits) are received correctly, whereas in systems with HRP, the ranging exchange can still be extremely secure if a significant number of bits are received incorrectly (even >40% of the bits).

[0139] In both systems with LRP and HRP, the receivers work on the basis of comparing the received bits to a locally generated reference. This can be implemented in the form of a correlator (with an accumulator), which cross-compares the incoming signal at various delays. Each delay in the accumulator will correspond to a certain distance travelled by the signal; closer distances will result in correlations at earlier delays in the accumulator. Alternatively, instead of using longer accumulators, it is possible to verify correlation at only one delay; in this case the system needs to know the most probable distance/delay (possibly from earlier sequences/preambles or exchanges) and use the ciphered sequence for its verification. Certain threshold levels can be implemented to verify if the obtained correlation is strong enough to signify a securely received first path.

[0140] A Channel Impulse Analysis (CIA) algorithm is responsible for the analysis of any of the channel impulse response estimates that are stored in the accumulators. It can determine the location of the first path and, from that, calculate the time-of-flight (TOF), the TOA, and, finally, the distance between the transmitter and the receiver. It also computes the phase of the first path and, depending on an implemented phase-difference-of-arrival (PDOA) mode, it can also compute the phase difference between the appropriate accumulators. It can compensate for known changes in the analog front end, such as delay changes due to the gain control decisions or temperature variations.

[0141] The ranging will be secure if the receiver is able to determine the position of the first path very reliably, despite any presence of noise, various hardware imperfections, and even malicious actions performed by the attackers. While an attacker cannot predict the cipher sequence to introduce an earlier correlation peak, it can attempt to confuse the receiver by transmitting various interfering patterns, even completely disregarding the regulatory transmit power limits. Such malicious transmissions could tamper with the reception of the ciphered sequence. Therefore, one of the goals of the methods described herein is to verify the integrity of the received cipher sequence, despite distortion that may be introduced due to the transmission channel.

[0142] FIG. 4 shows an example channel count plot 401 from a cipher accumulator, a weak early path (marked by vertical line 410), and strong reflections 430, 440, 450.

[0143] While ranging security can be improved simply by configuring a higher detection threshold, it would also reduce the sensitivity. In FIG. 5, another example channel plot 501 forms a cipher accumulator and various possible detection threshold levels, a first threshold 510, which is at around a level of 290 (correlation strength), a second threshold 520, which is at around a level of 595, and a third threshold 530, which is at around a level of 880 are shown. The third threshold 530, while theoretically offering the highest protection against false first path detection in this example, would result in the peak of the genuine first path 540, which is only at a level of 620 to be missed.

[0144] The first path detection algorithm does not necessarily need to be based on locating the first sample that is higher than the threshold. Multiple approaches could be used, for example, testing various conditional lower thresholds. Using a lower threshold could help identify earlier and weaker first paths and may be used in conjunction with additional verification steps to maintain a higher security level. The additional verification steps could, for example, include comparing the first path positions obtained through sending and receiving two cipher segments or ciphers from two separate packets.

[0145] In order to maintain very high security without significant sensitivity degradation, improved methods could take into many more factors when deciding which early correlation peaks are potential candidates and whether to accept them or not. Some methods could eliminate potential attacks by detecting harmful interference and, if present, ignore the ranging result.

[0146] There are described herein a number of steps and checks that may be performed and taken into account during the process of secure first path detection to improve security.

[0147] One of the possible attack mechanisms could involve the malicious attacker triggering ranging exchanges constantly and transmitting random bit patterns which overlap the genuine transmission in time but at a higher power, thus overwriting the original message, in the hope of triggering sufficiently high correlation in the earlier part of the accumulator so that the receiver would interpret the artificially inserted correlation peaks as a genuine one.

[0148] Depending on the required security level, stronger or weaker requirements can be placed on the correlation threshold.

[0149] In the case of systems with LRP that require 100% bits (or nearly 100% bits, depending on the security level) to be correct, it is easy to establish that the probabilities of successful attack for 32, 64, and 128 bit long keys are: 2{circumflex over ()}(?32) (2.33e?10), 2{circumflex over ()}(?64) (5.42e?20), and 2{circumflex over ()}(?128) (2.94e?39), respectively (assuming that 100% bits need to be received correctly).

[0150] In the case of systems with HRP, the same probabilities as in systems with LRP can be achieved. In order to match the security level of 32, 64, and 128 bit long LRP keys, an example HRP receiver using a 4096 bit cipher sequence would need to set the detection threshold at the levels corresponding to approximately a 55%, a 57%, or a 60.5% rate of the correctly received bits.

[0151] FIG. 6 illustrates the minimum required percentage of correctly received bits for first path acceptance thresholds for a 32 bit, 64 bit, 128 bit, and 4096 bit key. FIG. 7 shows false-positive detection rates in the case of a 4096 bit long HRP.

[0152] FIG. 6 shows the probability of an attacker guessing (e.g., by transmitting random bits) more than or equal to a certain percentage of bits in the system with HRP (that is configured for 4096 ciphered pulses), which would result in certain correlation peaks. For the purpose of this example, we assume that the correlation peak amplitude is always a positive (absolute) value, i.e., a negative correlation would cause a certain (positive) amplitude peak. For example, guessing all bits incorrectly results in a correlation peak of ?4096, but, in this example, as we ignore the peak sign, it would be equivalent to +4096.

[0153] The sign is ignored because, when using a coherent receiver on a multipath channel, each path will have a different phase. Even if the receiver attempts to lock the main (strongest) path to a certain phase (such as 0 degrees), the first weaker path could have a completely different phase. Therefore, in post-processing, when searching for the first path, phases are ignored and absolute values are analyzed. Therefore, setting the correlation threshold at 0 would result in a 100% false positive rate because the absolute correlation result will always be greater than or equal to 0.

[0154] FIG. 6 demonstrates that it is equally hard to guess all 128 out of 128 bits (in a system with LRP) as it is to guess at least 2478 bits out of 4096 bits (more than 60% guessed bits in a system with HRP).

[0155] In the vast majority of cases, the attacker on the system with HRP, transmitting random bit patterns, will guess fewer than 2148 bits correctly (2048 bits on average). The probability of guessing more than 2148 bits is 0.0019, guessing more than 2200 bits is 2.175e?06, and guessing more than 2248 bits is 4.3983e?10. It is therefore possible to set a threshold depending on particular security requirements.

[0156] It is also possible to have longer HRP cipher lengths (N*4096) which will result in even lower probabilities of a successful attack for a given threshold (relative to the peak correlation).

[0157] Both in systems with LRP and HRP, a designer can select a set of parameters which will result in any desired security level. If the probability requirement of a successful attack is, for example, lower than 1e?19, in a system with LRP, a 64 bit long key should be used and in case of a system with HRP and a 4096 bit cipher, a detection threshold higher than 2340 correct pulses should be used. By choosing the appropriate parameters, almost any security level can be configured and achieved in both systems with LRP and HRP.

[0158] Both systems with LRP and HRP have sensitivity limits, where it would be harder to detect a very weak first path. Due to limited transmission power, increasing the security level inversely correlates with the sensitivity. In systems with LRP, more secure and longer sequences will result in power reduction per pulse/bit, thus reducing sensitivity. In systems with HRP, increasing the correlation threshold will have a similar effect.

[0159] In the case of systems with LRP where there is a (nearly) 100% correctness requirement, any short-lasting glitch or interference (even if it is not necessarily malicious, as it could come from an impulse noise source nearby, e.g., another unrelated UWB transmitter) affecting even a single bit will result in a failed ranging exchange. Systems with HRP, on the other hand, are more robust and can tolerate interference and destruction of a significant part of the cipher. For example, with a very secure threshold set to 2340 correct bits, even up to 1756 bits out of 4096 bits could be destroyed and correlation from the remaining bits could still be strong enough to pass (assuming that the remaining bits can be received with sufficient quality).

[0160] In order to provide a more secure way of ranging and distance estimation, we provide a method for use in a wireless communication system comprising a transmitter and a receiver. Both the transmitter and the receiver pseudo-randomly generate, as a function of the same seed, identical code sets of m codes. Note that a code could be a simple Binary Phase Shift Keying (BPSK) positive or negative pulse or it could be a longer code, e.g., a length k golay code or even a pseudo randomly selected random binary code. The receiver then may additionally modify the receiver code set in order to, for example, reduce the number of correlation sidelobes. The transmitter then transmits the transmitter code set and the receiver receives a channel-distorted form of the transmitted code set. The receiver then develops a set of m channel correlations by correlating each code of the generated receiver code set with the corresponding code of the channel-distorted form of the transmitter code set and, finally, develops a channel estimate by accumulating the set of m channel correlations.

[0161] In one embodiment, the receiver processes the channel estimate identifying the earliest correlation peak fulfilling certain required criteria. The earliest correlation peak location will affect the time-of-flight measurement, hence the distance between the transmitter and the receiver. There may be multiple criteria that must be met for acceptance of the peak as a valid correlation peak (i.e., a packet received from a genuine transmitter). In the simplest case, it could be that its amplitude exceeds a pre-configured fixed threshold. The value of such a threshold may depend on one or more parameters. Such parameters may be predetermined or static. In some embodiments, the threshold selection may be based additionally or alternatively on dynamic parameters. Example parameters are transmission power, the required security level, noise level in the accumulator, a length of the cipher sequence, detected channel characteristics such as the strength of reflections, carrier frequency offset (CFO), or gain parameters (e.g. automatic gain control (AGC)). Using multiple and/or dynamic parameters can improve the receiver's first path sensitivity by allowing the detection threshold to be lowered while still providing the required security level.

[0162] In some embodiments, the final threshold selecting algorithm may combine both static and dynamic parameters. Where the threshold value is a function of dynamic parameters, a static minimum threshold value can also used. If the threshold value calculated initially based on the one or more dynamic (and, optionally, static) parameters is lower than a predetermined minimum threshold value (which may itself be based on other static parameters), then the minimum level would be used for the comparison. The minimum threshold level could be either a fixed value or depend on certain static parameters such as cipher length, transmit power, the required security level or others. Therefore, even in a case where the detection threshold calculation depended on the accumulator noise levels and the accumulator was almost noiseless (for example, as a consequence of a malicious attack), accidental noise samples would not trigger false detection.

[0163] In some embodiments, the receiver can be configured to use a low resolution analog to digital converter (ADC) (for example, 1 bit consisting of a single threshold (i.e., 2 levels) or 1.5 bits consisting of two thresholds (i.e., three levels)) as compared to typical ADCs, which generally have higher resolutions (e.g., 3 bits or more). One possible attack mechanism is for the attacker to use increased power for a small portion of the channel sounding sequence, e.g., to send a signal with random polarity at a much higher power than the rest of the sequence. Because this signal has higher power, it will give a higher correlation peak in the victim receiver than the true signal, and much fewer correct guesses would be necessary to trigger a bogus first path detection. One way to defeat such an attack is to have a receiver with a lower resolution, e.g., with a small number of ADC levels (e.g., 2, 3, 4, 5, 6, or 7 levels as compared to the usual receiver ADC with 8 or more levels (3 bit or more ADCs are common in wireless receivers)), and to fix the thresholds for these levels and the receiver gain (or to only allow them to change by a small factor) during the reception of the channel sounding sequence.

[0164] In one other embodiment, the function controlling the acceptance of the cipher correlation peak as a valid peak may also use additional information and statistics collected earlier during the entire packet reception (and/or also collected during the reception of previous packets and/or during the silence period). This information may, for example, indicate if there is something unusual present in the received signal, which could interfere with the proper functioning of the receiver and of the earliest path detection algorithm, in particular. In that case, the algorithm would not only adapt the first path acceptance threshold (as discussed before), but could also conditionally reject certain packets, for example, if certain diagnostic information about channel quality was not satisfactory.

[0165] Examples of such diagnostics and possible interference could be the attacker using equipment and methods to distort the signal in order to try to influence the measured distance. The attacker could use, for example, UWB transmitters and/or amplifiers, transmitting various bursts of interference or other patterns, or retransmitting the original signal at much higher power, possibly with some distortion. The purpose of the attack could be to inject an artificial glitch or correlation peak into the accumulator, which could be interpreted as a genuine correlation peak, resulting in reduced measured distance. In order to prevent such an attack from having any effect, the receiver can employ multiple additional methods and tests and collect additional diagnostic information for its analysis. This could include: [0166] Verification that ADC output statistics are at least substantially unchanged during the reception of the whole data frame. The statistics of the ADC output during the cipher may be compared to the expected or measured ADC output statistics during earlier sequences (e.g., Ipatov synchronization, data symbols). ADC statistics can, for example, include the number of pulses with high, medium, or low energy per some unit of time, such as, for example, symbol duration. Such analysis would confirm whether the received signal properties were constant during the packet or if they were changed (for example, as a result of the attacker transmitting shorter bursts of signal or interference or transmitting interference only during the ciphered part of the packet). [0167] Freezing the gain settings and/or ADC parameters after the initial synchronization state in order to prevent potential attacks, which could affect the receiver's gain settings. Freezing the receiver gain settings should result in constant and predictable signal receive power. It also makes it easier to collect reliable ADC statistics about the signal and to detect malicious interference. This could prevent attacks, for example, that include the transmission of bursts of pulses or retransmission of the whole or part of the original sequence, but at the different transmission power (higher or variable). Such attacks could lead to unusual contents in the accumulator, which could be (potentially) incorrectly interpreted. [0168] As an alternative to freezing gain settings and/or ADC threshold parameters during the reception of the channel sounding sequence, it is possible to, instead, verify that the gains and thresholds behaved as expected for a sequence that was not attacked, e.g., they didn't change much or they changed by the expected amount. [0169] Monitoring the correlation strengths (and, optionally, the phase) of each cipher symbol during the accumulation process and setting a requirement on the minimum number of symbols with sufficiently good correlation (e.g., having a strong enough correlation and being within certain phase limits). This is to ensure that (nearly) all cipher symbols correlate consistently and similarly and that the attacker is not damaging only some of the symbols or producing a short lasting burst-type interference. [0170] Verifying the correctness of data demodulation using channel-matched filters, which may be calculated based on the selected channel estimate. If the system is attacked with random noise and its channel estimate is damaged, there is also a high probability that data payload demodulation will fail as a consequence. The selected channel-matched filter may be based on Ipatov (SYNC) or one of the cipher segments. [0171] Comparing TOAs as computed based on the Ipatov (SYNC) and the cipher accumulators. They are both estimates of the same channel (but measured using different codes), therefore, they should return very similar results. If the system is attacked, it is extremely unlikely that both the Ipatov sequence and the cipher accumulators would produce false correlation peaks at exactly the same delay. [0172] Comparing TOAs as computed based on cipher accumulators from different packets, for example, on packets transmitted (or received) one after another (e.g., consecutively, or within a certain time difference). [0173] Comparing TOAs as computed based on cipher accumulators from two (or more) cipher segments sent during the same packet, for example, consecutive cipher segments. [0174] Comparing the channel estimate amplitude distribution around the first path region between SYNC/Ipatov sequences and cipher accumulators (or between cipher accumulators obtained from different segments, e.g., where a cipher comprises several segments). While the distributions should be similar (because the channel is assumed to be unchanged during the reception of the whole packet), amplitudes may be scaled, for example, proportionately to sequence lengths and the number of energy pulses collected during accumulation of both the Ipatov and cipher sequences. A function can be designed to calculate the probability that the compared first path regions have the same distribution.

[0175] In some embodiments, the function used is a rank sum test (also known as the Wilcoxon rank sum test or the Mann-Whitney U test). It is a non-parametric hypothesis test that can be used to determine whether two independent sets of samples were selected from populations having the same distribution. An example of a rank sum test will now be described. Note that the statistics are not exactly the same between the Wilcoxon rank sum test and the Mann-Whitney U test, but the two have the same efficiency.

[0176] Rank sum tests have 95% efficiency of student-tests, but without the requirement of prior information.

[0177] The rank sum test contains the following 5 steps: [0178] 1. Samples are obtained from each of the two populations A and B containing n.sub.A and n.sub.B samples, respectively. All samples are assumed to be independent from each other. [0179] 2. Rank all the samples that were obtained in ascending order from 1 to (n.sub.A+n.sub.B). Tiers (samples which have the same value) have the same rank. [0180] 3. Sum all of the ranks for the samples from populations A and B, respectively, and note as w.sub.A and w.sub.B. [0181] 4. When both n.sub.A and n.sub.B are 10 or greater and n.sub.A?n.sub.B, we can treat the distribution of w.sub.A as if it were normal (?.sub.A, ?.sub.A), where:

[00001] $? = \frac{n_{A} (n_{A} + n_{B} + 1)}{2}$ $? = \sqrt{\frac{n_{A} n_{B} (n_{A} + n_{B} + 1)}{1 2}}$

If there are tiers, the correction below is used with k being the number of distinct tiers and t.sub.i being the number of samples sharing ranks:

[00002] $?_{A} = \sqrt{\frac{n_{A} n_{B}}{1 2} ((n_{A} + n_{B} + 1) - {.Math.}_{i = 1}^{k} \frac{t_{i}^{3} - t_{i}}{(n_{A} + n_{B}) (n_{A} + n_{B} - 1)})}$

Then:

[0182] [00003] $z = \frac{w_{A} - ?_{A}}{?_{A}} ? N (0, 1)$ [0183] 5. Compare z to the threshold determined by the significant level. If |z|?threshold, we accept a null hypothesis that the two populations are from the same distribution, unless the alternative hypothesis is taken.

[0184] The proposed double rank sum tests to verify the first path has the following steps: [0185] 1. Calculate equivalent Ipatov_first_path=Cipher_first_path?implementation_specific_offset [0186] 2. Samples are taken from the floor (first path estimation) in the Ipatov sequence and the cipher sequence with n.sub.Ip=n.sub.cy=30, respectively. [0187] 3. Remove the direct current (DC) offset from the samples and then calculate the amplitude of each sample and normalize them by peak amplitude. The DC offset in the cipher sequence is provided by a CIA algorithm. In the Ipatov sequence, the DC offset=median (accumulator (1 :((first path?1))). [0188] 4. Run the first rank sum test with a threshold of 3, which is equivalent to a significant level of 0.135 %. For any statistics where |Z.sub.1|>3, mark it as a false early first path.

[0189] With the assumption that the Ipatov sequence and cipher sequence are passing through the same channel but have different noises, |Z.sub.1| should be small enough, unless the first cipher path falls in the noise region rather than the channel window.

[0190] However, if the false early first path is small and close to the channel window, the statistics |Z.sub.1| would be small as well. In order to detect the false early first path in this case, a 2nd rank sum test is introduced: [0191] 5. For packets passing the first rank sum test, run a second rank sum test with the same 30 cipher sequence samples and 25 Ipatov sequence samples that remove the first 5 samples, n.sub.Ip=25 and n.sub.cy=30. Then we have the 2nd statistics z.sub.2. [0192] 6. If the absolute difference |z.sub.1?z.sub.2|<0.58, calculate the first path and peak path amplitude ratio in the cipher and, if the ratio r<0.25, mark it as an false early first path.

[0193] The principle behind points 5 and 6 is that if there is a fake strong first path only in the cipher sequence, it would not pass the first rank sum test. However, if there is a strong real first path in the cipher accumulator, it should be in the Ipatov accumulator as well. Hence, if we remove the first five samples in the Ipatov sequence that definitely contain the first path, the difference |z.sub.1?z.sub.2| would be large enough, unless the first path was weak or non-existent in the Ipatov accumulator, e.g., added by attack.

[0194] In summary, the proposed double rank sum tests detect a false early first path by two main means: [0195] 1. The first rank sum test catches all the false very early first paths that fall into the noise region and the near but strong false early first paths as well. [0196] 2. The weak and close false early first path is caught by the second rank sum test and following the first path to the peak path ratio.

[0197] Comparing sample phases in the first path region between the Ipatov or SYNC pattern and the cipher (or between cipher segments). Depending on how transitions between the sequences are handled (Ipatov sync, SFD, cipher and data), the phase may be either fixed throughout the whole packet or certain phase offsets may be added. After subtracting any effects due to transition-related phase changes, the respective phases should be similar. A phase consistency test can verify that the first path regions of the cipher and Ipatov sequences (or consecutive cipher segments) have similar phase differences between subsequent samples.

[0198] A second variant is also possible. Rather than verifying that the phases of samples in the first path regions match, it is also possible to verify that phase changes (progression) between consecutive samples match. An example will now be described: [0199] The core idea behind this test is that if the cipher first path is a real first path, the SYNC pattern, or Ipatov preamble, will also contain signal energy in those positions and the phase in the first path region should be similar. If there is an early false cipher first path, whether due to a side lobe or an attack, the corresponding section in the Ipatov accumulator will contain different noise samples and, hence, the phase should differ.

[0200] This approach could have a number of advantages: [0201] By comparing the phase in the first path region, the actual shape of the first paths are compared, rather than just the distribution of the samples. [0202] By comparing the phase rather than amplitudes, the need for normalization due to different accumulation lengths is avoided. [0203] Unlike in PDOA applications, the absolute phase is not important. Errors due to phase advance and ambiguity functions could be avoided by working with the relative phase progressions rather than the absolute phases.

[0204] A number of variations can be considered: [0205] Selection of first path samples: [0206] in the cipher accumulator, a window of four samples is considered, starting from the sample before the first path position; and [0207] in the SYNC pattern or Ipatov accumulator, the corresponding window of four samples is taken, based on the fact that there is a fixed offset between the Ipatov and cipher accumulator first paths. [0208] Convert to phase progressions: [0209] calculate the four phases in each set of samples (in the following, it is assumed that the phase is expressed in degrees); and [0210] convert to three phase progressions (diff(angles) in Matlab). [0211] Consider the difference between the two phase progressions: [0212] take the difference between the two phase progressions; [0213] convert them to an angle between ?180 and 180 degrees; and [0214] two of the three phase differences have to be within 5 degrees.

[0215] Applying machine learning based classification algorithms to assess the integrity of the first path estimation, e.g., using a machine learning logistic regression-based assessment of the cipher-based TOA. Machine learning based classification algorithms learn the probabilities of integrity and shapes of correct and erroneous first path estimates from training datasets that can contain data from simulation or real measurements from different use cases. When the learning phase is completed, the experiences and patterns that the algorithms learned are applied to the measured accumulators to predict integrity of the first path estimations. Machine learning logistic regression based classification can be configured to learn how to classify an early first path from a training data set by modeling the output, e.g., by following a binary Bernoulli distribution. An example will now be described.

[0216] If we categorize an early first path as 1 and a correct first path as 0, the early first path detection becomes a binary classification problem. In machine learning, many classification algorithms have been proposed in the past years. Given the requirements of low computational complexity, fast processing time, and labelled training data (we know which estimations are early first paths and which are not), logistics regression is a good candidate to start from.

[0217] Logistic regression is a statistics-based classification algorithm. A logistic model is one where the log-odds of the probability of an event is a linear combination of independent or predictor variables. In logistic regression, we assume that output follows a binary Bernoulli distribution with the probability:

TABLE-US-00001 TABLE 1 Probability in logistic regression y 0 1 Probability [00004] $1 - p = \frac{e^{- ?^{T} x}}{1 + e^{- ?^{T} x}}$ [00005] $p = \frac{1}{1 + e^{- ?^{T} x}}$
where x=(X.sub.1, X.sub.2, . . . , X.sub.n) is an input feature vector, ?=(?.sub.1, ?.sub.2, . . . , ?.sub.n) is the parameter or coefficient vector, and y are known labels in training data, then the likelihood function is:

[00006] $L (? | x) = \Pr (Y | (X; ?)) = \underset{i}{.Math.} {h_{?} (x_{i})}^{y_{i}} {(1 - h_{?} (x_{i}))}^{(1 - y_{i})}$

where h.sub.?(X.sub.i)=1/1+e.sup.??.sup.T.sup.X, the cost function in logistic regression is ?log(L(?|x)) is:

[00007] $- \log (L (? | x)) = - \underset{i}{.Math.} y_{i} \log (h_{?} (x_{i})) + (1 - y_{i}) \log ((1 - h_{?} (x_{i})))$

[0218] Logistic regression uses optimization techniques to obtain a parameter vector {circumflex over (?)} that minimizes a cost function based on paired training data sets (x, y).

[0219] With the coefficient vector {circumflex over (?)}=({circumflex over (?)}.sub.1, {circumflex over (?)}.sub.2, . . . , {circumflex over (?)}.sub.n), we could predict the probabilities of y being 0 and 1 for new data by using Tabl. After comparing with a pre-defined threshold, y could be classified as 1 if the probability is larger than a threshold, or 0 for other cases.

[0220] When using logistic regression in early path detection, the input feature vector x can be sampled around first path estimation in a cipher accumulator and the threshold can be set according to the missing and false early first path detection requirements.

[0221] Meanwhile, a probability of an early first path would be much smaller than of a correct first path. The training process will tend to bias towards a dominant class, even if we adjust the threshold. The dominant class is the class that most of the samples belong to. For instance, a real first path is the dominant class as the number of its samples are much larger than false early first path. To mitigate the effect of imbalanced data, we give different weights for different classes in the cost function to make the cost of instances in class 1 higher than in class 0. The cost function becomes:

[00008] $- \log (L (? | x)) = - \underset{i}{.Math.} w_{i} (y_{i} \log (h_{?} (x_{i})) + (1 - y_{i}) \log ((1 - h_{?} (x_{i}))))$ [0222] where w.sub.i is the cost for each instance and its value is:

[00009] $w_{i} = {\begin{matrix} \frac{1}{frequency of class 1} if instance i ? class 1 \\ \frac{1}{frequency of class 0} if instance i ? class 0 \end{matrix}$

[0223] For coefficient vector {circumflex over (?)} estimation, we need to train a logistic regression classifier using training data. The classification error in training sets is called a training error. In order to test the performance of the logistic regression classifier, a disjoint data set should be used as a testing data set. Similarly, a classification error in the testing set is called a testing error. The testing error is also known generalization error as a measurement of ability to predict unseen data.

[0224] We use training error to tune feature length and thresholds. The performance of the logistic regression classifier is evaluated on a test data set.

[0225] Analyzing the correlator output (sum of correlated bits) at each delay as it gets accumulated over time. Analysis may be done on both real and imaginary axes. The property of the genuine weak first path is that it will produce weak correlation output in each correlated symbol, resulting in slow but steady accumulator growth at the particular delay. A sidelobe, mimicking weak path (for example introduced by the attacker's malicious transmissions), would result in very noisy and random correlator output, sometimes positive, sometimes negative. Accumulator growth at this delay will therefore be chaotic: sometimes growing in the right direction, sometime strongly backtracking in the other.

[0226] Therefore monitoring of the growth pattern of the accumulated sample will provide a criteria for distinguishing between genuine slowly growing first path and chaotic growth of the false path (e.g. of a sidelobe).

[0227] Example patterns have been presented in FIG. 8 and FIG. 9. The algorithm may, for example, compute how far the growth function diverges from the ideal linear growth and then implement a threshold for acceptance the path based on this criteria.

[0228] FIG. 8 and FIG. 9 show example growth rates of the genuine versus false paths.

[0229] The attacker could record and retransmit the genuine signal pulses at a high power with a variable retransmission delay. This would introduce an additional strong path which would appear like a strong reflection. The timing recover algorithm may lock onto the strongest energy in a certain selected window and then try to maintain the lock to the strongest signal. If the retransmitted path had a variable delay, it could manipulate the timing recovery algorithm to compensate for the changing delay, thus shifting the whole correlation window and shortening the apparent distance of the genuine paths. There are several ways it would be possible to counteract this: [0230] In the case where the carrier and the baseband (modulation) clocks are synchronized (in the transmitter), it is possible, in the receiver, to calculate timing recovery adjustments as a function of the CFO, since these two are closely synchronized. Usually, a scaling factor is needed to calculate the timing offset adjustment based on the CFO. [0231] Alternatively (and also in cases where the transmitter, carrier, and baseband clocks were not synchronized), it would be possible to limit the maximum timing shift that the timing recovery algorithm is allowed to apply during the packet reception. Considering the packet's short duration and maximum allowed clock difference tolerance, the maximum timing offset during the packet is limited and can be calculated. If the attacker artificially shifts the path timing offset by more than that value, the receiver will only be able to follow that shift within specified limits, thus preventing significant change to the first path position.

[0232] The attacker could also attack the ranging protocol. In single-sided, two-way ranging, it is necessary to compensate for the clock differences between the two sides. This is due to the fact that the response delay will be clocked at different rates if the transmitter and receiver clocks differ. A compensation typically involves subtracting the compensation factor, which depends on both the response delay duration and the clock difference CFO. If the attacker retransmits the original response message, but at slightly changed rate, the receiver will estimate the wrong CFO and perform incorrect compensation, which could result in a shortening of the distance. To prevent this, the two CFO estimates (CFO1 and CFO2) that were calculated on both sides during the reception of the two ranging packets should be compared. If CFO1 is not close to ?CFO2, it could indicate some kind of carrier clock manipulation, in which case the distance measurement could be rejected by the host processor. The measured CFO1 and CFO2 can be transmitted in the data payload or through other protocols. For example, it may be necessary to check that CFO1 and ?CFO2 are within 1 ppm of each other, e.g., abs(CFO1+CFO2)=<1 ppm.

[0233] CFOs are generally in the range of ?40 ppm to +40 ppm.

[0234] An example of such an attack is illustrated in FIG. 10 and FIG. 11. The attacker retransmits the original message consisting of a series of pulses, but at slightly lower rate, resulting in the message being stretched, as shown in FIG. 10.

[0235] In FIG. 11 below, the initiator (in this case, the keyfob) receives a modified response message from the responder (anchor) and computes an incorrect CFO2. It appears to the keyfob that the anchor's clock is slower. The keyfob predicts that the anticipated response should arrive later, because the anchor clocked the response delay at a slower rate than the keyfob. The keyfob therefore calculates the distance (using the incorrect CFO2) and subtracts the wrong time offset (translating into the distance offset), which would result in the keyfob estimating a lower distance.

[0236] To prevent this kind of attack, it is possible to compare CFO1 estimated by the anchor and CFO2 estimated by the keyfob. In normal circumstances, CFO1 should be close to ?CFO2. For example, the criteria may be that abs(CFO1?CFO2) is less than 1ppm, but in other embodiments, the criteria may be that abs(CFO1?CFO2) is less 2 ppm or less than 3 ppm. The attack on the CFO would only provide meaningful distance reduction if the corrupt CFO was >20-40 ppm.

[0237] The precursor area in the accumulator (that is, the area before the first path), in normal circumstances, is noisy and noise should typically have a normal or Gaussian-like distribution. A receiver could perform an analysis of the actual distribution of the precursor samples. This analysis could, for example, use the mean noise value (MNV) and check how many precursor samples are above 2*MNV, 3*MNV, 5*MNV, 7*MNV, etc. In many types of malicious attacks, the noise in the precursor area will have unusual distributions, for example, there can be more samples having quite high amplitude compared to the mean noise (spikes). The verification would involve checking if proportions of low noise samples and high noise sample are as expected for the typical Gaussian-like noise distribution. An example attack could be where a malicious transmitter transmits high-power random pulses during or just after the preamble. This would result in the receiver gain adapting to it and ADC thresholds increasing. As a consequence, there would be no noise getting through the ADC. As a result, the accumulator would be very clean, without the usual background noise, but could contain some spikes. This verification method would help identify cases where an unusually high number of high spikes are present and could also possibly result in a rejected ranging measurement.

[0238] While a specific architecture is shown, any appropriate hardware/software architecture may be employed. For example, external communication may be via a wired network connection.

[0239] The above embodiments and examples are to be understood as illustrative examples. Further embodiments, aspects, or examples are envisaged. It is to be understood that any feature described in relation to any one embodiment, aspect, or example may be used alone, or in combination with other features described, and may also be used in combination with one or more features of any other of the embodiments, aspects, or examples, or any combination of any other of the embodiments, aspects, or examples. Furthermore, equivalents and modifications not described above may also be employed without departing from the scope of the invention, which is defined in the accompanying claims.

SECURE ULTRA WIDE BAND RANGING

Inventors

Cpc classification

Classification Explorer

H04L25/0224

ELECTRICITY

Classification Explorer

H04W12/03

ELECTRICITY

Classification Explorer

H04L25/0212

ELECTRICITY

Classification Explorer

H04B1/69

ELECTRICITY

Classification Explorer

H04W12/122

ELECTRICITY

International classification

Classification Explorer

H04L25/02

ELECTRICITY

Classification Explorer

H04W12/03

ELECTRICITY

Classification Explorer

H04W12/122

ELECTRICITY

Classification Explorer

H04B1/69

ELECTRICITY

Abstract

Claims

Description