Satellite Navigation for highly automated driving requires an integrated safety concept for GNSS signal processing.

Exact vehicle positioning is a major challenge for advanced driver assistance systems (ADAS) and autonomous vehicles. Future safety-critical driving functions also require functional safety down to the sensor layer. NAVENTIK PATHFINDER enables both - a more robust localization even in urban environments and the implementation of functional safety concepts through transparency of the signal pre-processing within the receiver framework.

Traditional Setup

A dedicated hardware GNSS receiver plus antenna results in a complex system architecture. An integrated supervision of the receiver performance is not possible.


Our software positioning engine is seamless integrated into the central sensor fusion platform. This approach leads to a simplified architecture and enables an integrated safety concept.

A key objective for GNSS-based positioning is to provide integrity while achieving robustness to multipath errors, interference and satellite malfunctions.

The heart of PATHFINDER's functional safety concept and an essential step towards certification according to ISO 26262 is the development of the protection level feature. To form a integrity monitoring concept for a protection level computation, two steps need to be taken: 


Fault detection and exclusion

One of the main advantages of the PATHFINDER GNSS software receiver compared to conventional hardware receivers is the ability to generate integrity data in real-time. Based on specific probabilistic algorithms for the error detection and statistical approximation, a probabilistic error assessment of a given position can be achieved. Erroneous measures that could lead to abnormal position errors can be detected and removed.
By adding vehicle motion and rotation data, the positioning engine PATHFINDER FUSION is able to to continuously compute the vehicles position, allowing the ADAS to engage an automated driving function in the case of high integrity along with given position. This approach is is valid for non-safety critical driving functions as well as for ADAS validation.


Protection level computation

For safety critical driving functions of ADAS L3+, the position accuracy is required to be even more secure than the standard deviation measure by means of a data category able to derive position integrity at a higher level of reliability. Arising from the principles in aviation, the protection level definition is the “estimated upper bound of error between true position and the position estimate corresponding to an acceptable false alert probability", generated by PATHFINDER. 

The protection level is defined as the upper bound of the positioning error.

The application rejects measurements whose protection level exceeds its alert limit .

Upper bound tends to get large, especially in urban areas.

NAVENTIK has employed a significant R&D effort into the development of the principles for the computation of the protection level. The key to derive a protection level is the deep understanding and statistic approximation of the true position and the position estimate: 

The protection level will be computed based on the well-known error models of GNSS signals, the integration of certified and modern augmentation correction Services, the error models from specific IMU and the visual odometry input along with the motion models of vehicle. The underlying statistical principles are part of the main IP of NAVENTIK.

NAVENTIK has successfully developed all preconditions for the protection level computation. Based on the implemented development processes, the certification will be the next step. PATHFINDER software components will be qualified as a Safety Element out of Context for safety level ASIL-B according to ISO 26262. Furthermore, we are committed to the full qualification of a real time protection level for safety-of-live applications according ISO21448 (SOTIF).

Achieving that, PATHFINDER will be a disruptive product on the GNSS positioning market with the potential to permanently substitute GNSS chipsets as well as RTK / INS solutions for the upcoming ADAS L3+ and the validation of these system. Wow!

PATHFINDER Integrity Chain

Towards the Key Requirement: Position Integrity

Safety Lifecycle. In order to implement a security concept for GNSS position data, the entire processing chain from the GNSS ground segment via satellites in space to the final position in a digital environmental model must be covered. This includes the explicit modeling and mitigation of all known sources of error. Some of the influences are related to signal propagation disturbances, others to errors inherent in the system. Most of them can be monitored by external service providers and integrity information must be evaluated in real time in the receiver. Our integrity goals regarding a safety-compliant are defined as follows:

(1) Error bounds and statistics must be valid to allow use in a safety critical context.
(2) Accuracy and precision shall be as high as possible, without compromising (1).

Based on the principe "The position is within the described distribution model if the model is correct." PATHFINDER takes the following elements into account to maintain the integrity of the calculated position solution:

  1. Antenna & baseband data - As the key input to PATHFINDER GNSS is the antenna data, a reliable and secure radio frontend is required. To achieve the highest integrity possible, it must validate both, the data integrity of the transferred data as well as the data itself. Depending on the choice of the front-end tunable filters allow narrowing the bandwidth to help counter continuous wave jamming signals at the cost of less accurate measurements (but are of limited use against chirp signals). Jamming may cause loss of signals, which is safety-wise okay, or degrade tracking performance which must be detected and propagated. Spoofing currently out of scope, but plausibility checking of signals by additional monitoring of carrier-to-noise-density ratios, clock jumps and the cross validation of signals from different satellites and other inputs can detect some forms of spoofing as well. Also modern GNSS signals with anti-spoofing filters are on the rise.
  2. GNSS signal tracking producing raw observables - Given the careful signal tracking design, the maximal error bounds must be clear as this will ultimately lead to position errors. Within the signal tracking, our researched probabilistic models for the live estimation of multipath impact is integrated to specifically enhance reliability in urban environments. Advanced tracking like vector-tracking and navigation feedback aiding allows to increase tracking sensitivity, especially under challenging conditions and dynamics. At the current stage of PATHFINDER development NLOS is left as major uncertainty.
  3. Position computation is based on the calculation of the geometric distance between the antenna and the satellite by estimating errors that contribute to pseudo- and phase-range observations. The sources of error shown in the following figure cause inaccuracies in the position calculation. These error sources require accurate integrity monitoring, i.e. correction data must also be reliable and have a measure of trust, otherwise they interrupt the integrity chain. PATHFINDER GNSS implements an advanced multipath detection for modeling local disturbances. It generates the corresponding error budget as probability density when the system is exposed to signal interference. Our software receiver notifies you when multipath occurs, how much influence it has and what this means for the accuracy and integrity of the vehicle state estimation. With a fusion of vehicle motion data coming from an ASIL IMU into PATHFINDER FUSION, a position with high integrity can be provided even in case of GNSS outages. 

For a deeper dive into our positioning technology please check our FAQ section.

In short, PATHFINDER integrates all safety-relevant aspects of vehicle localization. All steps of signal processing are carefully reviewed so as not to lose or falsify any information relevant for the estimating a valid error budget. The PATHFINDER modules will be interfaced by an API tailored to your needs and requirements. As we aim to implement on your ECU or ADAS processor, we carefully develop according to automotive standards and will also comply with ISO 26262.

Current release of PATHFINDER GNSS & PATHFINDER FUSION available under R&D License
(Software libraries for integration on your ADAS platform or delivered on NVIDIA® Jetson AGX™)


Am Walkgraben 13
09119 Chemnitz

   +49 371 337 1370


We are curious to hear how you use PATHFINDER and what you are experiencing. Send your ideas and suggestions!