Modern navigation systems frequently use a global navigation satellite system (GNSS) for position determination. However, the recent proliferation of Wi-Fi access points in wireless local area networks (WLANs) has made it possible for navigation systems to use these access points for position determination, especially in areas where there is a large concentration of active Wi-Fi access points (e.g., urban cores, shopping centers, office buildings, and so on). Indeed, WLAN positioning systems can be advantageous over GNSS in certain environments because of GNSS signal coverage limitations. For example, while GNSS signals may not be readily detectable inside structures such as shopping malls and office buildings (e.g., due to signal attenuation and/or multipath effects), wireless signals generated by Wi-Fi access points located within such structures are typically detectable by each other and by Wi-Fi enabled mobile devices within range of such access points.
For WLAN positioning systems, the locations of the Wi-Fi access points (APs) are used as reference points from which well-known trilateration techniques can determine the location of a mobile device (e.g., a Wi-Fi-enabled cell phone, laptop, or tablet computer). More specifically, the mobile device can use the received signal strength indicators (RSSI) associated with a number of visible APs as indications of the distances between the mobile device and each of the detected APs, where a stronger RSSI means that the mobile device is closer to the AP and a weaker RSSI means that the mobile device is further from the AP. The mobile device can also use the round trip time (RTT) of signals transmitted to and from the APs to estimate the distances between the mobile device and the APs. Once these distances are estimated, the location of the mobile device relative to the APs can be determined using trilateration techniques.
Whether using RSSI or RTT techniques to determine the distances between the mobile device and the visible Wi-Fi access points, the precise geographic location (e.g., latitude and longitude) of at least three such APs needs to be known to establish the absolute location of the mobile device. Once the location coordinates of 3 visible APs are known to the mobile device, positioning software operating on the mobile device can use the estimated distances between itself and each of the 3 access points (e.g., calculated using ranging operations involving RTT and/or RSSI techniques) to calculate the location coordinates of itself using trilateration techniques.
More recently, increasing numbers of mobile devices (e.g., smart-phones and tablet computers) are capable of implementing various location-based services. This trend has led to the evolution of hybrid location services (HLS) in which APs associated with a WLAN determines the location of a mobile device and then the WLAN coordinates the delivery of information (e.g., maps, location-based advertisements and coupons, and so on) to the mobile device based upon the location of the mobile device. Typically, HLS-enabled WLAN systems are controlled by a central server that can instruct one or more APs associated with the WLAN to determine the location of a mobile device that is within range of the WLAN. To effectively facilitate such location-based services on the mobile device, it is important that the WLAN system can determine the location of the mobile device with a high level of accuracy, which as mentioned above typically involves determining the distances between the mobile device and at least 3 APs having known location coordinates. Unfortunately, the accuracy of current HLS-enabled WLAN systems may be degraded when the mobile device is not responsive to request (REQ) packets or NULL frames sent by one or more of such APs. The non-responsiveness of the mobile device typically results from the mobile device being in a power save mode, the mobile device operating in a different radio band than the APs, and/or the mobile device operating in an Independent Basic Service Set (IBSS) mode (e.g., in an ad-hoc or peer-to-peer 802.11 wireless configuration mode).
More specifically, for conventional HLS-enabled WLAN systems to determine the location of a mobile device using RF ranging operations (e.g., RTT techniques), at least a first AP associated with the WLAN system should have a wireless connection to the mobile device. Thereafter, the first AP can determine the distance between itself and the mobile device using RF ranging operations (e.g., by calculating the RTT of a NULL or REQ frame sent by the first AP to the mobile device and of the acknowledgment (ACK) frame sent from the mobile device back to the first AP). However, if the WLAN's central server instructs a second AP associated with the WLAN system to determine the distance between itself and the mobile device, and the second AP does not have a connection established with the mobile device, then the second AP may spoof the MAC address of the first AP and thereafter send a spoofed NULL frame to the mobile device. Because the NULL frame appears to have been sent by the first AP (with which the mobile device has an established connection), the mobile device responds to the spoofed NULL frame by sending an ACK frame. Then, the second AP can use the difference in time between transmission of the NULL frame and receipt of the ACK frame to calculate the distance between itself and the mobile device.
Unfortunately, there are several problems with the WLAN central server instructing the second AP (or any AP that does not have a wireless connection established with the mobile device) to determine the location of the mobile device. First, if the mobile device is in a power-save mode, then the spoofing technique does not work because the mobile device will not receive the spoofed NULL frame, and therefore will not respond to the second AP's spoofed NULL frame with the ACK frame. Second, if the mobile device is off-channel when the second AP sends the spoofed NULL frame, then the mobile device may not receive the spoofed NULL frame from AP2. Third, if the mobile device is operating in an IBSS (ad-hoc) mode, and is thus not connected to the WLAN, the mobile device will not respond to the NULL frame.
Thus, there is a need for an HLS-enabled WLAN system to determine the location of a mobile device when the mobile device is in a power save mode, when the mobile device is operating in a different radio band than the APs, and/or when the mobile device is operating in an ad-hoc or peer-to-peer mode.