Smart Card Draft Specification

Guidance for the Installation and Use of Chip Cards on Air Transport Aircraft

Prepared by
Smart Card Working Group
Technical Committee
World Airline Entertainment Association

Any additions, corrections or other constructive comments are welcome. Please submit them to: Peter Lemme peter@askcorp.com, fax +1 425 739 9488, voice +1 425 739 9951

Version 0.999

19 January 1999

1. Introduction *

2. Related Documents *
2.1 ISO 7810 Identification cards - Physical characteristics *
2.2 ISO 7811 Identification cards - recording techniques *
2.2.1 Part 1 Embossing *
2.2.2 Part 2 Magnetic stripe *
2.2.3 Part 3 Location of embossed characters on ID -1 cards. *
2.2.4 Part 4 Location of magnetic read only tracks - tracks 1 and 2 *
2.2.5 Part 5 Location of read - write magnetic track - track 3 *
2.3 ISO 7812 Identification cards numbering system and registration procedure for issuer identifiers *
2.4 ISO 7813 Identification cards - Financial transaction cards *
2.5 ISO 7816 Design and use of identification cards having integrated circuits with contacts *
2.5.1 Part 1 Physical characteristics *
2.5.2 Part 2 - Contact Locations and Minimum Size *
2.5.3 Part 3 - Electronic signals and transmission protocols. *
2.5.4 Part 4 - Inter-industry commands for interchange *
2.5.5 Part 8: Security (draft) *
2.5.6 Part 10: Synchronous memory cards (draft) *
2.6 EMV 3.1.1 *
2.7 IATA Resolution 791 *
2.8 Issuing Bank Implementation Specifications *
2.9 ETSI GSM 11.11 - SIM Card Specification *
2.10 ETSI GSM 11.14 - SIM Application Toolkit *

3. Airborne Applications *
3.1 Chip Card Applications *
3.2 Cabin Services Applications *

4 Concept of Operation *
4.1 During the security check process *
4.2 During check-in *
4.3 As a boarding card *
4.4 During flight *
4.4.1 For passenger identification *
4.4.2 Loyalty points *
4.5 Payment variations *
4.5.1 As a credit card *
4.5.2 As a debit card *
4.5.3 As a purse card *
4.6 Payment Uses *
4.6.1 In - Flight Entertainment *
4.6.2 Telephony *
4.6.2.1 Outgoing calls *
4.6.2.2 Registration and Incoming Calls *
4.6.3 Direct and Electronic Commerce *
4.7 Automated Teller Machine *

5. Chip Cards *
5.1 Chip Card Types *

6. Chip Card Accepting Device *
6.1 Chip Card Connectors and the Proposed Card Accepting Device *
6.2 Contact Connectors and Contactless Connectors *
6.2.1 Contact connectors *
6.2.2 Contactless connectors *
6.2.3 "Pass-Through" and "Microprocessor Controlled" Connectors *
6.3 Functional Profile of the Card Accepting Device *
6.3.1 SUPPORTS BOTH TYPES OF CHIP CARDS *
6.3.2 SUPPORTS BOTH T=0 AND T=1 PROTOCOLS *
6.3.3 RESPONSIBLE FOR ELECTRICAL INTERFACE *
6.3.4 Additional functionality *
6.4 Possible Locations for the Card Accepting Device *
6.4.1 IN THE PERSONAL MONITOR *
6.4.2 In the Personal Handset or Handset Cradle *
6.4.3 In the Arm Rest *
6.4.4 In the Seat Back *

7. Airborne Architecture *
7.1 Generic Airborne System Architecture *
7.2 Components Functionality *
7.2.1 Background System *
7.2.2 Networks *
7.2.3 BSS *
7.2.4 CTU *
7.2.5 SAM *
7.2.6 SEB *
7.2.7 Chip Card Accepting Device *

8. Interfaces and Protocols *
8.1 Card-Accepting Device Communications *
8.2 Card- Accepting Device *
8.3 Card-SAM *
8.3.1 Networking Physical Link *
8.3.2 NETWORK ADDRESSING TO SMART CARD ACCEPTING DEVICES *
8.4 SAM-SEB *
8.5 SAM-Seat Display (Handset/Video screen) *
8.6 SAM-BSS *
8.7 SEB-File Server *
8.8 File Server-BSS *

9 Security *
9.1 SECURITY ARCHITECTURE *
9.1.1 Secure Communication Required *
9.1.2 Data Secure, yet Transparent to Card Accepting Device *
9.2 Card Appication Authentication by the Server *
9.2.1 Performing Authentication *
9.3 SECURITY OF SOFTWARE DOWNLOAD *

10. Maintenance *

11. Software Data Loading *
11.1 PROPOSED SOFTWARE DOWNLOAD DESIGN *

12. Acronyms *

13. Smart Card Working Group Participants *

This document provides tutorial and guidance material related to the installation and utilization of Chip Cards onboard Air Transport Aircraft. This technology may support the following applications:

• Customer Tracking
• In-Flight Entertainment
• On-Board Services
• Frequent Flier/Loyalty Programs
• Shopping
• Electronic Commerce
• Telephony

The Concept of Operation describes the use of a Chip Card for payment for any of the above applications, for each of the candidate architectures

Chip Cards may incorporate microprocessor technology that may host multiple applications. Chip Card Accepting Devices are used to interface the Chip Card with onboard networks and applications.

Candidate architectures include the following:

• Fixed
• Mobile
• Telephone
• IFE
• Operational/Administrative Station
• Stand Alone Seat Back

Each element of a particular architecture interfaces with other devices to enable some form of data communications. Each interface may utilize a unique protocol.

Security is necessary to authenticate the terminal, the card's applications, exchanged data, and user identification.

Maintenance of the Chip Card Accepting Device is necessary to provide a reliable service. Software loading the Chip Card Accepting Device may be necessary to upgrade the system.

Attached to this document is a discussion paper describing a chip card architecture for integrated retail systems. This paper closely parallels the approach described herein for aeronautical installations and is included in it's entirety.

2.1 ISO 7810 Identification cards - Physical characteristics

This standard specifies the physical characteristics of identification cards including card material, construction, characteristics and nominal dimensions for three sizes of cards (ID -1, ID -2 and ID -3). It is the ID -1 card that forms the basis of ISO 7816 -1.

2.2 ISO 7811 Identification cards - recording techniques

This standard is in five parts and covers the specification of the magnetic stripe and the card embossing.

2.2.1 Part 1 Embossing

This part specifies the requirements for embossed characters on identification cards for the transfer of data by imprinters or by visual or machine reading.

2.2.2 Part 2 Magnetic stripe

This part specifies characteristics for a magnetic stripe, the encoding technique and the coded character sets which are intended for machine reading.

2.2.3 Part 3 Location of embossed characters on ID -1 cards.

This standard specifies the location of embossed characters on an ID -1 card for which two areas are assigned. Area 1 is for the number identifying both the card issuer and the cardholder. Area 2 is provided for the cardholder identification data such as name and address.

2.2.4 Part 4 Location of magnetic read only tracks - tracks 1 and 2

This standard specifies the location of the magnetic material, them location of the encoded data tracks and the beginning and end of the encoding.

2.2.5 Part 5 Location of read - write magnetic track - track 3

This standard has the same scope as part 4 except that it defines the read - write track 3.

2.3 ISO 7812 Identification cards numbering system and registration procedure for issuer identifiers

This standard relates to the card identification number or PAN (Primary Account Number) which consists of three parts, the issuer identifier number (IIN), the individual account identifier and the check digit.

2.4 ISO 7813 Identification cards - Financial transaction cards

This standard defines the requirements for cards to be used in financial transactions. It specifies the physical characteristics, layout, recording techniques, numbering system and registration procedures. It is defined by reference to ISO 7810, ISO 7811 and ISO 7812. In particular the standard defines more precisely the physical dimensions of the card as follows:

• Width 85.47mm - 85.72mm
• Height 53.92mm - 54.03mm
• Thickness 0.76mm + 0.08mm

The thickness of the card is particularly important for Chip Card Accepting Devices because of the mechanical construction of the card connector mechanism.

2.5 ISO 7816 Design and use of identification cards having integrated circuits with contacts

This standard in its many parts is probably the most important specification for the lower layers of the chip card. The first three parts in particular are well established and allow total physical and electrical interoperability as well as defining the communication protocol between the chip card and the CAD (Card Accepting Device).

2.5.1 Part 1 Physical characteristics

The physical dimensions of the chip card are defined as that specified in ISO 7813. It should be noted that the thickness dimension does not include any allowance for embossing. More particularly the slot for a card may include an extra indentation for the embossed area of the card. In effect it acts as a polarization key and may be used to aid the correct insertion orientation of the card. This is an additional characteristic to the magnetic field sensor which operates off the magnetic stripe and is used to open a mechanical gate on devices such as ATMs.

The Part 1 standard also defines additional characteristics that should be met in the manufacturer of an chip card. These characteristics fall into the following categories:

• Ultra violet light
• X-rays
• Surface profile of contacts
• Mechanical strength (of cards and contacts)
• Electrical resistance (of contacts)
• Electromagnetic interference (between magnetic stripe and integrated circuit)
• Electromagnetic field
• Static electricity
• Heat dissipation

The three most widely used tests applied by fabricators are specified in the annex to the standard:

• A1 Bending properties
• A2 Torsion properties
• A3 Static electricity

2.5.2 Part 2 - Contact Locations and Minimum Size

Early applications of Chip Cards emanated in France where the Transac magnetic stripes were more central on the card than that eventually defined by ISO 7811. Unfortunately the French chip position overlaps the ISO magnetic stripe definition. As a result it was eventually agreed that after a transitional period (to the end of 1990) the position for the chip card connector would be much closer to the longitudinal axis of the card. It is now widely agreed that the chip card connector should be on the front of the card. For this purpose the back is defined to be the side with the magnetic stripe. The embossing is defined to be on the front of the card and therefore on the same side as the chip card connector.

2.5.3 Part 3 - Electronic signals and transmission protocols.

The electronic properties and transmission characteristics of the chip card are fundamental to interoperability. The principal subjects to be considered are as follows:

• Electrical characteristics
• Character transmission
• Answer to reset (ATR)
• T=0 transmission protocol
• T=1 transmission protocol
• Protocol type selection (PTS)

2.5.4 Part 4 - Inter-industry commands for interchange

2.5.5 Part 8: Security (draft)

2.5.6 Part 10: Synchronous memory cards (draft)

2.6 EMV 3.1.1

The EMV Specification represents the completion of the planned functionality for a global payments framework for the use of chip cards in financial transactions. The EMV specification is based upon a common set of technical specifications derived from standards set by the International Organization for Standardization (ISO) for integrated circuit cards and related devices for the payment and banking industries.

Major bank card issuer’s Visa, MasterCard and Europay combined and formed EMV, working jointly to develop industry-wide chip card specifications to ensure that all chips would harmoniously work with other EMV complying chip-reading terminals regardless of location, financial institution, or manufacture.

The most recent version of the EMV specification was published in May, 1998, with the Version number of 3.1.1.

2.7 IATA Resolution 791

The International Air Transport Association (IATA) has issued Resolution 791, "Specifications for Airline Industry Integrated Circuit Card (ICC)". This Resolution provides for the common use of a Chip Card in the Airline Industry to support Interline Electronic Ticketing. This Resolution also provides for proprietary use of the Chip Card for individual airline specific applications. For Interline Electronic Ticket, IATA defines three possible scenarios for Chip Card issuance:

• By a non-airline third party, e.g., a financial institution, credit card company, etc.
• By a co-branding non-airline third party and an Airline
• By an Airline

Resolution 791 conforms to the EMV Chip Card Specification for Payment Systems, ISO/IEC 7810 and 7816, Parts 1 through 6. Manufacturers who wish to supply Chip Cards, Card Accepting Devices and supporting applications to the airline industry must conform to this Resolution to ensure inter-operability. Airline applications must access the airline common data in Chip Cards using the command sets defined in this Resolution.

2.8 Issuing Bank Implementation Specifications

Common Electronic Purse Standards (CEPS) have not been published; these are expected by mid 1999. However, it is expected that the chip-card-to-accepting-device interface will be based on the European Committee for Banking Standards (ECBS) European Electronic Purse (EEP) specification (which can be downloaded from www.ecbs.org).

Mondex standards are subject to a license agreement.

Standards for the use of credit and debit applications, are built up uniquely from EMV standards.

There may be some commonality between some electronic purse standards allowing a single accepting device to work with multiple purses. However, some purses, and most likely all credit and debit applications will require compliance to the specific issuing bank requirements. Included in these requirements may be the utilization of a unique Secure Access Module (SAM) for each specific application.

2.9 ETSI GSM 11.11 - SIM Card Specification

European Telecommunication Standard GSM 11.11 defines the interface between the Subscriber Identity Module (SIM) and the Mobile Equipment (ME) for use during the network operation phase of GSM Phase 2, as well as those aspects of the internal organization of the SIM which are related to the network operation phase. This is to ensure interoperability between a SIM and an ME independently of the respective manufacturers and operators. This standard defines:

• The requirements for the physical characteristics of the SIM, the electrical signals and the transmission protocols
• the model which shall be used as a basis for the design of the logical structure of the SIM
• the security features
• the interface functions
• the commands
• the contents of the files required for the GSM application
• the application protocol

2.10 ETSI GSM 11.14 - SIM Application Toolkit

This Global System for Mobile communications Technical Specification defines the interface between the SIM and ME, and mandatory ME procedures, specifically for "SIM Application Toolkit". This technical specification defines the commands, the application protocol and the mandatory requirements on the SIM and ME for each procedure.

The following mechanisms have been defined:

• Profile download. A mechanism for the ME to tell the SIM what it is capable of.
• Proactive SIM. A mechanism whereby the SIM can initiate actions to be taken by the ME including:
  • Display of text from the SIM to the ME
  • send a short message
  • set up a voice call to a number held by the SIM
  • set up a data call to a number and bearer capabilities held by the SIM
  • play a tone in the ear-piece
  • initiate a dialogue with the user
• Data download to the SIM
• Menu selection.
• Call control by the SIM
• Short message control by the SIM
• Security

3.1 Chip Card Applications

The table below summarizes the card applications for each card type:

Due to their lack of processing capabilities, the use of memory cards is limited to applications that do not require a high degree of security and privacy. Microprocessor cards support applications where authentication and encryption are required. Hardware platform differences between the memory and microprocessor cards have an even deeper impact on airborne system implementation when one considers the communication between the Chip Card and the Chip Card Accepting Device.

It is important to keep in mind that microprocessor cards could support multiple applications on the same platform.

Subscriber Identity Module (SIM) application, used with GSM (Global System for Mobile Communications) compliant networks differ in it's use from payment applications in one important aspect: it must be accessible to the system throughout the duration of the telephone call.

Debit or credit payment applications are similar in use to the magnetic strip debit or credit cards, but the card must be present at the end of the transaction, and possibly at the beginning if the payment method needs to be authorized.

3.2 Cabin Services Applications

Cabin systems (telephony and IFE, stand-alone or integrated) provide passengers with a set of services that will expand by the use of Chip Cards. Following is an overview of these services:

One of the possibilities being tried is using a Chip Card as the passenger's companion through check-in, boarding and all kinds of on-board processing. The possible in-lounge and on-board uses of the Chip Card will allow the passenger to benefit from a range of new and exciting services that until now could only be imagined.

It is probable that the first group of passengers to be issued with such a card would be Frequent Flyer club members. Each of these passengers already holds a personal magnetic stripe card; it should be relatively easy to replace it with a new personal Chip Card. Since the card has non-volatile memory, it can hold the passenger's personal information along with various details of the present and previous flights.

The handset could be used for phone services requiring a Chip Card such as a GSM phone. By inserting the GSM Chip Card into this handset, the handset will imitate the passenger's own GSM phone. This may include access to the personal telephone directories stored on their SIM card. Airlines generally prohibit the use of cellular phones while on-board, so the passenger may have no other means to retrieve the stored telephone numbers.

Some of these services are currently supported via magnetic strip credit cards (CC) or cash. The matrix below indicates how the use of Chip Cards will apply to cabin services:

The card can be used during the various phases of the passenger's flight. The Chip Card can make operation more efficient and personalized. It also simplifies selection of many value-added services and is anticipated to incrementally increase resultant revenues.

4.1 During the security check process

The Chip Card can be used to identify the passenger and provide information such as security clearances. The card's memory can even hold biometrics of the card-holder.

4.2 During check-in

The Chip Card can be coupled to a Card Accepting Device, and check-in can be conducted-at least partially-by a computer interface with the passenger. The Chip Card identifies the passenger and preferences such as food, drink, newspaper, magazine, etc... A dialog between the card and a check-in server would be conducted in order to meet the customer's needs and preferences as closely as possible.

4.3 As a boarding card

For identifying the passenger and informing a central computer that the passenger has boarded the airplane. In addition, it can manage and update the passenger's account of frequent flyer credits.

4.4 During flight

During the flight, the card may be used for payment, for passenger identification, or for loyalty point credits.

4.4.1 For passenger identification

The passenger may insert his card once seated to customize the IFE system to their preferences (ex, "Welcome John Smith. Here's your most-frequently visited entertainment sites…") and to alert the cabin crew (e.g., "Gold flight club member Jane Brown is seated at 1D. She prefers sparkling water after pre-flight boarding…").

4.4.2 Loyalty points

It could also be used to credit loyalty points when using desired services, such as "insert your frequent flyer card now to receive instant points for ordering flowers". Loyalty points may also be used as a payment currency, if desired.

4.5 Payment variations

Credit card authorization cannot currently be done on board with magnetic stripe cards. Authorization requires additional air-ground communications which can be costly and slow the time to complete the transaction. Without authorization, the transaction limit granted by the bank is usually much lower. Electronic purses transactions can be authorized locally.

4.5.1 As a credit card

When payment is requested, the passenger inserts their chip card into the reader. The reader may simply access the same information that is normally stored on a card magnetic strip and proceed, or it may also request a PIN code be entered in place of signature verification. In that case, the passenger enters their PIN code into a keypad for cardholder verification by the chip card itself. The SAM (Security Access Module) provides off-line chip card application authentication. The system may elect to do off-line credit authorization by referencing additional information on the card, such as credit limit on the card, payment history, etc. The card is removed after the transaction is completed.

4.5.2 As a debit card

This is essentially the same as the credit card, except that the PIN code is expected to be required rather than optional. While cardholder verification is provided, off-line account authorization is not likely since the current account balance may not be maintained on the card.

4.5.3 As a purse card

In this case, the card actually holds the money, so this offers the full advantages of off-line use. To the passenger, they would insert it and enter their PIN for cardholder verification. The system may respond with the before and after card balances.

The airline may wish to offer the ability to pay for services with cash or with loyalty points, in which case the card "currency" would be loyalty points.

The balance loaded into the Chip Card can be done by several means:

• By the passenger using the bank ATM or at home via the internet (with a special equipment).
• By an IFE system after winning a gamble/game or exchanging real money for airline points.
• By various applications using a Chip Card. It can be the airline card or a different one.
• By the airline as miles the passenger is entitled to for each flight
• By the airline’s partnership companies (e.g. car rental agencies, hotels, retailers)

The merchant (in this case the airline) will accept the electronic currency and supply the goods. The Chip Card will be ideal for those low cost products such as paying for headsets, movies or alcohol.

The passenger may be able to use their Chip Card not only on board but also on the ground wherever a partnership with the airline is defined. The link between all these service providers should be much more direct.

4.6 Payment Uses

The card may be used to pay for the following in-flight services:

4.6.1 In - Flight Entertainment

Among the entertainment services for which the airline may wish to charge include movie channels, on-demand films, video games, and gambling. It is also possible that gambling winnings are transferred back to the user using an electronic purse.

The card may also be used to store IFE preferences, game high scores, etc. Refer to 5.4.1.

4.6.2 Telephony

Telephony is currently available on most airplanes. This system has evolved over the years and today the installations can be grouped into three types:

A few telephones installed throughout the airplane. The passenger who wishes to place a phone call must go to one of the available handsets, typically mounted on a wall. In some cases, these handsets may be cordless.
One telephone for every seat row, letting the passenger place the phone call from their seat. The phone is shared between the passengers in the seat row.
A telephone for every seat. Each passenger has a phone dedicated to them.

4.6.2.1 Outgoing calls

When using a Chip Card to pay for telephone calls, the Debit and Electronic Purse methods present new problems because the transaction must (for purse) and may be (for debit) conducted solely on the aircraft. Hence the on-board telephony system needs to be aware of the rate to charge for calls, including all the promotions, fees, exact billing methods. Changes in these rates must be communicated quickly. But this also gives the opportunity to display to the user the current cost of the call (or possibly the remaining purse card balance).

For purse billing, the card must remain in the reader for the duration of the call since the card must be debited the correct amount for each period/event. If the card is removed, the call would be terminated at the end of the last period paid for. If the card has been depleted, the user may be offered the option of inserting another card before his time expires.

For on-board debit use, the total cost of the call may be recorded against the debit card at the end of the call, but a preliminary balance check may also be required. Hence, it is expected that debit card authentication and transactions will be conducted by the telephone service provider on the ground similar to what they currently perform for credit cards.

4.6.2.2 Registration and Incoming Calls

It is possible for a passenger to register for incoming calls. A Chip Card can provide for automated passenger registration for ground to air calling by the passenger inserting their card. However, the ground calling party must know which air-ground telephone system to call and may also need the registration number of the desired party.

The use of a SIM card (Subscriber Identity Module) provides a seamless means for a passenger to personalize an airborne telephone for both making and receiving phone calls. The passenger inserts the SIM card, provides a PIN, and this then automatically triggers registration following normal GSM procedures. Having completed registration, the passenger may then place calls, with the billing provided by their preferred GSM provider. In addition, a ground party can call the passenger using the passengers international GSM phone number. Thus the calling party follows the same procedures to reach the passenger while airborne that is used to reach the passenger when using their land mobile GSM cellular telephone.

To maintain registration, the SIM card may need to remain in the card accepting device. This creates some issues, such as needing at least one card accepting device per passenger, and increases the likelihood that the SIM card will be forgotten when the passenger leaves the aircraft. GSM operation requires access to the SIM periodically to maintain registration. Re-registering hundreds of SIM roamers can consume a large percentage of available bandwidth.

4.6.3 Direct and Electronic Commerce

A chip card may be used to pay for duty free items directly to a crew member. The crew could have a portable card reader, similar to the credit card devices some currently use, that would accept and store the Chip Card transactions. Some method of transferring those transactions to the processing system would need to be in place, either to the IFE system for grouping with other on-line transactions, or to a "cash box" Chip Card (electronic wallet) that stores them and is transferred in the way cash is handled today.

Payment can be also made through the IFE system for any number of products or services, including hotel, air, car reservations, flower or book orders or any method of on-line shopping, or simple transactions for liquor, headsets, etc.

4.7 Automated Teller Machine

The Chip Card may also be accepted by on-board ATMs, for converting or receiving cash.

5.1 Chip Card Types

For the purpose of this discussion Chip Cards will be classified by card contact type and micro processor capabilities.

The table below classifies Chip Cards by their contact type:

Contactless cards use carrier frequencies between 3 and 5 MHz , for close coupling, and as high as 13.56 MHz for remote coupling. ATA/IATA Resolution 791 recommends for online applications, such as IET, the use of 7816 cards. The 10536 cards may be used, subject to airline member's agreement.

Hybrid cards, also known as "combi" or "dual interface cards", exist and their use is not prohibited. These cards may communicate with a contact Card Accepting Device as well as with a contactless Card Accepting Device.

Contactless cards present the obvious advantage of an expedient access to the Card Accepting Device, when compared to the contact cards. However, because of their use of RF coupling, it is not expected that they will be used on board aircraft.

The table below classifies Chip Cards by their micro processor capabilities:

6.1 Chip Card Connectors and the Proposed Card Accepting Device

A Chip Card is totally different from a regular magnetic stripe card. Many Chip Cards contain a microprocessor that is capable of carrying out instructions sent by an external computer. This requires ongoing communication between that computer and the card.

The architecture of communication between a computer and a Chip Card involves two issues: (1) the physical connection over which the data is sent between the card and the computer, and (2) the logical processing involved in managing the transport layer of communication. The following two subsections deal in brief with these issues and explain why the Smart Card Accepting Device is being proposed.

6.2 Contact Connectors and Contactless Connectors

Communication with a Chip Card takes place via a special connector. There are two basic types of Chip Card connectors, each requiring it's own type of Chip Card:

6.2.1 Contact connectors

This is a mechanical device holding 8 to 16 contacts enabling it to "touch" the external surface of the Chip Card's chip. Contacts should be high-grade with a combination of landing and sliding action for optimum contact quality with minimum contact pad wear and risk of damage.

6.2.2 Contactless connectors

Unlike the previous type, this connector has no contacts. It uses an antenna to transmit and receive data to and from the card via RF (Radio Frequency).

There are possible risks associated with contactless connectors. The RF transmissions used with contactless connectors on board may influence the electromagnetic environment, especially during take off and landing. Data transfer by RF transmission may be less reliable and storage may be less secure.

It is possible that airline systems will incorporate both contactless and contact types of connectors. If so, a special kind of Chip Card will have to be used as well. This card, called a combination card or Combi Card, will have the ability to be used with both types of connectors by having contact points as well as an RF antenna. It should be noted that a combination card interfaces with a contact card acceptance device in the same manner as a contact card.

6.2.3 "Pass-Through" and "Microprocessor Controlled" Connectors

From the point of view of logical processing in handling the communication between a computer and a Chip Card, there is only one kind of Chip Card connector to date. This is a "pass-through" connector that supplies only the physical contacts to the Chip Card (per 7816 part 3), while all the logical implementation is done by the application running on the master processor. This situation greatly burdens the application, as it has to deal with additional problems of real-time processing. The application is also required to manage the ISO 7816 Chip Card communication protocol, which is particularly cumbersome for the T=1 variety. All this is in addition to the already complex application-level functionality. An overriding consideration is that this form of card reader may not be useful in the aircraft environment, as the driving distance of the card signals should not exceed a few cm.

The desire to free the application from this burden motivated the proposal to turn the "pass-through" connector-essentially by addition of a microprocessor. This microprocessor controlled connector, named the "Chip Card Accepting Device", is responsible for the low-level Chip Card communication defined by ISO 7816, and at the same time interfaces at a higher level with the application API.

Figure 1 shows a Chip Card Accepting Device that incorporates a contact connector.

Figure 1: Card Accepting Device Incorporating a Contact Connector

6.3 Functional Profile of the Card Accepting Device

6.3.1 SUPPORTS BOTH TYPES OF CHIP CARDS

The proposed Card Accepting Device includes a microprocessor programmed with software capable of supporting microprocessor cards-as well as memory cards/synchronous cards.

6.3.2 SUPPORTS BOTH T=0 AND T=1 PROTOCOLS

The Card Accepting Device will support both of the ISO 7816 low level communication protocols: T=0 and T=1.

6.3.3 RESPONSIBLE FOR ELECTRICAL INTERFACE

The Card Accepting Device will deal with all the electrical issues concerning the Chip Card, such as VCC and CLK supply or VCC cut off upon card removal according to 7816 part 2 and part 3.

6.3.4 Additional functionality

Card Accepting Devices incorporating a microprocessor (either within the protocol conversion chip or externally) will be able to perform additional services such as character repetition and synchronous memory card handling.

Although these functions could be provided by another microprocessor (e.g. that in the handset), there are probably sufficient advantages in separating the functionality to outweigh the extra cost.

6.4 Possible Locations for the Card Accepting Device

The exact location of the Card Accepting Device will be determined by the hardware vendor along with the airline. There are at least three possible locations for placing the Card Accepting Device in the immediate vicinity of the seated passenger, outlined in the subsections that follow.

6.4.1 IN THE PERSONAL MONITOR

There are a few reasons to prefer this choice:

• The monitor is already wired to a source of power (VCC) to support the display of Video and Audio that can be used to power the Card Accepting Device.
• Size
• The monitor is large enough to accommodate the Card Accepting Device and is in a generally comfortable location.
• Psychology of the passenger:
• Installing the Card Accepting Device in the monitor makes sense to a passenger, as there is a logical connection between using the monitor to watch by inserting the Chip Card into it. As the monitor is highly visible, the passenger is also less likely to forget the card after landing.

6.4.2 In the Personal Handset or Handset Cradle

This location will allow passengers to use their Chip Card to obtain communication services along with the IFE services. Upgrading the wiring of the handset types currently in use, and integrating the Card Accepting Device inside, would enable exciting new uses of the handset.

6.4.3 In the Arm Rest

This will require modifying the passenger's seat and integrating the smart reader into it. Wiring would have to be done as well.

6.4.4 In the Seat Back

A variation of the Arm Rest installation.

7.Airborne Architecture

A generic architecture, equally applicable to stand-alone telephone systems and In-Flight Entertainment systems, is used to articulate the set of functions expected to be performed at various points in the system. Where appropriate, alternatives are presented and their merits discussed.

7.1 Generic Airborne System Architecture

For the purposes of this discussion, the airborne cabin system that supports the delivery of cabin telephony applications is named the Cabin Communications System (ARINC 746).

This section examines the factors specific to Chip Card support by cabin applications and introduces candidate aircraft architecture.

Cabin applications may use Chip Card data in one of two modes:

Chip Card applications are accessed via a Card Accepting Device. For some applications, an essential part of the Card Accepting Device is the Secure Access Module. This module is responsible for card application authentication, Chip Card application selection and the encryption/decryption of data exchange between the Card Accepting Device and the background systems or the server where the transactions log is stored. The SAM may be co-located with the Card Accepting Device contacts, or it may be located in a remote server. This is usually the case when one SAM serves multiple Card Accepting Devices.

The candidate aircraft architectures fall into two broad categories:

Figure 3 depicts a generic cabin architecture on which candidate architectures listed above could be identified.

Figure 3 - Generic Cabin Architecture

7.2 Components Functionality

7.2.1 Background System

This system is part of the card issuer’s infrastructure. It accomplishes two tasks:

Clearing - deals with all functions relating to incoming transactions data and with the banks, traders, card holders, the airline, etc. System monitoring for fraudulent activity is also part of clearing task.

Administration - deals with distribution of "black lists", key administration and distribution of software updates to terminals (see below).

7.2.2 Networks

Ground Network - This network links terminals to the background system in the on-line mode, if the cabin application requires it (SIM). For airborne applications operating in an off-line mode, the terminals will connect to the background system, with contact frequency subject to that system’s security requirements. The network serves exclusively as reliable pipe, and thus the underlying technology is not relevant. X.25 or TCP/IP (Internet) networks could be used. Note that the airline, or a telecommunications service provider serving the airline, will have to provide a gateway node that will facilitate the (wireless) access of the airborne equipment to the network.

CDS - With respect to Chip Card support, this network will provide message routing between the SAM and BSS, for on-line applications, and between SAM and the transactions log, for off-line applications. The transactions log may be stored in the CTU or in the stand-alone or IFE file server.

7.2.3 BSS

Provides the means for off-aircraft communications that the terminal or file server will use to close all Chip Card transactions with the background system. BSS is mandatory equipment for all aircraft equipped with telephony systems.

7.2.4 CTU

Provides routing capabilities for the messages exchanged between the SAM and the background system. For Iridium calls, CTU will also route the messages between the SIM and the Iridium BSS.

CTU may also store the transactions log, or it may just route messages to the file server.

7.2.5 SAM

The airborne SAM provides:

• Chip Card application authentication selection.
• Transaction data collection and encryption. For off-line transactions, this data will be routed to the transactions log.
• "Go/No go" decisions on each transaction, similar to the CC status. When stored value cards are used to purchase services that are billed based on time, the SAM will periodically decrease the value stored on card and provide a "No go" signal when current stored value becomes insufficient.
• Authentication of "black lists", encryption keys, and other software updates to terminals
• BITE information on itself

7.2.6 SEB

The SEB integrates the CAD with the telephony and/or IFE system (see candidate architecture). If Card Accepting Devices are the only seat equipment (candidate architecture, a SEB may still need to be provided. The following features are expected:

CDS User Interface: SAM may provide the user with a list of ICC applications, from which the user needs to select one, and it may prompt the user for a PIN, if the application requires it.

CDS access point for message routing between SAM and BSS or transaction log, or between SIM and Iridium BSS.

NOTE: SAM messages will be encrypted. The SEB may encapsulate these messages in a proprietary protocol for routing purposes only.

7.2.7 Chip Card Accepting Device

Chip Card interface to SAM for power, clock and data signals.

8. Interfaces and Protocols

8.1 Card-Accepting Device Communications

Memory cards use synchronous transmission (7816-3, -10). The application in the Card Accepting Device (terminal) must access the card’s memory directly, thus there is no layered protocol or logical addressing. There are no standards for memory allocation, error detection and correction or security procedures. Therefore, applications that need to communicate with a range of memory cards require several different implementations of the synchronous transmission protocol.

Data is exchanged serially, bit by bit, synchronous with clock pulses provided by the Card Accepting Device over a second set of contacts. Thus there is no start, stop or parity bits. Clock rate is rather slow (10 to 100 kHz) which, combined with the short distance between card and Card Accepting Device, is conducive to low bit error rate. In earlier implementations of memory cards (phone cards especially), there is also a third connection used for exchange of control signals.

Microprocessor cards use asynchronous transmission (7816-3). The table below lists the characteristics of the ICC-Card Accepting Device protocols recognized by the industry standards: