|
|
|
Reservation, check-in, or booking display for reserved space |
Travel system and methods utilizing multi-application airline passenger cards6910628
Abstract
A travel system and methods that encompass a plurality of airline service providers and multi-application airline passenger cards for the automated compilation, issuance, and utilization of the passenger cards for said plurality of airline services, including the implementation of flight-related application scenarios. The multi-application cards are realized by portable device technologies, such as, smart cards or pocket-sized computer devices, and have the ability to store and activate an airline ticket for travel purposes and other flight services; as well as a monetary value for electronic payment means. Biometrics identification of ticket-holders, as well as cryptographic certification of card data and travel-related information, can optionally be encoded onto the cards and can be verified, including validated, at various point-of-service locations upon presentation of the card for utilization.
Claims
1. A method for using an airline ticket for automated check-in with a particular airplane; the method comprising the steps of:
storing said airline ticket in a portable airline passenger card;
subsequently coupling the portable passenger card to an airline database including a boarding control module monitoring access to said particular airplane;
uploading by the card the ticket to the database; and
automatically verifying by the database the uploaded ticket; and
if the ticket is valid, then compiling by the database a boarding pass and downloading by the database the pass into the card; and
otherwise, denying access to said particular airplane via said airline ticket.
2. The method in claim 1 wherein said portable airline passenger card is a smart card comprising a memory for storing said airline ticket in the card.
3. The method in claim 1 wherein said portable airline passenger card is a pocket-sized computer comprising a means for processing card data relating to said airline ticket.
4. The method in claim 1 wherein said step of automatically verifying by the database the uploaded ticket, comprising:
retrieving by the database a departure time previously attached to said airline ticket stored in the card;
comparing by the database the retrieved time against a time provided by the database; and
if the card-based time correlates with said time provided by the database, then considering said departure time as being valid; and
otherwise, conveying a message that a different ticket is required in connection with said time provided by the database.
5. The method in claim 1 wherein said step of automatically verifying by the database the uploaded ticket, comprising:
retrieving by the database a passport document issued to a cardholder, and previously stored in the card; and
displaying the retrieved passport onto said boarding control module for verification; and
if the verification is successful, then allowing boarding for the ticket-holder; and
otherwise, denying boarding for the cardholder;
the verification step comprising:
capturing a life signature from a particular cardholder presenting the card said passport document is stored into;
inputting the captured signature into the card; and
comparing the captured signature with a signature previously stored in the card-based passport; and
if the life signature matches the signature in the passport, then considering said particular cardholder as being said cardholder including the rightful passport-holder; and
otherwise, denying access of said particular cardholder to said particular airplane.
6. The method in claim 1, further including the steps of:
compiling a luggage tag for a particular luggage to be checked-in by a particular ticket-holder;
affixing said luggage tag to said particular luggage;
storing a data contents of said luggage tag in the portable passenger card; and
appending said data contents to the card-based ticket including said boarding pass.
7. The method in claim 6 wherein said data contents comprising an identification information of said particular ticket-holder and a destination location said particular luggage shall be transported to.
8. The method in claim 6, further including the step of monitoring the loading of the luggage into the airplane; the step comprising:
subsequently coupling the portable passenger card to said airline database for boarding purposes;
uploading by the card said luggage tag's data contents, previously stored in the card, to the database; and
comparing by the database the uploaded luggage data contents with a luggage information previously stored in the database; and
if the luggage data, uploaded from the card, matches the database luggage information, then considering said particular luggage as accounted for; and
otherwise, conveying a message that there are irregularities with respect to the luggage;
said luggage information stored in the database comprising a data retrieved from said luggage tag affixed to the luggage;
said data being retrieved from the tag as proof that said particular luggage has been loaded into said particular airplane's cargo hold.
9. The method in claim 6, further including the step of checking-out said particular luggage; the step comprising:
subsequently picking-up said particular luggage said luggage tag is affixed to;
presenting including coupling the tag to a baggage claim control module for verification;
retrieving by the module a tag-related information from the tag affixed to the luggage;
coupling the card to the control module and retrieving by the module from the card said data contents previously appended to the card-based boarding pass;
comparing by the control module said tag-related information, retrieved from the tag, with said data contents, retrieved from the card; and
if there is a match, then considering proper ownership as being established between the luggage and the cardholder; and
otherwise, conveying a message that the tag affixed to the luggage does not match the card-based tag.
10. The method in claim 9 wherein the step of comparing the tag, affixed to the luggage, with the tag contents previously stored in the card, comprising:
coupling said baggage claim control module to said airline database; and
updating by the control module said airline database, such that a proof is established about said particular luggage being picked-up.
11. The method in claim 9 wherein the step of considering proper ownership being established, comprising:
providing by a particular cardholder a life cardholder biometrics information to the control module;
comparing by the module the life biometrics with a biometrics data previously used to earmark the tag; and
if the life biometrics matches the biometrics used for the earmarking, then considering said particular cardholder as being said particular ticket-holder including the rightful owner of the luggage; and
otherwise, conveying by the module an appropriate warning.
12. The method in claim 1, further including the step of controlling the number of passengers boarding the airplane; the step comprising:
subsequently coupling the passenger card to said boarding control module for boarding purposes;
uploading by the card said boarding pass to said control module; and
verifying by said control module the pass; and
if the verification is successful, then accounting the boarding pass holder as having boarded the airplane; and
otherwise, denying boarding via the pass;
the step of accounting the pass-holder comprising the step of considering said seat, the pass was previously issued for, as being filled.
13. The method in claim 12, further including:
in response to accounting the pass-holders, determining by the control module a cumulative number of passengers boarded at a particular moment;
comparing said cumulative number with a maximum capacity of passengers said particular airplane is authorized to carry; and
if said cumulative number is at least equal to said maximum capacity, then conveying a message that the airplane is full.
14. The method in claim 1, further including the step of providing in-flight services; the step comprising:
subsequently coupling the passenger card to an airplane control module which coordinates the delivery of in-flight services comprising a special meal;
communicating by the card to the control module a request for said special meal; and
in response to communicating said request, conveying including displaying by the control module a seat location said request originated from.
Description
BACKGROUND OF THE INVENTION
The travel system and methods are intended to be used throughout the travel industry, including by passengers, providers of travel services and transportation means, financial institutions and transaction processors offering electronic payment means and clearing of those payments, and by service providers of other travel-related services. To facilitate the intended use, a portable passenger card will be utilized. The card will be compiled and issued as a multi-application means for storage and processing of data and information, decision logic support and communications purposes, and identification and authentication schemes; as well as for hosting a traveler's pass, payment purse and a plurality of application-specific traveling services.
The system deploys a plurality of functional components and a set of computer programs to implement its operational tasks, including the communications of data and the usage of the passenger card between and among the above system user.
The functional components encompass, for example, PCs or other computing platforms, POS-terminals and PIN-tablets, ATM-machines, card read/write devices, biometrics boxes and other computer peripherals, and the passenger card per se. These components are connected via a multi-directional communications link to allow the exchange of data/information between and among the systems entities including the cardholder. The system components are off-the-shelf hardware devices that can be purchased from retailers/computer stores, procured from component manufacturers or its distributors, or acquired from providers of networking/communications services. The communication links can be implemented via the Internet or any other commercial available, wire-based or wireless network technology.
The computer programs perform the house-keeping assignments, computing and decisioning functions, application-specific routines, and the communications/networking tasks necessary for the system's operations and card usage. These programs further include security means, such as cryptographic schemes, digital signatures and authenticity codes, to protect the system, cardholders and card contents against fraudulent use. The software programs reside within the system's components including the electronic passenger card. In this way, a cardholder/system user can instruct the system to select and execute a plurality of computerized means or operational functions under the auspices of the software programs and the guidance of command buttons, template files and pull-up/pop-down menus embedded into the system or stored in the card.
The system further comprises a database scheme for storing a set of data and information in a distributed manner among a plurality of database components associated with the plurality of system users, including the passenger card. The database scheme comprises means for automatically interchanging a selected number of data elements, from among said set of data/information, between and among all database components via the communication link whenever such data elements are inputted including modified by a particular system entity. In this way, the network of system database components, including the passenger card per se, acts and behaves as a single integrated database that always contains and automatically delivers -anytime, anywhere -the most up to date set of those data and information.
SUMMARY OF THE INVENTION
Based upon the features and objectives of the travel system and methods, advantages of this invention include reduced administrative costs, improved productivity, better quality of service, and higher revenues associated with the issuance, usage, and processing of the computerized cards as compared to the deployment of paper/plastic-based traveling documents and of conventional payment methods.
The lower administrative costs are the result of less personnel needed for the automated issuance and maintenance of computerized passenger cards as compared to controlling and following-up on paper-based documents or printed media; of less resources and telecommunications costs required to collect and clear electronic payments as compared to cash, checks or plastic-based payments; and of reduced fraud facilitated via the card-based security features. For instance, the detection of and prevention against fraudulent use of unauthorized travel means will be automated, and the steps of verifying passengers and use rights will be consolidated.
The increased productivity is the result of substituting time consuming, labor intensive and error-prone manual operations, which are associated with traditional document processing platforms or with conventional payment environments, by the system's computerized means; as well as of streamlining repetitive tasks via electronic templates and automated communications exchange. For instance, several tasks previously performed by human operators for renewal purposes, can be eliminated due to the storage of reusable traveler's permits and reconfigurable utilization rights in the card. In addition, the passenger card will also eliminate data redundancy while reinforcing standards of practice, purging unnecessary operations, and automating repeating tasks.
The improved quality of service -when using the computerized card -is the result of achieving faster boarding or improved throughput at the point-of-service location, more service or product selections to choose from, up-to-date information available for micromarketing and inventory or money management purposes, and services renderable from remote locations. In addition, there is the convenience of using the same passenger card for transportation, identification, card-based payment means, and for other travel-related applications and services. This convenience factor will translate into an enhanced goodwill for the card issuer and acceptors as well.
Higher revenues will be achieved by allowing the passenger to earn frequent attendance and shopper points, which will lead to more loyal passengers and increased spending habits. The card can also generate incremental sales revenues by renting out card-space to corporate sponsors, such as for promotional programs or co-branding schemes. In addition, incremental sales revenues can also be generated via float income due to unused monetary value left in the passenger card or due to traveling services paid for but not claimed yet.
It is an objective of the present invention to provide a travel system and methods which utilize computerized cards for the automated use of a traveler's permit and of other travel-related documents, purchase of goods and services, and the rendering of other traveling services.
It is further an objective of the invention to provide a portable passenger card to store, process and communicate cardholder data, travel-related information, and electronic payment means.
It is further an objective of the invention to provide for a method of compiling the card data elements, which are also stored and maintained throughout a plurality of remote database components, and of issuing the card to a legitimate cardholder, which is entitled to use the card for a predefined purpose.
It is further an objective of the invention to provide for a method of altering, including updating cardholder data and travel-related information previously stored in the passenger card.
It is further an objective of the invention to provide for a method of admitting the cardholder for a particular transportation carrier or other traveling service based on a traveler's permit stored in the passenger card, and of verifying that the card data is authentic.
It is further an objective of the invention to provide for a method of using the passenger card for the purchase of goods and services offered by the plurality of service providers, and of determining if the card-based payment means is valid.
It is further an objective of the invention to provide for a method of implementing a plurality of applications via the corresponding application codes stored in the passenger cards: the codes define and protect the attributes and quantity of a particular application service to be implemented via the passenger card.
It is further an objective of the invention to provide for a method of coupling the passenger card to a remote database, and for downloading into the card a set of data and information or for communicating to the database selected card data or cardholder information.
The invention further includes a method for using a cryptographic scheme to authenticate the cardholder or system information and to guarantee a secure information exchange.
BRIEF DESCRIPTION OF THE DRAWINGS
FIG. 1 is a block diagram illustrating one embodiment of a travel system, including the system's communication links and the structural components of a card station.
FIG. 2 is a block diagram depicting the travel system including a plurality of service providers and the functional components of a travel center; as well as the communication links between and among the system entities and the passenger card.
FIG. 3 is a block diagram of one embodiment of the passenger card of the present invention.
DESCRIPTION OF A PREFERRED EMBODIMENT
This invention relates to an automated travel system and methods for facilitating via a portable passenger card device a plurality of applications, comprising storing transportation rights, service entitlements, and cardholder considerations into the passenger card; loading monetary values into the card and using the card for purchase of goods and services; presenting the card for passage through passenger stations and admission to transportation means; clearing payments made and rendering applications or services requested via the card; and communicating card data and related information between and among the system entities.
FIG. 1 depicts the functional components of a preferred travel system in accordance with the principles of the invention. The system and methods allow the issuance of a multi-application passenger card to individuals for traveling purposes, such as the use of airlines or other transportation carriers, as well as for the rendering of related services, such as on-line reservations and electronic payment means. To implement the system's operational tasks, commercially available hardware components and appropriate software programs and can be used. The hardware provides the computing infrastructure and the communication data links that integrate a plurality of remote system entities including the passenger card into a network. The computer software packages perform house-keeping functions, application-specific routines, networking and communication procedures, and utility tasks. This software also includes security means, such as cryptographic software programs and authenticity files, to protect the system information and card contents against fraudulent use. In addition, a passenger or any authorized user can instruct the system to select and execute a plurality of computerized means under the auspices of the software programs and the assistance and guidance of command buttons, template files and pull-up/pop-down menus embedded into the system. The hardware and software are distributed throughout the system entities including the passenger card.
The CARD STATION (1) allows a passenger, or any other entity, to interact with or couple to the system while planning and evaluating a particular trip or several travel itineraries, including making the appropriate reservations and loading the related ticket and travel information into the passenger card. The station can further be used to download monetary value into the passenger card, pay for travel-related services via the card-based means, and upload the electronic payments to a service provider. The station can also be used to compile the contents of the passenger card, so as to serve multiple application needs while hosting the related application modules in the same card. Such a station can comprise, for example, a PC-based setting used by passengers from home or at work, a card service station installed as an appropriate apparatus in public places, or a portable terminal accessed and served via on-line communications means.
The TRAVEL CENTER (2) provides the computerized means for the compilation and automated issuance of passenger cards and means for loading into the cards appropriate use rights, including electronic admission or passage rights for passengers. For example, the center can simulate and implement the tasks performed by the ticket vending machines installed at passenger stations, as well as the control functions exercised by the related entrance/exit gates. The center can also emulate a travel agent/office or any other marketer of travel information.
The SERVICE PROVIDERS (3) represent the service entities including individuals that support the card's usage and the system's operations while rendering a plurality of products and services to the passengers upon presentation of the passenger card. Such providers include the entities that provide the travel means and transportation carriers, as well as the services that are related to the use thereof. Providers further include a bank or financial institution that stores an electronic monetary value or other electronic payment means in the card, a credit reporting firm that verifies and guarantees the credit worthiness of the cardholder, a transaction processor that clears and credits the electronic payments made via the card, or a certification center that authenticates cardholders and card data. Providers can also comprise fast food vendors, retail outlets, concession stand owners, promoters of collectors cards, or Internet service and content providers.
The PASSENGERS (4) comprise the traveling individuals that use the transportation carriers and product offerings promoted by the service providers. These passengers also represent the consumers of products and services offered by the service providers at remote locations, such as advanced ticket purchasing stations, automated vending machines, travel agencies and entertainment entities, or providers of on-line services and multimedia offerings.
The distributed databases (10), (20) and (30) are associated with the plurality of remote system entities that comprise the card station, travel center and service providers, respectively. The above database scheme comprises database storage means for storing data and information in a distributed manner between and among those remote entities including the portable passenger card. The databases include the data records that relate to the system entities and to the passenger card contents. Further included is information including electronic template files, which implement the card's usage and 'the system's operations. Also stored are card data and system information to implement the communications and data security management functions. As a function of the amount and complexity of the data to be stored, the databases can be implemented via a variety of storage configurations. Solid state memory, magnetic tape, rotating media, video disks, and optical/laser media, are examples thereof. A major feature of the system is that these remote distributed databases including the passenger card, always contain the same set of data that is required to qualify a passenger for travel or service eligibility. In this way, when presented for service, the passenger card will contain the appropriate use rights, necessary entitlements, and adequate monetary values. The availability of this most up-to-date data is guaranteed by the system's build-in mechanism of communicating data in a real-time manner. In other words, if data changes or service/payment activities are performed by any one of the entities, all other entities including the passenger card will be automatically receiving this new information. Such an incremental exchange is not only fast and reliable, but also cost effective because of significant lower telecommunications expenditures. The passenger card, which can act as a portable database and/or off-line processing unit, also will free the system from lengthy and costly on-line modus of operandi, including on-line verifications and authorizations, while providing the bridge for stand alone or incompatible systems configurations.
To execute the means needed to communicate data and information between and among the passenger card and system databases, process and store card data and database information, as well as implement the decision logic means and software application programs, the card station comprises a plurality of components:
The database (10) is linked to the other databases distributed among and between all system entities, including the passenger card per se. The database stores the data and information relating to the travel services and transportation means available for selection, to the provider of transportation means and the passenger making the reservations, as well as to the transactions performed between the passenger and card station. The database data includes, for example, application codes, card and system file templates, menu screens, and user interface modules. The database data further includes the name, mailing/business address, telephone number, and other data about the transport provider and the passenger. The database also comprises unique identification numbers for the passengers or providers, account numbers with financial institutions, security keys and access codes used for cryptographic purposes and protection schemes, passenger lists and negative files including cancelled or fraudulent account numbers, and various validation codes. These latter codes are associated with the tickets or services, which are requested by the passengers and delivered by the provider, for proof and authentication of products/services being rendered, including returned by passengers for exchange or for money-back purposes. Further included is information relating to payment transactions, such as details about the service or merchandise purchased with the passenger card, electronic receipts for the cleared payments, and the passenger's purchase habits and related payment history.
The passenger card (11) includes "smart cards" that have a shape similar to plastic bankcards, but with at least one silicon chip/integrated circuit embedded into the card package. Such cards can further include PC (Personal Computer) card formats, handheld terminals or any pocket-sized computer configurations. The embedded circuits give the cards database storage means, processing and communications capabilities, or display means. The smart passenger card can therefore input, store, process, output, and display data relating to tickets, passengers, and system entities; as well as to services rendered via the card. The data stored in the card includes the equivalent of an electronic ticket for a particular itinerary, use rights for a specific transportation carrier, considerations for travel-related services, electronic money for payment, or security information for protecting the card content and identifying the rightful card holder. The cards further can display data inputted into or retrieved from the passenger card. The card data can be retrieved from (read operation) or loaded into (write operation) the card via a card read/write device or via traditional data input or retrieval means, such as a keyboard/mouse, pointing device, touch screen, or voice commands. This portable card can operate in a standalone and/or in an on-line modus of operandi.
The card reader (12) represents a card device that can read the passenger card's contents, as well as write information into the card; this read/write information can also be displayed onto the card reader. The card data can further be displayed and manipulated within the passenger card or on the monitor of a computer terminal. The passenger card can communicate, via such a read/write module, with the other system components including equipment that captures card data relating to text, graphics, audio or video information. This module can be a stand alone device, incorporated into computer terminals via appropriate plug-in boards, or implemented by the passenger card via built-in input or output ports.
The biometrics box (13) includes means for capturing and digitizing the biometrics characteristics information -such as fingerprints, voice, signature, eye characteristics, or picture/facial features -of a particular passenger. The captured biometrics can be stored in or imprinted onto the passenger card, as well as loaded into the database(s). The "life" biometrics can also be compared with biometrics information that was previously stored in the passenger card or in a remote database, to verify, for example, if a passenger is the legitimate card holder.
The computing platform (14) can be a multimedia personal computer -capable of processing and communicating text, data, audio, graphics and video -or any other computer configuration, such as a handheld computer terminal, general purpose personal computer, client/server-oriented networks, or a mainframe-based computer environment. This platform facilitates the computerized means including the gathering, organizing, evaluating, manipulation, processing, and exchanging of data and information. The computing platform also performs the decision logic means required for the system's implementation and the card's usage. Such a computing platform can further be used by the passengers to compile the card contents or request the rendering of services from remote locations (e.g. from their home or business premises).
The printer (15) allows the passenger to print out hardcopies including paper-based documents, such as tickets or travel statements and expense reports. When using thermal printing techniques, it can also be used to imprint text, logos, video images, or other related data and information onto the package of the passenger card.
The components of the card station are connected via a communication link (16) to allow the exchange of data and information throughout the card station. The components, including the station per se, also are connected via a global communication link (1234) to the rest of system entities. The data links can be implemented via any commercially available wired or wireless technology, such as cable/telephone lines, Internet service networks, or other digital or analog telecommunications media.
FIG. 2 illustrates the Travel Center (2) that provides the computerized means for the selection, payment and issuance of passenger cards; as well as for the storage in the cards of appropriate service entitlements and use rights. The center also provides the means to edit the contents of the passenger card, so as to represent a particular card configuration type. Such a center can be, for example, a ticket vending machine that is installed at an airport, a railroad station, or at a travel agency; as well as represent a provider of virtual services that are delivered via remote ticket offices, electronic shopping malls, or on-line travel support functions. Also shown is a Passenger Station (31) that controls access to the transportation carriers, as well as monitors possible connections relating to a particular travel itinerary including alternative transportation means. Further depicted are the plurality of service entities that provide the transportation carriers and render various services, as well as facilitate the support functions needed for the delivery of the appropriate goods and services. The Travel/Transport Provider (32) represents the entities that provide the transport means as well as the services associated therewith. Means for transportation may include airplanes, railroads, ships, automobiles, subways, buses, or rental cars. The services may comprise travel arrangements, such as reservations or cancellations and electronic ticketing or payments; transportation support, such as traffic management and capacity planning; and card-based marketing or sales promotions, such as loyalty and frequent traveling programs or other value-added benefits delivery schemes. The Bank/Financial Institution (33) represents the financial entity that facilitates the electronic payment process between the passenger and transport or other service providers, including the clearing/settlement of the electronic money exchanged via the communication link (1234). The Network/Transaction Processor (34) provides the infrastructure and services required for the processing of payments and transfer of electronic funds, including for the clearing and settlement of electronic transactions and related information. The Electronic Passenger Card (11) is the portable card used by the passenger to reserve a ticket or to purchase goods and services.
The TRAVEL CENTER facilitates the automated issuance of the passenger cards, including the loading into the card of an electronic ticket or of a permit authorizing the passenger for a specific itinerary, while employing the following software and hardware components:
The database (20) stores the data and information relating to the travel services and transportation means available for selection, to the provider of transportation means, and to the passenger making the reservations; as well as to the transactions and communications performed between the travel center and passenger. Further stored are electronic file templates including card templates that are used during the selection process, including for storage and communications purposes. The database includes, for example, the application/service codes and identification numbers of transportation services and carriers available to passengers. The codes authorize and trigger the implementation of the card-based applications. The codes are associated with the tickets or services requested by passengers, for proof and authentication of products/services being rendered by providers and used by cardholders, or returned by passengers for exchange or for cancellations, including for money-back purposes. The numbers are used to uniquely identify a particular transportation carrier a passenger buys a ticket for. The database also stores authenticity files and identification numbers of the passenger cards that are issued to or requested by the passengers; these files and numbers correspond to the authenticity codes and card numbers stored in the passenger cards. The database data further includes the name, mailing/business address, telephone number, and other data about the transport provider and the passenger. The database data also comprises unique identification numbers for the passengers or service providers, passenger lists, account numbers with financial institutions, negative files including cancelled or fraudulent account numbers, as well as security keys and access codes used for cryptographic purposes and protection schemes. The database further comprises a set of service or payment points that are underwritten by the provider, or any other entity. The points can be loaded into the passenger cards and accepted thereafter by selected service providers or by entities, as legal tender or as appropriate trade-ins. For instance, passengers can use the points for payment purposes or for exchange with certain use rights. The database further includes information relating to payment transactions, such as details about the service or ticket purchased via the passenger card, electronic receipts for the cleared payments and the passenger's purchase habits and related payment history. Concerning the latter, the database also gathers marketing data about the passenger's travel itineraries, including the type and amount of services requested and products purchased at a particular location or over a specific time period. The database data further comprises certification numbers used for authentication of data and information that is communicated between and among the system entities including the passenger card. The database further comprises an audit trail concerning the system's operation and card's usage, including details about the selections made and data loaded into the card. This audit trail establishes the concept of non-repudiation with the help of a "Who did What-When-Where" recording; the recording is tamper proof and non-erasable.
The user interface module (21) allows the passenger to interact with the travel center while instructing the center, or system components networked therein and entities linked thereto, to execute the arithmetic and logical functions required for the compilation of the passenger card contents, and to implement the related storage tasks and communications routines required for the loading and exchange of data and information. To select the instructions and input or output data, various means, such as a keyboard, mouse, pen, track ball, voice command, touch screen, or wireless communications technologies, can be used. This module also displays onto a built-in monitor or computer screen data inputted or retrieved by the passenger, as well as information provided by the system entities. The monitor/screen can also display instructions about how to proceed while guiding the card user through the process of selecting a particular task to be performed. For instance, the user interface lets the passengers select and compile the details of a particular trip, request the issuance of an electronic ticket, pay for the ticket, and load the ticket and appropriate service entitlements or use rights into the passenger card. Also stored in the card can be a monetary value for electronic payments or security information for protecting the card content and identifying the rightful cardholder. Passengers can also select a new card from among a set of predetermined card types, manipulate the contents of cards previously issued, store security information into the card, or tailor the passenger card content for a particular application.
The travel map (22) lets the user explore various travel itineraries, while automatically providing alternative routes and related recommendations. For example, the passenger inputs into, or points and clicks on, the map the departure and destination locations, including the date of travel and number of tickets requested. In response thereto, the map compiles and provides a set of possible itineraries, including the ticket price and the departure and arrival times associated with the recommended alternatives. Should the trip require any connections, the map will also provide the necessary information, including the type of carriers and time/location of transfer. After a travel selection is made, the map will request appropriate payment and if adequate payment is provided, the selected information including electronic ticket and type of transportation carrier can be loaded into the passenger card. In addition to compiling a particular travel itinerary or reserving a specific trip arrangement, the service map can also evaluate alternative travel plans as a function of restrictions imposed by the passenger when requesting a ticket or transportation permit. For example, the passenger can instruct the map to recommend an itinerary that doesn't cost more than a predefined dollar amount or that needs to start and to conclude within a predefined time period, as well as to reserve a ticket that is valid for a particular seat assignment. The above dialogue and selections can be made directly on the map and/or via the user interface module; for example, via touch-sensitive means or conventional input/output means. To aid the passenger during the selection and evaluation process, the map can display, for example, the seating arrangements of a carrier, layout of premises and buildings, points of attractions, as well as the maps of streets countries and the globe. For instance, the seating map can display the floor plan, including the status of seats that are still available, of a transportation carrier and allow the passenger to select the desired seating arrangements and related admission rights for that particular carrier; the selection process can be accomplished by pointing and clicking onto the seat that is displayed on the map. The selected seat assignments are also communicated in real-time to any other travel center that is authorized to sell tickets for the same carrier. The instantly available seating information across a network of ticket offices also facilitates the purchase of tickets from remote locations. For example, the cardholder-can access, from home, the database containing seat assignments via the passenger card and/or a computer terminal, select and pay for the seat locations, and load the selections made into the passenger card as the corresponding ticket.
The card slot (23) allows the passenger/user to insert or retrieve the passenger card (11), including to couple the card to the travel center, for the purpose of reading (retrieving) and writing (loading) the card data, as well as of displaying or manipulating the card contents. The card slot (24) provides the passenger with a new card in response to the compilation of a blank card or to the selection of a predefined card type provided by the travel center. This slot can also print-out a label or provide a sticker showing the data stored in the card, such as information relating to the ticket and transportation carrier; the label/sticker can be affixed onto the passenger card, attached to any other media, or used as is. The new card can be compiled, including displayed onto the user interface module, or selected from the card tray (25) that contains a plurality of card types and pre-defined configurations. While compiling or selecting a new passenger card, the cardholder also has the option to choose from various text, logos, artworks, or audio and video files provided by the center. The compiled information and selected options can be loaded into or imprinted onto the passenger card.
The banking module (26) allows the passenger to pay for the tickets or for new passenger cards, as well as to load a monetary value or electronic payment points into the passenger card. To purchase the tickets or cards, the passengers can select appropriate payment means from among a set of options (27) that include cash, checks, ATM (Automated Teller Machine) cards, credit/debit banking cards, or a passenger card. The banking module verifies the received or requested payment data and related information for the purpose of authorizing and settling the appropriate payment options. This verification and clearing process can be accomplished via a network transaction processor by communicating with the banking module for the purpose of settling the appropriate fund transfers, or via the passenger card by deducting the monetary value or payment points previously stored in the card. The card slot (28) accepts the credit/debit card, check, passenger card or any other media representing a particular money equivalent, so as to capture the information recorded or imprinted onto such media. The captured information can be used in conjunction with the payment data for the implementation of the selected payment option, as well as for the storage in the card as a monetary value. In the later case, this information can be digitized and stored in the passenger card as an electronic representation of traditional payment means. For instance, the banking module facilitates the storing in the passenger card of electronic payment forms, which represent cash or plastic-based banking cards, together with digital money allocated thereto. The monetary value can also be downloaded via on-line communication means, such as from a checking account or line of credit. Also loaded into the passenger card can be electronic payment points, which represent use or consumption rights underwritten by the non-banking entity. For example, the transport provider provides the passenger, in exchange for adequate payment or a predetermined amount of travel miles, a set of payment points that can be used for future purchases of tickets or services at selected providers accepting those points. After acceptance, the payment points can be redeemed by the transport provider and credited to the providers' account as traditional money.
The module (29) serves as a two-way communication means to exchange audio, video, or any other data and information between the passenger and the entity that services and maintains the travel center. For example, this capability can be used to report issues observed or to solve problems encountered by a passenger engaged into a dialogue with the travel center.
The PASSENGER STATION monitors and controls access to a particular transportation carrier, as well as to connecting carriers used throughout different travel segments of a particular itinerary. The station manages the passenger flow to or from the transportation carriers while verifying the card-based ticket, including related information stored in the passenger card, via the access control modules (111) and (112). These module can be installed at the entrance or exit gates at the premises where passengers can board a transportation carrier (e.g. at railroad stations or airport facilities) or where transportation vehicles can have access to (e.g. at toll bridges or cargo ships). The modules can also be placed on the transportation carrier per se (e.g. on a bus or any other public transportation vehicle). Upon coupling the passenger card to the control module, the modules monitor the admission to or departure from the premises -or access to or exit from the carrier -while reading the card-based ticket information and other related card data. In this way, the modules can, for example, verify the passenger's identity or compute the number of passengers boarding the carrier, so as to compare the passengers being admitted against the list of authorized passengers or the carrier's maximum capacity. The modules can also compile the total number of passengers being admitted/transported over a predetermined time period, including by a particular transportation carrier. Such demographics information, together with other passenger or travel related data, can be gathered and forwarded to the transport provider for marketing/promotional programs. The modules can further compile the availability of open seats, if reservations are required or the carrier's capacity is monitored, as well as match the ticket holders with their luggage items. In the latter context, the passenger's luggage will be identified at check-in time; for instance, with a tag using a bar code means. The tag-related information will also be included into the card-based ticket, so as to allow the cross-reference between passengers, who have boarded onto the carrier, and the luggage items, which have been loaded into the cargo hold of that carrier. As an outcome of this comparison, the module can flag that all luggage is accounted for and could be correlated to a particular passenger, or that some items have no owner and therefore should be removed because no matching passenger could be established. The module can also convey a message if a luggage item was checked-in but not loaded yet onto the carrier; for example, the control module can detect the missing item when verifying the card-based ticket at boarding time and alert the carrier-personnel accordingly. The modules can also scan ID (Identification) documents for the purpose of retrieving and evaluating selected information recorded onto such documents. For example, the DOB (Date Of Birth) data or the cardholder's picture can be captured from a valid driver's license to determine the age or physical appearance of the passenger presenting the license. Also captured can be the information from a passport, such as the passenger's place of birth and citizenship, or data from other paper/plastic-based documents. Such information/data can be verified, including compared against Government databases, so as to authenticate the background of the passenger or provide the data required for other travel-related purposes.
The card slots (111.1) and (112.1) allow the cardholder to insert and retrieve the passenger card, including to couple the card to the control module, so as to permit the module to read the card data including the electronic ticket stored in the card, verify the card data, and store data in the card. This card-based ticket information can also be projected onto a display panel that communicates with the control modules. If the passenger card is authentic and contains the appropriate access rights, the control modules allow the passage through the gate the modules are coupled with; otherwise deny the passage including signals the unauthorized attempt. For instance, if the card-based ticket qualities a passenger to use a particular transportation carrier, access to that carrier is approved; otherwise a message conveyed that the passenger must use a different carrier or purchase another ticket. Or, if the electronic ticket stored in the card contains a valid seat assignment with the correct time, date and location, then the mechanical arm activated by the control module permits the passenger to enter or exit the premises; otherwise passage is blocked through the gate. If approved for passage, an appropriate admission, or exit, stamp will be loaded into the passenger card. These stamps, which contain time-stamped information relating to the tickets or any other permit, are tamper proof and can be stored only by the control module. For instance, the admission stamp identifies the cardholder as being lawfully admitted, via the card-based ticket, to use a transportation carrier, including to access the premises where the carrier is based. The admission stamp also voids the card-based ticket once admission is approved and/or access or boarding accomplished, so as to inhibit the fraudulent use of the same ticket for multiple trips that are not qualified via that ticket. If the ticket qualities the passenger for a return trip or connecting transportation means, the appropriate ticket-segment(s) will be preserved for the return or connecting trip. This can be achieved by compiling a master-admission stamp that generates the set of appropriate slave-admission stamps corresponding to the individual ticket segments, or by generating a set of consecutive admission stamps whenever the card is presented for those particular segments of the trip. The admission stamp is valid only for a particular itinerary and cannot be used in lieu of a ticket for another travel purpose; for example, it is valid for a predetermined time period(s) or a predefined transportation carrier(s), but will be automatically erased once the access rights become invalid or after the journey concludes. For instance, the admission stamp will be voided whenever a passenger leaves the carrier, including the premises the carrier is stationed at, unless the card is presented to the control module at the exit gate with the intent of re-entry to the same carrier/premises or to access connecting carriers. For example, when the card is coupled to the exit gate, the control module will verify the admission stamp previously stored in the card, and if successful, generate and load an appropriate exit stamp into the passenger card. When presented at the entry gate, the card-based exit stamp will be verified, and if valid, allow the passenger to pass through the entry gate or board the carrier. If more than one carrier, including different premises, will be used by the passenger during connecting trip segments, access to those carriers/premises will be granted via the master-admission stamp stored in the card at the beginning of the trip, via the individual admission stamps compiled whenever the card is presented to the control module(s) at the related entrance gates, or via the exit stamp generated after exiting or concluding a previous trip segment. The admission stamp also prevents the use of more than one ticket for the same seat assignment or the same transportation carrier. The control module prohibits the compilation of more than one admission stamp based upon the same ticket, as well as of more than one exit stamp based upon the same admission stamp. This stamp can be further used to qualify the passenger for certain privileges or considerations; for example, to receive a free gift or frequent travel mileage for being the one millionth passenger taking a particular itinerary or using a particular carrier.
The biometrics modules (111.2) and (112.2) at the entrance and exit gate serve as an additional security means for controlling the passenger flow and for safeguarding the passenger cards. These two modules can be used to capture the passenger's biometrics characteristics, such as fingerprints or voice imprints, and compare the captured data with biometrics information previously stored in the passenger card; the captured biometrics can also be loaded into the card or any of the system databases. For example, a passenger might want to protect a travel permit or ticket, which is hosted by the passenger card, while attaching a particular biometrics to the card-based permit/ticket. When presented at the entrance gate, the control module requests confirmation and the cardholder must provide the identical biometrics to unlock the transportation rights; otherwise the permit or ticket cannot be retrieved nor displayed, and access is not allowed. Or a ticket holder leaving the carrier or premisses, might want to capture and temporarily store a particular biometrics in the passenger card to make sure that nobody else can use the card for re-entry, including multiple access purposes. When the passenger card is presented at the entrance gate, the matching "life" biometrics must be provided in addition to the exit stamp, to have access allowed; otherwise re-entry is denied. In addition, these modules can also provide the input means for scanning the physical appearance of a passenger and for communicating it to the control module; the appearance can then, for example, be compared against the photo scanned from an ID document or the picture stored in the passenger card per se. To safeguard the process of using biometrics information for multiple re-entries, the biometrics modules at the entrance gate can be used only by passengers arriving for access or boarding purposes and the biometrics module at the exit gate only by passengers leaving the carrier including the corresponding premises.
FIG. 3 illustrates the functional structure, including the electronic card template of the multi-application passenger card including an airline passenger card/device, which facilitates the card's computerized means for compiling the card contents and for communicating data and information between and among the remote databases including the portable passenger card. The means includes the capturing, inputting, storing, retrieving, displaying, evaluating, computing, processing, and exchanging of the data/information needed for the card's usage and the system's operation. The card contents can also be manipulated, displayed, and exchanged via commercially available computer terminals, such as personal computers, POS terminals, or automated data collection and inputting means that are coupled to the passenger card. To safeguard the card contents and protect the data exchange, the card issuer, system entities or cardholder can load authenticity data and security information into the passenger card. To allow the communication between proprietary platforms, the card data and database information can be automatically translated or converted from a particular data format and contents into data/information with another format and contents. The passenger card comprises a plurality of data fields, distributed between and among the card and/or system components, to facilitate the card-based functions and operational tasks of the system:
The BUTTON fields trigger and facilitate the storage, processing, and decision-logic means required for the implementation of arithmetic and logic operations, as well as of communications management functions. Such means retrieve and display, for example, the card data, edit the data, and store the edited data in the card or communicate it to the remote databases. Such means further process monetary values stored in the card for the payment of travel tickets or for other goods and services, compute the required payments and the remaining card balances, attach a time stamp to the computations, and communicate the results with the card and databases. Such means further verify the validity and expiration dates of the use rights data stored in the card, checks the authenticity of the card data, and determine if a passenger card should be approved or denied for access to a carrier or for other services. When selected, these buttons display a set of pop-up or pull-down menus that aid the user in understanding and implementing the card's operation.
The CARDHOLDER/PASSENGER BACKGROUND field comprises data and information, which relate to the passenger and the framework the passenger card can be used within, as well as an Instruction-Window, which provides and displays a set of help-functions to guide the cardholder through the steps of compiling and using the card data. The stored information includes, for example, the passenger's demographics data such as name, address, birth date and telephone number; cardholder identification information such as a passenger ID number, SSN (Social Security Number), or check guarantee number; and an electronic representation of cardholder documents such as a driver's license, identity card, or passport. Also stored are the overall terms and conditions the passenger card has to conform to when being used, data and information about the card's eligibility for a particular itinerary or a specific application/service, information about the card utilization including services rendered and travel performed via the passenger card, and the passenger's credit history including approvals or declines of card-based payment transactions or fund transfers. The stored background data elements comprise plain data that can be displayed and modified by all system users restricted information that can be accessed or manipulated only by an authorized entity or by the cardholder, and certified data that can be retrieved and viewed but changed only by the certification center. Data and information can also be inputted into the background-field, including the instruction-window, after the passenger card is issued. For example; a cardholder can enter additional data, such as time management information to tailor the card for a particular card utilization purpose, or a issuer of card-based documents can update the document-related data, such as a license or an immunization pass with new information.
The TRAVEL OPTIONS field provides a plurality of transportation carriers and related services as well as various payment means and card configurations, that can be selected or compiled and implemented via the passenger card. Based upon the selections, including consumptions triggered via the passenger card, this field can also be used to implement loyalty programs that let cardholders earn frequent traveler or shopper points for trips made with a particular transportation carrier or for purchases initiated at a particular merchant. The points, which will be stored in the passenger card, have value similar to cash and can be redeemed at carriers or merchants participating in such a program; for example, by initiating future trips/purchases with the passenger card or by trading-in the points for cash. In this field is also incorporated an Instruction-Window, which guides the card user through the steps of selecting or using the transportation and service means and of compiling or inputting the payment account data and the card configurations. This window provides and displays instructions that describe the choices available for a particular task, recommendations about how to proceed, and consequences associated with a particular task or recommendation being selected. The window also explains the outcomes associated with a particular command or function being executed, as well as display the detailed information relating to the selected travel or admission tickets and to the utilized payment forms or card configurations data. The travel options field comprises the selection and payment sections.
The SELECTION TRANSPORT/SERVICE section allows the card user, including the system, to choose a particular transportation carrier from among the plurality of carriers, which facilitate appropriate travel means by air, sea and land; and select a specific service from among a menu of traveling services, which relate to goods and services provided via the passenger card. The transport-related data comprises, for example, the electronic representation of tickets for a particular itinerary, including the appropriate seat assignments and access rights, and the detailed information about the carrier to be used thereby, including the related type and identification of the carrier; as well as the itinerary to be followed and sites to be visited thereby, including the location, date and time of the corresponding departure(s) and arrival(s). The tickets can be identified via a unique ticket number, as well as via passenger-related information, such as name and address, or selected information about the carrier or itinerary, such as name of the travel agency or amount paid for the ticket. The passenger cards can store a single ticket or host a set of tickets for several passengers. The service-related data comprises, for example, a set of benefits data that entitle the passenger to specific rights or considerations upon presentation of the passenger card. Such benefits may include advanced seat reservations, selected upgrades free admission to events, automated check-in and boarding capabilities, serving of special meals, purchase of discounted merchandise, as well as the accumulation of bonus points for frequent travel and selected purchases.
The above transport/service data can also be viewed and/or manipulated via the Scroll-Window. This window allows card users to browse through the list of carriers and services available to the passenger, display the related information, and make appropriate selections. For instance, the passenger can use the scroll bars to select a specific airline carrier, display the seating guide, and make a ticket/seat reservation. The passenger can also locate a particular ticket via the corresponding identification number, retrieve the information relating thereto, and make any necessary modifications. The reservations or modifications can be stored in the passenger card, including communicated to the appropriate system databases as well; a particular seat assignment that is reserved or changed via the passenger card, has to be validated by the transport provider's database. In other words, although the passenger card can be used to pre-select or change a particular seat assignment, including the type of carrier and date and location of departure/arrival, the card needs to forward the seating information to the provider database to have the seat assignment confirmed. For example, after compiling a request for an airplane ticket via the passenger card including an seating guide stored therein, the card will log-on to the airliner's seating map, including to any other remote databases networked thereto, communicate the ticketing request, and after receiving approval, store the electronic ticket in the passenger card. Only this map, including any database linked thereto, has the authority to make the final ticket reservation, including to accept new seating requests or to change previously made seat reservations.
The PAYMENT/CONFIGURATION section allows the card user, including the system, to manage the selection and usage of various payment forms and card types for the purpose of electronic payments and of card template configurations. The Status-Window can display the payment forms and card configurations, as well as facilitate the manipulation of selected payment information or card data. For instance, the window lets the card user locate and retrieve detailed information about the individual forms or specific configurations that are stored in the passenger card. Also communicated and displayed can be payment information or configuration data that is stored in and retrieved from a remote database and/or inputted by the card user. Once displayed, the data/information can be used as is, or edited and stored in the passenger card or communicated with remote databases for later on usage. The window also provides the most up-to-date status of the payment information and card data, as well as a history of data previously selected.
The electronic payment forms comprise payment options that represent currencies or other traditional paper/plastic-based banking cards via an electronic monetary value stored in the passenger card. Associated with these forms is a set of account information, such as the maximum debit/credit limit, effective and expiration dates, cumulative amount spent so far via that form, and the balance remaining in the card for further purchases. The forms can also simulate those traditional payment means while automating the authorization and clearing tasks via electronic data links to communicate with the appropriate transaction processors. The payment forms can further comprise promissory notes endorsed by a non-banking entity, such as the transport provider, and accepted by the service providers for the purchase of goods and services. For instance, such type of notes can represent electronic payment points that will be settled by the entity the way commercial banks clear payments made via their paper/plastic cards the settlement occurs after the points have been forwarded by the provider that accepted such points as legal tender. The payment forms can be identified via a particular name, specific account number, or via any other unique identifier. If a particular payment form is used for a purchase, the card-based balance will be compared with the payment due for that purchase. If this remaining balance is equal to or greater than the due payment, the card-based payment form, including the stored monetary value, can be used to pay for the related merchandise or service. When approved by the cardholder, the payment due will be deducted from the remaining balance and forwarded to the merchant. If a card-based payment is used, the payment due will also be added to the cumulative spending amount which reduces the remaining balance accordingly; the cumulative spending amount is deducted from the maximum debit/credit limit to yield the remaining balance. If the payment due is more than the remaining balance, the selected payment form cannot be used for payment; the remaining balance has to be augmented or another payment means used. The remaining balance can be increased by reducing the cumulative spending amount and/or by increasing the maximum limit associated with that particular payment form. This can be achieved, for example, by the cardholder paying off at least a portion of the balance owed to a bank, and by the bank reducing in response thereto the spending amount accumulated in the card. Or, the bank can increase the credit/debit limit for that payment form, and store the higher maximum amount into the passenger card; the increased amount will recharge the depleted amounts. The cardholder can also augment the remaining balance by transferring a monetary value from another payment form, or downloading some payment points, to increase the maximum amount or lower the cumulative spending amount stored in the card.
The card types comprise a plurality of card configuration templates, as well as electronic pointers and built-in communication links to those templates and to remote database information, that support the multi-application scenarios via a single passenger card. The templates provide the structure for the various card contents that are configured to specific application needs. Such a structure comprises, for example, the framework for a predetermined number and type of data elements, including the various formats and related contents for those data elements, that will be stored throughout a set of predefined data fields in the passenger card. Selected data elements can also be imprinted onto the card package. The knowledge-based pointers locate the card templates via a unique configuration number or application code, retrieve the template, and display the structure associated therewith, so as to allow the viewing and/or inputting of data. The data communication links allow the exchange of information between and among the card contents and remote system databases. To implement a multiple application scenario, the passenger card evokes a set of application-specific applets that are tailored to a particular application task. These applets are just-in-time software programs that are highly modular and machine-independent. In this way, these software applets are reusable and reconfigurable to serve new or multiple applications with the same passenger card. The applets can also be dispatched across a network of service providers, such as the Internet, and assembled dynamically on any point-of-service for a specific application, regardless of location or type of computing platform installed at those providers. Let's consider, for instance, a multicarrier passenger card that entitles the cardholder to use a predetermined number of transportation carriers for a particular itinerary or over a predefined time period. When presented for service, the passenger card will locate, retrieve and trigger the appropriate software applets to authenticate the card and to identify the cardholder, gain admission to the premises where those carriers are stationed, validate the boarding of the carriers, compile the necessary connections, and verify the time-related restrictions.
The data and information relating to the transportation carriers, travel services, payment forms, and card configurations can also be earmarked electronically (e.g. with identification numbers or security keys) by the underwriter of the card data, so that authentic data/information will be forwarded securely to the recipient. Such a recipient can comprise the travel center, any of the service providers, or the passenger card per se. A particular card data can also be protected via the recipient's identification number or security key (e.g. attached to the data), so as to allow the use of the communicated card data only by the entity intended to receive the data. For example, a bank attaches its identification number to a credit card payment form and encrypts the form with its security key. To make sure that only a particular cardholder can use the payment form, the bank might also capture biometrics information or enter a security key of that cardholder and attach the captured information or the inputted key to the payment form; to unlock the card-based payment form, the identical biometrics of correct key has to be provided. The passenger, when paying a merchant via the card-based form, might also attach the merchant's identification number or security key to the forwarded payment information; in this way, only that merchant, who can provide the matching number or correct key, can clear the payment.
The ACCESS CONTROL field authenticates the passenger card, verifies the cardholder, and protects access to certain information. This data field comprises authenticity codes to validate the passenger card, digital signatures to confirm the legitimate cardholder, and authorization codes to control access to data stored in the card or in a remote database. The field further comprises applicable copyright statements or any other disclaimer notices with regards to data-stored in the passenger card or to information being communicated with the remote databases.
The authenticity code will be stored in the card, for example, as a tamper proof number that cannot be duplicated; the number is known only to the issuer or manufacturer of the passenger card. When presented for service, the card can be validated via this code by comparing the code against an authenticity file stored in the issuer database or by performing a self-test of the card-based code. If there is a match or successful test, the card is authentic; otherwise a forgery.
The purpose of the digital signature is to provide positive proof that passengers are who they say they are, similar to the name of persons as written by themselves. For instance, this signature is an electronic representation of a distinctive mark such as a digitized signature, or of a unique characteristics such as biometrics information, of that passenger. The signature can also comprise appropriate cryptographic keys used to indicate the identity of that passenger. To establish the cardholder's identity, the card-based signature will be compared with the "life" signature or biometrics provided by the passenger. If the comparison is successful, the cardholder is legitimate; otherwise a message will be conveyed that a positive identification could not be established. In the same context, a cardholder that can provide the appropriate cryptographic keys required to unlock/validate the card-based signature, is also considered as being legitimate.
The authorization codes safeguard access to data and information while monitoring and controlling access to selected card data fields, including specific data elements, as well as to predetermined databases, including remote data records. These codes correspond to a set of pre-defined authorization levels that are allocated to the cardholder or to any other entity that is using the card, or communicating data between the card and remote databases. For instance, entities attempting to retrieve (read) or manipulate (write) a particular card data, must be authorized to read data from or to write data into the card's data fields. Such an authorization may be achieved, for example, via a PIN or any other password-like information the entities have to provide before the read/write operations can be performed. For additional levels of protection, the identification number or security key of those entities can be certified with the appropriate authorization codes to yield appropriate access rights. To gain access, including being gable to communicate with the card or database, the entities must provide the proper number or matching key.
The COMMUNICATIONS field comprises the means to facilitate a secure communications exchange among and between the remote databases and the passenger card, as well as the means to safeguard data and information communicated or stored by the card user or system entities. To identify a particular card or database, a distinctive card number or unique address will be stored in the card or allocated to the database. Also stored in the card/database can be any other specific identifier that is distinctive or unique. A particular data element, which is stored in the card or database, can be located via the data field section or data record number, as well as via the corresponding data label or addressing pointer.
The Read/Write means refer to the retrieving of data from or the loading of data into the passenger card; the retrieved/stored data can also be displayed onto the card. The Send/Receive means refer to the uploading of card-based data to a remote database or the downloading of data from a remote database into the card. This exchange of data is implemented by selectively coupling the passenger card to the database(s) via a data communication link; the data can also be displayed onto the card or by a computer terminal connected to the data link. The Encrypt/Decrypt means refer to the compilation and employment of security keys to be attached to the communicated or stored information. Such keys can also be incorporated into a particular access code. For example, selected information or card data elements can be encrypted via a cryptographic key by the sender before being communicated to a particular entity, and decrypted via a cryptographic key only by that entity, which is authorized to receive the message/data. As an additional safeguard means, data stored in the card, as well as codes protecting access thereto, can also be scrambled or unscrambled via this means. For instance once encrypted, the data or codes can be decrypted only by authorized users. The above cryptographic means can also be used by encoding or decoding functions that allow the related translation or conversion of information with respect to different data formats and different data contents; for example, from data elements with a particular structure to similar data elements containing a different structure, and vice versa; or from an information item containing a particular number of data elements to a similar-item but with a different number of elements, and vice versa.
The CONFIRMATION field allows the transportation provider, or any other service provider, to confirm a particular reservation made, or to certify a specific service requested, via the passenger card. For example, a passenger purchasing an airplane ticket and reserving a car rental or a hotel room, can download the electronic ticket and reservation information with the corresponding confirmation numbers provided by the airline, rental agency or hotel. To further safeguard this confirmation process, the passenger's digital signature, which is stored in the card, can be exchanged automatically with the carrier/service provider's certificates, which are stored in the remote provider databases. Based upon this, the certificate allows each party in a transaction to confirm the identity of the other and serve as proof as to who requested a particular service, who committed to provide that service, and who forwarded the confirmation number. The exchanged certificates can, for example, be compared against a list of original certificates stored in a public database, and if there is a match, the identity of the parties is considered as being authenticated, including the confirmation numbers as being issued by the service providers. In the case the pair of certificates doesn't match, a message will be conveyed that no positive identity could be established. If scrambled with a particular key, the certificate can be unscrambled only with the matching key, including information that is unique to the certifying party. Being able to unscramble the certificate is not only proof that the party's identity is established, but also that any information endorsed with the certificate is authentic as well. The Instruction-Window provides additional details or instructions about how to compile or select and how to use the card's communications and security features.
The AUDIT TRAIL field stores a trail concerning the card's usage, including what data/information was loaded into the card and exchanged with the other system entities. A typical trail comprises the date and the location the card was utilized at, the name and related information about the transportation carrier used activity performed, a description of the travel-related activity being implemented and service rendered, and additional comments and explanations relating to the travel itinerary or the services. This field also gathers marketing data about the passenger's traveling records and purchase patterns, including the number and type of trips performed and of goods or services purchased; as well as where, when and what carrier or payment form was used to travel or to pay for the goods and services. This marketing data is then forwarded to the appropriate system entities, including the service providers, for analysis.
The invention also includes a method of compiling the contents of the passenger card and of issuing the card to a legitimate cardholder; the card contents comprising a set of data elements that are also stored and maintained throughout the remote system databases. The method includes the steps of verifying the identity of the cardholder and of authenticating the card storing cardholder data and system entity information in the card, selecting and loading electronic tickets and related travel information into the card, storing payment information and monetary values in the card, loading other passenger use rights and entitlements into the card, authenticating data and information stored in the card, protecting access to card data and database information, issuing the card to the legitimate cardholder, and establishing an appropriate audit trail.
The verification of the cardholder can be accomplished by checking conventional ID documents presented by the cardholder, verifying cardholder-related information stored in Government or other databases, or by providing security information that has to correspond to the security data stored in the card. If the verification process is successful, the cardholder is authorized to retrieve, manipulate, or store card data; as well as download, view, or upload database information. Upon positive identification, the cardholder can also use the passenger card for the rights stored in the card; for example, to edit selected card data or to download an electronic ticket. The card's authenticity can be verified by checking the card authenticity code stored in the passenger card, including by comparing the code against the authenticity file stored in the system database. If the code is valid including if there is a match, the passenger card can be used; otherwise, card service is denied.
The data and information relating to the cardholder or system entities will be stored in or retrieved from the passenger card via the card's computerized input/output means, including the card data templates, or via a computer terminal, including the write/read device and biometrics box. The cardholder data comprises demographics data, such as a passenger ID number or SSN; and security information, such as a PIN, biometrics characteristics, or cryptographic keys. Cardholder data can also include an admission permit that allows security and administrative personnel to board a transportation carrier or to access the surrounding premises, as well as a license for merchants that are authorized to sell goods and services at the premises where the carrier passes through or is stationed at; the permit or license can be used in lieu of a ticket to gain admission to the carrier or premises. System information comprises data, such as identification numbers and security keys, about the entities that interact and communicate with a passenger card. The card data can be inputted by a card or system user while being provided by the cardholder or captured from a media holding information to be stored in the card. The card data can also be downloaded from other system databases including transferred from another passenger card.
The tickets for transportation carriers and the entitlements for travel services can be selected from among a list of available carriers and services. Once a selection is made, a particular ticket/entitlement can be loaded into the passenger card as: an electronic representation of the corresponding information; for example, as a boarding pass or a confirmed hotel reservation. Such information is tamper proof and can be downloaded only from the travel map, which coordinates the seat assignments, or from the reservation desk, which allocates the room numbers. The seat assignments stored in a particular card can nevertheless also be transferred into another passenger card without the need to communicate with the travel map or reservation desk per se: once transferred, the original seat assignments or initial reservation will be automatically cancelled in that particular card, so that no more than one valid ticket or room number will be in circulation. The selected seat assignments or reserved rooms can be displayed, checked for accuracy, cancelled, or replaced with new assignments or different accommodations. The admission or service rights facilitated via the passenger card can be of a physical nature, such as boarding a plane or paying for an in-flight movie, or represent a virtual tool to access goods and services from the convenience of a home, such as ordering travel services over the World-Wide-Web (WWW) infrastructure.
To pay for the travel tickets or the goods and services ordered and purchased by the passenger, an appropriate monetary value will be loaded into the passenger card. This value can be an electronic representation of traditional money, including paper/plastic-based payment forms endorsed by banks, as well as electronic payment points underwritten by non-financial institutions including the transportation provider. The electronic money can be inputted as digital cash into the passenger card. The banking payment forms can be scanned and digitized by a payment reader, which is coupled to the passenger card, or downloaded from the bank's database via the data communication link. The scanned or downloaded information is then stored in the passenger card as an electronic payment form with a monetary value associated thereto. The payment points, which are sold or provided to the passenger by the provider(s), can be loaded into the card via the card read/write device or via the data communication link from the provider's database. The stored digital cash, payment forms, and payment points can also be displayed onto the card template and verified or updated, if necessary.
Besides electronic tickets, a set of other rights, services or considerations can be compiled and stored in the passenger card as well. This set of data allows the passenger to trigger or to receive the stored entitlements upon presentation of the passenger card. The specific entitlements can be automatically loaded into the card during usage or during selection from among a menu of benefits offered to the cardholder by the service providers. For example, when used for connecting transportation carriers, the passenger card facilitates appropriate admission rights for the premises where the carriers pick-up the passengers., These admission permits are automatically compiled, including time stamped, and loaded into the passenger card at the point-of-exit and checked at the point-of-entry stations. The passenger card also provides services that are activated by the card-based information relating to a particular itinerary booked via the passenger card. Such services comprise, for example, complementary meals and drinks, selected reading materials, or free admissions to events and attractions. The passenger card lets the cardholder also accumulate frequent bonus points in consideration of traveling with a particular carrier over a predetermined distance, purchasing a certain amount of selected merchandise, or of consuming a predefined level of services via the passenger card. These points can be exchanged later on for a free trip or a reduced ticket price, used to buy a discounted merchandise, or applied as a co-payment for the rendering of selected services.
To ensure the authenticity, including integrity, of data stored in the passenger card and of information communicated between the card and remote databases, a set of pertinent information is stored in the card and/or databases, such as validation codes to electronically earmark the passenger entitlements or goods and services provided, identification numbers to identify the related items or entities, digital signatures to certify data and information being communicated, and security keys to guarantee the integrity of card data or database information. This pertinent information, which is associated with or related to the data needing authentication, is tamper proof and can be loaded into the card or database only by the entity that is responsible to provide authentic data or maintain the integrity thereof. If this information is scrambled, it can be unlocked only by the authorized entity, including via a proper key. For example, after successful unlocking, the authenticated card data will be retrieved from the passenger card, or downloaded from a database, and displayed onto the card or any computer terminal as legible data.
To protect access to selected card data or database information, a passenger or any other system entity can employ various protection schemes to safeguard the individual data elements. For example, cardholders can input their PIN or biometrics information into the passenger card, as well as scramble certain card data with appropriate security keys. System entities can, for example, control access to card data or database records via predefined access codes or various security keys. To gain access to the card data, the appropriate codes or keys have to be provided by the entity attempting to do so. The provided information has to match, or correlate to, the one stored in the card. The same methodology applies to data that is stored and protected in a database; authorization to retrieve/download and store/upload the database data is granted once the proper access information is provided. Copyright statements and other notices can also be stored as a deterrent to illegal activities.
After the card contents is compiled, the card, including data stored or modified therein, can be used by the passenger authorized to do so. The card will be issued to cardholders that have provided proper information identifying the cardholders, data validating the access rights, as well as adequate payment. The issued cards can be used by one cardholder or by any other cardholder who is also authorized to access and use the card data. For example, an individual passenger uses the card as an airline ticket, while a group of passengers uses the card as a host for all tickets that entitle them to, a chartered bus ride.
The system databases including the passenger card will also store an audit trail about the card's usage including the editing of card data and the communication of information between and among the remote databases and the passenger card.
The invention further includes a method for authorizing the cardholder to use a particular transportation carrier based upon the electronic ticket and related admission rights stored in the passenger card. The method comprises the steps of authenticating the passenger card, identifying the cardholder, determining if the card-based ticket is valid, compiling and loading a boarding pass into the card, deciding if more information should be loaded into the card, implementing multiple access and exit scenarios to and from the carrier, and establishing an audit trail.
The passenger card can be authenticated via the control module of the passenger station. When presented for admission/boarding purposes, the control module will compare the authenticity code stored in the card against the authenticity file stored in a remote system database. The control module can also perform a self-test of the authenticity code; for example, by verifying the integrity of the code while running a routine that determines if the code is original and still conforming to the card issuer's specifications. If there is a discrepancy or a testing failure, the card will be retained and an appropriate warning message conveyed. If there is a match or a successful test, the card is established to be authentic and approved for further service, including to be used as an electronic ticket for admission or boarding purposes.
The cardholder's identity can be verified at the passenger station by a carrier/travel representative, including via selected information stored in the passenger card. For example, when presented for international travel, the card can provide the cardholder's certified picture that was previously stored in the card or imprinted onto the card package. The stations's control module can capture the physical appearance of the passenger presenting the card and compare it with the picture stored in the card per se. If there is a match, the passenger's identity is established; otherwise, a message conveyed that the comparison was not successful. In addition, authorized personnel can also verify the picture imprinted onto the card, as well as the passenger's demographics information stored in the card; a successful verification indicates that cardholders are who they say they are. The passenger's identity can also be verified via security data stored in the card and information provided by the cardholder. For example, if the provided information matches or correlates to the card-based data, the cardholder's identity is considered to be established implicitly; only the rightful cardholder could provide such information.
The validity of the electronic ticket stored in the passenger card can be determined by reading and verifying the ticket-related information, such as the ticket number, name of the transportation carrier, seat assignment, and date, time and location of departure or arrival. Upon coupling the card to the passenger station, this information can be viewed and checked, or compared against the corresponding data stored in a remote database. If there is an irregularity, such as a ticket number tampered with erroneous seating information, obsolete date, wrong location, or different carrier, the passenger station will convey an appropriate warning message; no passage/boarding is allowed. If the verification is successful, the ticket price will be analyzed to determine if it falls into a regular or special pricing category. If a regular price was paid for the ticket, the passenger may proceed and board the carrier. If the ticket has a special price tag, the passenger station's control module calculates the price difference and conveys a message that the requirements authorizing the special ticket price need to be confirmed as being met. For example, a lower price paid by children or seniors, can be confirmed via the passengers' DOB data that is certified and stored in the passenger card, or by a photo ID presented by those passengers. The control module retrieves the DOB data, computes the passenger's age by subtracting this data from the date provided by the computer clock of the passenger station, and if the resulting age is less (for kids) or more (for seniors) than a predetermined age limits, approves access to the carrier. If the age requirements are not met, the passenger(s) must pay the appropriate price difference to gain access to the carrier. The actual age information can also be displayed, so as to be viewed by a human operator. In addition, a permit for a disabled person or a year-pass that is purchased at a discount price while allowing unlimited traveling via a particular transportation carrier, might be needing confirmation as well. The rightful cardholder can be verified, for example, by comparing biometrics information, which is certified and stored in the passenger card, against the person's "life" biometrics, which is provided by the cardholder claiming to be intended bearer. If the card-based biometrics matches the life biometrics, the ownership is confirmed and free or discounted travel granted. Also verified can be the expiration and effective date or other terms the card-based permit/pass has to conform to.
After the ticket-related data, including the pricing information, is verified and confirmed, the control module can compile an appropriate boarding pass. This pass includes the time, date, and location where access to the carrier was approved by the passenger station, as well as where admission to the premises was authorized. The pass also attaches an electronic receipt, including a ticket cancellation notice, to the card-based ticket to prevent repeated use of the carrier via the same ticket, unless the card-based ticket is authorized for multiple usage including use of more than one carrier. This receipt/notice will also be communicated with the transportation provider's database and compared, for example, against the overall capacity as well as the available seats of that carrier. If the cumulative number -as counted by the control module -of passengers that are admitted for boarding over a particular time frame reaches a predetermined number, a message will be conveyed about the carrier's maximum capacity being reached; additional access is denied. If more than one card-based seating assignment matches -as indicated via the provider's database -the same ticket issued for that carrier, a warning message about the existence of multiple tickets with the same seat assignment will be issued by the control module. A carrier representative has to solve this matter; for example, approve boarding and update the ticket with the correct seating information, or reimburse the double-ticketed passenger accordingly. As long as the carrier's capacity is not reached or a particular seat assignment not claimed yet by more than one card-based ticket, the boarding pass will be loaded into the passenger card and access to the carrier authorized. The pass will also update the database with the number of, and seating information about the, tickets being admitted. In this way, the database will be informed in real-time about the status of all tickets the moment they are used for access or admission purposes.
Additional information can be loaded into the passenger card by an authorized entity, such as the service providers or cardholder per se. For example, the transport provider can store in the card a number of travel points or information relating to promotional activities. Also stored can be security information including identification numbers of the system entities loading data into the passenger card. The cardholder can capture biometrics information and attach it to the boarding pass or admission stamp, so as to prevent the use of the ticket by unauthorized personnel. This additional information can be verified and used upon presentation of the passenger card for service; for example, for trade-in of points, validation of systems data, and verification of the rightful ticket-holder. Also stored in the card can be a permit or license for admission of security/maintenance personnel or merchants. Such individuals or entities don't need to present for access purposes a ticket with a valid seat assignment, but the corresponding permit or license stored in the card. The control module will verify the date, location, and carrier the permit or license are authorized for and if valid, repeat the methodology used for qualifying ticket holders for access. The difference is that instead of seat assignments, data about a particular permit/license will be compared against the provider's database list that contains all valid permits and licenses. If there is a match, access is allowed; otherwise denied.
After removing or decoupling the card form the passenger station, the cardholder can board the carrier, including gain admission to the premises where the carrier is stationed at. The passenger can also temporarily leave the carrier/premises, and return without having to purchase another travel ticket. The passenger can also use the same boarding pass to gain access to more than one carrier or premises; for instance, when using the same ticket for connections during a particular itinerary or for multiple use. To do so, the passenger card will be coupled to the control module installed at, or monitoring by, the exit gate. The module will check the boarding pass previously stored in the card and if valid, compile an appropriate exit stamp, or a transfer stamp in the case of connecting carriers. The module will now load the stamp(s) together with the time and location of exit, as well as identifying data and other information relating to the carrier, into the passenger card. The passenger decouples the card and exits the premises or departs from the carrier with the intent of returning or using another carrier. When presented at the entry gate within a predetermined time period, the exit/transfer stamp will be verified and if authentic, grant re-entry to the premises or access to the carrier. If the exit stamp is missing or determined to be invalid, free passage or access to the carrier will be denied. Passengers can also capture their biometrics information and attach it to the exit stamp, so that nobody else can use the passenger card for re-entry purposes. Biometrics can also be employed for re-entry if no boarding pass, including no seat assignments, is stored in the card; this would be the case of the maintenance/security personnel or on-site vendors who may frequently enter and exit the carrier/premises. By making the exit gate accessible only from the premises where the carrier is stationed at or passing through, only cardholders already on the premises can use the biometrics box installed at the exit gate. In other words, cardholders exiting through the gate can load their biometrics into the card via that biometrics box, but personnel arriving from the outside cannot. When storing biometrics information in the card, the control module at the exit gate will add a unique identification number to the captured biometrics; also attached will be the time and location of exit. In this way, the control module at the entrance gate will recognize via that identification number if the biometrics information was actually loaded into the card at the exit gate and if it relates to a particular carrier/premises. If affirmative, re-entry is granted; otherwise, free admission is denied.
The remote system databases including the passenger card will also store an audit trail about the card usage, such as for admission and verification purposes, as well as data and information being communicated between the card and remote databases.
The invention further includes a method for using the passenger card to pay for the card-based ticket, as well as for goods and services provided by the service providers. The method includes the steps of verifying the card's authenticity, determining if the card-based payment is valid, computing and authorizing the purchase amount, deciding if additional verifications are required, compiling an electronic receipt, clearing payments made via the card, and establishing an audit trail.
Upon presentation for the purchase of a ticket at a transportation provider or of goods and services at a merchant location, the passenger card will be coupled to a payment database or a POS device. The card can now be verified by comparing the authenticity code stored in the card against the authenticity file stored in the database or provided by the POS device. If there is a discrepancy, an appropriate warning message will be conveyed. If there is a match, the card is authentic and approved for further service, including as an electronic payment means. The card can also be verified by any portable terminal while comparing the card-based authenticity code against an authenticity file stored in the portable terminal or while performing a self-test.
The validity of the electronic payment form stored in the card will be determined by verifying the related information including the monetary value associated therewith. The payment form including related information can be verified by providing the security information that is used by a bank or underwriter to protect the form. This information will be compared against, or correlated with, the corresponding data stored in the card. If there is a match/correlation, the form's validity is established; otherwise, the form is not authentic. For example, inputting the correct identification number or security key for the form, or providing the security data of the passenger who is authorized to use that form, will unlock the payment information and activate the monetary value attached thereto. This monetary value can be an electronic representation of traditional money, which is backed by a financial institution, or of payment points, which are underwritten by a non-banking entity,
To pay for a particular purchase made via the card, the purchase amount will be computed and compared against the digital cash stored in the card. If there is enough cash, the purchase amount will be approved by the cardholder and deducted directly from the passenger card while updating the digital cash balance remaining in the card; no on-line authorization calls are necessary. The digital payment will then be forwarded to the transportation/service provider. The received payment will be verified, processed, and credited to the provider's account. If the passenger card simulates traditional payment means, the card can also initiate and implement the required authorization process while communicating with the financial entities authorized to approve such payments. Electronic payments received via a portable terminal, which is used by mobile vendors, can be transferred to the merchant database in real-time or as a cumulation of payments at a later time. The mobile vendor can then request clearance of the electronic payments, including the redemption of payment points, as traditional money.
The merchant or other service provider can perform additional verification steps with respect to the cardholder payment. For instance, if a personal electronic check was used for payment, the merchant can validate the cardholder's identity via a certified driver's license stored in the card, or via a traditional ID document presented by the cardholder. The merchant can verify the driver's license number and expiration date provided by the passenger card, or determine if the picture recorded onto the ID document matches the cardholder's appearance or the digital picture stored in the passenger card. If a payment was made via payment points stored in the card, the service provider might want to verify if the payment points are valid or if the non-financial entity backing those points is still in business. This can be accomplished by determining the authenticity of the card-based points or by communicating with the entity to have the payment points confirmed before accepting them as payment. Service providers accepting payment points might also want to verify if the points are used properly. For instance, payment points earmarked for an airline ticket shouldn't be used to pay for hotel reservations, and vice versa.
After successful verification and approval, the service provider accepting the payment made via the passenger card, will compile and load an electronic receipt into the card and related system databases. This receipt represents proof of payment received by providers and includes, for example, the time, location, and the type of merchandise delivered or service rendered, as well as the price paid therefor. The receipt can also comprise the identification number or security key of the provider to confirm the provider's identity or to protect the receipt's contents. The receipt further comprises the validation codes to authenticate the provided merchandise or rendered service.
Once forwarded via the passenger card, the monetary value can be credited to the service provider's account. If the card-based value represents traditional money, the network transaction processors will clear the payment, so that the financial institution can reimburse the provider accordingly. If electronic payment points were used for the purchase, the points will be forwarded to the non-financial institution who then reimburses the provider. In both cases, the service providers can be reimbursed with traditional money for purchases made via the card. The providers can also keep and re-use the received payments as digital cash. When uploading the electronic payment amounts for clearance, the service providers can also earmark the payments with a security key, so that proper identification and ownership is established with respect to the transferred funds. In this way, the cleared payment amounts can be deposited only to the account of those providers.
The service provider databases including the passenger card will also store an audit trail about the verification process, card-based payments performed between the passenger and providers, and information communicated between and among the remote databases including the passenger card.
The invention further comprises methods for implementing via the passenger card a plurality of application scenarios. The scenarios will be facilitated by a set of application codes that are allocated to a cardholder or a transportation carrier, as well as to any other entity or item the card will communicate with or refer to during the card's usage. The methods include the steps of storing application codes and related information in the passenger card; loading payment forms and monetary values into the card; correlating card data to a passenger, a specific application, or to remote database information; certifying data and information stored in the card; protecting access to card data and database information; issuing the card to the rightful cardholder; authenticating the card and verifying the cardholder requesting application rights; selecting and implementing a particular application; monitoring the conformity to the application rights, and establishing an audit trail.
A set of application codes and related information will be stored in the passenger card to qualify the passenger for the plurality of applications upon presentation of the card, including upon communication with remote databases. The codes define a particular application or use right the card is authorized for. For example, for the use of toll roads and bridges, trucking of goods and moving of vehicles via dedicated transportation carriers, or for the admission of vehicles to predefined premises, such as parking lots, national parks, or other recreational or educational sights. Card-based applications further comprises the tagging of luggage and correlating the luggage to the rightful passenger, or the identification and verification of passengers engaged in international travel. The related information supports the implementation of a particular application while providing the necessary data and information. The information comprises, for example, the terms and conditions the passenger card has to conform to, and the passenger's responsibilities; personal data such as the cardholder's name, address, citizenship and driver's license; information about the vehicle, such as the registration slip and insurance status; data identifying the luggage, such as size, weight, destination, item number and ownership; information about the entities that provide and maintain the card-based infrastructure; or data relating to the card-based ticket used for travel purposes. Also stored will be application-specific card templates to be used during the implementation phase of the functional application scenarios.
The payment forms, including a monetary value, will be loaded into the passenger card, to pay for the privilege of using the card for a specific application and for expenses that are occurred during card usage. The forms are an electronic representation of paper/plastic-based payment means endorsed by banks. The monetary value represents electronic cash backed by banks or payment points underwritten by non-banking entities; both representations are accepted as legal tender for payment purposes. The electronic cash/points can be downloaded from a checking or savings account, or from any other remote payment database, upon proper identification is provided. The monetary value can also be inputted into the passenger card by an authorized representative. The stored payment forms and digital cash or payment points can also be displayed onto the card template, verified, and used as is or updated, if necessary.
To correlate card-based data to persons, applications and system entities, appropriate links and interdependencies have to be established, such as built-in pointers or relationships that are dynamically compiled during the card usage. For instance, the card-based demographics data field can be associated with the cardholder via the holder's name, social security number, or any other unique identifier; as well as the card-based driver's license via the license number. Applications data can be combined via card-based application codes into application modules or card templates that are needed for the execution of a particular application. For example, a ticket code or number for an airline ticket can store or retrieve the appropriate information about who travels when, where and on what airplane. Entity-related information stored in the card can be allocated to the entity that provides the appropriate identification number or security key. For example, the issuer of a car registration document can be identified via the registration number, or the name of the agency taking care of the luggage, can be retrieved from the card-based tag information. To locate, including retrieve or store, card data or database information, a label or address associated with the corresponding data element or record name can be used. The data and information can also be cross-referenced and manipulated via a graphical user interface that provides a link between the passenger and systems application. In this way, the card-based payment information can be accessed via an account number or via the electronic purse embedded in the passenger card.
Selected data and information that is stored in the card or remote database, as well as communicated between the card and remote databases, can be certified by an entity that is responsible to provide authentic data or maintain the integrity thereof. The certification process can employ, for example, the entity's digital signature to authenticate the data/information; if signed with such a signature, it is authentic. The certification process can also use a security key to make sure that the data was not tampered with during storage or communications; for example, being able to access/unscramble it via the security key is proof that the data content is still the original one.
Access to card data or database information is implemented via predetermined access codes or appropriate security keys. For example, cardholders can input their PIN or any other biometrics information into the passenger card, as well as scramble selected card data with a security key. System entities can store a unique access code in a remote database or scramble a database data record with a secret key. To gain access to the card or database, the matching PIN or biometrics, as well as the appropriate code, has to be provided by the individual or entity attempting to do so. To unscramble the card/database data, the appropriate key has to be provided. If the provided key matches or correlates to the stored key, the data can be retrieved and viewed or communicated; otherwise, the data cannot be accessed.
After compiling, certifying and protecting the card contents, the passenger card will be issued to passengers that are authorized to use the cards for at least one application. The card, including the application rights stored therein will be issued to the cardholders that have provided proper identification, proof of eligibility for the card-based applications, and adequate payment, if applicable. The issued cards can be used for a particular application over a predetermined time period, including for a predefined number of usage, or as long as a set of predefined conditions are met. For example, a card-based travel ticket can be valid for a few weeks, including for up to two trips, or a driver's license stored in the card can be used as long as the license is valid, including renewed by the DMV. In other words, the cards can be configured to allow the utilization of the cards on an one-time or repeated use basis, including without any restrictions or while conforming to conditions to be met after the card is issued. The cards can be issued to a particular cardholder or shared by cardholders who are authorized to access and use the individual card-based application modules. The former can be accomplished, for example, by personalizing the card with the card holder's personal and eligibility information, including loading the information into the appropriate card data fields in a relational database-like manner. The latter can be accomplished, for example, by allocating the appropriate application codes, which are stored in the card, to cardholders who can identify themselves via a unique data or any other ID-like information.
The passenger card can be authenticated via any read/write device installed at a point-of-application or via the control module coupled to a passenger station-like apparatus. For example, the authenticity code stored in the card can be compared against the authenticity file stored in a remote system database, as well as a self-test of the card-based authenticity code can be performed to verify the code's integrity. If there is a match or a successful test, the card is established to be authentic. If there is a discrepancy or a test failure, the card will be retained including an appropriate warning message conveyed. In addition to authenticating the passenger card, selected card data can be validated as well. This can be accomplished, for example, by providing the appropriate access codes or security keys to retrieve or unlock such data, as well as by verifying the digital signatures used to certify such data.
The cardholder can be verified by checking conventional ID documents presented by the cardholder, verifying cardholder-related information stored in Government or other databases, or by providing security information that has to correspond to the security data stored in the card. If the documents or database data checks out, or if the provided information matches or correlates to the card-based data, the cardholder's identity is established. After the card is authenticated and the cardholder identified, the card will verify or compile the data interdependencies and correlation links for the applications to be triggered via the card. This ensures that all resources and entities engaged into a particular application are qualified to participate in the implementation of that application.
The applications can be selected from among a menu of systems applications that are available to the passengers. The cardholder can, for example, input via a keyboard the corresponding applications code, point to such a code displayed onto a computer screen, or convey to the system a functional description of the application to be selected. The selection can be made also via a card-based application code upon coupling the passenger card to the system. To determine if the application request should be approved, the system will verify the card-based code; for example, by checking if the code is authentic and if there is a viable application associated therewith. If the verification process is successful, the application can be implemented via that card; otherwise, no application can be triggered. To implement the above applications, a set of appropriate card templates can retrieve and display, as well as manipulate and communicate, card data and database information. This data/information can be viewed, modified, or used for decision logic means to determine the way the application shall be implemented. If additional information is required during the implementation phase, such information can be provided via the graphical user interface or communicated via remote databases.
To control the conformity to or violation of the card-based application rights, the passenger card will provide the necessary information and supporting evidence. For instance, the card can display a driver's license or registration document comprising the expiration dates and information about the licensee or ownership status. If a registration fee is not paid, the card or a traffic officer will be flagging the payment due. This status can be communicated also with the DMV's database, so as to follow-up on the actions to be taken; for example, to pay the fee or to issue a ticket.
The passenger card and remote databases will also store an audit trail about the data and information stored in the card, authentications and verifications implemented during the card usage, electronic payments performed via the card, and information communicated between and among the remote databases including the passenger card.
To better illustrate the above system and methods, let's use the passenger card as an electronic ticket for a travel itinerary comprising several carriers' and destinations, a payment carrier including a monetary value for the purchase of goods and services, as well as a host for various application scenarios. Also, to guarantee a secure information exchange and to authenticate the card data or system information, a cryptography scheme based, for example, upon the public key technology can be implemented; all entities including individuals involved in the exchange or authentication of scrambled data will have an unique pair of keys, a public key known to everybody and a secret private key known only to a particular entity. The public key can include a certified, unique mailing address or public telephone number, and the private key a secret combination of alphanumeric characters or a biometrics characteristics of an individual. In this way, a sender can communicate secure messages to a receiver while encrypting the messages with the public key of that receiver prior to transmission. The transmitted message can be decrypted only by the corresponding private key of the receiver (e.g. addressee); only the addressee on the envelope can open the envelope and read the letter. Besides, any information encrypted with the private key of a sender can be decrypted only by the corresponding (e.g. sender's) public key; the letter signed via the private key is therefore authentic and was send by that sender.
The public key technology, including the related security protocols employed for communications, can also be used to store a public key certificate in the passenger card. The certificate is tamper proof, cannot be duplicated, and can be used to certify or authenticate data and information it is associated with. For example, a particular certification center can load such a certificate into the passenger card as a digital signature; the signature can be attached to a selected card data or associated with particular information stored at a remote location. Afterwards, the digital signature provided by the passenger card can be used to access and unscramble that certified data or information, so that the data/information can be retrieved or downloaded and displayed or printed-out in a plain or legible manner. The fact that the data/information could be accessed and unscrambled with the card-based certificate is proof that it was certified by that particular certification center; if access is denied, the certificate could be a fake or the data/information tampered with. The signature can also automatically "pop-up" when card data or remote information, which is certified via that signature, is retrieved and displayed. Once displayed, the signature can be compared against the official signature of the certification center; this can be done by uploading the signature to the center's database for comparison or by verifying the card-based signature against a list of valid signatures provided by that center. If the comparison/verification is successful the signature is established to be valid, as well as the card data "signed" therewith to be certified. In the case the retrieved/displayed signature is scrambled, the signature can be verified by using the certification center's public key to unscramble it. If the signature can be deciphered via this public key, the data/information was indeed signed by that certification center; otherwise, the signature cannot be relied upon because it might be a fake. The public key certificate can also be used to confirm the identities of cardholders and service providers involved in card-based transactions. To allow each party in a transaction to confirm the identity of the other, the electronic certificate stored in the passenger card will be exchanged automatically with the digital certificate stored in the merchant database. In this way, the certificates can authenticate off-line payment transactions, support on-line debit transactions, or ensure that the communicated information including monetary values were not altered by an unauthorized entity before it is received by the merchant. The certificates can also proof that a passenger, has indeed initiated a purchase request and forwarded the necessary payment, as well as that a merchant has received the payment and provided the product or service.
Let's start with a cardholder who is using the passenger card to plan and to implement a particular trip including the related travel applications. To aid the planning and implementation process, the cardholder will store in the passenger card a set of supporting data and information. This can be accomplished by coupling the card to a card station and by communicating with remote databases, so as to personalize the card contents for the corresponding applications. For instance, the cardholder can input into the card a set of personal data, such as name, mailing address, telephone number. Also stored in the card can be the card templates that are an electronic representation of the documents pertaining to the cardholder, such as the driver's license, car registration slip, insurance papers, and passport. Thes |
