System Architecture
The project definition is to design a E-surance that has an automated payout system and is based on real time flight performance data. Because the span of the project was limited, we integrated the design of the system into our project, but have not actually implemented a full working model. For the purposes of conveying the type of information that would be displayed in a working E-surance website, we have synthetized the result for the various airlines that were included in our study.
Below is our over-arching system design:
ABOUT US
ACE insurance is a part of a graduate level project for the Systems Engineering department at George Mason University. Our group consists of four members, Taylor, Chris, Tommy, and Arushi. For this endeavor we have been directed by our project sponsor, Dr. Lance Sherry.
The principal of this project is to act as an Air Carrier E-surance to provide insurance to airlines from penalties incurred by infractions imposed by regulations stated in EC-261.
The European Commission Regulation 261/2004 (EC-261/04) is a regulation that establishes common rules for airlines based in the EU or servicing EU airports to compensate and assist passengers for delayed flights, cancelled flights, denied boarding (i.e. oversold flights). The regulation has caused the need for airline adjustments to both their schedule and protocols. With airline costs growing, there are more incentives to improve performance. This regulation also gives consumers recourse to address abuses by airlines. EC-261/04 went into effect in Europe on 17 February 2005.
Given that airlines must compensate passengers for delayed flights, cancelled flights, or denied boarding; our goal is to design an EC-21 insurance system for airlines operating out of Ronald Reagan International airport that is (1) automated, and (2) yields in at least a 5% profit more than 99% of the time.
To study this problem, our group leveraged data from USDOT bureau of transportation statistics to derive historical performance data for various airlines that operate out of Regan international. We then ingested the airlines performance using burning cost and ruin cash flow models in combination with Monte Carlo simulations to solve for an appropriate insurance premium assessment that would meet or beat our profit objectives.
Below is a summary of the EC-261 penalties:
Type 1: flights are flights that are less than 1,500 kilometres in distance from the airport
Type 2: flights include domestic flights that are greater than 1,500 kilometres or international flights greater than 1,500 kilometres, but less than 3,500 kilometres in distance from the airport. This instance of the project is ignoring international flights for simplicity.
Type 3: flights are internationals flights that are greater than 3,500 kilometres in distance from the airport. This instance of the project is ignoring international flights for simplicity.
Web Interface:
The web interface of this system will consist of a client-facing webpage and a backend web service. Clients will use the webpage to apply for insurance coverage and review their accounts (i.e. contact information, flight and claim status, etc.). When prospective clients apply for coverage, their premiums will be assessed inside the web service, and all subsequent flight tracking and payments will be controlled by the web service. This service will reside behind network access controls to allow for secure, firewall-controlled access through the webpage. The web service will be responsible for the following tasks: Premium calculations, Flight tracking and compensation assessments, Payment control and processing, Management of client account database.
Payment System:
Premium and claims payments will be assessed using Electronic Fund Transfers (EFTs); the initial premium payment used to validate client account information. In the U.S., these payments are made through the Automated Clearing House (ACH) by registered vendors; similar establishments exist for international transactions, for example, electronic payments in the EU are made using the European Automated Clearing House Association (EACHA). Most companies (other than banking institutions) access these clearing-houses indirectly, leveraging intermediary services. The benefit to this approach is that only the intermediaries need to be registered with the clearing-houses, and only they need to stay current on access policies. The clients to these services are then only required to adhere to the interfaces established by the intermediaries. There is a nominal fee associated with using such services,
typically a flat-fee assessed on a per-transaction basis (advertised costs are approximately $0.10 per transaction). Banking institutions often offer these services for certain account-types, but the costs are not as openly advertised.
The specific implementation of the payment system is not addressed in this report. However, the
requirements of such a system include the following: Web-based API for initiating EFTs, Ability to assess daily, bulk payments (to reduce transaction costs), Transmission security (should support encrypted transmissions to protect client account information, or use similar data security techniques)
These requirements constitute a minimum, high-level set of features that a selected payment system should offer. A full prototype would require further elucidation of requirements, especially related to interoperability with the web-service architecture.
Client Database:
To quickly and automatically process claims, the system will be required to store client bank account information. Such storage always poses a monumental security risk due to the sensitivity of the information. The account information will be stored in a secure database, which should provide, at minimum, the following features:
Network Security: Firewall rules ( web server(s) and the open internet, web server(s) and database storage, machines inside the local network (behind the client-facing firewall) and the web server), Port security for client-facing web interface, SSL interaction with the database.
Data Security: Encryption of either the full database or specific database fields, Multi-layer password hashing and “salt”-ing to prevent against dictionary attacks.
Further investigation and consultation with information security professionals is required before a prototype system is built, but this list details the high-level requirements of storing sensitive but web-accessible information.
ACE Insurance is commited
Our Team is commited to using Industry leading techniques to provide the very best for our customers.