ECRIT R. Gellens Internet-Draft Qualcomm Technologies, Inc Intended status: Informational B. Rosen Expires: April 20, 2016 NeuStar, Inc. H. Tschofenig (Individual) October 18, 2015 Next-Generation Vehicle-Initiated Emergency Calls draft-ietf-ecrit-car-crash-04.txt Abstract This document describes how to use IP-based emergency services mechanisms to support the next generation of emergency calls placed by vehicles (automatically in the event of a crash or serious incident, or manually invoked by a vehicle occupant) and conveying vehicle, sensor, and location data related to the crash or incident. Such calls are often referred to as "Automatic Crash Notification" (ACN), or "Advanced Automatic Crash Notification" (AACN), even in the case of manual trigger. The "Advanced" qualifier refers to the ability to carry a richer set of data. This document also registers a MIME Content Type and an Emergency Call Additional Data Block for the vehicle, sensor, and location data (often referred to as "crash data" even though there is not necessarily a crash). An external specification for the data format, contents, and structure are referenced in this document. This document reuses the technical aspects of next-generation pan- European eCall (a mandated and standardized system for emergency calls by in-vehicle systems within Europe and other regions). However, this document specifies a different set of vehicle (crash) data, specifically, the Vehicle Emergency Data Set (VEDS) rather than the eCall Minimum Set of Data (MSD). This document is an extension of the eCall document, with the differences being that this document makes the MSD data set optional and VEDS mandatory. This document also discusses legacy (curcuit-switched) ACN systems and their migration to next-generation emergency calling. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute Gellens, et al. Expires April 20, 2016 [Page 1] Internet-Draft Vehicle-Initiated Emergency Calls October 2015 working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on April 20, 2016. Copyright Notice Copyright (c) 2015 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Document Scope . . . . . . . . . . . . . . . . . . . . . . . 7 4. Overview of Legacy Deployment Models . . . . . . . . . . . . 8 5. Migration to Next-Generation . . . . . . . . . . . . . . . . 9 6. Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 7. Call Setup . . . . . . . . . . . . . . . . . . . . . . . . . 12 8. Call Routing . . . . . . . . . . . . . . . . . . . . . . . . 15 9. Test Calls . . . . . . . . . . . . . . . . . . . . . . . . . 16 10. Example . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 11. Security Considerations . . . . . . . . . . . . . . . . . . . 21 12. Privacy Considerations . . . . . . . . . . . . . . . . . . . 21 13. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 21 13.1. MIME Content-type Registration for 'application/EmergencyCall.VEDS+xml' . . . . . . . . . . 21 13.2. Registration of the 'VEDS' entry in the Emergency Call Additional Data registry . . . . . . . . . . . . . . . . 22 14. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 23 15. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 23 16. Changes from Previous Versions . . . . . . . . . . . . . . . 23 16.1. Changes from draft-ietf-03 to draft-ietf-04 . . . . . . 23 Gellens, et al. Expires April 20, 2016 [Page 2] Internet-Draft Vehicle-Initiated Emergency Calls October 2015 16.2. Changes from draft-ietf-02 to draft-ietf-03 . . . . . . 23 16.3. Changes from draft-ietf-01 to draft-ietf-02 . . . . . . 23 16.4. Changes from draft-ietf-00 to draft-ietf-01 . . . . . . 23 16.5. Changes from draft-gellens-02 to draft-ietf-00 . . . . . 23 16.6. Changes from draft-gellens-01 to -02 . . . . . . . . . . 24 16.7. Changes from draft-gellens-00 to -01 . . . . . . . . . . 24 17. References . . . . . . . . . . . . . . . . . . . . . . . . . 24 17.1. Normative References . . . . . . . . . . . . . . . . . . 24 17.2. Informative references . . . . . . . . . . . . . . . . . 25 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 26 1. Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. This document re-uses terminology defined in Section 3 of [RFC5012]. Additionally, we use the following abbreviations: +--------+----------------------------------------------------------+ | Term | Expansion | +--------+----------------------------------------------------------+ | 3GPP | 3rd Generation Partnership Project | | AACN | Advanced Automatic Crash Notification | | ACN | Automatic Crash Notification | | APCO | Association of Public-Safety Communications Officials | | EENA | European Emergency Number Association | | ESInet | Emergency Services IP network | | GNSS | Global Satellite Navigation System (which includes the | | | various such systems including the Global Positioning | | | System or GPS) | | IVS | In-Vehicle System | | MNO | Mobile Network Operator | | NENA | National Emergency Number Association | | TSP | Telematics Service Provider | | VEDS | Vehicle Emergency Data Set | +--------+----------------------------------------------------------+ 2. Introduction Emergency calls made by in-vehicle systems (e.g., in the event of a crash) assist in significantly reducing road deaths and injuries by allowing emergency services to respond quickly and often with better location. Gellens, et al. Expires April 20, 2016 [Page 3] Internet-Draft Vehicle-Initiated Emergency Calls October 2015 Drivers often have a poor location awareness, especially outside of major cities, at night and when away from home (especially abroad). In the most crucial cases, the victim(s) might not be able to call because they have been injured or trapped. For more than a decade, some vehicles have been equipped with telematics systems that, among other features, place an emergency call automatically in the event of a crash or manually in response to an emergency call button. Such systems generally have on-board location determination systems that make use of satellite-based positioning technology, inertial sensors, gyroscopes, etc., to provide a fairly accurate position for the vehicle. Such built-in systems can take advantage of the benefits of being integrated into a vehicle, such as more reliable power, ability to have larger or specialized antenna, ability to be engineered to avoid or minimise degradation by vehicle glass coatings, interference from other vehicle systems, etc. Thus, the PSAP can be provided with a good estimate of where the vehicle is during an emergency. Vehicle manufacturers are increasingly adopting such systems, both for the safety benefits and for the additional features and services they enable (e.g., remote engine diagnostics, remote door unlock, stolen vehicle tracking and disabling, etc.). The general term for such systems is Automatic Crash Notification (ACN) or "Advanced Automatic Crash Notification" (AACN). "ACN" is used in this document as a general term. ACN systems transmit some amount of data specific to the incident, referred to generally as "crash data" (the term is commonly used even though there might not have been a crash). While different systems transmit different amounts of crash data, standardized formats, structures, and mechanisms are needed to provide interoperability among systems and PSAPs. As of the date of this document, currently deployed in-vehicle telematics systems are circuit-switched and lack a standards-based ability to convey crash data directly to the PSAP (generally relying on either a human call taker or an automated system to provide the PSAP call taker with some crash data orally, or possibly a proprietary mechanism). The PSAP call taker needs to first realize that the call is related to a vehicle incident, and in most cases must then listen to the data and transcribe it. The transition to next-generation calling in general, and emergency calling in particular, provides an opportunity to vastly improve the scope, breadth, reliability and usefulness of crash data during an emergency by allowing it to be presented alongside the call, and to be automatically processed by the PSAP and made available to the call taker in an integrated, automated way. In addition, vehicle Gellens, et al. Expires April 20, 2016 [Page 4] Internet-Draft Vehicle-Initiated Emergency Calls October 2015 manufacturers are provided an opportunity to take advantage of the same standardized mechanisms for data transmission for internal use if they wish (such as telemetry between the vehicle and a service center for both emergency and non-emergency uses, including location- based services, multi-media entertainment systems, and road-side assistance applications). Next-generation ACN provides an opportunity for such calls to be recognized and processed as such during call set-up, and optionally routed to an upgraded PSAP where the vehicle data is available to assist the call taker in assessing and responding to the situation. An ACN call can be either occupant-initiated or automatically triggered. (The "A" in "ACN" does stand for "Automatic," but the term is often used to refer to the class of calls that are placed by an in-vehicle system (IVS) and that carry incident-related data as well as voice.) Automatically triggered calls indicate a car crash or some other serious incident (e.g., a fire) and carry a greater presumption of risk of injury. Manually triggered calls are often reports of serious hazards (such as impaired drivers or roadway debris) and might require different responses depending on the situation. Manually triggered calls are also more likely to be false (e.g., accidental) calls and so might be subject to different operational handling by the PSAP. This document describes how the IETF mechanisms for IP-based emergency calls, including [RFC6443] and [I-D.ietf-ecrit-additional-data], are used to provide the realization of next-generation ACN. This document reuses the technical aspects of next-generation pan- European eCall (a mandated and standardized system for emergency calls by in-vehicle systems within Europe and other regions), as described in [I-D.ietf-ecrit-ecall]. However, this document specifies a different set of vehicle (crash) data, specifically, the Vehicle Emergency Data Set (VEDS) rather than the eCall Minimum Set of Data (MSD). This document is an extension of [I-D.ietf-ecrit-ecall], with the differences being that this document makes the MSD data set optional and VEDS mandatory. The Association of Public-Safety Communications Officials (APCO) and the National Emergency Number Association (NENA) have jointly developed a standardized set of incident-related vehicle data for ACN use, called the Vehicle Emergency Data Set (VEDS) [VEDS]. Such data is often referred to as crash data although it is applicable in incidents other than crashes. Gellens, et al. Expires April 20, 2016 [Page 5] Internet-Draft Vehicle-Initiated Emergency Calls October 2015 VEDS provides a standard data set for the transmission, exchange, and interpretation of vehicle-related data. A standard data format allows the data to be generated by an IVS, and interpreted by PSAPs, emergency responders, and medical facilities (including those capable of providing trauma level patient care). It includes incident- related information such as airbag deployment, location of the vehicle, if the vehicle was involved in a rollover, various sensor data that can indicate the potential severity of the crash and the likelihood of severe injuries to the vehicle occupants, etc. This data better informs the PSAP and emergency responders as to the type of response that might be needed. This information was recently included in the federal guidelines for field triage of injured patients. These guidelines are designed to help responders at the accident scene identify the potential existence of severe internal injuries and to make critical decisions about how and where a patient needs to be transported. This document registers the 'application/EmergencyCallData.VEDS+xml' MIME content-type, and registers the 'VEDS' entry in the Emergency Call Additional Data registry. VEDS is an XML structure (see [VEDS]). The 'application/ EmergencyCallData.VEDS+xml' MIME content-type is used to identify it. The 'VEDS' entry in the Emergency Call Additional Data registry is used to construct a 'purpose' parameter value for conveying VEDS data in a Call-Info header (as described in [I-D.ietf-ecrit-additional-data]). VEDS is a versatile structure that can accomodate varied needs. However, if additional sets of data are determined to be needed (e.g., in the future or in different regions), the steps to enable each data block are very briefly summarized below: o A standardized format and encoding (such as XML) is defined and published by a Standards Development Organization (SDO) o A MIME Content-Type is registered for it (typically under the 'Application' media type) with a sub-type starting with 'EmergencyCallData.' o An entry for the block is added to the Emergency Call Additional Data Blocks sub-registry (established by [I-D.ietf-ecrit-additional-data]); the registry entry is the root of the MIME sub-type (not including the 'EmergencyCallData' prefix and any suffix such as '+xml') A next-generation In-Vehicle System (IVS) transmits crash data by encoding it in a standardized and registered format (such as VEDS) Gellens, et al. Expires April 20, 2016 [Page 6] Internet-Draft Vehicle-Initiated Emergency Calls October 2015 and attaching it to an INVITE as a MIME body part. The body part is identified by its MIME content-type (such as 'application/ EmergencyCallData.VEDS+xml') in the Content-Type header field of the body part. The body part is assigned a unique identifier which is listed in a Content-ID header field in the body part. The INVITE is marked as containing the crash data by adding a Call-Info header field at the top level of the INVITE. This Call-Info header field contains a CID URL referencing the body part's unique identifier, and a 'purpose' parameter identifying the data as the crash data per the registry entry; the 'purpose' parameter's value is 'EmergencyCallData.' and the root of the MIME type (the 'EmergencyCallData' prefix is not repeated), omitting any suffix such as '+xml' (e.g., 'purpose=EmergencyCallData.VEDS'). These mechanisms are thus used to place emergency calls that are identifiable as ACN calls and that carry one or more standardized crash data objects in an interoperable way. 3. Document Scope This document is focused on the interface to the PSAP, that is, how an ACN emergency call is setup and incident-related data (including vehicle, sensor, and location data) is transmitted to the PSAP using IETF specifications. (The goal is to re-use specifications rather than to invent new.) For the direct model, this is the end-to-end description (between the vehicle and the PSAP). For the TSP model, this describes the right-hand side (between the TSP and the PSAP), leaving the left-hand side (between the vehicle and the TSP) up to the entities involved (i.e., IVS and TSP vendors) who are then free to use the same mechanism as for the right-hand side (or not). Note that while ACN systems in the U.S. and other regions are not currently (as of the date of this document) mandated, Europe has a mandated and standardized system for emergency calls by in-vehicle systems. This pan-European system is known as "eCall" and is the subject of a separate document, [I-D.ietf-ecrit-ecall], which this document build on. Vehicles designed to operate in multiple regions might need to support eCall as well as the ACN described here. If other regions devise their own specifications or data formats, a multi-region vehicle might need to support those as well. This document adopts the call set-up and other technical aspects of [I-D.ietf-ecrit-ecall], which uses [I-D.ietf-ecrit-additional-data], which makes it easy to substitute a different data set while keeping other technical aspects unchanged. Hence, both NG-eCall and the NG- ACN mechanism described here are fully compatible, differing only in the specific data block that is sent (the eCall MSD in the case of NG-eCall, and the APCO/NENA VEDS used in this document). If other Gellens, et al. Expires April 20, 2016 [Page 7] Internet-Draft Vehicle-Initiated Emergency Calls October 2015 regions adopt their own data set, this can be similarly accomodated without changing other technical aspects. 4. Overview of Legacy Deployment Models Legacy (circuit-switched) systems for placing emergency calls by in- vehicle systems, including automatic crash notification systems, generally have some ability to convey at least location and in some cases telematics data to the PSAP. Most such systems use one of three architectural models, which are described here as: "Telematics Service Provider" (TSP), "direct", and "paired". These three models are illustrated below. In the TSP model, both emergency and non-emergency calls are placed to a Telematics Service Provider (TSP); a proprietary technique is used for data transfer (such as proprietary in-band modems) to the TSP. In an emergency, the TSP call taker bridges in the PSAP and communicates location, crash data (such as impact severity and trauma prediction), and other data (such as the vehicle description) to the PSAP call taker verbally. Since the TSP knows the location of the vehicle (from on-board GNSS), location-based routing is usually used to route to the appropriate PSAP. In some cases, the TSP is able to transmit location automatically, using similar techniques as for wireless calls. Typically, a three-way voice call is established between the vehicle, the TSP, and the PSAP, allowing communication between the PSAP call taker, the TSP call taker, and the vehicle occupants (who might be unconscious). ///----\\\ proprietary +------+ 911 trunk +------+ ||| IVS |||-------------->+ TSP +------------------>+ PSAP | \\\----/// crash data +------+ +------+ Figure 1: Legacy TSP Model. In the paired model, the IVS uses a Bluetooth link with a previously- paired handset to establish an emergency call with the PSAP (by dialing a standard emergency number such as 9-1-1), and then communicates location data to the PSAP via text-to-speech; crash data might or might not be conveyed also using text-to-speech in an initial voice greeting. Some such systems use an automated voice prompt menu for the PSAP call taker (e.g., "this is an automatic emergency call from a vehicle; press 1 to open a voice path to the vehicle; press 2 to hear the location read out") to allow the call taker to request location data via text-to-speech. Gellens, et al. Expires April 20, 2016 [Page 8] Internet-Draft Vehicle-Initiated Emergency Calls October 2015 +---+ ///----\\\ | H | 911/etc voice call via handset +------+ ||| IVS |||-->| S +----------------------------------->+ PSAP | \\\----/// +---+ location via text-to-speech +------+ Figure 2: Legacy Paired Model In the direct model, the IVS directly places an emergency call with the PSAP by dialing a standard emergency number such as 9-1-1. Such systems might communicate location data to the PSAP via text-to- speech; crash data might or might not be conveyed using text-to- speech in an initial voice greeting. Some such systems use an automated voice prompt menu (e.g., "this is an automatic emergency call from a vehicle; press 1 to open a voice path to the vehicle; press 2 to hear the location read out") to allow the call taker to request location data via text-to-speech. ///----\\\ 911/etc voice call via IVS +------+ ||| IVS |||---------------------------------------->+ PSAP | \\\----/// location via text-to-speech +------+ Figure 3: Legacy Direct Model 5. Migration to Next-Generation Migration of emergency calls placed by in-vehicle systems to next- generation (all-IP) technology provides a standardized mechanism to identify such calls and to present crash data with the call, as well as enabling additional communications modalities and enhanced functionality. This allows ACN calls and crash data to be automatically processed by the PSAP and made available to the call taker in an integrated, automated way. Because the crash data is carried in the initial SIP INVITE (per [I-D.ietf-ecrit-additional-data]) the PSAP can present it to the call taker simultaneously with the appearance of the call. Migration to next-generation (NG) thus provides an opportunity to significantly improve the handling and response to vehicle-initiated emergency calls. Such calls can be recognized as originating from a vehicle, routed to a PSAP equipped both technically and operationally to handle such calls, and the vehicle-determined location and crash data can be made available to the call taker simultaneously with the call appearance. Vehicle manufacturers using the TSP model can choose to take advantage of the same mechanism to carry telematics data between the Gellens, et al. Expires April 20, 2016 [Page 9] Internet-Draft Vehicle-Initiated Emergency Calls October 2015 vehicle and the TSP for both emergency and non-emergency calls as are used to convey this data to the PSAP. A next-generation IVS establishes an emergency call using the emergency call solution as described in [RFC6443] and [RFC6881], with the difference that the Request-URI indicates an ACN type of emergency call and a Call-Info header field indicates that vehicle crash data is attached. When an ESInet is deployed, the MNO only needs to recognize the call as an emergency call and route it to an ESInet. The ESInet can recognize the call as an ACN with vehicle data and can route the call to an NG-ACN capable PSAP. Such a PSAP can interpret the vehicle data sent with the call and make it available to the call taker. Because of the need to identify and specially process Next-Generation ACN calls (as discussed above), [I-D.ietf-ecrit-ecall] registers new service URN children within the "sos" subservice. These URNs provide a mechanism by which an NG-ACN call is identified, and differentiate between manually and automatically triggered NG-ACN calls, which might be subject to different treatment depending on policy. (The two service URNs registered in [I-D.ietf-ecrit-ecall] are urn:service:sos.ecall.automatic and urn:service:sos.ecall.manual.) Note that in North America, routing queries performed by clients outside of an ESInet typically treat all sub-services of "sos" identically to "sos" with no sub-service. However, the Request-URI header field retains the full sub-service; route and handling decisions within an ESInet or PSAP can take the sub-service into account. For example, in a region with multiple cooperating PSAPs, an NG-ACN call might be routed to a PSAP that is NG-ACN capable, or one that specializes in vehicle-related incidents. Migration of the three architectural models to next-generation (all- IP) is described below. In the TSP model, the IVS transmits crash and location data to the TSP using either a protocol that is based on a proprietary design or one that re-uses the mechanisms and data objects described here. In an emergency, the TSP call taker bridges in the PSAP and the TSP transmits crash and other data to the PSAP using the mechanisms and data objects described here. There is a three-way call between the vehicle, the TSP, and the PSAP, allowing communication between the PSAP call taker, the TSP call taker, and the vehicle occupants (who might be unconscious). Gellens, et al. Expires April 20, 2016 [Page 10] Internet-Draft Vehicle-Initiated Emergency Calls October 2015 proprietary ///----\\\ or standard +------+ standard +------+ ||| IVS ||| ------------------->+ TSP +------------------->+ PSAP | \\\----/// crash + other data +------+ crash + other data +------+ Figure 4: Next-Generation TSP Model The vehicle manufacturer and the TSP can choose to use the same mechanisms and data objects to transmit crash and location data from the vehicle to the TSP as are described here to transmit such data from to the PSAP. In the direct model, the IVS communicates crash data to the PSAP directly using the mechanisms and data objects described here. ///----\\\ NG emergency call +------+ ||| IVS |||----------------------------------------->+ PSAP | \\\----/// crash + other data +------+ Figure 5: Next-Generation Direct Model In the paired model, the IVS uses a Bluetooth link to a previously- paired handset to establish an emergency call with the PSAP; it is undefined what facilities are or will be available for transmitting crash data through the Bluetooth link to the handset for inclusion in an NG emergency call. Hence, manufacturers that use the paired model for legacy calls might choose to adopt either the direct or TSP models for next-generation calls. +---+ ///----\\\ (undefined) | H | standard +------+ ||| IVS |||------------------>| S +------------------->+ PSAP | \\\----/// (undefined) +---+ crash + other data +------+ Figure 6: Next-Generation Paired Model If the call is routed to a PSAP that is not capable of processing the vehicle data, the PSAP ignores (or does not receive) the vehicle data. This is detectable by the IVS or TSP when it receives a 200 OK to the INVITE which lacks an eCall control structure acknowledging receipt of the data [I-D.ietf-ecrit-ecall]. The IVS or TSP then proceeds as it would for a non-NG ACN call (e.g., verbal conveyance of data) Gellens, et al. Expires April 20, 2016 [Page 11] Internet-Draft Vehicle-Initiated Emergency Calls October 2015 6. Profile In the context of emergncy calls placed by an in-vehicle system it is assumed that the car is equipped with a built-in GNSS receiver. For this reason only geodetic location information will be sent within an emergency call. The following location shapes MUST be implemented: 2d and 3d Point (see Section 5.2.1 of [RFC5491]), Circle (see Section 5.2.3 of [RFC5491]), and Ellipsoid (see Section 5.2.7 of [RFC5491]). The coordinate reference systems (CRS) specified in [RFC5491] are also mandatory for this document. The element, as defined in [RFC5962] which indicates the direction of travel of the vehicle, is important for dispatch and hence it MUST be included in the PIDF-LO [RFC4119]. The element specified in [RFC5962] MUST be implemented and MAY be included. Calls by in-vehicle systems are placed via cellular networks, which might ignore location sent by an originating device in an emergency call INVITE, instead attaching their own location (often determined in cooperation with the originating device). Standardized crash data structures often include location as determined by the IVS. A benefit of this is that it allows the PSAP to see both the location as determined by the cellular network (often in cooperation with the originating device) and the location as determined by the IVS. This specification inherits the ability to utilize test call functionality from Section 15 of [RFC6881]. 7. Call Setup It is important that ACN calls be easily identifiable as such at all stages of call handling, and that automatic versus manual triggering be known. ACN calls differ from general emergency calls in several aspects, including the presence of standardized crash data, the fact that the call is known to be placed by an in-vehicle system (which has implications for PSAP operational processes), and, especially for automatic calls, information that can indicate a likelihood of severe injury and hence need for trauma services. Knowledge that a call is an ACN and further that it was automatically or manually invoked carries a range of implications about the call, the circumstances, and the vehicle occupants. Calls by in-vehicle systems can be considered a specific sub-class of general emergency calls and are optimally handled by a PSAP with the technical and operational capabilities to serve such calls. (This is especially so in environments such as the U.S. where there are many PSAPs and where individual PSAPs have a range of capabilities.) Technical capabilities include the ability to recognize and process standardized crash data. Operational capabilities include training and processes for assessing severe injury likelihood and responding Gellens, et al. Expires April 20, 2016 [Page 12] Internet-Draft Vehicle-Initiated Emergency Calls October 2015 appropriately (e.g., dispatching trauma-capable medical responders or those trained and equipped to extract occupants from crashed vehicles and handle gasoline or other hazardous materials, transporting victims to a trauma center, alerting the receiving facility, etc.). Because ACN calls differ in significant ways from general emergency calls, and because such calls typically generally are best handled by PSAPs equipped technically to interpet and make use of crash data, and operationally to handle emergency calls placed by in-vehicle systems, [I-D.ietf-ecrit-ecall] registers SOS sub-services. Using a sub-service allows the call to be treated as an amergency call and makes it readily obvious that the call is an ACN; a further child element distinguishes calls automatically placed due to a crash or other serious incident (such as a fire) from those manually invoked by a vehicle occupant (specifically, "SOS.ecall.automatic" and "SOS.ecall.manual"). The distinction between automatic and manual invocation is also significant; automatically triggered calls indicate a car crash or some other serious incident (e.g., a fire) and carry a greater presumption of risk of injury and hence need for specific responders (such as trauma or fire). Manually triggered calls are often reports of serious hazards (such as impaired drivers or roadway debris) and might require different responses depending on the situation. Manually triggered calls also have a greater chance of being false (e.g., accidental) calls and might thus be subject to different handling by the PSAP. A next-generation In-Vehicle System (IVS) transmits crash data by encoding it in a standardized and registered format and attaching it to an INVITE as an additional data block as specified in Section 4.1 of [I-D.ietf-ecrit-additional-data]. As described in that document, the block is identified by its MIME content-type, and pointed to by a CID URL in a Call-Info header with a 'purpose' parameter value corresponding to the block. Specifically, the steps required during standardization are: o A set of crash data is standardized by an SDO or appropriate organization o A MIME Content-Type for the crash data set is registered with IANA * If the data is specifically for use in emergency calling, the MIME type is normally under the 'application' type with a subtype starting with 'EmergencyCallData.' * If the data format is XML, then by convention the name has a suffix of '+xml' Gellens, et al. Expires April 20, 2016 [Page 13] Internet-Draft Vehicle-Initiated Emergency Calls October 2015 o The item is registered in the Emergency Call Additional Data registry, as defined in Section 9.1.7 of [I-D.ietf-ecrit-additional-data] * For emergency-call-specific formats, the registered name is the root of the MIME Content-Type (not including the 'EmergencyCallData' prefix and any suffix such as '+xml') as described in Section 4.1 of [I-D.ietf-ecrit-additional-data] When placing an emergency call: o The crash data set is created and encoded per its specification o The crash data set is attached to the emergency call INVITE as specified in Section 4.1 of [I-D.ietf-ecrit-additional-data], that is, as a MIME body part identified by its MIME Content-Type in the body part's Content-Type header field o The body part is assigned a unique identifier label in a Content- ID header field of the body part o A Call-Info header field at the top level of the INVITE is added that references the crash data and identifies it by its MIME root (as registered in the Emergency Call Additional Data registry) * The crash data is referenced in the Call-Info header field by a CID URL that contains the unique Content ID assigned to the crash data body part * The crash data is identified in the Call-Info header field by a 'purpose' parameter whose value is 'EmergencyCallData.' concatenated with the specific crash data entry in the Emergency Call Additional Data registry * The Call-Info header field MAY be either solely to reference the crash data (and hence have only the one URL) or can also contain other URLs referencing other data o Additional crash data sets MAY be included by following the same steps The Vehicle Emergency Data Set (VEDS) is an XML structure defined by the Association of Public-Safety Communications Officials (APCO) and the National Emergency Number Association (NENA) [VEDS]. The 'application/EmergencyCallData.VEDS+xml' MIME content-type is used to identify it. The 'VEDS' entry in the Emergency Call Additional Data registry is used to construct a 'purpose' parameter value for conveying VEDS data in a Call-Info header. Gellens, et al. Expires April 20, 2016 [Page 14] Internet-Draft Vehicle-Initiated Emergency Calls October 2015 The VEDS data is attached as a body part with MIME content type 'application/EmergencyCallData.VEDS+xml' which is pointed at by a Call-Info URL of type CID with a 'purpose' parameter of 'EmergencyCallData.VEDS'. Entities along the path between the vehicle and the PSAP are able to identify the call as an ACN call and handle it appropriately. The PSAP is able to identify the crash data as well as any other additional data attached to the INVITE by examining the Call-Info header fields for 'purpose' parameters whose values start with 'EmergencyCallData.' The PSAP is able to access and the data it is capable of handling and is interested in by checking the 'purpose' parameter values. This document extends [I-D.ietf-ecrit-ecall] by reusing the call set- up and other normative requirements except that in this document, support for the eCall MSD is OPTIONAL and support for VEDS in REQUIRED. 8. Call Routing An Emergency Services IP Network (ESInet) is a network operated by or on behalf of emergency services authorities. It handles emergency call routing and processing before delivery to a PSAP. In the NG9-1-1 architecture adopted by NENA as well as the NG1-1-2 architecture adopted by EENA, each PSAP is connected to one or more ESInets. Each originating network is also connected to one or more ESInets. The ESInets maintain policy-based routing rules which control the routing and processing of emergency calls. The centralization of such rules within ESInets provides for a cleaner separation between the responsibilities of the originating network and that of the emergency services network, and provides greater flexibility and control over processing of emergency calls by the emergency services authorities. This makes it easier to react quickly to unusual situations that require changes in how emergency calls are routed or handled (e.g., a natural disaster closes a PSAP), as well as ease in making long-term changes that affect such routing (e.g., cooperative agreements to specially handle calls requiring translation or relay services). In an environment that uses ESInets, the originating network need only detect that the service URN of an emergency call is or starts with "sos", passing all types of emergency calls to an ESInet. The ESInet is then responsible for routing such calls to an appropriate PSAP. In an environment without an ESInet, the emergency services authorities and the originating carriers would need to determine how such calls are routed. Gellens, et al. Expires April 20, 2016 [Page 15] Internet-Draft Vehicle-Initiated Emergency Calls October 2015 9. Test Calls This document builds on [I-D.ietf-ecrit-ecall], which inherits the ability to utilize test call functionality from Section 15 of [RFC6881]. A service URN starting with "test." indicates a request for an automated test. Per [I-D.ietf-ecrit-ecall], "urn:service:test.sos.ecall.automatic" indicates such a test feature. This functionality is defined in [RFC6881]. Note that since test calls are placed using "test" as the parent service URN and "sos" as a child, such calls are not treated as an emergency call and so some functionality will not apply (such as preemption or service availability for devices lacking service ("non- service-initialized" or "NSI") if those are available for emergency calls); this is by design. MNOs can recognize test calls and treat them in a way that tests as much functionality as desired, but this is outside the scope of this document. 10. Example Figure 7 shows an emergency call placed by a vehicle whereby location information and VEDS crash data are both attached to the SIP INVITE message. The INVITE has a request URI containing the 'urn:service:sos.ecall.automatic' service URN and is thus recognized as an ACN type of emergency call, and is also recognizable as an emergency call because the request URI starts with 'urn:service:sos'. The mobile network operator (MNO) routes the call to an Emergency services IP Network (ESInet), as for any emergency call. The ESInet processes the call as an ACN and routes the call to an appropriate ACN-capable PSAP (using location information and the fact that that it is an ACN). The call is processed by the Emergency Services Routing Proxy (ESRP), as the entry point to the ESInet. The ESRP routes the call to an appropriate ACN-capable PSAP, where the call is received by a call taker. (In deployments where there is no ESInet, the MNO itself routes the call directly to an appropriate ACN-capable PSAP.) Gellens, et al. Expires April 20, 2016 [Page 16] Internet-Draft Vehicle-Initiated Emergency Calls October 2015 +---------------------------------------+ | | +------------+ | +-------+ | | | | | PSAP2 | | | | | +-------+ | | Originating| | | | Mobile | | +------+ +-------+ | Vehicle-->| Network |--+->| ESRP |---->| PSAP1 |--> Call-Taker | | | | +------+ +-------+ | | | | | +------------+ | +-------+ | | | PSAP3 | | | +-------+ | | | | | | | | ESInet | +---------------------------------------+ Figure 7: Example of Vehicle-Placed Emergency Call Message Flow The example, shown in Figure 8, illustrates a SIP emergency call INVITE that is being conveyed with location information (a PIDF-LO) and crash data (as VEDS data). The example VEDS data structure shows information about about a crashed vehicle. The example communicates that the car is a model year 2015 Saab 9-5 (a car which does not exist). The front airbag deployed as a consequence of the crash. The 'VehicleBodyCategoryCode' indicates that the crashed vehicle is a passenger car (the code is set to '101') and that it is not a convertible (the 'ConvertibleIndicator' value is set to 'false'). The 'VehicleCrashPulse' element provides further information about the crash, namely that the force of impact based on the change in velocity over the duration of the crash pulse was 100 MPH. The principal direction of the force of the impact is set to '12' (which refers to 12 O'Clock, corresponding to a frontal collision). This value is described in the 'CrashPulsePrincipalDirectionOfForceValue' element. The 'CrashPulseRolloverQuarterTurnsValue' indicates the number of quarter turns in concert with a rollover expressed as a number; in our case 1. No roll bar was deployed, as indicated in 'VehicleRollbarDeployedIndicator' being set to 'false'. Gellens, et al. Expires April 20, 2016 [Page 17] Internet-Draft Vehicle-Initiated Emergency Calls October 2015 Next, there is information indicating seatbelt and seat sensor data for individual seat positions in the vehicle. In our example, information from the driver seat is available (value '1' in the 'VehicleSeatLocationCategoryCode' element), that the seatbelt was monitored ('VehicleSeatbeltMonitoredIndicator' element), that the seatbelt was fastened ('VehicleSeatbeltFastenedIndicator' element) and the seat sensor determined that the seat is occupied ('VehicleSeatOccupiedIndicator' element). Finally, information about the weight of the vehicle, which is 600 kilogram in our example. In addition to the information about the vehicle, further indications are provided, namely the presence of fuel leakage ('FuelLeakingIndicator' element), an indication whether the vehicle was subjected to multiple impacts ('MultipleImpactsIndicator' element), the orientation of the vehicle at final rest ('VehicleFinalRestOrientationCategoryCode' element) and an indication that there are no parts of the vehicle on fire (the 'VehicleFireIndicator' element). INVITE urn:service:sos.ecall.automatic SIP/2.0 To: urn:service:sos.ecall.automatic From: ;tag=9fxced76sl Call-ID: 3848276298220188511@atlanta.example.com Geolocation: Geolocation-Routing: no Call-Info: cid:1234567890@atlanta.example.com; purpose=EmergencyCallData.VEDS Accept: application/sdp, application/pidf+xml CSeq: 31862 INVITE Content-Type: multipart/mixed; boundary=boundary1 Content-Length: ... --boundary1 Content-Type: application/sdp ...Session Description Protocol (SDP) goes here --boundary1 Content-Type: application/pidf+xml Content-ID: -34.407 150.883 278 gps 2012-04-5T10:18:29Z 1M8GDM9A_KP042788 --boundary1 Content-Type: application/EmergencyCallData.VEDS+xml Content-ID: 1234567890@atlanta.example.com Content-Disposition: by-reference;handling=optional Saab 9-5 2015 FRONT true Gellens, et al. Expires April 20, 2016 [Page 19] Internet-Draft Vehicle-Initiated Emergency Calls October 2015 false MAIN 101 100 MPH 12 1 false 1 true true true 600 kilogram true false Gellens, et al. Expires April 20, 2016 [Page 20] Internet-Draft Vehicle-Initiated Emergency Calls October 2015 true Driver false --boundary1-- Figure 8: SIP INVITE indicating a Vehicule-Initated Emergency Call 11. Security Considerations This document does not raise security considerations beyond those described in [RFC5069]. As with emergency service systems with end host provided location information there is the possibility that that location is incorrect, either intentially (in case of an a denial of service attack against the emergency services infrastructure) or due to a malfunctioning device. The reader is referred to [RFC7378] for a discussion of some of these vulnerabilities. 12. Privacy Considerations Since this document builds on [I-D.ietf-ecrit-ecall], which itself builds on [I-D.ietf-ecrit-additional-data], the data structures specified there, and the corresponding privacy considerations discussed there, apply here as well. The VEDS data structure contains optional elements that can carry identifying and personal information, both about the vehicle and about the owner, as well as location information, and so needs to be protected against unauthorized disclosure. Local regulations may impose additional privacy protection requirements. 13. IANA Considerations 13.1. MIME Content-type Registration for 'application/ EmergencyCall.VEDS+xml' This specification requests the registration of a new MIME type according to the procedures of RFC 4288 [RFC4288] and guidelines in RFC 3023 [RFC3023]. MIME media type name: application MIME subtype name: EmergencyCallData.VEDS+xml Mandatory parameters: none Gellens, et al. Expires April 20, 2016 [Page 21] Internet-Draft Vehicle-Initiated Emergency Calls October 2015 Optional parameters: charset Indicates the character encoding of enclosed XML. Encoding considerations: Uses XML, which can employ 8-bit characters, depending on the character encoding used. See Section 3.2 of RFC 3023 [RFC3023]. Security considerations: This content type is designed to carry vehicle crash data during an emergency call. This data can contain personal information including vehicle VIN, location, direction, etc. Appropriate precautions need to be taken to limit unauthorized access, inappropriate disclosure to third parties, and eavesdropping of this information. Please refer to Section 7 and Section 8 of [I-D.ietf-ecrit-additional-data] for more information. Interoperability considerations: None Published specification: [VEDS] Applications which use this media type: Emergency Services Additional information: None Magic Number: None File Extension: .xml Macintosh file type code: 'TEXT' Person and email address for further information: Hannes Tschofenig, Hannes.Tschofenig@gmx.net Intended usage: LIMITED USE Author: This specification is a work item of the IETF ECRIT working group, with mailing list address . Change controller: The IESG 13.2. Registration of the 'VEDS' entry in the Emergency Call Additional Data registry This specification requests IANA to add the 'VEDS' entry to the Emergency Call Additional Data registry, with a reference to this document. The Emergency Call Additional Data registry has been established by [I-D.ietf-ecrit-additional-data]. Gellens, et al. Expires April 20, 2016 [Page 22] Internet-Draft Vehicle-Initiated Emergency Calls October 2015 14. Contributors We would like to thank Ulrich Dietz for his help with earlier versions of the original version of this document. 15. Acknowledgements We would like to thank Michael Montag, Arnoud van Wijk, Ban Al-Bakri, and Gunnar Hellstrom for their feedback. 16. Changes from Previous Versions 16.1. Changes from draft-ietf-03 to draft-ietf-04 o Added example VEDS object o Additional clarifications and corrections o Removed references from Abstract o Moved Document Scope section to follow Introduction 16.2. Changes from draft-ietf-02 to draft-ietf-03 o Additional clarifications and corrections 16.3. Changes from draft-ietf-01 to draft-ietf-02 o This document now refers to [I-D.ietf-ecrit-ecall] for technical aspects including the service URN; this document no longer proposes a unique service URN for non-eCall NG-ACN calls; the same service URN is now used for all NG-ACN calls including NG-eCall and non-eCall o Added discussion of an NG-ACN call placed to a PSAP that doesn't support it o Minor wording improvements and clarifications 16.4. Changes from draft-ietf-00 to draft-ietf-01 o Added further discussion of test calls o Added further clarification to the document scope o Mentioned that multi-region vehicles may need to support other crash notification specifications such as eCall o Minor wording improvements and clarifications 16.5. Changes from draft-gellens-02 to draft-ietf-00 o Renamed from draft-gellens- to draft-ietf- o Added text to Introduction to clarify that during a CS ACN, the PSAP call taker usually needs to listen to the data and transcribe it Gellens, et al. Expires April 20, 2016 [Page 23] Internet-Draft Vehicle-Initiated Emergency Calls October 2015 16.6. Changes from draft-gellens-01 to -02 o Fixed case of 'EmergencyCallData', in accordance with changes to [I-D.ietf-ecrit-additional-data] 16.7. Changes from draft-gellens-00 to -01 o Now using 'EmergencyCallData' for purpose parameter values and MIME subtypes, in accordance with changes to [I-D.ietf-ecrit-additional-data] o Added reference to RFC 6443 o Fixed bug that caused Figure captions to not appear 17. References 17.1. Normative References [I-D.ietf-ecrit-additional-data] Gellens, R., Rosen, B., Tschofenig, H., Marshall, R., and J. Winterbottom, "Additional Data Related to an Emergency Call", draft-ietf-ecrit-additional-data-37 (work in progress), October 2015. [I-D.ietf-ecrit-ecall] Gellens, R. and H. Tschofenig, "Next-Generation Pan- European eCall", draft-ietf-ecrit-ecall (work in progress), March 2015. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/ RFC2119, March 1997, . [RFC3023] Murata, M., St. Laurent, S., and D. Kohn, "XML Media Types", RFC 3023, DOI 10.17487/RFC3023, January 2001, . [RFC4119] Peterson, J., "A Presence-based GEOPRIV Location Object Format", RFC 4119, DOI 10.17487/RFC4119, December 2005, . [RFC4288] Freed, N. and J. Klensin, "Media Type Specifications and Registration Procedures", RFC 4288, DOI 10.17487/RFC4288, December 2005, . Gellens, et al. Expires April 20, 2016 [Page 24] Internet-Draft Vehicle-Initiated Emergency Calls October 2015 [RFC5031] Schulzrinne, H., "A Uniform Resource Name (URN) for Emergency and Other Well-Known Services", RFC 5031, DOI 10.17487/RFC5031, January 2008, . [RFC5491] Winterbottom, J., Thomson, M., and H. Tschofenig, "GEOPRIV Presence Information Data Format Location Object (PIDF-LO) Usage Clarification, Considerations, and Recommendations", RFC 5491, DOI 10.17487/RFC5491, March 2009, . [RFC5962] Schulzrinne, H., Singh, V., Tschofenig, H., and M. Thomson, "Dynamic Extensions to the Presence Information Data Format Location Object (PIDF-LO)", RFC 5962, DOI 10.17487/RFC5962, September 2010, . [RFC6443] Rosen, B., Schulzrinne, H., Polk, J., and A. Newton, "Framework for Emergency Calling Using Internet Multimedia", RFC 6443, DOI 10.17487/RFC6443, December 2011, . [RFC6881] Rosen, B. and J. Polk, "Best Current Practice for Communications Services in Support of Emergency Calling", BCP 181, RFC 6881, DOI 10.17487/RFC6881, March 2013, . [VEDS] "Vehicular Emergency Data Set (VEDS) version 3", July 2012, . 17.2. Informative references [RFC5012] Schulzrinne, H. and R. Marshall, Ed., "Requirements for Emergency Context Resolution with Internet Technologies", RFC 5012, DOI 10.17487/RFC5012, January 2008, . [RFC5069] Taylor, T., Ed., Tschofenig, H., Schulzrinne, H., and M. Shanmugam, "Security Threats and Requirements for Emergency Call Marking and Mapping", RFC 5069, DOI 10.17487/RFC5069, January 2008, . [RFC7378] Tschofenig, H., Schulzrinne, H., and B. Aboba, Ed., "Trustworthy Location", RFC 7378, DOI 10.17487/RFC7378, December 2014, . Gellens, et al. Expires April 20, 2016 [Page 25] Internet-Draft Vehicle-Initiated Emergency Calls October 2015 Authors' Addresses Randall Gellens Qualcomm Technologies, Inc 5775 Morehouse Drive San Diego 92651 US Email: rg+ietf@randy.pensive.org Brian Rosen NeuStar, Inc. 470 Conrad Dr Mars, PA 16046 US Email: br@brianrosen.net Hannes Tschofenig (Individual) Email: Hannes.Tschofenig@gmx.net URI: http://www.tschofenig.priv.at Gellens, et al. Expires April 20, 2016 [Page 26]