About kiosks
……. Kiosks were common in Persia, India, Pakistan, and in the Ottoman Empire from the 13th century onward ……. Indian Kiosk are generally called “Gumti” and sometimes “khokha” too……..
The first self-service, interactive kiosk was developed in 1977 at the University of Illinois at Urbana-Champaign by a pre-med student, Murray Lappe. …….
– http://en.wikipedia.org/wiki/
Introduction
Kiosk has been part of human life for many years and centuries. Above quote also focuses on how technology impacted kiosk to be operated independently to serve mankind. In modern world kiosk is not just a computer with a touch screen enclosed in a box – it is an integration of Mechanical, Computer Hardware, Software, Peripherals and Embedded Controllers, and to build it requires high order domain expertise and intellectual power.
This whitepaper targets
• Technical audiences who want to develop kiosk systems
• Organizations willing to start sale through kiosks
• Functional beginners who want to possess basic knowledge of the kiosk systems
In IT world it is a common scenario where client provides business objectives and high level requirement to build the complete system and they are not in a position to provide all the details of the system one is expecting to be developed.
The objective of this paper is to educate readers and help make them comfortable in developing kiosk systems
Business Scenarios
Some of the popular business examples where organizations around the world are building kiosk systems are Digital Photo Kiosk, Bill Payment Kiosk, School Kiosk, Prepaid Electricity Kiosk, Internet Kiosk, Ticketing Kiosk etc.
Based on the business intend of the kiosk one need to set the focus on certain aspects of the kiosk, like Digital Photo Kiosk uses internal printer to print pictures instantly, so printer functionality becomes the main focus here. Hence simple user interface and high quality printer will be the best expected option.
In cases like School Kiosk, student friendly user interface is a major concern. Parents top up students smart cards to avoid cash in school transactions, here smart card reader and cash acceptor devices play a major role. School kiosk can use thermal printers for receipt printing, as their receipts are not required to be preserved for long time, so thermal printer is ideal solution. Smart card reader should be contact less reader so that students can easily operate them and no need to have physical contact with the reader. Better cash acceptor minimizes the support efforts in case of failed transactions.
Designing Internet kiosk is major challenge in terms of security where in user is allowed to browse the web. Internet kiosks may not need many peripherals but better control on user’s access rights to minimize virus attacks. Security threats are major concerns.
Prepaid Electricity Kiosk is used to top up credit through consumer’s smart cards, and then the smart card can be inserted into electricity meter at home which allows equivalent amount of electricity to consume. Such system uses contact smart card reader for read/write operations along with receipt printer. Card reading and writing speed of the reader should be major focus here.
Ticketing Kiosk is used to vend tickets and provide various other allied services as a single window for the user. These kiosks have very user friendly interface as the user may not be computer savvy and have less patience to understand the functioning. User can perform multiple functions from such kiosk ranging from finding a train schedule, fare calculation between two stations, seat availability, ticket status and ticket issuance.
System Architecture
Major components in the system are
1. Kiosk – This is a PC where kiosk application is running with peripherals
2. Server – Server runs the business logic
3. Database Server – for storage of data
4. Back office application – This application component is required to manage kiosks & their peripherals
Kiosk Software Architecture
1. Device monitoring: This monitoring ensures that all the peripherals are ready for use.
2. Remote Management software: Utility for kiosk remote management
3. Multimedia support: Any utility/third party software for enhanced graphical support like Adobe flash/ Microsoft Silverlight / DirectX technology.
4. OS tamper proofing: This is the most important software running on kiosk, this software restricts user accessing computer resources. User should not be able to modify registry values or system files.
Software and Hardware Components
Software Components
System Software
First thing comes to mind while designing kiosk is kiosk operating system. One has to choose the OS for various parameters like
* Integration with any existing system
* Ease of management by team
* Security
* Initial Purchase cost
* Maintenance Cost
* Future Support fomr OS manufacturer
The three main contenders in the kiosk OS market are
o Microsoft Windows
o Linux
o Apple
Microsoft Windows
Microsoft provides complete family of products those can be used as kiosk OS like
• Windows XP Embedded
• Windows Embedded POSReady 2009
• Windows CE 5.0
• Windows Embedded CE 6.0
• Windows XP Professional
• Windows XP Embedded is one of the mostly used OS on kiosk
• XP Embedded is much cheaper to license and this version of XP is pretty stable and can be tailored to Windows XP and deploy on embedded version without change
• XP Embedded has a great future as Windows Embedded Standard is a next generation of Windows XP Embedded
• Another special OS from Microsoft is Windows Embedded POSReady 2009 for point of sale solutions.
• Embedded POSReady has features for seamless connectivity with peripherals, servers and services
• Windows CE 5.0 is a distinctly different operating system and kernel, rather than a trimmed-down version of desktop Windows
• Windows CE 5.0 is best choice if you need to change OS code for hardware interfacing or some special reason. A distinctive feature of Windows CE compared to other Microsoft operating systems is that large parts of it are offered in source code form. Products like Platform Builder (an integrated environment for Windows CE OS image creation and integration, or customized operating system designs based on CE) offered several components in source code form to the general public.
• Windows Embedded CE 6.0(a renamed version of Windows CE 6.0) OS can be used to develop small footprint devices with a componentized, real-time operating system. OS image of size 300KB can be built with 700 components. When size is a matter of concern use this OS.
• Windows XP Professional is one of the most widely used OS for Kiosk similar to Embedded XP version. Windows XP Professional is easily upgraded with the latest hot fix or service pack.
• You can use Windows XP Professional for kiosk because of its robustness and most stable OS in the market nowadays. It has come out of all the hardware interface related problems that it had initially.
• XP Professional enjoys the latest development technologies for building the kiosk applications such as Microsoft .Net framework, Windows Presentation foundation, Microsoft Silverlight technology.
• The XP Embedded will not have the same end-user help functionality available in Windows XP Pro
• XP Embedded is componentized version of Windows XP Professional, hence you can develop on embedded version without change
• XP Embedded has a great future as Windows Embedded Standard is a next generation of Windows XP Embedded
• Another special OS from Microsoft is Windows Embedded POSReady 2009 for point of sale solutions.
• Embedded POSReady has features for seamless connectivity with peripherals, servers and services
• Windows CE 5.0 is a distinctly different operating system and kernel, rather than a trimmed-down version of desktop Windows
• Windows CE 5.0 is best choice if you need to change OS code for hardware interfacing or some special reason. A distinctive feature of Windows CE compared to other Microsoft operating systems is that large parts of it are offered in source code form. Products like Platform Builder (an integrated environment for Windows CE OS image creation and integration, or customized operating system designs based on CE) offered several components in source code form to the general public.
• Windows Embedded CE 6.0(a renamed version of Windows CE 6.0) OS can be used to develop small footprint devices with a componentized, real-time operating system. OS image of size 300KB can be built with 700 components. When size is a matter of concern use this OS.
• Windows XP Professional is one of the most widely used OS for Kiosk similar to Embedded XP version. Windows XP Professional is easily upgraded with the latest hot fix or service pack.
• You can use Windows XP Professional for kiosk because of its robustness and most stable OS in the market nowadays. It has come out of all the hardware interface related problems that it had initially.
• XP Professional enjoys the latest development technologies for building the kiosk applications such as Microsoft .Net framework, Windows Presentation foundation, Microsoft Silverlight technology.
Linux
• Linux OS is also used for Kiosk because its bit more stable and secure
• If you want to take advantage of open source nature of Linux, you may choose this OS
• Before you take decision make sure that it requires better understanding of OS to implement and manage the kiosk when you start doing a lot of custom work or integration with third party components, hardware, etc., it would be necessary.
• Linux also has embedded version but is not so popular in kiosk world
• Internet kiosk are popular using Linux ( RedHat Linux)
Apple
You will find very few people using Mac based kiosk e.g. WKiosk by App4Mac. It’s not so popular as Kiosk OS.
OS/2
IBM OS/2 was the most popular OS for building ATM’s but after IBM announced that they are discontinuing the OS/2 industry support after December 2004. There are very few kiosks build using this OS those too very initially.
From security point of view any kiosk OS your choose has to be secured from public access.User should not be able to tamper OS underneath. Few steps must be taken to secure OS from tampering.
Here are the few ways so run XP in kiosk mode (secure)
1. Use Group Management Policy console to restrict access to public user which is a restricted user, so that kiosk user cannot change/tamper OS files
2. There are several custom programs from vendors like SiteKiosk, Kioware,SoftStack etc which offers a great secure shell incorporated for your kiosk application
3. Use Windows SteadyState shared access computing tool for Windows XP and above to restrict
access to kiosk OS and data. It’s freely available with licensed copies of Windows XP and
Windows Vista 32 bit OS. Windows SteadyState tool is the next version of Microsoft shared computer toolkit.
Application Software
Several development platforms and technologies are available for developing software.
Care should be taken while selecting development platform, languages, and tools for the development.
Guidelines
1. Choose languages, platform, library which is the latest one and has life for at least next 10 years
2. While selecting any third party tool/library/control make sure that source code of it is available with you
3. Always follow best practices demonstrated by giant IT players like Microsoft, Sun etc
4. Kiosk development is similar to any other product except high level of modularity should be achieved for easy deployment and software upgrades.
5. Application should not only satisfy functionality but also performance, usability, maintainability
6. Choosing RDBMS is also crucial decision, Microsoft SQL Server and Oracle are major RDBMS in the market, considering network of 100 kiosks SQL server is most preferred.
7. Before purchasing any hardware perform proof-of-concept and confirm that hardware is compatible with application your building and OS.
Hardware Components
This section describes the most commonly used devices in the kiosk system
1. Printer: This section focuses on thermal printers only, which is the most preferred printer for kiosk.
It’s very important to choose a printer after proper analysis. Ask below questions to yourself
1. Usage – number of chits printed per day
2. Printing speed
3. Output quality i.e. paper size and color
4. What is the initial investment
5. Consumables and maintenance charges
6. Printer form factor
7. Support for different fonts
8. Support for graphics printing
List to cross check before you select thermal printer –
• Print method – should be direct thermal and not thermal transfer method
• Fonts available
• Column capacity
• Character size, character set, characters per inch
• Interface – RS232,USB etc
• Print Speed – e.g. 170mm/sec
• Paper dimensions
• Driver support
• EMC and safety standards
• Mass – kilograms
• Auto paper cutter availability
• High MTBF
Examples: Epson, CADMUS
2. Cash Acceptor Devices:
Despite the growing popularity of alternate payment methods, cash remains a popular form of payment.
Following points should be considered while selecting cash acceptor
1. Find out the number of transactions per day and total capacity of the cash acceptor, usually its in the range of 500-1000 cash notes
2. How many denominations do you want to accept through kiosk system
3. Maintenance cost considering long time use
4. You want acceptor to accept single note at a time or multiple notes, how notes should be stored, separate denominations in separate compartments or same.
Check time required to validate the note and move note into cash box
5. Future enhancement capabilities of the note acceptor should be demonstrated considering possibilities of changes in the security measures in notes in future by the government
6. Same note acceptor should be able to configure for validating currencies for different countries, usually this can be done by changing the validation logic in embedded IC
7. Cash acceptor should support kiosk application know about
o Total cash present in the cash box,
o Any errors occurred in the note validation
o Cashbox full notification
o Complete log of events happening inside note acceptor for trouble shooting purposes
8. It’s a common problem with cash acceptors, if they kept running long time without reset or after few years of use, they start jamming and inserted notes either remains without getting stacked properly, sometime even it can damage the note by winding it.
9. Verify the type of interface available with cash acceptor RS232, USB etc
10. Power requirements. Usually its DC 24 V, 10Amps
11. Check the weight, size of the acceptor. It should fit into kiosk cabinet.
12. Cash recognition method i.e. optical , magnetic etc
3. Smart card Reader/Writer
There are two types of card readers used with kiosk. Following are the points to be considered while selecting card reader
Contact Smart Card Reader/Writer:
• Interface – prefer USB
• Easy of use
• Smart card acceptor-Landing type (ensures longer card life and minimum damage to the cards outer surface)
• Firmware should be easily upgradeable for future updates
• Power source should be USB
• Check whether your smart card reader has passed Microsoft windows hardware quality lab certification program.
• Card reader confirms to the ISO 7816, PC/SC specification, and PC/SC driver should be available
Contact less Smart Card Reader/Writer
• Easy for use
• Operation LED indicator
• Buzzer should be available
• High-speed transactions
• Should have USB interface avoid RS232 interface
• Confirms PC/SC 2.0 specification
• RoHS Compliant
• CE and FCC Compliant
• Confirms ISO/IEC 14443 or ISO 15693 which allows communications at distances up to 50 cm.
Graphical User Interface guidelines –
Do’s
•Large buttons
•Use textured background
•Make touchable areas obvious
•Limit choices
•Keep user guiding as much possible
•Have simple navigation buttons like back, forward, start
•User should be notified on button click by some beep sound, use 3-D button effect
•Use standard layout for numeric screen similar to ATMs or mobile
•Keep simple English message or messages in regional languages
•Display user name somewhere on screen
•User should not know OS underneath
•Let your GUI promote your company brand
Don’ts
•No title bar
•No start menu
•No double clicking any where
•No pull down menus
•No scrolling or scroll bars
•No dragging or dropping
•Do not use web application as kiosk application
•Turn the cursor off
•Avoid black color for background
•Avoid solid colors
•Don’t change themes at a level where user will get confused by seeing change
•Avoid too many animating objects on the screen
Disaster Recovery
Guidelines
1.Disaster recovery plan should be ready while preparing design of the kiosk system. Plan should be prepared for cases considering software crashes, database corruption, server /hardware failures, network outages, theft, software viruses, unauthorized access or hacking etc
2.Whenever disaster happens recover data which is at logically complete state
3.Kiosk system should have ability to disable certain features temporarily to avoid further losses
4.Remote access to kiosk should be available at any point of time
5.Data loss due to disaster can be minimized by taking regular database backups
6.Transactions should be uploaded to server as soon as they are completed. If your kiosk support offline transactions mode, take care that transaction data is not stored on the kiosk for long time.
7.Refer ISO/IEC 24762:2008 standard for more information
Troubleshooting
Guidelines
1. Implement software and hardware logs
2. Implement email alerts on certain exceptions
3. Keep SQL queries ready to find out the mismatch in the database
4. Perform device test at every restart, don’t allow transaction if this test fails
5. Implement uniform Error code methodology, one should easily relate error code to error source
Tools
1. LogParser Utility – to parse log files and analyze the problem
2. Implement optional application instrumentation to capture application specific information
Here are some tools for remote control of kiosk
Microsoft Windows: Symntec PCAnywhere,GotoMyPC,LogMeIn Pro, radmin, RDC, rdesktop
Linux: Symntec PcAnywhere,GotoMyPc,KRDC,LogMein Pro, rdesktop
Mac OSX:Symntec PcAnywhere, Apple Remote Desktop, LogMein Pro,rdesktop
Security
Guidelines:
1. The Payment Card Industry (PCI), Security Standards Council has taken several steps in managing the data security standards that govern the industry.
2. Encryption methodology should be implemented for sensitive data and logging
3. Remote monitoring tool should be used
4. Provide adequate virus protection(Block not required ports, firewall restrictions)
5. Focus User & Network Access Management
6. Operating system access control
7. Kiosk application should not get affected by attacks like SQL injection, validate every user input before processing it.
8. Refer SO/IEC 17799 and BS7799-2 / ISO27001 standards for more information
Change Management and Software upgrades
Guidelines
1. Software upgrades are usually done in phased manner
2. Kiosk and server communication should happen through ‘process codes’ defined, this will help server to be always backward compatible
3. Kiosk application should have one report for viewing versions of the application components (Executables, DLLs, images, themes)
4. Smoke test should be performed after every upgrade
Tools
1. Use next release of Microsoft’s Systems Management Server (SMS), i.e. System Center Configuration Manager 2007 for task automation, compliance management, and policy based security management allowing for increased business agility.
2. Use BITS (Binary intelligence transfer service) technology for file transfer
Laxmikant Patil 