Kiosk and Kiosks

Kiosks: A Technological Overview


Gerald Morris, Torrin Sanders, Anne Gilman, Stephen J. Adelson, and Sean Smith

Los Alamos National Laboratory
Los Alamos, NM 87545

January 10, 1995

Table of Contents

This paper discusses the selection of components for constructing kiosk systems. After outlining the design steps necessary before creating a kiosk system, we will present each of the typical kiosk components and describe in detail both its function and what parameters can be used to evaluate that component. Discussion of the human factors considerations of each component is included where appropriate.

1.1 What is a Kiosk

Until recently, a kiosk was a small, rugged standalone structure often used as a newsstand, bandstand, or other commercial enterprise. The definition is evolving to include computer systems found in public places. These public computer systems are designed to provide an alternative avenue to reach information and services. The user is presented with an attractive structure which has been designed to provide a simple, friendly interface to novice computer users. A kiosk performs a task which is easily automated, freeing personnel from boring tedious labor.

1.2 Types of Kiosks

Kiosks are being used as a primary tool in efforts to improve the effectiveness of limited personnel and provide easy and convenient access to a wide range of services. Most of these kiosks are built to perform one of the following functions:

* To advertise a commercial product.

* To collect or dispense specific information.

* To exchange information, funds, and/or services.

1.2.1 Advertisement

Kiosks used to advertise products are the least complex type of kiosk. The advertisement kiosk promotes products by providing information about it in a pleasing, interactive environment. This family of kiosks is often used at trade conferences and showroom floors. Advertisement kiosks most commonly take input from a touch screen monitor and use video, animation, and sound to convey information. Proximity detectors may be used to start an advertisement sequence on the kiosk when a potential customer is near, typically using sound and video. Ordinarily located indoors, these kiosks rely on humans for security and maintenance. Limited access to the kiosk makes both physical and system security a low risk.

1.2.2 Information

Information kiosks are used to automate information access or to collect information. These kiosks are found in high pedestrian traffic areas like airports, stores, malls, and convention centers. User input is normally through a touch screen or, less frequently, with a keyboard. Hard copy output -- for maps, coupons, or other desired information -- is normally available through a printer. Although the amount of information is very limited, ticket dispensers at parking lots fit into this category because the information flow is one way: the user requests and receives a time-stamped ticket. Proximity detectors are rarely used with these systems, because noisy or flashing displays prompted by proximity detectors can become a distraction for business concerns or staff members in the same area. Informational kiosks are designed to be visually conspicuous to attract the attention of anyone looking for it without being confrontational to the senses of others. The physical security for these systems is at risk because they have no local owner. The system may be in full view of the public, but none of the people responsible for it are nearby.

1.2.3 Transactional

Transactional kiosks, used to sell goods and services or to exchange information, are the most complex type of kiosk. This family of kiosks is found in stores, malls, public transit terminals, and other high pedestrian traffic areas. Touch screens, simple buttons or keyboards are all used to get instructions and information, along with some method of fund collection, and possibly identity verification. Proximity detectors used to trigger kiosk activities designed to attract customers may be used. The physical security of these kiosks are at risk since money and goods are involved. A kiosk that accepts cash must be designed differently from a kiosk that takes only credit cards or debit cards. The extra room needed to store the cash, the room needed to store change, and the physical security measures needed to protect both adds to the kiosk cost. Most cash processing kiosks deal with small amounts of money only, for public transit fares, parking tickets and the like. Kiosks which sell airplane tickets or allow the transfer funds at a bank require a card of some kind, both to eliminate the difficulty of handling cash and to identify the user.


The design of a kiosk is dependent on what services the kiosk will provide, who will use the services, and the location of the kiosk.

2.1 User Profiles

As the kiosk developer, the service provider is the immediate customer. The customer sees the kiosk as a solution for a specific problem. A developer's first responsibility is to make sure that you and the customer have a common definition of the problem to be solved. If you cannot agree on what the problem is, it is difficult to agree on its solution.

The kiosk designers and service provider need to define the target population for the services that will be provided. The target population is used to define needed functionality and constraints to the design of the kiosk. Will the users be familiar with keyboards? What ages will your users be? Can they all speak one language, or must you provide several? Would you like to include wheelchair users among your clients? The physical, educational, social and national characteristics of your user population will be used to determine and constrain your hardware and interface choices.

The client using a kiosk is not necessarily concerned with how it functions internally; it can also be risky to advertise the physical structure of your system. The user should be able to view the kiosk simply as a cabinet housing electronic equipment which performs a useful function, without having to comprehend the exact wiring and hardware components. The enclosure is very important to how the client views the kiosk. It must be regarded as providing a service without offending the user, and it must be pleasant to look at and use. It must be designed to be accessible to handicapped users and meet any necessary certification requirements.

2.2 Location Factors

As described in the first section, the location of the kiosk delimits what features are most desirable. In an environment where many people must work next to the kiosk all day, repeated music selections can be very annoying. Kiosks should be placed where they can both attract users and not obstruct traffic flow. In addition to the obvious environmental factors of temperature, humidity, and precipitation, the amount of light and noise around a proposed kiosk location will also affect the basic design. If the kiosk will be located in a business setting where many people have to work near it all day, loud and repetitive audio output is a poor choice. Alternatively, if the kiosk will be placed in a stadium, an arcade, or an auction center, use of voice recognition, spoken passwords, or informational audio output will be impractical.

2.3 Example

As an example we will use the kiosk which was designed at Los Alamos National Laboratory for the LIST project. This kiosk was designed as a prototype, using the technologies and software available in mid to late 1994.

2.3.1 Problem Definition

The Los Alamos Information Systems Technologies (LIST) system is designed to facilitate the creation of telecommunities in the National Information Infrastructure (NII). These telecommunities will initially be geographically-centered, based on existing communities or towns. Telecommunities can also be based on common interests such as research, business, education, etc. Telecommunity software will provide a common user interface to all users, a set of base services (such as email, WWW access, teleconferencing, bulletin boards, etc.), and a set of telecommunity-controlled applications. In a telecommunity based on a town these applications can include county services, government services, banks, local businesses, and select remote businesses. Users and applications will register with the telecommunity for control and information reasons. The information collected through registration will allow users to initially access general applications as well as applications requiring access to sensitive information or commerce transactions. Application information will be used by the searching services.

The LIST telecommunity will be available from a user's workstation at work, at home, or from a kiosk within the townsite. Similar functionality will be available from a workstation or kiosk. Users should easily be able to conduct business transactions, collaborate with remote partners, and mine for information using LIST. Not only will our lives be made easier through electronic banking (pay your bills and balance your checkbook automatically) and government services (renew that drivers license without standing in line), but also we will be more connected with our neighbors. People looking for bridge partners can post a message to their neighborhood bulletin board, archaeology buffs can organize expeditions, and students can collaborate both with their classmates and their peers around the world.

Similar to the free televisions stations, there will be a free level in the telecommunity that anyone can access, whether they are a member or not. This will typically be information-only applications, such as information on the county, government, tourism, etc. Access to the non-free level will require user authentication in the form of a password, smartcard, biometric, or some combination.

Personal interaction facilities will be available through the telecommunity, allowing users to chat when accessing the same application, facilitating teleconferencing and collaboration, or to provide on-line help within an application.

The LIST kiosks will provide an array of different applications, not just a single type of application such as Department of Motor Vehicle services or probation services as is currently seen today. The LIST kiosk must be general purpose and serve as a user interface for various multimedia telecommunity applications.

2.3.2 Kiosk Goals

Goals are the long term objective being addressed by the kiosk and are helpful when making design decisions. This kiosk will supply community based services at public locations. The kiosk will provide value to the community as an electronic tool for every day use. Several goals of the kiosk are expressed below:

* The kiosk will serve all Americans. The kiosk will have an easy to use, intuitive and consistent interface. The kiosk will provide a variety of capabilities which will support diverse users and communities.

* The kiosk will promote free enterprise. The kiosk should support competition in an open marketplace. Users will be afforded the maximum choice based on value and price.

* The kiosk will protect the rights of users. The intellectual property rights of owners of information must be protected. The kiosk must support means for supporting verification of identity of users, service providers, and information. Anonymous access will also be supported for some services. Users must be assured that transactions on the kiosk will be free from interception, alterations, and use.

* The kiosk will promote open standards. The kiosk must support national and international standards to promote interoperability when possible.

* The kiosk will provide high-quality services. Services accessed at the kiosk must be dependable and the integrity of the service guaranteed. The kiosk must be flexible in capacity and performance, with the ability to evolve to meet future applications.

* The kiosk will provide an information marketplace. The kiosk will be able to let users know what services, information, and capabilities are available at any time. The kiosk will provide easy entry to new service providers and users. The kiosk will support the ability to use existing applications to create new products and services. The kiosk will provide access to internet services.

2.3.3 Kiosk Requirements and Functionality

Once the problem is defined, the solution can be worked on. First, determine the kiosk's requirements needed to solve the problem. The functional requirements of the kiosk must be precise. The requirements must specify what the kiosk system must do, not how to do it. The requirements must also show a design which is simple and well-integrated. The functional requirements should help define the intended kiosk user, along with any special needs and requirement the kiosk must address. Security and Authentication

Security and authentication need to be intimately tied together in this system. Users must be assured that their information and transactions are not forgeable and there is no way to cheat the system. The kiosk must support LIST security and authentication enhancements. Information Mining

Currently there are limited tools available on the Internet to facilitate information mining. By this we mean that people cannot easily search for information across the various tools. Some of the tools have rudimentary directory services or rudimentary search capabilities, but none provide the extensive capabilities necessary to access the wealth of on-line data. The kiosk must support information search and mining using LIST. Controlled Information Distribution

The kiosk must support LIST enhancements for limiting distribution/copying of controlled information (software, electronic magazine, copyrighted material) -- e.g., controlled cut-and-paste. Interactive Communication

Communications may be possible using available or to-be-developed applications, rather than providing a communications service upon which other applications are built. In any case, the kiosk should directly or indirectly support real-time communications over the internet. Communications may be used for personal conversations, collaboration, or on-line help from service providers, for example. Searching

Search is a facility allowing the user to easily access a service by supplying information about it. What information a user decides to provide in order to describe the service should be left unspecified in order to allow the user maximum flexibility. On the other hand, search and filter facilities should provide as many of the keywords which a user can provide information on without relying on knowledge that the user may not be able to provide. Thus, the solution is to have an interface that is a compromise of these two approaches. The main issue to be addressed is that of minimizing queries which result in either too much or too little information and becomes a waste of time for the user. Filter

We need a filtering system so that people can filter out unwanted information and not be bothered by advertisements and the like. This can also be used to lock out adult material from access by minors. This is a very useful facility that will reduce the number of servers which need to be accessed, as well as reduce the amount of information which is returned by a server. This facility is similar in functionality to the example in telemedicine: the search condition is to look for cases having similar symptoms and an X-ray image provides the filtering condition. Electronic Mail

Electronic mail is a well-established service which should be provided on the kiosk. An encryption facility will be added to allow secure exchange of information. A digital signature capability will be added to verify message contents and author. Transaction Recording

Ideally, if we implemented everything correctly, people would not need to have a record of their transactions, but many people want a receipt of some kind, so we should give it to them. This means that we need to implement a file system which allows people to access their records from anywhere in the world via a designated kiosk. Since a common use of the kiosks will be to conduct transactions, we need a flexible interface that can be used by most companies, government agencies, and people. If a store wants to use the system, the interface should be very similar between stores so that users are not confused by different ordering systems. Color Graphics

Much of the information accessed at the kiosk will be color graphics. The kiosk must designed to support color graphics. Video

Much of the information accessed at the kiosk will be in a video format. The kiosk must support full motion video to slow scan through high definition and beyond. Still images from low to high resolution must also be available. Audio

Much of the information in the world is in audio format. The kiosk must support audio output of information from telephone-quality voice to compact disc quality.

2.3.4 Kiosk Attributes

Attributes are helpful as a method of testing the acceptability of the finished kiosk since they can be measured.

* The kiosk needs to be versatile to allow uses other than LIST access.

* The kiosk must be simple to use with an "Easy to use interface ".

* The kiosk will not be an eye sore, it will be unobtrusive to its environment.

* The kiosk interface should be consistent.

* The kiosk will have a fast response.

2.3.5 Kiosk Constraints

Constraints are limitations on possible kiosk implementations and are best negotiated away. Some constraints are necessary and can help by limiting the possible solutions. Some constraints you will almost always see are cost, and time to delivery.

* Easy To Use - Controls for the kiosk should be easy to understand and use. The information displayed should be easy to understand.

* ADA Compliant - One of the primary objectives is to provide individuals with physical limitations or disabilities the fullest possible access to the systems information services.

* Multi-Lingual - The kiosk must support both English and Spanish.

* Cost - We are seeking a cost effective kiosk solution.

* Secure - The kiosk should be secure to tampering and vandalism. The information received and sent should be correct.


To build the kiosk we purchased much of the hardware and software bundled together which helped to keep the kiosk cost low. We then purchased any software and hardware which was still needed. The hardware and software selection is based upon what was available in mid to late 1994, and should not be taken as a particular endorsement of any of these products.

3.1 Base Platform purchased from Dell Computer Corporation

For our initial kiosk an Intel Pentium computer running Windows was selected.[1] This platform was selected due to its low cost and the availability of specialized peripherals. This platform is one the platforms the LIST software will run on. This platform will handle color graphics, video, and audio with the proper peripherals installed.

3.1.1 Hardware

* Dimension Pentium 90/XPS Medium Desktop Base.[2]

* Spacesaver, Quiet Key Keyboard

* 32MB RAM, 2 SIMMS[3]

* NEC CDR-510, Triple Speed, 200ms, Multisession Photo CD compatible, SCSI CD-ROM Drive.

* VS15 Color Monitor[4]

* Number Nine GXE Video Board with 2MB Memory

* 1GM IDE Hard Drive

* SCSI PIO Controller[5]

* 3.5" 1.44MB Floppy drive.

* Microsoft System Mouse

3.1.2 Software

* DOS 6.21

* Windows 3.1

* Microsoft Works

3.2 Final System Specifications/Hardware

We used the Pentium 90/XPS desktop computer base system with the following modifications.

3.2.1 Color Touch Screen Monitor

We selected a 17" Color monitor using a capacitive touch screen. The 17" monitor was selected because it offered a large area of which could be used as an interface for the kiosk. A larger monitor would have presented problems to some users who would have had problems touching the entire screen.[6]

We purchased the touch screen pre-installed on the face of the color monitor.[7] We selected the capacitive touch screen because of its cost and the large number of operating systems which it supports. The capacitive touch screen can be damaged since it is deposited on the screen of the CRT but it also protects the CRT from some damage.

3.2.2 Video Card

We used the number Nine GXE Video Board which came with the computer system. The 9GXE64Pro is a 64-bit BGA display adapter. It has high speed VRAM, an S3 Vision964 processor an a Texas Instruments true-color palette DAC (Digital to Analog Converter). This board came with 2MB or memory and is upgradeable to 4MB. Resolutions are available from 640 x 480 to 1600 x 1200 (non interlaced). The DAC supports 16.8 million colors.

3.2.3 Audio Card

We selected a Sound Blaster 16 SCSI-2 board for the kiosk. Sound Blaster cards have become the industry standard for digitized sound on the PC platform. Almost any game or other DOS program which supports digitized sound supports the Sound Blaster.

The Sound Blaster board is a 16 bit board which handles 20 voices. Its sound quality can easily be improved by adding an optional Wave Blaster daughterboard with a 32 voice EMU chip. With the Wave Blaster you can deliver 16 bit high fidelity sound and music. Another feature of this board is that it supports SCSI-2 interface for a CD-ROMs.

3.2.4 Modem

A modem card was purchased for the kiosk to allow modem connectivity. The ProModem 144e manufactured by Prometheous was selected. This is a 14,400 bps data or send/receive fax modem with error correction and (V.42/V.42bis/MNP-5) data compression.

3.2.5 Network Card

A network card was purchased for the kiosk to allow network connectivity. The 3Com EtherLink III network card was selected. This card allowed the kiosk to be connected to any Ethernet network wired with IEEE 802 standard 10BASE-2, 10BASE-5, or 10BASE-T cable.

3.2.6 Speakers

We purchased external Labtec CS-700 speakers for the kiosk. These speakers have a built in 3 band equalizer and Bass Boost- DXBB circuit. Each speaker has Individual volume controls and self activated on/off switch. The shielded magnets to prevent interference with computer and television screens. Each speaker uses 4 "C" cell batteries or built in DC 6 volt input jack for power. A 3.5mm stereo plug fits personal stereos and computer sound boards.

3.2.7 CD ROM

We used the NEC CDR-510 triple speed that came with the base system. Instead of using the SCSI board supplied with the computer we are using the SCSI-2 which came with the Audio Board.[8] This CD-ROM is theoretically about 50 percent faster than a double speed drive. This will provide smoother animation when the program uses very large files. This CD-ROM uses a CD caddy which holds the disc when you insert it into the drive.

3.2.8 Enclosure

Currently not purchased

3.3 Software

Much of the software being used is dependent on the hardware purchased.

3.3.1 The LIST GUI interface .

The LIST GUI interface is currently being constructed. This interface will run on windows and on UNIX workstations. Unlike most authoring software LIST is a multi-platform authoring tool designed for network communications.

3.3.2 Windows

The windows supplied with the computer is being used. Windows is the most common graphical user interfaces used on the PC platform.

3.3.3 DOS

The DOS supplied with the computer is being used. DOS is the most common operating system used on the PC.


In addition to the choice of external structure, selecting the operating system, which determines the structure of information and applications in the kiosk, is a primary decision. The kiosk controller is the computer selected to run the kiosk. The computer platform should be selected depending on cost, hardware used, and the functions the kiosk will be selected to perform.

Table 1: Comparison of Computer Platforms

                      DOS/Windows           Macintosh             Workstation           
  Operating System    Easy To Use           Easy To Use           Difficult to Use      
   Internal Audio     NO                    Normally Yes          Normally Yes      
   Internal Video     NO                    Normally Yes          Normally Yes      
    Peripherals       Large                 Medium                Small          
        Cost          Low                   Medium                High                  

4.1 DOS/Windows

The most prevalent platform used is an Intel based computer running DOS and Windows. This platform is low cost and has the more peripheral options than the other platforms. This platform requires that the system designer be very knowledgeable about system interrupts, addresses, and communications ports. Many of the performance characteristics can be modified on the Intel platform which allows the designer to tweak the kiosk for peak performance. Future operating systems are expected to have plug-and-play (see next section) which will simplify working with this platform.

4.2 Macintosh

This platform is easy to use because sound and video capabilities are built in. This platform currently has plug and play capabilities: when a board is added to the system, it tells the computer what it is and what it can do. It is difficult to modify system performance on this platform since it is handled by the operating system.

4.3 UNIX

These controllers are the most expensive. UNIX workstations have video and audio capabilities. These systems are easily connected to networks but have a limited number of serial ports for peripherals. These systems are easy to develop applications on. These systems need a system administrator to function properly.

4.4 Other

There are other computer platforms and operating systems which could be used (Amiga). Due to the availability of the platforms or their cost they are not viable candidates for kiosk use.


The standard components found in most kiosk housings include the one or more input interfaces, a computer, and output devices. The input interface is typically a touch screen monitor, a keypad, or a keyboard, but hand or fingerprint readers and video and sound recorders could also be used. For many applications a keypad is used, consisting of only a few buttons for selection of services. The choice of computer will already be determined in large part by the choice of operating system platform. The monitor, which can be the primary input interface, is also the chief output device as it displays information on the screen. Many kiosks have sound capability, but in most cases sound is found to be an annoyance to others nearby who are not using the kiosk. Most kiosks have some ability to give out hard copies of any transactions, normally with a thermal or laser printer.

5.1 Input Devices

The kiosk user interacts with the kiosk through some sort of input devices. The input device converts the users response to the kiosk (mouse movement, touch, keystrokes, sound, etc.) into an event that the kiosk can respond to. The kiosk interprets the event into the proper programmed response.

5.1.1 Touch Screens

Many kiosks use touch screens as the primary user interface. While touch screens avoid the difficulties of gummed up pointers and keypads, they are not yet capable of providing Braille, limiting the client population.

A touch screen is usually a clear, touch-sensitive screen placed over a monitor. The monitor uses pictures and text to prompt the user for the required touch input. This input normally requires the user to select an option by pressing a button displayed on the monitor. When the user touches the screen, the coordinates of the position touched are used, to determine which option the user was selecting. There are five basic types of touch screens used for kiosks. The first three touch screen types use a screen over a monitor. The fourth type uses sensors mounted in a frame around the monitor and the fifth type uses sensors mounted in a base upon which the monitor sits. Resistive

A resistive change, in an overlay on the monitor, used to detect input is the first type of touch screen. The display overlay consist of a glass substrate covered by a plastic cover sheet. Conductive coatings are applied to both elements and non-conductive spacers are used to separate them. The inner surfaces are separated until touched. Finger pressure causes an internal electrical contact. This contact supplies the controller with vertical and horizontal analog voltages used for digitization. Capacitive

The second type uses a capacitive charge to detect touch. MicroTouch Systems uses an all-glass touch screen with a transparent, thin-film conductive coating fused to its surface. A glass overcoat is applied over the conductive coating to seal the entire sensor and protect it. A narrow electrode pattern applied to the edges distributes a low voltage AC field over the conductive layer. When your finger makes contact with the screen's surface, it capacitively couples with the voltage field. A small amount of current is drawn to the point of contact. The ratios of the current's flow from each corner are used to locate the point of touch. The screen resolution is 1,024 points per axis within the calibrated area. The primary problem with this technology is that it will not work with gloves and people with long finger nails may have problems. This technology needs to be re-calibrated when environmental conditions change. Surface Acoustic Wave

The third type of touch screen uses Surface Acoustic Wave (SAW) technology. Each axis on the overlay has a transmitting and receiving piezoelectric transducer and a set of reflector stripes. The transducers produce surface waves that propagate across the glass surface. When the surface is touched, a portion of the wave is absorbed. The change in the received signal is analyzed and digitized into Z and Y coordinates. The Z-level is determined by measuring how much signal was absorbed. The advantage of this technology is that it can be activated with gloves, it is very stable, it has no front coatings to wear, and it has a very high light transmission. One disadvantage of this technology is that moisture on the screen can absorb the acoustic wave and make the screen less sensitive. Infrared

The fourth type of touch screen uses infrared emitters and detectors mounted in a frame added to the monitor. Inside the frame are infra-red emitters and detectors. When the user touches the screen the optical path between detector and emitter is broken. This information is used to determine the X-Y location on the screen touched. The most noticeable problem with this technology is parallax problems when used with a curved monitor.

Table 2: Touch Screens

Category             Resistive     Capacitive    SAW           IR            Force        
Light Transmission   55 to 82%    85 to 92%     90%           100%          100%          
Front Coating        YES          YES           NO            NO            NO            
which can be                                                                              
User can wear       YES           NO            YES           YES           YES           
Z-response          NO            NO            YES           NO            YES           
Parallax Problems   NO            NO            NO            YES           NO            
Frequent            NO            YES           NO            NO            NO            
Resolution per      200           ~70[9]        30            8             40            
Touch Activation    3 to 4            < 1       2 to 3        0             3             
Force (ounces)                                                                            
Positional          0.080"         ~0.015"[10]  0.033"        0.125"        0.025"        
Accuracy (+/-)                                                                            
Operating Temp.     0--50            0--55      0--50         0--50         0--50         
Range (C)                                                                                 
Operating Systems   DOS,           UNIX, VMS,   DOS,          Amiga, DOS,   DOS,          
                    Windows,       Amiga DOS,   Windows,      Macintosh,    Windows,      
                    OS/2,            OS/2,      Macintosh     Windows       UNIX,         
                    Macintosh       Windows,                                X-Windows,    
                                   Macintosh                                VMS           
Touch Pressure      2                  2        15            2             256 - 1000    
Response time       13 -18 ms      15 - 25 ms   53 - 59 ms    18 - 40 ms    250 ms        
Vibration           Good              Good      Good          Good          Poor          
Shock Resistance    Poor          Moderate      Poor          Good          Poor   Force Vector

The fifth type of touch screen is manufactured by Visage. This product does not use any additional screens or sensors to attach to the monitor. The Visage product is a device that fits under the display device and plugs directly into the computers serial port. When an object setting on the Visage TouchMate is touched, it causes a change in the distance between its top and base. This causes internal sensors to reflect the change with changes in capacitance. The capacitance values are then used to determine the amount of force used and the position it was exerted at to cause the movement. The resolution is approximately 40 touch points per inch horizontally and vertically. It can detect touches as light as three ounces. Manufacturers

* Carroll Touch, P.O. Box 1309, 811 Paloma Drive, Round Rock, TX 78680, phone 512 244-350, fax 512 244-7040.

* Elo TouchSystems Inc., Cristy St., Freemont, CA 94538, phone 510 651-2340.

* Intecolor Corporation, 2150 Boggs Road, Duluth, Georgia, phone 404 623-9145, fax 404 623 9163.

* MicroTouch Systems, Inc., 300 Griffin Park, Methuen, MA 01844-9867, phone 508 659-9000, fax 508 659-9100.

* Touch Technology, 2113 Wells Branch Parkway, Austin, TX 78728, phone 512 990-9700.

* Visage, 1881 Worcester Road, Framingham, MA 01701, phone 508 620-7100, fax 508 620-0273.

5.1.2 Magnetic Card Reader Systems

Magnetic card reading systems consist of two basic parts. The first part is the magnetic card reader which reads the magnetic card. The second part is the software which verifies the magnetic card after it is read.

There are two types of magnetic card readers manual and motorized. Both type of readers communicate with the controlling system using the serial interface. The manual magnetic card reader requires the user to insert and remove the magnetic card or pass it through a slot which reads the magnetic stripe on the card. The motorized card reader accepts the card, reads it, and then returns it. Both reader types have different capabilities and liabilities. If power goes out while the motorized magnetic card reader is reading your card you could lose it. The motorized card reader has to ability to take a card which is not valid. The mechanical card reader is more likely to get contaminated with dirt.

Magnetic card software is normally a terminate stay resident (TSR) program running on the platform. When this type of software works it works good. When it does not work you have real problems that are difficult to troubleshoot. Manufacturers

* AccuSell, phone 800 729-3471.

* Control Module, phone 800 722-6654, fax 203 741-6064.

* DataCap, phone 215 699-7051.

* International Technologies & Systems, phone 800 971-3535.

5.1.3 Keyboards

Keyboards are the standard input device for most computers. The sensitivity of the keys, the angle of orientation for the keyboard, the number of keys on the board itself and the compatibility of the keyboard with your computer system will be major contributors in your purchase. Most keyboards sold today offer a large range of keys with various functions. The capabilities you as the maker of the kiosk want to give to your user will determine how many keys your kiosk keyboard will have. Today's keyboards come with 101 to 175 key array variations. If your kiosk must handle European languages, the 102-key format is a necessity. Sensitivity of the keyboard is a way of looking at how much pressure you must use when depressing a key on the board to make the function of that key happen (i.e. pressing the {A} key hard enough to make "a" or "A" appear on your monitor).

Compatibility for keyboards falls into the IBM, Mac or workstation (i.e. SUN, NeXT, etc.) family of computers. Keyboard ergonomic developments have modified the original typing hand position by adjusting the actual angle the keypad by splitting it into two or more parts that are slightly obtuse in relation to the normal keyboard orientation allowing your hands to type with same speed and accuracy at a more comfortable, natural typing angle.

The keyboards may also come with or without mouse ports. Again, your kiosk application and how you want the user to interact with the application will effect your decision to purchase additional input devices (i.e. mice).

5.1.4 Pointing Devices

Pointing devices are used to move the cursor across the monitor. The most common types of pointing devices are mice and trackballs. Mice

Computer mice are used as input devices for computer systems. Like the keyboard, mice come in various configurations: 1-, 2-, and 3-buttons with left or right hand orientation compatible with the same family of machines as keyboards. Some options that will weigh heavily in your mouse decision include engine life, switch life, travel, resolution and type of mouse technology. In an interview with the technical staff at KeyTronic Corporation, several of the specifications listed above were clarified.

Engine life and switch life give minimum ratings for the durability of any mouse by testing the mouse over a certain mileage in different office environments. Travel is another way of measuring the durability of a mouse and giving a minimum (usually in miles or km). Resolution refers to how closely the mouse movements control cursor movement. Higher resolution means a more accurate cursor/mouse movement relationship. The mouse technology can either be in the form of a ball inside the mouse rolling along a surface (mechanical technology) or an infrared light (opto-mechanical technology) which translates the light into movements used by a spinning device to move the cursor across the screen. Tactile switches allow more accurate movements and the kiosk application will serve to guide you to the proper configuration.

It is worthy to note that as long as the mouse is moving on a flat surface (i.e. mouse pad, desktop), some mice can move regardless of the orientation of the mouse itself (a flat surface horizontal to the ground is not necessary for some mice to operate). Trackballs

A stationary ball, called a "trackball" or a "turbo ball", provide similar pointing capabilities to mice with less threat of the component being torn off. Unfortunately, both types of pointing device can get dirty or broken with heavy use, and older users are less familiar with the movements required to select different parts of the screen, so many current kiosks rely on touch screens (as described above) or small keypads (on older ATM's) for user input. Other Pointing Devices

Both mice and trackball use a ball to track position. There are many other types of pointing devices which use sensors to determine which direction you want to go. Many of these device are joy sticks or developed from joy stick technology.

The traditional joy stick was a control device which simulated a pilots control stick. These joy sticks were used with many popular games to control the current cursor position or to move in an environment. Miniaturization makes it possible to build joystick which are small enough to fit on a keyboard

5.1.5 Microphones

Microphones convert the naturally occurring sounds (rapid fluctuations in air pressure) around us into variations in electrical voltage levels which are then digitized using an analog-to-digital converter.[11] This conversion process is what creates a sample. These sample rates are then combined to determine a waveform (after a rate range of 11,000 to 48,000 measurements per second) which is then reproduced using a digital to-analog converter when the original sounds recorded are desired. If your kiosk application utilizes more than one audio source (CD-ROM, microphone and additional external stereo sources for example), it is also important for the sound card to have a mixer with a sufficient number of channels. The speed of the computer's processor or hard disk or the size of the computer's memory may have adverse effects on achieving a digitized recording. As an example an uncompressed, CD quality, three minute stereo recording can occupy 30 MB of disk space using a sampling speed of 20 kHz whereas a 10 minute monotone recording using a sampling speed of 11 kHz can take up only 7 MB of disk space. The input and output jacks on these cards are a common source of unwanted noise for mini-jack standards but the line-level jacks provide lower noise levels.

Microphones can be used at kiosks for several purposes.[12] A microphone can be used to simply record audible data that may be used as input for a particular application such as two-way audio communication, or voice recognition. In general, the microphone chosen for a kiosk should have several quantities. A high input impedance with a low voltage level will prevent distortion due to background by noise. The appropriate diaphragm size can also have big effect on sound reproduction. The smaller diaphragm sizes, less than 3/4" in diameter, offer a flatter frequency response and a faster transient response for lower audio output. Larger diaphragms give the same sound quality at higher sound pressure levels and are more sensitive. Microphone sensitivity falls into one of the following patterns:

* Omnidirectional - provides equal pickup in all directions.

* Cardioid - most sensitive to sounds directed to the front of the mic.

* Supercardioid - narrower side pickup than the cardioid pattern with a small amount of rear pickup.

* Bidirectional - have equal pickup sensitivity in the front and rear of the mic.

Because most of the microphones used for the kiosk will be exposed to a certain degree of rough wear, the choices from which to choose drop dramatically. For durability, the clear choice would be dynamic or electret microphones. Dynamic microphones are the simplest type of pressure microphone and require no batteries or special power supplies. Sound pressure levels can be extremely high before distortion occurs. These microphones lack the sensitivity of more expensive mics but are the most rugged, affordable type of mic on the market. Electret condenser mics are also fairly affordable, using a permanent fixed charge to power itself. Electrets are widely used for on-the-spot news crews and low budget film recordings.

5.1.6 Cameras

Cameras for kiosks are used for security, communication, or both.[13] Security oriented cameras are used to survey the kiosk environment for the purpose of protection of the kiosk, its internal components, and the user. Communication oriented cameras can be used to perform two-way communication between kiosks or other computers. The same camera can be used for either.

To use video you must first decide between sending live or still video. Still video consists of single pictures versus full animated movement with live video. Live video with current phone lines has been attempted in two way communication but generally has poor resolution and jerky pictures. New technology allows still video reproduction on the same lines with great resolution and detail.

Lighting is important when using a camera. The best camera in the world could not produce a quality video without proper lighting. Spot lights in the given area provide the light necessary to see kiosk users.

5.2 Output Devices

Kiosk output devices are used to output information in a number of different formats. The information is often written to a monitor or a piece of paper. Audio information can also be output through speakers.

5.2.1 Printers

Printers for kiosk use must be small and easy to operate.[14] There are three types: laser, thermal or dot-matrix form. The fastest and most expensive printers at this time are the laser printers which produce crisp, letter-quality documents. Postscript laser printers are best for colorful, complex illustrations and software that support postscript can render an exact replica of any document before it gets sent to the printer. Thermal printers use thin sheets of wax-based ink that melt onto the page for a sharp image rivaling some laser printer reproductions. The latest dot-matrix printers have become more competitive allowing close-to-laser-quality print jobs (24-pin printer) while remaining more affordable. Dot-matrix printers require less maintenance than lasers and cost less initially. If your application requires multi-part carbon copy forms, continuous form or ledger (11x17) size paper, the dot matrix is your best bet since most laser printers are still not able to develop print jobs with these kinds of paper. Note that all printers may not work properly if they are not configured (or able to be configured) to communicate with the computer they are hooked up to.

In selecting a printer, three major areas should be considered: print quality, printer performance, ease-of-use features, and how it will mount in the kiosk. When studying print quality, it is necessary to know whether the printer renders its copies in multiple colors or black and white, if the printer has graphics capabilities whether the copies are produced by one of the three types listed above, how the printer renders/blends hues if color is available, if legible text can be reproduced in a variety of letter sizes and a font styles, when the ink placement is off thereby causing smearing and misregistration (poor placement of an object, word or letter on a document).

Analyzing printer performance presents issues dealing primarily with speed in returning print jobs. If the output is text (vs. text and graphics-pictures, pie charts etc.) alone, then the print out should occur fairly rapidly provided the document is not incredibly long or there are several print outs trying to occur at the same time. If the printer outputs more than one size of paper, the printer must be able to easily accommodate a good supply of either type of paper as well as "know" which size is needed for a particular application. Communication between the printer and the computer will also effect the performance of the computer used on a kiosk application.

Printer ease-of-use features should include simple set-up and printer configuration, ease in replacement of paper and print toner as well as an easy access to the "innards" of the printer by qualified repair personnel for spot repairs. If the kiosk only offers front access the printer must allow printer supplies to restocked from the front along with paper output.

How the printer will be mounted in the kiosk is very important. Some kiosk have been physically designed primarily because of the printer being used (Card kiosk). The printer needs to be mounted to allow easy maintenance. The printer need to be mounted to allow paper output. The kiosk designer needs to leave room for the large mounted paper rolls when using thermal printers. Manufacturers

* Axiohm, 303 County Road, E-2 West, New Brighton, Minnesota 55112, phone 800 732-8950, fax 612 638-0758.

* Cybertech Inc., 935 Horsham Road, Horsham, PA 19044, phone 800 755-9839, fax 215 674-8515.

* International Technologies & Systems, phone 800 971-3535.

* Omniprint, Inc., 6A Vanderbilt, Irvine, CA 92718, phone 800 510-9684, fax 714 457-9016.

* Syntest [purchased in March 1996 by Telpar, Inc. - 4181 Centurion Way, Dallas, TX 75244 - phone 972-233-6631, fax 972-233-8947] 481-5769.

* Westrex International, 25 Demby Road, Boston, MA 02134-1694, phone 617 254-1200, fax 617 254-6848.

5.2.2 Monitors

The monitor is selected based on several criteria.[15] First the monitor must work with the video card being used by the computer. For some computers the video card is built into the system, on others the card is purchased separately. If a touch screen is being used you must make sure that the touch screen's monitor will work with the selected monitor. Touch screens are normally purchased already installed on a monitor.

One important point to keep in mind about monitors is that for kiosk applications, the video terminal needs to be able to handle multiple input and also support video for both computer (RGB) and regular (NTSC) inputs. The best multimedia video displays are capable of switching among different video sources (laserdisc, videotape player, audio soundtracks, etc.). Since most of the kiosks will serve one customer at a time, video screens should be no smaller than 17" for displaying applications. This size will allow enough pixel representation (640x480 minimum) for reasonably crisp text and graphics without over-crowding the screen. Color monitors preferably with remote control on-screen programming are best suited for kiosk applications since the need to adjust contrast, brightness and hue will not require actual removal of the kiosk enclosure for minor visual adjustments.

5.2.3 Speaker Systems

The kiosk speaker system is extremely vital where customer communication requires sound in addition to pictures.[16] Self-powered speakers for multimedia applications can actually aid in uncovering audio problems that would go unnoticed on the primitive speakers that come with a computer. Some speaker models come with interfaces specially designed for MIDI synthesizers or CD-ROM software. The size of the speakers, their particular traits and the dimensions of the kiosk enclosure will be major factors in making a purchase. Speaker prices per pair range between $30 and $550 with amplifier output (watts per channel ranging from 1.5- to 35-watts per channel though most are at the lower end of this range (3--10 watts per channel). It is necessary that the speakers you purchase match the nominal impedance rating of the computer's audio output lest you destroy the sound capability on your machine. Each speaker system has its own drivers --- the cones within the unit that actually produce the sound. All speakers come in three different types:

* full-range - one speaker cone that can carry the entire frequency spectrum

* two-way - contains woofers (lower frequency tones) and tweeters (high end frequencies)

* three-way - contains woofers, tweeters and mid-range (carries mid-level frequencies).

Although two-way systems are more favorable than one-way (full-range) systems, a three-way system may not necessarily give you better quality than a two-way system. Some systems also include sub-woofers for even greater control over the low-level frequencies. Please note that these speaker systems are specially designed for computer technology to provide stereo imaging or sound-processing circuits that can recreate stereo sound on a monotone source. The speakers can be optimized to work with a computer, CD-ROM drive, or sound card at an area within 20 Hz to 20 kHz --- a frequency response range ideal for average human hearing. In examining sound reproduction on self-amplified speakers, the wider and flatter the frequency response and the higher the amplifier power output the better. Speakers with more tone controls on the front panel give greater control over the overall sound output. Some panels simply have separate bass and treble level regulators, other panels also include additional bass boost buttons (for sub-woofer systems) and microphone trim dials (adjust microphone input to alleviate distortion). Additional supplies for mounting come with some models and the dimensions and weight of each model may vary from 5x2x3 to 6x13x16 and 1.5 lbs. to 28lbs. respectively.

Directional speakers will eventually be available for kiosks. These speakers will allow the kiosk designer to direct the speaker output to a specific location. The speaker generated sound at other locations will be greatly attenuated. This will provide the kiosk user with greater security from eves dropping and help prevent sound pollution in from the kiosk.

5.2.4 Ticket Printer/Encoders

Ticket printers and encoders are usually small impact printers (see Printers 5.2.1). Often the ticket is preprinted in color and loaded into the ticket printer. When a ticket is dispensed validating information is printed onto the ticket to validate it.

5.3 Kiosk Enclosures

Once the client population and desired location have been considered, the process of selecting the shell of the kiosk can begin. A kiosk enclosure must be designed for the access of clients and service personnel. Each group has different design concerns, and ignoring either group will ruin a kiosk design. If client use is low because of a poor enclosure design, that kiosk's services will go unused. If a poor design makes maintenance and servicing difficult, the cost of the kiosk becomes greater since these are the primary long term expenses for a kiosk.

The kiosk enclosure should be designed to protect the computer and peripherals it contains from theft and physical damage and allow access for service and maintenance. Controlled access to the computer hardware should be designed into the kiosk from the beginning, so that updates and repair can be performed without too much difficulty. The base of the kiosk is often designed to be locked in place to prevent theft of the entire unit. Protection of the peripherals is normally accomplished by providing lockable access doors in the front of the kiosk. All access panels should be sturdy and difficult to pry open. If all service access is done from the front of the kiosk any attempts at theft or vandalism will be in full public view. The kiosk can be serviced when it is against a wall without moving it if the access doors are in the front. Since most kiosks are bolted to the floor this can be very important.

Many kiosk manufacturers insist on handling the entire kiosk design project, hardware and software. The manufactures build a prototype system that the producer evaluates according to a predetermined set of criteria. The kiosk system is modified with the negotiated changes and the purchaser has a kiosk.

Several other manufacturers handle only the kiosk hardware. The buyer works with the manufacturer to specify a kiosk systems hardware. The purchaser could be buying the kiosk shell only, or purchase a kiosk with the desired peripherals added. The manufacturer will normally be able to suggest a source for contract software support if the buyer request it. Such support is purchased separately and includes some consultation time for the software contractor to make sure that the hardware will support the software.

Most of the kiosks manufactured today are built around a steel frame which houses the computer and peripherals. The frame is covered with various materials to make it attractive to the eye and to protect it from dirt, dust, and other associated indoor hazards. The other standard type of kiosk is manufactured as a steel or aluminum housing which holds the computer and peripherals. The surface is painted, and exterior material can be applied for decoration.

Almost all kiosks are designed and built for use in non-hostile enclosed areas. The computer and the peripheral equipment used in the kiosk are sensitive to temperature, humidity, and moisture. Those kiosks which are exposed to the outdoors (ATM machines) are normally built into the sides of a building and protected from the elements. It is possible to construct a building to house the kiosk; as might be expected, though, the cost build a kiosk for outdoor use in most environments is prohibitive. Manufacturers

* ADCO, 3800 South 48th Terrace, St. Joseph, MO 64503, phone 800-821-2255.

* Advanced Video Integration, Suite B, 2153 O'Toole Ave., San Jose, CA phone 408 955-0500.

* Compass Technologies, phone 212 669-2006.

* Diebold, Inc., 5995 Mayfair Rd., N. Canton, OH 47720, phone 216 497-5747

* Exhibit Masters, phone 909 923-9446.

* Factura Composites, Inc., Rochester, NY, phone 716 264-9600.

* GrAN Design, 214 California Drive, Burlingame, CA, phone 415 347-2301.

* Kiosk Information Systems, Inc., Unit C, 575 Burbank St., Broomfield, CO, phone 303 466-5471.

* Lexitech, 32 Park Drive East, Branford, CT 06045, phone 203 495-6500.

* Moss Matrix, phone 800 881-0864.

* North Communications, Santa Monica, CA, phone 310 828-7000.

* Parkhouse Contract Interiors, phone 512 328-9233.

* TouchNet, 15520 College Boulevard, Lenexa, KS 66219, phone 913 599-6699

5.4 Proximity Detectors

A proximity detector is used to detect the presence of a possible user. Some detectors are part of a smart system which recognizes authorized users. Other simple systems monitor localized conditions to detect when a user may be near.

The In-Charge system, by Racom Systems, consists or a radio frequency (RF) proximity reader which detects a credit sized transponder which utilizes an application specific integrated circuit (ASIC). The transponder is recognized by the kiosk and read when it comes in range. The card can be read to provide information about the user including biometric data to authenticate the card user as the card owner. Information can also be written to the card to provide an audit trail. These card can hold from 256 to 4,096 bits of information. These cards are currently being used for automatic billing of services provided to users on the move since no physical contact is made between the card and the scanner.

Proximity detectors which monitor local conditions are usually based on infrared detectors, microwave detectors, or heat detectors. The microwave detectors register false detections along the fringe of the detectable area due to surface reflections from moving and stable objects. Heat detectors are often not responsive due to air conditioning which has changed the local temperature from when the detector was calibrated. The heat detector can also be fooled by clothing which insulates the wearer from detection or generates a false signal by detecting the heat absorbed by the clothing.

Lawrence Livermore National Laboratory has developed an indoor radar which would work with kiosk systems.[17] The result is a 1.5" unit costing from $10 to $1 in quantity. The unit detects echoes of rapid radar pulses reflected from objects (1 million per second). The unit can be set to detect objects within a radius of 0 to 200 feet.

5.5 Sound Cards

Most sound cards (sound boards) developed today are incorporated into IBM compatible PCs. Since most Macs already have built-in audio playback, additional audio applications are essentially unnecessary. The sound card should be purchased according to the customers ideal recording and playback quality preferences. Understanding certain component specifications and the primary subsystems of the sound card are also essential in making a smart purchase. The subsystems of a sound card come in three types:

* audio digitizer - a pair of analog-to-digital and digital-to-analog converters

* waveform synthesizer - generates a carrier wave for the sound signal

* mixer - combines the signals from the digitizer and the synthesizer and possibly another audio source (for CD-ROM)

The most significant component specifications to analyze are sample size and sample rate. The sample size indicates the number of bits of digitized sound the card can support (usually 8-, 10-, 12-, and 16-bit cards). The higher the bits the greater the sample rate. Sample rate normally ranges from 22-, 44.1-, or 48-kHz where the 8-bit cards sample at 22-kHz and the 16-bit cards sample at 44.1-kHz (only sensitive ears should detect the change in the 44.1- and 48-kHz sample rates).

5.6 Video Cards

Video capture cards are used to "capture" images for still frame or full-motion visual presentations.[18] They come in a large price range spanning from $250 up to a whopping $5,000. Selecting the proper video card requires some general knowledge on cards and some specific knowledge on your application. You should know you intended output format, the desired image size, the rate of image presentation and the number of colors captured in a particular image.

5.6.1 Output Format

The intended output format dictates the input parameters depending on whether you want CD-ROM, videotape on-screen presentation, etc. for your final product. If you can match the input and output formats by supplying the output format with only essential capture information, you will save system resources and get a quality image. The size of an image can range from small window to broadcast quality (160x120 pixels to 704x485 pixels by U.S. standards, respectively). This parameter will be largely determined by the size of your display monitor. Image presentation rate indicates the "shakiness" of an image as it is being reproduced. The rate is measured in frames per second (fps) and the smoother the motion becomes, the better. The jerky types of motion occur around 5 fps while 20 fps gives a more fluid image presentation thought some flickering may still be visually discerned. A 30 to 70 fps will remove most of the flicker from the image.

5.6.2 Capture

Capture color will determine the realism in a particular scene image. For most realistic color scenes the bit size should be around 24 bits per pixel (over 16 million colors). If realism is not of major concern, it may be possible to use a simpler 8 bit per pixel image (rendering 256 colors).

5.6.3 Additional Information

Additional information that would be valuable in making a purchasing decision includes card configuration, platform, capture rate, hardware and software compression supported input video formats, video encoding, S-video support audio capture and throughput and video throughput.

5.6.4 Platforms

Most of the capture software is configured to run on either a PC or Mac machine. The machine should be a Intel 80286 or faster machine for PCs and should accept ISA adapter cards. Macintosh machines will need a NuBus system which runs QuickTime to support a video capture card. Motion capture boards require Video for Windows or QuickTime drivers software.

5.6.5 Compression

The issue of compression basically deals with how the pixels are used to represent a captured image. The problem that arises is that the video data can take up an enormous amount of space if the pixels are represented in their "native" state. For 15 fps on 16 bit per pixel video, the data on a 160x120 pixel window would consume about 34 MB per minute. To conserve some of this space, hardware, proprietary software or operating system extensions are used to compress the captured data. The best yet most expensive method is hardware-assisted compression via video boards which run a JPEG (Joint Photographic Experts Group) or DVI (Digital Video Interactive) algorithms. Other compression methods include MPEG chip technology used by chip-based video boards. Software compression is normally a process that requires the data to remain in an uncompressed form before being change to a compressed state. Software and hardware that provide fast playback and high compression take longer to reach a final compressed state. Fractal-based software compressors have the ability to compress video data as a stand alone package though some compressors are bundled with existing video software. Capture rate for video data represents the number of images that can be output from the input data and varies from 15 fps to 30 fps (60 fps {fields per second}). Video input comes in these formats:

* NTSC - National Television System Committee; refresh rate of 59.94 Hz (fields/sec.) and 29.97 Hz (frames/sec.); horizontal frequency of 15.734 kHz and 262.5 (lines/field)

* PAL - Phase Alternation Line; U.K. video standard with vertical frequency of 50 Hz and 25 (frames/sec.) and horizontal frequency of 15.625 kHz with 312.5 (lines/field)

* SECAM - French acronym for System for Electronic Color with Memory; color video encoding system displaying 625 lines at 50 Hz

* RGB - 3-D Cartesian axis color modeling system where each axis is represented by Red, Green, and Blue

5.7 Storage Devices

If the kiosk is at all interactive, it will require a storage system of some type. This system would be used for keeping records (kiosk transactions), storing a complex presentation, or used as a cache when downloading data for the user.

5.7.1 CD-ROM

CD-ROM storage devices come from various makers and will soon be standard according to one article in New Media magazine, but the key issues in purchasing the right CD-ROM drive for your kiosk will be speed and access time, regardless of your application.[19] Today's drives come in double, triple, and quadruple speeds. These speeds correspond to the actual speed of the CD-ROM drive in relation to the early "single speed" standard. The double speed drive has data transfer rate of no less than 300 KB per second and 200 - 400 ms of access time; quadruple speed drives run a 600 KB per second data transfer rate. If your kiosk application requires that a wide range of information be accessed at once, it would be wise to look into a multiple CD-ROM drive changer with triple or quadruple speed.

In order to measure the performance of a particular drive, it is necessary to look at both the data transfer rate, which is the speed at which extended lengths of data can be read off the disc, and average access time, which refers to the search time for random bits of information on a disc. The faster the transfer rate the smoother the video and audio playback. This is due to fewer frames of video being dropped during playback.

Cache size can also have a dramatic effect on the speed of your CD-ROM drive. The hardware cache can perform one of two roles. First, the cache can at as a read-ahead buffer, accessing the next block of information on the disk. Second, the cache can act as a transfer buffer, anticipating the desire of the user to reread a recently accessed piece of information. The cache is most efficient when used to page through an electronic encyclopedia or database. It maxes out quite quickly when continuous data streams are flowing, as in multimedia playback. Additional features that might be attractive are audio CD playback capability, line outputs for speaker systems, manual eject button and automatic cleaning mechanisms for frequent anticipated use.

* Seek time - The time it takes to move the head across the platter to a particular track to read or write data. The buyer should ask whether this number indicates read-seek time, write-seek time or an average of the two write seek time is the slowest latency the time it takes for a drive to vertically position the head over the track to begin data transmission.

* Access time - the sum of the average seek time and the average latency Rotation speed the speed of the drive is measured in rotations per minute. Most general purpose drives operate at about 5400 revolutions per minute.

5.7.2 Optical Jukebox

Consider optical juke-boxes for kiosk applications that require storage or enormous amounts of data. An optical jukebox is designed to hold 6 GB to 12 TB (terabytes) of data at a time. They come with one or several drives (5 1/4", 12" and 14" disk sizes) and range in price from $6,000 to $600,000. Juke-boxes come in one of three drive types: WORM, re-writable and multifunction. WORM (Write-Once, Read-Many) drives were the first type to come out prior to the advent of the mega-storage space available today and can be utilized with ever disk size available. Re-writable storage is used in applications that do not require permanent files and utilize the magneto-optical erasable technology specifically available for 5 1/4" disks. Multifunction drive units simply combine the re-writable (erasable) and permanent disk access into one jukebox. Other important issues in selecting an optical jukebox include:

* For what is storage needed?

* Cartridge-to-drive ratio.

The proper cartridge to drive (#disks-to-drive) ratio is extremely important since it is directly related to the access time of the machine. High access time translates into poor performance. Average access time after swapping for most optical drives is around 1.5 seconds with a range of .037 to 6.4 seconds to swap time --- locating the proper disk for reading by a laser operated arm --- can also have an important effect on performance --- locating the proper disk. Average optical drive swap time is 8.26 seconds with a range of 5 to 32 seconds. According to one San Jose, California Optical Jukebox maker, the rule of thumb in selecting a proper ratio is 2 or 3 drives for every 120 disks. This ratio should allow 8 separate users to access the network a potential set of kiosks may run on simultaneously.

Understanding the purpose for storage will dictate the type of drive type you seek. For kiosk applications that require temporary updates of data that will eventually be archived, a multifunction WORM/re-writable drive system is most efficient. If the data being transferred to disk is strictly permanent data, clearly WORM is the only option. Dynamic allocation of data to disk is best suited for re-writable drives. Keep in mind that the ability to alter or never alter data makes these drives options risky since a time may arise when you need to modify the jukebox to increase or decrease its storage capacity.

5.8 Uninterruptible Power Supplies

Uninterruptible power supplies (UPS) are used to protect equipment and critical data stored in a kiosk.[20] A UPS supplies static/surge protection and power for several minutes when power is knocked out. This allows the computer and equipment to be powered down in an elegant manner. During this time automated credit card readers can eject credit cards currently being billed. It allows the kiosk to finish current transactions and close open files before shutting down.

UPSs are selected by determining the type of protection required, the equipment being protected, and the amount of protection time needed. Calculate the voltage amps requirement for each piece of equipment by multiplying the voltage by the current needed. Add the voltage amps required by each piece of equipment to determine the needed UPS capacity needed. Select a UPS with a capacity higher than required calculated.

A quick check list to find the right UPS for your kiosk follows:

1. Find out which equipment will need protection:

a. modems

b. CD-ROMs

c. monitors

d. terminals

e. external hard drives

f. other devices

2. Find out the voltage amps (VA) for each device:

a. Multiply the voltage and amp requirements on the back of each device to determine the VA for the device.

b. For devices with no voltage or amp specs, convert the watts to VA by multiplying the wattage by 1.4.

c. Add up the VA requirements for all components.

3. Pick a UPS

a. With a VA capacity at least as large as the setup requires

b. With a capacity higher than is currently need for future component upgrades.


Every peripheral and every different medium used in a kiosk system has to be handled by software. Even within a given platform, or within a given combination of platforms, the range of programs available can be confusing. Once the desired functions of the kiosk system have been chosen, selecting the accompanying software can be made less baffling by comparing against some common parameters and capabilities.

6.1 Point of Sale (POS)

Payment processing is a very important part of transactional kiosk. Point of Sale software provides integrated credit authorization and electronic draft capture. Communications with the credit network handled by the software over a modem. Printing of the complete charge data is handled automatically. Some POS software handles automatic settlement of daily charges.

6.1.1 Manufacturers

* AccuSell, 405 W. Washington St., Suite 465, San Diego, CA 92103, phone (619) 528-2900.

* datacap systems, inc. I212A Progress Drive, Montgomeryville, PA 18936, phone (215) 699-7075, fax (215) 699-6779.

6.2 Graphics and Animation

The 3-D graphics and animation software of today combines fundamental 2-D drawing program software techniques with intuitive new tools. Most every 3-D package will require an understanding of the fundamentals of drawing in 3-D space to make an intelligent purchasing choice:

* model building

* surface attribution

* animation of model (movement)

* light detail

* rendering of final product

6.2.1 Model Building

Initial shape models can be built from user drawings or from mathematical formulas.

6.2.2 Surface Attribution

Shading the surface of a 3-D object gives the illusion of an actual thing in real world space. The proper shading on a cube could render a TV, wastebasket, or meat locker. The mapping techniques make this possible briefly discussed below make shading possible:

* texture - adding animation or a piece of 2-D artwork to a 3-D model wrapping the artwork around the surface of the 3-D object;

* spherical - textural mapping onto spherical objects;

* cylindrical - textural mapping onto cylindrical objects;

* cubic - textural mapping onto cubic objects;

* bump - adds dimension to a model without building it via the surface

* reflection - mimics the appearance of shiny surfaces by simulating reflectivity;

* environmental - allows objects in the environment to be reflected on other objects in the environment (e.g., an office reflected onto a shiny desktop);

* procedural - allows textural attributes to be created rather than imported to an object (e.g., determining the number of markings in a floor tile);

6.2.3 Animation of Model

To understand 3-D animation, it is necessary to understand the principles associated with timelines. The desired effects are created by placing cameras, objects and lights at key positions on the screen over time. The software purchased will handle the in-between motion. To achieve more advanced life-like movements, your software should be able to implement one or all of the following:

* hierarchical motion - used to link armatures of objects together in order to restrict movement to a confined space;

* physics - The physical system is evolved into a system of partial differential equations. The solution to the equations is used to derive animation.

* behavioral - making an object move according to the known physical properties of that object.

6.2.4 Light Detail

The quality of lighting is essential in choosing the proper software. Run-of-the-mill scenes are separated from professional quality 3-D scenes by good lighting. Several light sources can be incorporated into any 3-D software:

* ambient - non-specific; overall lighting level that lightens or darkens a scene dictating warmth or coolness.

* spots - light source able to illuminate an object within a restricted angular cone area.

* advanced - allows control over the time of day or month, and fog simulating the diffusing effect of distance on light.

6.2.5 Rendering

Essentially, rendering is the process of properly combining all of the actions used to create a scene in order to output the final picture to the screen.

6.2.6 Making the right choice

Other issues in choosing the right 3-D package include user experience, the quality and productivity level required by your project.[21] Decisions must be made as to whether you are choosing your software to create a multimedia (disk-based presentation), video or film project design. 3-D programs come in a variety of complexities for every range of 3-D graphics skill. For print, video and film, the 3-D package purchased must have high-level (increased complexity in use and learning) programming capabilities while disk-based multimedia applications are more suited for low-level (simple use and learning) programming attributes.

The fundamentals described above come in most of the various programs available. Some 3-D graphics packages also have a modeler that offers basic extrude and revolve functions. The most notable features of a modeler include:

* automatic type extrusion;

* capability to shape one form with another (e.g., punching a sphere through a cube);

* putting a "skin" over multiple shapes to create one shape.

* in "organic" modelers, the ability to control spline curves makes forming irregular and abstract shapes easy.

Software availability varies from system to system. According to NewMedia magazine, the Macintosh has the largest number of available 3-D software on the market. Unfortunately, most of the software is not integrated (able to design the model and assign surface attributes, animation and rendering from one programming package)--modelers are a primary example. PC multimedia applications are most popular with 3D Studio and Digital Arts software by Autodesk. Both graphics packages are fully integrated, but the things that make them special vary. Digital Arts has two interesting features. First, it allows batch processing for multiple files for automatic rendering. Second, its animation files are actually simple text files written in ASCII. This is advantageous because it simplifies troubleshooting. 3D Studio contains an editing module that allows edits between finished animations, permitting segments of animation to be essentially cut, pasted or repositioned in different sequences as well as introduced into video switcher-type transitions; its rendering is rapid and it provides automatic drivers for animation controllers use in video.

The software evaluated in the magazine was supported by a variety of platforms including NEXTStep, DOS, Mac, SGI, Amiga, Symbolics, Windows, DEC, IBM RISC/6000, IBM RICS board, and Sun -- the majority of which were supported by Mac and Windows. The file formats supported by the software varied also with DXF, TIFF and PICT file formats being the most common for import and export of file information. Among the modeling capabilities, vertex/spline-based, hierarchy, font extrusion and inherit attributes are the most common facilities. Boolean and skin functions were found in the more powerful software packages. Most of the software studied held well over 20 sample models with perspective and orthographic modeling views being the most common. Some packages allowed the perspective and or the graphic views to be user-defined. In surface shading and lighting, almost all of the packages contained the capability to perform ray tracing, flat shading, Phong shading and hidden-line wireframes. Surface mapping on the more complete packages provided the ability to perform texture, bump, reflection, procedural, shadow and environment techniques. Lighting on most of the software consisted of parallel, spot and radial types with camera and architectural combined on a few others.

6.3 Video

See Video Cards, section 5.6.

6.4 Sound Recording

See Sound Boards, section 5.5.

6.5 Authoring

Authoring software is used for complex multimedia creations bypassing presentation program limitations.[22] Scripting languages are incorporated into most of the software for even greater flexibility. Authoring software incorporates true interactivity,"--not just button pressing" to applications including:

* interactive kiosks

* simulations

* prototypes

* demo disks

* guided tours.

The price range for this software begins around $100 and escalates to a whopping $5000. In New Media magazine, the Authoring software falls into one of four categories the article coins as metaphors:

* icon

* timeline

* card

* script

Iconic authoring software shows how media elements will work together by building flowcharts and diagrams (a technique called event-driven programming). Various packages support importable:

* text

* graphics

* animation

* full-motion video clips

* MIDI/digitized sound

* still frame pictures

* stereo sound.


The two different approaches to network communication are circuit-switched and packet-switched.[23] Telephone systems use circuit-switched networks by establishing a circuit from one computer modem to another via a switching office, trunk lines and a remote switching office. In packet-switched networks the traffic on the network is dived into small pieces called packets. These packets are multiplexed onto high capacity intermachine connections.

7.1 Circuit Switched Telephone Connection

A telephone in a kiosk can be the source of several problems and the solutions to several problems. The first problem associated with the telephone is the possibility that someone could use the phone for long distance phone calls. This can be solved by using a menu driven call method that limits the possible numbers accessible. You can also make user identification and billing method part of the sequence of events used to place a phone call. The phone must also be set to run in pulse code mode to disallow people accessing phone numbers simply using the proper tones.

The phone line can also be used by a kiosk modem to provide security, billing, use information, and status reports. As the kiosk is being used the computer can collect information which can later be used for billing and kiosk use statistics. The computer can use the modem to transmit this information to a central location for later processing. The modem can be used to debit customers by verifying credit cards and recording transactions. When the kiosk security has been compromised the modem can be used to call for assistance. The modem can be used to request assistance when supplies are low or an error condition exist.

7.2 Packet Switched Networks

Packet-switched networks are not able to guarantee network capacity. The primary reasons for using a packet-switched network are cost and performance. The cost is low since multiple machines can share a network and fewer interconnections are required. The performance is high due to the availability of high speed network hardware. There is a general tradeoff between speed and distance for packet-switched networks.

7.2.1 Local Area Networks (LAN)

LAN technology provide the highest speed connections for computers. This speed is responsible for the reduced ability to span large distances. The typical speed ranges from 4 Mbps and 2 Gbps.

7.2.2 Metropolitan Area Networks (MAN)

MAN technology span intermediate geographic areas and are able to operate at medium to high speeds. There is less delay introduced by MANs than WANs but MANs cannot span the same long distances. The typical speed ranges from 56 Kbps to 100 Mbps.

7.2.3 Wide Area Networks (WAN)

WAN technology spans large geographic areas but operate at slower speeds and have longer connection delays. The typical speeds for a WAN range from 9.6 Kbps to 45 Kbps.

7.2.4 Wireless LANs

Wireless networks is a networking alternative which is growing in popularity.[24] These networks are easy to install and reconfigure. It is an excellent solution for instances where networking locations are not permanent. The two main types of wireless LANs are infrared and radio-frequency(RF) transmission. Infrared has greater bandwidth, and is immune to interference from competing electro-magnetic signals but is line-of-sight only. RF is the clear choice when for network transmission that must breach walls and other obstacles. Wireless LANs have a slower throughput and work over shorter distances. You run a greater security risk with some types of wireless LANs since data is more easily intercepted.


Kiosk systems provide a service. Consequently, kiosk security consists of two main topics:

* ensuring that the service is provided correctly despite the actions of malicious (or clumsy) agents, and

* ensuring that the deployment of the kiosk system does not make new forms of fraud possible.

A principle that we have found to be true, unfortunately, is that service-enabling technology all too frequently is also fraud-enabling technology. Kiosk systems are no exception.

Our analysis of kiosk security gives rise to three main themes:

* Risks exist. Kiosk systems permit risks that existed for previous vehicles, only on a much larger scale. Kiosk systems also permit new types of risks.

* Solutions exist. There are economically feasible techniques that can address most of these risks.

* Multi-level approaches are necessary. Locking a door does not good if the window is unlocked. Locking both is necessary, and also putting up a fence is even better. Effective kiosk security requires a set of solutions that are coherent and complementary.

In this chapter, we examine these issues. Section 8.1 enumerates the main threat types facing kiosk services. Section 8.2 explores the points of attack in a kiosk system, where these threats can be carried out. Section 8.3 catalogs some techniques that can protect these points of attack. Elsewhere we provide a lengthy exploration of these issues.[25]

8.1 Threat Types

Kiosk systems, like other electronic service vehicles, face three primary threat types. We examine each in turn.

8.1.1 Disclosure of Information

Many kiosk systems involve private information. Some require the client to enter private information -- such as a PIN or a password -- as part of user authentication. Others require private information -- such as a Social Security Number, an income level, or a set of disease symptoms -- as part of the provided service. Kiosk services may also provide private information -- such as a benefits level or a diagnosis -- as part of the service.

All information that has the expectation of privacy needs to be protected. This protection may be required by law (e.g., the Privacy Act), and also by practical reasons: private information can be a valuable target for thieves.

Disclosure of information is an area that can demonstrate the second main aspect of kiosk insecurity: enabling frauds not while performing correct service. For example, a perpetrator can monitor a commerce kiosk in order to assemble a long list of names, credit card numbers, and expiration dates. This list can then be used to enable other frauds -- although the original kiosk services proceed unhindered.

We note that private information can also consist of things beyond the actual data being moved around in a kiosk session. The simple fact that certain users are requesting certain services can be valuable to perpetrators. Security scientists are fond of citing the example of a recent U. S. military action that was no surprise to Washington's pizza shops, since the number of late-night pizzas ordered by Pentagon staff had skyrocketed.

8.1.2 Violation of Integrity

The concept of integrity has two aspects:

* uncorrupted wholeness, and

* operating in a trustworthy, correct fashion.

Kiosk systems are vulnerable to violations of integrity on both these levels.

Kiosks store and provide data, and have internal programs and operating software. They may be connected over networks to remote computers, which also store data and software. The integrity of all this information can be compromised by a determined hacker.

Another aspect of integrity is the correctness of the service provided. The designer of a kiosk system should ask herself two questions:

* What implicit assumptions am I making about this service?

* Can a perpetrator subvert these assumptions for personal benefit?

For one example, a kiosk system that sells concert tickets may limit each individual to purchasing four tickets. A greedy perpetrator may determine a way to impersonate other individuals in order to circumvent this limit. For another example, a university system may impose a strict time deadline on when a student submits their homework. A student who determines how to make the clock on a kiosk run slow can then submit homework late. All of these attacks would constitute violations of integrity.

8.1.3 Denial of Service

A key property of service delivery system is that it deliver the service. Perpetrators may attack a kiosk system simply to have it deny service to legitimate clients. Such attacks could have effects ranging from mere annoyances to loss of confidence in the deploying institution to (in extreme cases) lawsuits and fines.

8.2 Points of Attack

Compared to traditional service vehicles of telephones and offices, kiosk systems are much more exposed. Kiosks are stationed in isolated places, often away from direct human supervision, and can be interconnected with physical wire that is also exposed. This exposure results in many points of attack that a perpetrator can use. (It is interesting to note, however, that the most powerful point of attack -- the insider threat -- arises from the one of the few roles that humans retain in the system.)

8.2.1 The User Interface

Perhaps the most obvious point of attack is the user interface: attacks commitable by using the normal "front end" that a kiosk provides to clients. A perpetrator may try to masquerade as another user in order to obtain information or change records; a perpetrator may also deny service to users by bombarding the system with resource-consuming requests.

A more advanced use of this point of attack would be to exploit a bug or trapdoor in the user interface in order to gain access to the kiosk's internal computing environment, and then to carry out threats possible from that point of attack (Section 8.2.3).

8.2.2 The Physical Kiosk

A significant component of the kiosk is its physical environment: its case, input/output devices, and physical arrangement. This environment may also be attacked. A perpetrator may exploit the physical arrangement in order to shoulder surf: surreptitiously observe the private data that clients enter. (Shoulder-surfing is a significant cause of telephone-card fraud in the U. S.) A perpetrator may dumpster-dive: examine the trash near a kiosk for discarded receipts containing information that can be used for fraud. A perpetrator may jam the card reader (this was a technique used in the Connecticut fake ATM case in order to direct clients away from real ATMs), empty or jam the printer, or even steal an entire kiosk.

As with the user interface, a more advanced use of this point of attack would be to physically penetrate the kiosk while leaving it in a functioning state, and then use the resulting access to the internal computing environment to carry out threats from that point of attack (Section 8.2.3).

8.2.3 Kiosk Software

Another significant component of the kiosk is its internal computing environment. Attacks on this level can be particularly devastating. Perpetrators may insert Trojan Horses that gather private information.[26] Perpetrators may deactivate security measures to enable other types of frauds; they may alter or crash the software, or learn cryptographic keys which make it possible to forge access cards.

If the kiosk is networked to a remote host and the network front end on that host can be subverted, then perpetrators can use access to the kiosk software to gain insider access to the host computer, and carry out attacks from there (Section 8.2.5.)

8.2.4 The Network

Networked kiosk systems carry their own vulnerabilities. A perpetrator may tap into the line and eavesdrop on or modify legitimate messages. A perpetrator may insert messages of their own, or even sever the line altogether. Fending off these attacks will become even more challenging when kiosks move to wireless technology.

8.2.5 Insiders

Insiders -- employees of the deploying institution or its contractors -- constitute one of the most serious threats to a system. Insiders can directly insert Trojan Horses and trapdoors in kiosk and host software, can peruse and modify databases, and can damage or delete necessary system components.

8.2.6 Remote Access

Host computers often have lines to permit remote access over the Internet or the telephone system. If the front end on such a line can be subverted -- or if a front end does not even exist -- then remote lines provide a way for perpetrators from anywhere in the world to obtain insider access, and carry out attacks from Section 8.2.5. These attacks are possible even for kiosks that are not networked -- if the computers on which the kiosk software was developed permitted remote access.

We caution the deployer of a kiosk system to examine this issue carefully. Our experience in vulnerability analysis has too often revealed the existence of dial-in lines -- for off-hours emergency repair -- that even the institution's security officers did not know about.

8.2.7 Fake Kiosks

Examinations of kiosk security frequently devote much attention to user authentication: making sure the user is who she says she is. However, the converse problem is also important: assuring the user that the kiosk is in fact genuine. A well-known example of a successful fake kiosk attack is described elsewhere[27]; perpetrators installed a fake ATM -- that actually dispensed money -- in a Connecticut shopping mall, and used it to gather account numbers and PINs (later used for illegitimate withdrawals from real ATMs.)

Fake kiosks can also result in indirect denial of service attacks, in that clients will be discouraged from using real kiosks, and may possibly lose respect for an institution's reliability.

The increasing intertwining of kiosk services and Internet services -- and the consequent easing of remote access to legitimate services -- will make more likely a new twist: fake kiosks that provide legitimate service. For example, suppose an institution deploys a kiosk system that provides many services for free. A perpetrator could deploy a fake kiosk that purports to be part of this institution's system, and in fact actually provides these services, while also requesting credit card numbers as part of authentication.

8.3 Solutions

Fortunately, solutions exist for many of these threats. We briefly consider solution techniques relevant to the various points of attack; a much more detailed survey can be found elsewhere.[28]

8.3.1 The User Interface

Probably the most central security threat in many kiosk systems is user authentication. Is the user who she says she is? (Will the deploying institution be liable if it provides private information to the wrong party?) A large suite of techniques have been developed to address this problem. Informally, these techniques reduce to verifying the user's identity on the basis of one of three things:

* something the user has;

* something the user knows; or

* something the user is.

A common example of the first technique is the personal token: a card which the user carries and inserts into the kiosk. These tokens range from primitive OCR cards to highly advanced PCMCIA tokens offering powerful computational environments. Effectiveness -- and cost -- varies tremendously.

A common example of the second technique is the password or PIN: a short alphanumeric sequence which the user types into the machine. Other knowledge-based techniques might use personal details about a client, like their date of birth and employee ID number.

A common example of the third technique is biometric authentication: special devices on the kiosk measure physical properties of the user, and compare these measurements to stored references. Physical properties commonly used are fingerprints and hand geometry; advanced iris-scanning technology (which the user does not even observe occurring) looks particularly promising.

Our third security theme stressed the need for multiple levels. User authentication is a demonstration of that theme: we caution the designer to use at least two factors in the user authentication scheme. We also caution the designer to be aware that good design is necessary -- if the two factors are magnetic-stripe card and PIN but the PIN is encoded on the magnetic stripe, then compromising one factor (e.g., stealing the card) can still suffice for impersonation.

A critical implementation issue for most user authentication techniques is enrollment. The clients of a system need to go through some registration process, and may need to have special cards issued to them. This can be expensive and difficult in some cases, such as a kiosk system intended to provide a low-priority service to a huge population. In such instances, it may be feasible to piggyback on pre-existing authentication systems.

Other techniques that can increase the security of the user interface are psychological deterrents (warning the would-be perpetrator that fraud will be detected and prosecuted), strict limits on the power of kiosks, and anomaly detection on usage patterns).[29]

8.3.2 The Physical Kiosk

A standard suite of privacy measures and secure hardware techniques exist to address this problem. Some of these derive from common sense: positioning the CRT so only the client can read it, and positioning the keypad so that no bystanders can observe the entering of a PIN. Other techniques are more advanced, such as secure cabinet materials and construction.

8.3.3 Kiosk Software

Combating fraudulent access to the kiosk's internal computing environment raises many challenges. Basic techniques -- such as restricting the power of the kiosk's computer to that strictly necessary for the provided service -- can be very effective. More advanced techniques employ the use of secure coprocessors to provide tamper-proof "envelopes" in which to keep sensitive computation and data out of the reach of perpetrators who have succeeded in penetrating that far.[30]

8.3.4 The Network

One aspect of network security pertains to the physical network itself. Physical security techniques on the wires or fibers themselves certainly help, as does using sound fault-tolerant design practices (to make denial of services attacks more difficult). Using private networks may be more expensive than using leased lines or the Internet, but often will provide increased security.

The other main aspect of network security is information security: using sound cryptographic protocols to prevent perpetrators from modifying or inserting messages, or replaying old messages which were originally legitimate. Standard techniques of public-key cryptography, session keys and symmetric-key cryptography, message digests, secure hash functions, nonces, and sequence numbers all address these issues. We refer the reader to Chapter 3 in [Hochberg 1995], or any of the standard reference works, such as [Schnier 1994].

We have focused on the network. The connection between the network and any host computers is also an area vulnerable to attack, and for which many techniques (such as firewalls) have been developed. A good survey of these techniques is available.[31]

8.3.5 Insiders

Formality of operations, automatic procedures and automated audit analysis all help here. A good discussion of these topics is available.[32]

8.3.6 Remote Access

Sound firewall design as well as strong user authentication and automated analysis techniques help address this threat. We also caution the designer to be wary of securing telephone lines by the use of dial-back modems: many popular modems can be fooled by a perpetrator calling, and then transmitting a dial-tone.

8.3.7 Fake Kiosks

Strong physical security techniques combined with client education can help address this threat. In the extreme case, the same strong authentication techniques applied to users can be applied to kiosks, although this may require the user having their own computational environment (such as a smart card).


To evaluate the kiosk design it must be evaluated by two sets of criteria. It must be evaluated by how well it satisfies the requirements of Service Providers who wanted the kiosk built. It must also be evaluated by how well it meets the requirements of the Service Users for whom it was designed.

9.1 Acceptance

Provider acceptance is evaluated by determining whether or not the delivered kiosk meet the requirements of the RFQs. The RFQ's were written to specify a solution to the problem that the kiosk was designed to solve. The RFQ's were written after determining the kiosk's requirements, attributes, and constraints. The RFQ is the contract between the Service Provider and the kiosk designer.

The Service Users Acceptance is determined by the effectiveness of the kiosk. The only way to determine this is by studying how the users interact with the kiosk. There are several different techniques which can be used to evaluate the success of a kiosk. Whenever possible, aspects of system operations relevant to user acceptance should also be measured empirically.

First, we must define a set of evaluation criteria by which the system should be judged. These are the following:

* choice of applications

* quality of implementation

* security

* cost/benefit analysis (business case)

Second, we must specify methodologies by which one can evaluate the system's performance according to the defined criteria. We will suggest the following methodologies:

* client feedback

* automatic tracking

* administrative review

If desired, one can use a pilot phase to test a variety of applications, implementations, and security measures. It can evaluate their relative performance, and adopt the most favorable ones after completing the pilot phase.

9.2 Choice of applications

This criterion breaks down into two subcriteria:

* Exclusion. Are there additional applications that clients would like to see on the kiosks?

* Inclusion. Has the agency implemented applications that clients do not want to use? These must be distinguished from applications that clients do not use because of poor design.

9.2.1 Quality of implementation

Several subcriteria apply to the client's perspective. Some of these are general:

* Overall interface. Is the user interface self-explanatory and easy to use, or is it intimidating or confusing?

* Applications. Are the screens for specific applications easy to use?

* Turnaround. Does the kiosk react quickly to user input, or do users have to wait too long for new screens or printouts?

* Accessibility. Does the kiosk accommodate a wide range of users, varying in their age, disability, and cultural background? An ideal system will provide alternative means of access for clients with special needs: a switch that enlarges the font size on the screen display, a variety of authentication options for the disabled, a speech recognition option for visually impaired clients, and a multitude of languages to choose from. It will also be tolerant of user errors. While field offices will always remain available for clients who cannot use kiosks, making the kiosks maximally accessible will benefit both the clients and the agency's finances.

Other subcriteria from the client's perspective pertain to security when it is being used. We believe that success on these criteria is vital: a secure system is worthless if its clientele will not use it.

* Comfort. Does security make the kiosk unpleasant to use? The user authentication procedure should not be frightening, humiliating, or intrude on the user's privacy. These factors, respectively, may cause problems for retina recognition, fingerprint recognition, and knowledge-based authentication based on a set of facts about the user.

* Convenience. Does security make the kiosk inconvenient to use? If the user authentication procedure is slow, this will annoy the client currently at the kiosk as well as others waiting for the client to finish. If the authentication system or automated audit analysis system has a high false reject rate, this will be very frustrating for bona fide clients who are refused access to the system, or whose current sessions are interrupted when the kiosk mistakenly detects an anomaly.

* Accessibility. Does security make it hard for certain types of clients to use the system? Depending on their age, disability, and cultural background, clients may have difficulty with knowledge-based authentication (e.g., remembering a PIN), certain biometrics (e.g., signature, recognition), sight-based user interfaces (e.g., a keyboard), and language-specific instructions. Clients unskilled in kiosk usage may make many errors, triggering a negative response from the automated audit analysis system.

The implementation should also be evaluated from a management perspective:

* Output. Do kiosk sessions result in output that is of use to the kiosk owner? For example, do kiosk-based requests for information often need to be re-keyed by hand?

* Standards. Does the kiosk system meet established standards for information technologies? There are several different technologies and techniques that have been considered for use in the implementation of the kiosk system. In the case of magnetic stripes and bar codes, well defined standards have been adopted by the ISO (International Standards Organization). If the kiosk owner is part of the federal government, it is either required to follow standards for security and cryptography specified by NIST[33] or attain a written waiver making them exempt for the regulations. For many of the technologies discussed in this report, such as smart cards and biometrics, standards do not yet exist but are under development.

* Enabling evaluation. Does the kiosk programming include functions that enable managers to evaluate the system? (This includes on-line surveys, self-tracking, etc. -- see evaluation methodologies below.)

9.2.2 Security

* User authentication. Does the security system effectively screen out masqueraders? The percentage of false accepts should be kept to some acceptable minimum. This should be lower than the false accept rate found in telephone interactions, given the higher potential of electronic fraud. At the same time, the false reject rate must be kept low enough not to annoy bona fide clients (see convenience above).

* Auditing. Is the kiosk system's automatic auditing capability effective? Does it provide security officers with all the information they need to determine whether the system is secure? Does it provide a minimum of superfluous information? Is there an automatic system for analyzing the audit data? How useful is it?

* Response. If the security system detects invalid behavior, does it respond in near real-time, and in what manner? The faster and more effective the response, the better.

9.2.3 Business case

The kiosk system will be a success from the business perspective if its benefits outweigh its costs. Costs include:

* Start-up. This includes designing, constructing, and installing the kiosks, and enrolling users or issuing cards, if required.

* Operation. This includes hardware and software maintenance, and ongoing labor costs for interacting with users on kiosk-related issues (e.g., enrolling new users, replacing lost cards, answering questions)

We stress that an over-emphasis on economy at start-up may increase operational costs and/or reduce benefits. Initial expenditures along the following lines are likely to lower later costs:

* Flexibility. It is worth spending more money to implement a kiosk system that the kiosk owner can easily change in the future, rather than one it would need to replace.

* Durability. As in any major purchase, quality matters. Better-quality hardware and software will require less maintenance and replacement.

Expenditures along the following lines are likely to increase benefits, and thus improve the cost-benefit ratio:

* Speed. The faster the user turnaround, the more satisfied users will be, and the more likely they will be to use kiosks instead of the 800 number or field agents.

* User interface. Initial costs in careful design and testing of the user interface will pay off in satisfied users and usable kiosk output.

* Security. Initial costs to build in security will minimize expensive fixes down the road and maintain user (and Congressional) confidence in the system.

Benefits from the kiosk system should include the following:

* Drop/no increase in other services. This is the heart of the benefits side of the business case. The main financial motivation for going to kiosks is to reduce costs for other means of service delivery(800 number, field offices), or at least to hold down increases in these services in future years. If the kiosks merely attract new users (who were not intending to access services otherwise), but do not divert established users from existing means of service delivery, it will cost the kiosk owner money rather than saving it.

* Public relations. The kiosk system should appeal to the public and show it that the kiosk owner cares about its clients and is in step with modern technology.

* Decrease in fraud. A truly secure kiosk system could reduce the overall risk of fraud.

* Increased service delivery. While this benefit is hard to reconcile with the key goal of saving money, it is still feasible. If the kiosks attract users who otherwise would have used the 800 number or a field office, and if they can additionally accommodate new users, then the system can be said to have increased service delivery while lowering costs.

9.3 Techniques

We have just described a set of criteria by which the kiosk system can be judged. How can the one determine whether the system meets these criteria? We propose three methodologies below. Wherever possible, one should compare the results of these evaluations to results of evaluations of other means of service delivery.

9.3.1 Client feedback

We have found [Hix 1993] to be a valuable resource in preparing this section. The kiosk owner should get feedback both from clients who use the kiosks and from those who do not: the former to learn about system usage, and the latter to find out how the system might be changed to encourage wider usage. It should get feedback as the interface is being developed (formative evaluation) as well as when the kiosks are fielded (summative evaluation). Feedback can be objective or subjective, quantitative or qualitative. Clients can provide feedback in the following ways:

* Videotaping. This is one of the best ways to learn about kiosk usage. One can get an overall impression of whether users enjoy the system, whether they make a lot of errors, and of what type, and how system usage differs from what is expected. A posted or on-line notice should let users know that they are being videotaped.

* Concurrent verbal protocol talking. A client is asked to talk out loud while using the kiosk, describing "what they are trying to do, or why they are having a problem, what they expected to happen that did not, what they wished had happened, and so on."[34]

* On-line feedback. Screen design can include a comment button that allows a user to give feedback at any time. Additionally, or alternatively, the kiosk could prompt the user to complete an on-line survey after finishing all transactions. The survey can ask general questions about user satisfaction as well as specific questions about different aspects of the system: speed, intrusiveness of user authentication system, etc. It can also ask users whether they have used the kiosk instead of the 800 phone service or a field office.

There are several possible formats for on-line feedback, whether collected via comment buttons or a post-transaction survey. Users may enter feedback orally, or by typing. They may provide feedback in a fixed format, e.g., rating the system overall from 1 to 5, or in free text. Fixed-format input is easier to analyze, though free-form input may be more in-depth.

A problem with on-line feedback is that only users who choose to do so will provide feedback. Any statistician will testify that such a self-selecting group of respondents will produce a biased result: typically, individuals who are dissatisfied with the system will be disproportionately represented. The kiosk owner can lessen this problem, at least with regards to an on-line survey, by encouraging more users to complete the survey. The survey should be short; the kiosk may present it to all users without first asking if they want to complete it. At the extreme, the kiosk could require a user to complete the survey before returning his or her card, if one is used.

* Personal interviews. One can interview both users and non-users to learn their reactions to the system. One should also provide a process for capturing informal feedback from clients. The field office representatives in the offices which provide kiosks will undoubtedly be the recipients of comments, both positive and negative, on the kiosk system.

* Focus groups. The kiosk owner can conduct "focus group" sessions like those used by marketers and advertisers to evaluate new products and advertising campaigns. In such a session, a group of users, hopefully stratified by age, socioeconomic class, disability, etc. would discuss the kiosk system with employees for an hour or two.

9.3.2 Automatic tracking

The kiosk programming should include a tracking system that keeps quantitative records of system performance. At a minimum, this system should record how many clients use the kiosk, and each specific service on the kiosk, each day. Adding more detail, the system could record the amount of time each user spends at the kiosk. More detailed timing data can yield the time spent on each kiosk sub-function: introductory screens, user authentication, navigational screens, and screens for specific kiosk services. This information on frequency and speed of transactions and services can help managers estimate the cost of each transaction and the success of the user interface.

Other extensions of automatic tracking are possible. The system could record the frequency of errors such as unstopped input (e.g., a nine-digit Social Security number) or incorrect use of a touch screen (e.g., users' pressing inactive areas of the screen). Tracking could also serve as a trigger for more detailed analysis. For example, it could operate in conjunction with a videotaping system that continuously loops unless triggered to save. If a user spent an unusually long interval of time on a particular screen, this could trigger the system to save the videotape segment corresponding to that interval, as well as a few minutes before and after the interval, for context.

9.3.3 Manager feedback

System managers and security officers will be an important part of the kiosk evaluation. System managers will determine whether the implementation meets government standards, enables evaluation, and is accessible to a satisfactory range of clients. During the pilot they can determine whether kiosk output is of satisfactory quality. They can determine whether the kiosks present a good business case. This evaluation must take into account such factors as the speed of transactions, the cost of operating the system (including answering questions, replacing lost cards, etc.), and the relationship between phone service and kiosk service.

Security officers will determine whether the user authentication system is sufficiently rigorous, and whether false reject rates are within reasonable limits. They will also play a key role in evaluating any automated audit analysis system that is built into the kiosks. Security officers should be tasked to review all suspicious incidents reported by the audit analysis system. If most of these turn out to be non-fraudulent, and in fact not worth investigating, it is likely that the reporting criteria in the system should be tightened. At the same time, security officers should review kiosk frauds not detected by the audit analysis system (though detected by other means). If this number is large relative to the number of detected frauds, then the kiosk owner should consider loosening the reporting criteria and/or adding new criteria.


This work was performed under the auspices of the United States Department of Energy.


The following table shows the cost for a kiosk over a 5 year period.[35] Notice that as the number of kiosk increase the cost for software, hardware, the enclosure, and the computer decrease. At the same time the costs associated with the Service and Support increase.

Table 3: Kiosk Cost for 5 years

                                    1        10             100            1000           
     Non       Software              25,000  15,000         2,000          500            
 Reoccurring   Hardware                   0  2,000          2,000          500            
 Reoccurring   Enclosure             10,000  2,000          1,500          1,000          
 Expenses[37]  Computer               5,000  5,000          4,500          4,000          
   Service     Service                    0  1,000          2,500          3,000          
and Support[38]Support                    0  0              3,000          3,000          
               Average Cost          40,000  25,000         15,000         12,000         
               per kiosk                                                                  

If you purchase 100 kiosks your average monthly cost per kiosk over the 5 year period is:

$15,000 / 60 months = $250 per month

If you rent the kiosks from a kiosk vender who is responsible for both service and support it will cost approximately twice the average monthly cost for each kiosk:

2 X $250 = $500 per month

The value gained by using a kiosk must be greater than $500 per month to be cost effective.


AManufacturer 1994 Appliance Manufacturer, Indoor Radar. May, 1994, pp 98-99.

Besse 1994 Conversation with Lee J. Besse, President, Advanced Video Integration Inc., April 11, 1994.

Cheswick 1994 Cheswick, W.R. and S.M. Bellovin, Firewalls and Internet Security: Repelling the Wily Hacker. Reading, MA: Addison-Wesley, 1994.

Comer 1991 Comer, D.E., Internetworking With TCP/IP, Vol I:, Principles, Protocols, and Architecture, Second Edition. Englewood Cliffs, N.J.: Prentice Hall, 1991, pp 18-19.

DiCarlo 1994 DiCarlo, L., {UPSs} power up on monitoring. PC Week, January, 1994, p. 81.

Higgs 1994 Higgs, S. and M. Chandrika, Head to Head: The newest lase, ink-jet, dot-matrix, and color printers via for top honors in our applications-base rankings. Byte, May, 1994. p. 168.

Hix 1993 Hix, D. and H.R. Hartson, Developing User Interfaces. New York: John Wiley and Sons, 1993.

Hochberg 1993a Hochberg, J.G., K.A. Jackson, J.F. McClary, and D. Simmonds, Addressing the insider threat. In Proceedings of the 1993 DOE Computer Security Group Conference, 1993.

Hochberg 1993b Hochberg, J.G., K.A. Jackson, C.A. Stallings, J.F. McClary, D. DuBois, and J. Ford, NADIR: An Automated System for Detecting Network Intrusion and Misuse. Computers and Security, vol. 12, (3) May, 1993, pp. 235-48.

Hochberg 1995 Hochberg, J.G., S. Smith, B. Yantis, M. Murphy, and P. Pedersen, Kiosk Security Handbook. Los Alamos Unclassified Report, to appear May, 1995.

Miller 1993 Miller, D., New Products. PC World, January, 1993. p. 66.

NIST 1988 National Institute of Standards and Technology, Data encryption standard. Federal Information Processing Standards Publication 46-1. Available by anonymous FTP at or from the National Technical Information Service (NTSIS), 5285 Port Royal Road, Springfield, VA 22161.

PC-Week 1993 PC-Week, August 30, 1993, p. 83.

Robinson 1994 Robinson, P., Authoring Software. New Media Magazine, March, 1994, pp. 19-23.

Rosenthal 1994 Rosenthal, S., {QuickTime} and AVI Capture Cards. New Media Magazine, March, 1994, pp. 75-76, 81.

Schneir 1994 Applied Cryptography. New York: John Wiley & Sons, 1994.

Smith 1994 Smith, S.W., Secure Distributed Time for Secure Distributed Protocols. Ph.D. thesis. Computer Science Technical Report CMU-CS-94-177, Carnegie Mellon University, September 1994.

Thieves 1993 "Thieves Use Fake ATM to Raid Bank Accounts." San Jose Mercury News, May 12, 1993, p. 1A.

Thompson 1987 Thompson, K., Reflections on Trusting Trust. In ACM Turing Award Lectures: the First Twenty Years, R. L. Ashenhurst and S. Graham (Eds.), Reading, MA: Addison-Wesley, 1987.

Tygar 1993 Tygar, J.D. and B.S. Yee, Dyad: A System for Using Physically Secure Coprocessors. Proceedings of the Joint Harvard-MIT Workshop on Technological Strategies for the Protection of Intellectual Property in the Network Multimedia Environment, April, 1993.

Van Bergen 1993 Van Bergen, J., Microphones: A Choosers's Guide. TCI, November, 1993, pp. 48-53.

Vince 1990 Vince, J., The Language of Computer Graphics. New York: Van Nostrand Reinhold, 1990.

Vizard 1993 Vizard, F., Dial a Picture. Popular Mechanics, June, 1993, pp. 106, 110.

Waring 1994a Waring, B., Large-Screen Presentation Displays. New Media Magazine, March, 1994, pp. 123.

Waring 1994b Waring, B., {CD-ROM} Drives. New Media Magazine, March, 1994, pp 109, 112-113.

Weaning 1994 Weaning, L. and J.B. Nomdic, 3-D Graphics and Animation, March 1994, pp. 29-38

Weibel 1991 Weibel, B. and D. Tynan, Postcript Lasers. PC World, December, 1991, pp. 174-175.

Yavelow 1994 Yavelow, C., Self-Powered Speakers for Multimedia. New Media Magazine, March, 1994, pp. 69-71.

Yee 1994 Yee, B.S., Using Secure Coprocessors. Ph.D. thesis. Computer Science Technical Report CMU-CS-94-149, Carnegie Mellon University, May 1994.

Request For Information
Click Here to send us form-qualified specifications for projects. We'll distribute to members with or without contact information depending on your preference.

New Design For Website
Send us email and let us know if you like the new layout, what you wish for and what you like.

Also our EMail Newsletter
Click Here and send blank email. The server will automatically send you a confirmation message. Once you reply, you'll be added to the list.

spacer Companies spacer News spacer Questions spacer Help

       © 2000 Kiosks.Org.
       All Rights Reserved.