Kiosk Report – Los Alamos kiosk_paper.html
This paper, titled “The Los Alamos Kiosk System,” was published in 1995 by researchers from Los Alamos National Laboratory. The primary authors were E. James Purcell and Michelle M. Hall.
-
The paper describes an innovative kiosk system developed at Los Alamos National Laboratory for public information dissemination.
-
It was one of the early examples of using multimedia kiosks for public outreach and education about scientific topics.
-
The system was designed to provide information about Los Alamos National Laboratory’s history, current research, and future plans.
-
It utilized then-advanced technologies such as touch screens and multimedia presentations to engage users.
-
The kiosk system was intended to be placed in public areas like museums and visitor centers to reach a broader audience.
This paper was significant because it demonstrated:
-
Early adoption of interactive technology for public engagement in science
-
The potential of kiosks as educational tools
-
How national laboratories could use technology to communicate with the public
The Los Alamos Kiosk System described in this 1995 paper was an early precursor to many of the interactive information systems we see today in museums, airports, and other public spaces.
Kiosk and KiosksKiosks: A Technological Overview
LA-UR-95-1672
Gerald Morris, Torrin Sanders, Anne Gilman, Stephen J. Adelson, and Sean
Smith
CIC-3
Los Alamos National Laboratory
Los Alamos, NM 87545
January 10, 1995
This paper discusses the selection of components for constructing kiosk
systems. After outlining the design steps necessary before creating a kiosk
system, we will present each of the typical kiosk components and describe in
detail both its function and what parameters can be used to evaluate that
component. Discussion of the human factors considerations of each component is
included where appropriate.
Until recently, a kiosk was a small, rugged standalone structure often
used as a newsstand, bandstand, or other commercial enterprise. The definition
is evolving to include computer systems found in public places. These public
computer systems are designed to provide an alternative avenue to reach
information and services. The user is presented with an attractive structure
which has been designed to provide a simple, friendly interface to novice
computer users. A kiosk performs a task which is easily automated, freeing
personnel from boring tedious labor.
Kiosks are being used as a primary tool in efforts to improve the
effectiveness of limited personnel and provide easy and convenient access to a
wide range of services. Most of these kiosks are built to perform one of the
following functions:
* To advertise a commercial product.
* To collect or dispense specific information.
* To exchange information, funds, and/or services.
Kiosks used to advertise products are the least complex type of kiosk.
The advertisement kiosk promotes products by providing information about it in
a pleasing, interactive environment. This family of kiosks is often used at
trade conferences and showroom floors. Advertisement kiosks most commonly take
input from a touch screen monitor and use video, animation, and sound to convey
information. Proximity detectors may be used to start an advertisement
sequence on the kiosk when a potential customer is near, typically using sound
and video. Ordinarily located indoors, these kiosks rely on humans for
security and maintenance. Limited access to the kiosk makes both physical and
system security a low risk.
Information kiosks are used to automate information access or to collect
information. These kiosks are found in high pedestrian traffic areas like
airports, stores, malls, and convention centers. User input is normally
through a touch screen or, less frequently, with a keyboard. Hard copy output
— for maps, coupons, or other desired information — is normally available
through a printer. Although the amount of information is very limited, ticket
dispensers at parking lots fit into this category because the information flow
is one way: the user requests and receives a time-stamped ticket. Proximity
detectors are rarely used with these systems, because noisy or flashing
displays prompted by proximity detectors can become a distraction for business
concerns or staff members in the same area. Informational kiosks are designed
to be visually conspicuous to attract the attention of anyone looking for it
without being confrontational to the senses of others. The physical security
for these systems is at risk because they have no local owner. The system may
be in full view of the public, but none of the people responsible for it are
nearby.
Transactional kiosks, used to sell goods and services or to exchange
information, are the most complex type of kiosk. This family of kiosks is
found in stores, malls, public transit terminals, and other high pedestrian
traffic areas. Touch screens, simple buttons or keyboards are all used to get
instructions and information, along with some method of fund collection, and
possibly identity verification. Proximity detectors used to trigger kiosk
activities designed to attract customers may be used. The physical security of
these kiosks are at risk since money and goods are involved. A kiosk that
accepts cash must be designed differently from a kiosk that takes only credit
cards or debit cards. The extra room needed to store the cash, the room needed
to store change, and the physical security measures needed to protect both adds
to the kiosk cost. Most cash processing kiosks deal with small amounts of
money only, for public transit fares, parking tickets and the like. Kiosks
which sell airplane tickets or allow the transfer funds at a bank require a
card of some kind, both to eliminate the difficulty of handling cash and to
identify the user.
The design of a kiosk is dependent on what services the kiosk will provide, who
will use the services, and the location of the kiosk.
As the kiosk developer, the service provider is the immediate customer. The
customer sees the kiosk as a solution for a specific problem. A developer’s
first responsibility is to make sure that you and the customer have a common
definition of the problem to be solved. If you cannot agree on what the
problem is, it is difficult to agree on its solution.
The kiosk designers and service provider need to define the target population
for the services that will be provided. The target population is used to
define needed functionality and constraints to the design of the kiosk. Will
the users be familiar with keyboards? What ages will your users be? Can they
all speak one language, or must you provide several? Would you like to include
wheelchair users among your clients? The physical, educational, social and
national characteristics of your user population will be used to determine and
constrain your hardware and interface choices.
The client using a kiosk is not necessarily concerned with how it functions
internally; it can also be risky to advertise the physical structure of your
system. The user should be able to view the kiosk simply as a cabinet housing
electronic equipment which performs a useful function, without having to
comprehend the exact wiring and hardware components. The enclosure is very
important to how the client views the kiosk. It must be regarded as providing
a service without offending the user, and it must be pleasant to look at and
use. It must be designed to be accessible to handicapped users and meet any
necessary certification requirements.
As described in the first section, the location of the kiosk delimits what
features are most desirable. In an environment where many people must work
next to the kiosk all day, repeated music selections can be very annoying.
Kiosks should be placed where they can both attract users and not obstruct
traffic flow. In addition to the obvious environmental factors of temperature,
humidity, and precipitation, the amount of light and noise around a proposed
kiosk location will also affect the basic design. If the kiosk will be located
in a business setting where many people have to work near it all day, loud and
repetitive audio output is a poor choice. Alternatively, if the kiosk will be
placed in a stadium, an arcade, or an auction center, use of voice recognition,
spoken passwords, or informational audio output will be impractical.
As an example we will use the kiosk which was designed at Los Alamos National
Laboratory for the LIST project. This kiosk was designed as a prototype,
using the technologies and software available in mid to late 1994.
The Los Alamos Information Systems Technologies (LIST) system is designed to
facilitate the creation of telecommunities in the National Information
Infrastructure (NII). These telecommunities will initially be
geographically-centered, based on existing communities or towns.
Telecommunities can also be based on common interests such as research,
business, education, etc. Telecommunity software will provide a common user
interface to all users, a set of base services (such as email, WWW access,
teleconferencing, bulletin boards, etc.), and a set of telecommunity-controlled
applications. In a telecommunity based on a town these applications can
include county services, government services, banks, local businesses, and
select remote businesses. Users and applications will register with the
telecommunity for control and information reasons. The information collected
through registration will allow users to initially access general applications
as well as applications requiring access to sensitive information or commerce
transactions. Application information will be used by the searching
services.
The LIST telecommunity will be available from a user’s workstation at work, at
home, or from a kiosk within the townsite. Similar functionality will be
available from a workstation or kiosk. Users should easily be able to conduct
business transactions, collaborate with remote partners, and mine for
information using LIST. Not only will our lives be made easier through
electronic banking (pay your bills and balance your checkbook automatically)
and government services (renew that drivers license without standing in line),
but also we will be more connected with our neighbors. People looking for
bridge partners can post a message to their neighborhood bulletin board,
archaeology buffs can organize expeditions, and students can collaborate both
with their classmates and their peers around the world.
Similar to the free televisions stations, there will be a free level in the
telecommunity that anyone can access, whether they are a member or not. This
will typically be information-only applications, such as information on the
county, government, tourism, etc. Access to the non-free level will require
user authentication in the form of a password, smartcard, biometric, or some
combination.
Personal interaction facilities will be available through the telecommunity,
allowing users to chat when accessing the same application, facilitating
teleconferencing and collaboration, or to provide on-line help within an
application.
The LIST kiosks will provide an array of different applications, not just a
single type of application such as Department of Motor Vehicle services or
probation services as is currently seen today. The LIST kiosk must be general
purpose and serve as a user interface for various multimedia telecommunity
applications.
Goals are the long term objective being addressed by the kiosk and are helpful
when making design decisions. This kiosk will supply community based services
at public locations. The kiosk will provide value to the community as an
electronic tool for every day use. Several goals of the kiosk are expressed
below:
* The kiosk will serve all Americans. The kiosk will have an easy to
use, intuitive and consistent interface. The kiosk will provide a variety of
capabilities which will support diverse users and communities.
* The kiosk will promote free enterprise. The kiosk should support
competition in an open marketplace. Users will be afforded the maximum choice
based on value and price.
* The kiosk will protect the rights of users. The intellectual property
rights of owners of information must be protected. The kiosk must support
means for supporting verification of identity of users, service providers, and
information. Anonymous access will also be supported for some services. Users
must be assured that transactions on the kiosk will be free from interception,
alterations, and use.
* The kiosk will promote open standards. The kiosk must support
national and international standards to promote interoperability when
possible.
* The kiosk will provide high-quality services. Services accessed at
the kiosk must be dependable and the integrity of the service guaranteed. The
kiosk must be flexible in capacity and performance, with the ability to evolve
to meet future applications.
* The kiosk will provide an information marketplace. The kiosk will be
able to let users know what services, information, and capabilities are
available at any time. The kiosk will provide easy entry to new service
providers and users. The kiosk will support the ability to use existing
applications to create new products and services. The kiosk will provide
access to internet services.
2.3.3
Kiosk Requirements and Functionality
Once the problem is defined, the solution can be worked on. First, determine
the kiosk’s requirements needed to solve the problem. The functional
requirements of the kiosk must be precise. The requirements must specify what
the kiosk system must do, not how to do it. The requirements must also show a
design which is simple and well-integrated. The functional requirements should
help define the intended kiosk user, along with any special needs and
requirement the kiosk must address.
2.3.3.1
Security and Authentication
Security and authentication need to be intimately tied together in this system.
Users must be assured that their information and transactions are not forgeable
and there is no way to cheat the system. The kiosk must support LIST security
and authentication enhancements.
Currently there are limited tools available on the Internet to facilitate
information mining. By this we mean that people cannot easily search for
information across the various tools. Some of the tools have rudimentary
directory services or rudimentary search capabilities, but none provide the
extensive capabilities necessary to access the wealth of on-line data. The
kiosk must support information search and mining using LIST.
2.3.3.3
Controlled Information Distribution
The kiosk must support LIST enhancements for limiting distribution/copying of
controlled information (software, electronic magazine, copyrighted material) —
e.g., controlled cut-and-paste.
2.3.3.4
Interactive Communication
Communications may be possible using available or to-be-developed applications,
rather than providing a communications service upon which other applications
are built. In any case, the kiosk should directly or indirectly support
real-time communications over the internet. Communications may be used for
personal conversations, collaboration, or on-line help from service providers,
for example.
Search is a facility allowing the user to easily access a service by supplying
information about it. What information a user decides to provide in order to
describe the service should be left unspecified in order to allow the user
maximum flexibility. On the other hand, search and filter facilities should
provide as many of the keywords which a user can provide information on without
relying on knowledge that the user may not be able to provide. Thus, the
solution is to have an interface that is a compromise of these two approaches.
The main issue to be addressed is that of minimizing queries which result in
either too much or too little information and becomes a waste of time for the
user.
We need a filtering system so that people can filter out unwanted information
and not be bothered by advertisements and the like. This can also be used to
lock out adult material from access by minors. This is a very useful facility
that will reduce the number of servers which need to be accessed, as well as
reduce the amount of information which is returned by a server. This facility
is similar in functionality to the example in telemedicine: the search
condition is to look for cases having similar symptoms and an X-ray image
provides the filtering condition.
Electronic mail is a well-established service which should be provided on the
kiosk. An encryption facility will be added to allow secure exchange of
information. A digital signature capability will be added to verify message
contents and author.
Ideally, if we implemented everything correctly, people would not need to have
a record of their transactions, but many people want a receipt of some kind, so
we should give it to them. This means that we need to implement a file system
which allows people to access their records from anywhere in the world via a
designated kiosk. Since a common use of the kiosks will be to conduct
transactions, we need a flexible interface that can be used by most companies,
government agencies, and people. If a store wants to use the system, the
interface should be very similar between stores so that users are not confused
by different ordering systems.
Much of the information accessed at the kiosk will be color graphics. The
kiosk must designed to support color graphics.
Much of the information accessed at the kiosk will be in a video format. The
kiosk must support full motion video to slow scan through high definition and
beyond. Still images from low to high resolution must also be available.
Much of the information in the world is in audio format. The kiosk must
support audio output of information from telephone-quality voice to compact
disc quality.
Attributes are helpful as a method of testing the acceptability of the finished
kiosk since they can be measured.
* The kiosk needs to be versatile to allow uses other than LIST access.
* The kiosk must be simple to use with an “Easy to use interface “.
* The kiosk will not be an eye sore, it will be unobtrusive to its
environment.
* The kiosk interface should be consistent.
* The kiosk will have a fast response.
Constraints are limitations on possible kiosk implementations and are best
negotiated away. Some constraints are necessary and can help by limiting the
possible solutions. Some constraints you will almost always see are cost, and
time to delivery.
* Easy To Use – Controls for the kiosk should be easy to understand and
use. The information displayed should be easy to understand.
* ADA Compliant – One of the primary objectives is to provide
individuals with physical limitations or disabilities the fullest possible
access to the systems information services.
* Multi-Lingual – The kiosk must support both English and Spanish.
* Cost – We are seeking a cost effective kiosk solution.
* Secure – The kiosk should be secure to tampering and vandalism. The
information received and sent should be correct.
To build the kiosk we purchased much of the hardware and software bundled
together which helped to keep the kiosk cost low. We then purchased any
software and hardware which was still needed. The hardware and software
selection is based upon what was available in mid to late 1994, and should not
be taken as a particular endorsement of any of these products.
3.1
Base Platform purchased from Dell Computer Corporation
For our initial kiosk an Intel Pentium computer running Windows was selected.[1] This platform was selected due to its
low cost and the availability of specialized peripherals. This platform is one
the platforms the LIST software will run on. This platform will handle color
graphics, video, and audio with the proper peripherals installed.
* Dimension Pentium 90/XPS Medium Desktop Base.[2]
* Spacesaver, Quiet Key Keyboard
* 32MB RAM, 2 SIMMS[3]
* NEC CDR-510, Triple Speed, 200ms, Multisession Photo CD compatible, SCSI
CD-ROM Drive.
* VS15 Color Monitor[4]
* Number Nine GXE Video Board with 2MB Memory
* 1GM IDE Hard Drive
* SCSI PIO Controller[5]
* 3.5″ 1.44MB Floppy drive.
* Microsoft System Mouse
* DOS 6.21
* Windows 3.1
* Microsoft Works
3.2
Final System Specifications/Hardware
We used the Pentium 90/XPS desktop computer base system with the following
modifications.
3.2.1
Color Touch Screen Monitor
We selected a 17″ Color monitor using a capacitive touch screen. The 17″
monitor was selected because it offered a large area of which could be used as
an interface for the kiosk. A larger monitor would have presented problems to
some users who would have had problems touching the entire screen.[6]
We purchased the touch screen pre-installed on the face of the color monitor.[7] We selected the capacitive touch screen
because of its cost and the large number of operating systems which it
supports. The capacitive touch screen can be damaged since it is deposited on
the screen of the CRT but it also protects the CRT from some damage.
3.2.2 Video Card
We used the number Nine GXE Video Board which came with the computer system.
The 9GXE64Pro is a 64-bit BGA display adapter. It has high speed VRAM, an S3
Vision964 processor an a Texas Instruments true-color palette DAC (Digital to
Analog Converter). This board came with 2MB or memory and is upgradeable to
4MB. Resolutions are available from 640 x 480 to 1600 x 1200 (non interlaced).
The DAC supports 16.8 million colors.
We selected a Sound Blaster 16 SCSI-2 board for the kiosk. Sound Blaster cards
have become the industry standard for digitized sound on the PC platform.
Almost any game or other DOS program which supports digitized sound supports
the Sound Blaster.
The Sound Blaster board is a 16 bit board which handles 20 voices. Its sound
quality can easily be improved by adding an optional Wave Blaster daughterboard
with a 32 voice EMU chip. With the Wave Blaster you can deliver 16 bit high
fidelity sound and music. Another feature of this board is that it supports
SCSI-2 interface for a CD-ROMs.
A modem card was purchased for the kiosk to allow modem connectivity. The
ProModem 144e manufactured by Prometheous was selected. This is a 14,400 bps
data or send/receive fax modem with error correction and (V.42/V.42bis/MNP-5)
data compression.
A network card was purchased for the kiosk to allow network connectivity. The
3Com EtherLink III network card was selected. This card allowed the kiosk to
be connected to any Ethernet network wired with IEEE 802 standard 10BASE-2,
10BASE-5, or 10BASE-T cable.
We purchased external Labtec CS-700 speakers for the kiosk. These speakers
have a built in 3 band equalizer and Bass Boost- DXBB circuit. Each speaker
has Individual volume controls and self activated on/off switch. The shielded
magnets to prevent interference with computer and television screens. Each
speaker uses 4 “C” cell batteries or built in DC 6 volt input jack for power.
A 3.5mm stereo plug fits personal stereos and computer sound boards.
We used the NEC CDR-510 triple speed that came with the base system. Instead
of using the SCSI board supplied with the computer we are using the SCSI-2
which came with the Audio Board.[8] This
CD-ROM is theoretically about 50 percent faster than a double speed drive.
This will provide smoother animation when the program uses very large files.
This CD-ROM uses a CD caddy which holds the disc when you insert it into the
drive.
Currently not purchased
Much of the software being used is dependent on the hardware purchased.
3.3.1
The LIST GUI interface
.
The LIST GUI interface is currently being constructed. This interface will run
on windows and on UNIX workstations. Unlike most authoring software LIST is a
multi-platform authoring tool designed for network communications.
The windows supplied with the computer is being used. Windows is the most
common graphical user interfaces used on the PC platform.
The DOS supplied with the computer is being used. DOS is the most common
operating system used on the PC.
4.0
PLATFORMS/OPERATING SYSTEMS
In addition to the choice of external structure, selecting the operating
system, which determines the structure of information and applications in the
kiosk, is a primary decision. The kiosk controller is the computer selected to
run the kiosk. The computer platform should be selected depending on cost,
hardware used, and the functions the kiosk will be selected to perform.
Table 1: Comparison of Computer Platforms
DOS/Windows Macintosh Workstation
Operating System Easy To Use Easy To Use Difficult to Use
Internal Audio NO Normally Yes Normally Yes
Internal Video NO Normally Yes Normally Yes
Peripherals Large Medium Small
Selection
Cost Low Medium High
The most prevalent platform used is an Intel based computer running DOS and
Windows. This platform is low cost and has the more peripheral options than
the other platforms. This platform requires that the system designer be very
knowledgeable about system interrupts, addresses, and communications ports.
Many of the performance characteristics can be modified on the Intel platform
which allows the designer to tweak the kiosk for peak performance. Future
operating systems are expected to have plug-and-play (see next section) which
will simplify working with this platform.
This platform is easy to use because sound and video capabilities are built in.
This platform currently has plug and play capabilities: when a board is added
to the system, it tells the computer what it is and what it can do. It is
difficult to modify system performance on this platform since it is handled by
the operating system.
These controllers are the most expensive. UNIX workstations have video and
audio capabilities. These systems are easily connected to networks but have a
limited number of serial ports for peripherals. These systems are easy to
develop applications on. These systems need a system administrator to function
properly.
There are other computer platforms and operating systems which could be used
(Amiga). Due to the availability of the platforms or their cost they are not
viable candidates for kiosk use.
The standard components found in most kiosk housings include the one or more
input interfaces, a computer, and output devices. The input interface is
typically a touch screen monitor, a keypad, or a keyboard, but hand or
fingerprint readers and video and sound recorders could also be used. For many
applications a keypad is used, consisting of only a few buttons for selection
of services. The choice of computer will already be determined in large part
by the choice of operating system platform. The monitor, which can be the
primary input interface, is also the chief output device as it displays
information on the screen. Many kiosks have sound capability, but in most
cases sound is found to be an annoyance to others nearby who are not using the
kiosk. Most kiosks have some ability to give out hard copies of any
transactions, normally with a thermal or laser printer.
The kiosk user interacts with the kiosk through some sort of input devices.
The input device converts the users response to the kiosk (mouse movement,
touch, keystrokes, sound, etc.) into an event that the kiosk can respond to.
The kiosk interprets the event into the proper programmed response.
Many kiosks use touch screens as the primary user interface. While touch
screens avoid the difficulties of gummed up pointers and keypads, they are not
yet capable of providing Braille, limiting the client population.
A touch screen is usually a clear, touch-sensitive screen placed over a
monitor. The monitor uses pictures and text to prompt the user for the
required touch input. This input normally requires the user to select an
option by pressing a button displayed on the monitor. When the user touches
the screen, the coordinates of the position touched are used, to determine
which option the user was selecting. There are five basic types of touch
screens used for kiosks. The first three touch screen types use a screen over
a monitor. The fourth type uses sensors mounted in a frame around the monitor
and the fifth type uses sensors mounted in a base upon which the monitor
sits.
A resistive change, in an overlay on the monitor, used to detect input is the
first type of touch screen. The display overlay consist of a glass substrate
covered by a plastic cover sheet. Conductive coatings are applied to both
elements and non-conductive spacers are used to separate them. The inner
surfaces are separated until touched. Finger pressure causes an internal
electrical contact. This contact supplies the controller with vertical and
horizontal analog voltages used for digitization.
The second type uses a capacitive charge to detect touch. MicroTouch Systems
uses an all-glass touch screen with a transparent, thin-film conductive coating
fused to its surface. A glass overcoat is applied over the conductive coating
to seal the entire sensor and protect it. A narrow electrode pattern applied
to the edges distributes a low voltage AC field over the conductive layer.
When your finger makes contact with the screen’s surface, it capacitively
couples with the voltage field. A small amount of current is drawn to the
point of contact. The ratios of the current’s flow from each corner are used
to locate the point of touch. The screen resolution is 1,024 points per axis
within the calibrated area. The primary problem with this technology is that
it will not work with gloves and people with long finger nails may have
problems. This technology needs to be re-calibrated when environmental
conditions change.
The third type of touch screen uses Surface Acoustic Wave (SAW) technology.
Each axis on the overlay has a transmitting and receiving piezoelectric
transducer and a set of reflector stripes. The transducers produce surface
waves that propagate across the glass surface. When the surface is touched, a
portion of the wave is absorbed. The change in the received signal is analyzed
and digitized into Z and Y coordinates. The Z-level is determined by measuring
how much signal was absorbed. The advantage of this technology is that it can
be activated with gloves, it is very stable, it has no front coatings to wear,
and it has a very high light transmission. One disadvantage of this technology
is that moisture on the screen can absorb the acoustic wave and make the screen
less sensitive.
The fourth type of touch screen uses infrared emitters and detectors mounted in
a frame added to the monitor. Inside the frame are infra-red emitters and
detectors. When the user touches the screen the optical path between detector
and emitter is broken. This information is used to determine the X-Y location
on the screen touched. The most noticeable problem with this technology is
parallax problems when used with a curved monitor.
Table 2: Touch Screens
Category Resistive Capacitive SAW IR Force
Vector
Light Transmission 55 to 82% 85 to 92% 90% 100% 100%
Front Coating YES YES NO NO NO
which can be
damaged
User can wear YES NO YES YES YES
gloves
Z-response NO NO YES NO YES
Parallax Problems NO NO NO YES NO
Frequent NO YES NO NO NO
Calibration
Resolution per 200 ~70[9] 30 8 40
inch
Touch Activation 3 to 4 < 1 2 to 3 0 3
Force (ounces)
Positional 0.080" ~0.015"[10] 0.033" 0.125" 0.025"
Accuracy (+/-)
Operating Temp. 0--50 0--55 0--50 0--50 0--50
Range (C)
Operating Systems DOS, UNIX, VMS, DOS, Amiga, DOS, DOS,
Windows, Amiga DOS, Windows, Macintosh, Windows,
OS/2, OS/2, Macintosh Windows UNIX,
Macintosh Windows, X-Windows,
Macintosh VMS
Touch Pressure 2 2 15 2 256 - 1000
levels
Response time 13 -18 ms 15 - 25 ms 53 - 59 ms 18 - 40 ms 250 ms
Vibration Good Good Good Good Poor
Resistance
Shock Resistance Poor Moderate Poor Good Poor
5.1.1.5 Force Vector
The fifth type of touch screen is manufactured by Visage. This product does
not use any additional screens or sensors to attach to the monitor. The Visage
product is a device that fits under the display device and plugs directly into
the computers serial port. When an object setting on the Visage TouchMate is
touched, it causes a change in the distance between its top and base. This
causes internal sensors to reflect the change with changes in capacitance. The
capacitance values are then used to determine the amount of force used and the
position it was exerted at to cause the movement. The resolution is
approximately 40 touch points per inch horizontally and vertically. It can
detect touches as light as three ounces.
* Carroll Touch, P.O. Box 1309, 811 Paloma Drive, Round Rock, TX 78680, phone
512 244-350, fax 512 244-7040.
* Elo TouchSystems Inc., Cristy St., Freemont, CA 94538, phone 510 651-2340.
* Intecolor Corporation, 2150 Boggs Road, Duluth, Georgia, phone 404 623-9145,
fax 404 623 9163.
* MicroTouch Systems, Inc., 300 Griffin Park, Methuen, MA 01844-9867, phone 508
659-9000, fax 508 659-9100.
* Touch Technology, 2113 Wells Branch Parkway, Austin, TX 78728, phone 512
990-9700.
* Visage, 1881 Worcester Road, Framingham, MA 01701, phone 508 620-7100, fax
508 620-0273.
5.1.2
Magnetic Card Reader Systems
Magnetic card reading systems consist of two basic parts. The first part is
the magnetic card reader which reads the magnetic card. The second part is the
software which verifies the magnetic card after it is read.
There are two types of magnetic card readers manual and motorized. Both type
of readers communicate with the controlling system using the serial interface.
The manual magnetic card reader requires the user to insert and remove the
magnetic card or pass it through a slot which reads the magnetic stripe on the
card. The motorized card reader accepts the card, reads it, and then returns
it. Both reader types have different capabilities and liabilities. If power
goes out while the motorized magnetic card reader is reading your card you
could lose it. The motorized card reader has to ability to take a card which
is not valid. The mechanical card reader is more likely to get contaminated
with dirt.
Magnetic card software is normally a terminate stay resident (TSR) program
running on the platform. When this type of software works it works good. When
it does not work you have real problems that are difficult to troubleshoot.
* AccuSell, phone 800 729-3471.
* Control Module, phone 800 722-6654, fax 203 741-6064.
* DataCap, phone 215 699-7051.
* International Technologies & Systems, phone 800 971-3535.
Keyboards are the standard input device for most computers. The sensitivity of
the keys, the angle of orientation for the keyboard, the number of keys on the
board itself and the compatibility of the keyboard with your computer system
will be major contributors in your purchase. Most keyboards sold today offer a
large range of keys with various functions. The capabilities you as the maker
of the kiosk want to give to your user will determine how many keys your kiosk
keyboard will have. Today’s keyboards come with 101 to 175 key array
variations. If your kiosk must handle European languages, the 102-key format
is a necessity. Sensitivity of the keyboard is a way of looking at how much
pressure you must use when depressing a key on the board to make the function
of that key happen (i.e. pressing the {A} key hard enough to make “a” or “A”
appear on your monitor).
Compatibility for keyboards falls into the IBM, Mac or workstation (i.e. SUN,
NeXT, etc.) family of computers. Keyboard ergonomic developments have modified
the original typing hand position by adjusting the actual angle the keypad by
splitting it into two or more parts that are slightly obtuse in relation to the
normal keyboard orientation allowing your hands to type with same speed and
accuracy at a more comfortable, natural typing angle.
The keyboards may also come with or without mouse ports. Again, your kiosk
application and how you want the user to interact with the application will
effect your decision to purchase additional input devices (i.e. mice).
Pointing devices are used to move the cursor across the monitor. The most
common types of pointing devices are mice and trackballs.
Computer mice are used as input devices for computer systems. Like the
keyboard, mice come in various configurations: 1-, 2-, and 3-buttons with left
or right hand orientation compatible with the same family of machines as
keyboards. Some options that will weigh heavily in your mouse decision include
engine life, switch life, travel, resolution and type of mouse technology. In
an interview with the technical staff at KeyTronic Corporation, several of the
specifications listed above were clarified.
Engine life and switch life give minimum ratings for the durability of any
mouse by testing the mouse over a certain mileage in different office
environments. Travel is another way of measuring the durability of a mouse and
giving a minimum (usually in miles or km). Resolution refers to how closely
the mouse movements control cursor movement. Higher resolution means a more
accurate cursor/mouse movement relationship. The mouse technology can either
be in the form of a ball inside the mouse rolling along a surface (mechanical
technology) or an infrared light (opto-mechanical technology) which translates
the light into movements used by a spinning device to move the cursor across
the screen. Tactile switches allow more accurate movements and the kiosk
application will serve to guide you to the proper configuration.
It is worthy to note that as long as the mouse is moving on a flat surface
(i.e. mouse pad, desktop), some mice can move regardless of the orientation of
the mouse itself (a flat surface horizontal to the ground is not necessary for
some mice to operate).
A stationary ball, called a “trackball” or a “turbo ball”, provide similar
pointing capabilities to mice with less threat of the component being torn off.
Unfortunately, both types of pointing device can get dirty or broken with heavy
use, and older users are less familiar with the movements required to select
different parts of the screen, so many current kiosks rely on touch screens (as
described above) or small keypads (on older ATM’s) for user input.
5.1.4.3
Other Pointing Devices
Both mice and trackball use a ball to track position. There are many other
types of pointing devices which use sensors to determine which direction you
want to go. Many of these device are joy sticks or developed from joy stick
technology.
The traditional joy stick was a control device which simulated a pilots control
stick. These joy sticks were used with many popular games to control the
current cursor position or to move in an environment. Miniaturization makes it
possible to build joystick which are small enough to fit on a keyboard
Microphones convert the naturally occurring sounds (rapid fluctuations in air
pressure) around us into variations in electrical voltage levels which are then
digitized using an analog-to-digital converter.[11] This conversion process is what creates
a sample. These sample rates are then combined to determine a waveform (after
a rate range of 11,000 to 48,000 measurements per second) which is then
reproduced using a digital to-analog converter when the original sounds
recorded are desired. If your kiosk application utilizes more than one audio
source (CD-ROM, microphone and additional external stereo sources for example),
it is also important for the sound card to have a mixer with a sufficient
number of channels. The speed of the computer’s processor or hard disk or the
size of the computer’s memory may have adverse effects on achieving a digitized
recording. As an example an uncompressed, CD quality, three minute stereo
recording can occupy 30 MB of disk space using a sampling speed of 20 kHz
whereas a 10 minute monotone recording using a sampling speed of 11 kHz can
take up only 7 MB of disk space. The input and output jacks on these cards are
a common source of unwanted noise for mini-jack standards but the line-level
jacks provide lower noise levels.
Microphones can be used at kiosks for several purposes.[12] A microphone can be used to simply
record audible data that may be used as input for a particular application such
as two-way audio communication, or voice recognition. In general, the
microphone chosen for a kiosk should have several quantities. A high input
impedance with a low voltage level will prevent distortion due to background by
noise. The appropriate diaphragm size can also have big effect on sound
reproduction. The smaller diaphragm sizes, less than 3/4″ in diameter, offer a
flatter frequency response and a faster transient response for lower audio
output. Larger diaphragms give the same sound quality at higher sound pressure
levels and are more sensitive. Microphone sensitivity falls into one of the
following patterns:
* Omnidirectional – provides equal pickup in all directions.
* Cardioid – most sensitive to sounds directed to the front of the
mic.
* Supercardioid – narrower side pickup than the cardioid pattern with a
small amount of rear pickup.
* Bidirectional – have equal pickup sensitivity in the front and rear of
the mic.
Because most of the microphones used for the kiosk will be exposed to a certain
degree of rough wear, the choices from which to choose drop dramatically. For
durability, the clear choice would be dynamic or electret microphones. Dynamic
microphones are the simplest type of pressure microphone and require no
batteries or special power supplies. Sound pressure levels can be extremely
high before distortion occurs. These microphones lack the sensitivity of more
expensive mics but are the most rugged, affordable type of mic on the market.
Electret condenser mics are also fairly affordable, using a permanent fixed
charge to power itself. Electrets are widely used for on-the-spot news crews
and low budget film recordings.
Cameras for kiosks are used for security, communication, or both.[13] Security oriented cameras are used to
survey the kiosk environment for the purpose of protection of the kiosk, its
internal components, and the user. Communication oriented cameras can be used
to perform two-way communication between kiosks or other computers. The same
camera can be used for either.
To use video you must first decide between sending live or still video. Still
video consists of single pictures versus full animated movement with live
video. Live video with current phone lines has been attempted in two way
communication but generally has poor resolution and jerky pictures. New
technology allows still video reproduction on the same lines with great
resolution and detail.
Lighting is important when using a camera. The best camera in the world could
not produce a quality video without proper lighting. Spot lights in the given
area provide the light necessary to see kiosk users.
Kiosk output devices are used to output information in a number of different
formats. The information is often written to a monitor or a piece of paper.
Audio information can also be output through speakers.
Printers for kiosk use must be small and easy to operate.[14] There are three types: laser, thermal
or dot-matrix form. The fastest and most expensive printers at this time are
the laser printers which produce crisp, letter-quality documents. Postscript
laser printers are best for colorful, complex illustrations and software that
support postscript can render an exact replica of any document before it gets
sent to the printer. Thermal printers use thin sheets of wax-based ink that
melt onto the page for a sharp image rivaling some laser printer reproductions.
The latest dot-matrix printers have become more competitive allowing
close-to-laser-quality print jobs (24-pin printer) while remaining more
affordable. Dot-matrix printers require less maintenance than lasers and cost
less initially. If your application requires multi-part carbon copy forms,
continuous form or ledger (11×17) size paper, the dot matrix is your best bet
since most laser printers are still not able to develop print jobs with these
kinds of paper. Note that all printers may not work properly if they are not
configured (or able to be configured) to communicate with the computer they are
hooked up to.
In selecting a printer, three major areas should be considered: print quality,
printer performance, ease-of-use features, and how it will mount in the kiosk.
When studying print quality, it is necessary to know whether the printer
renders its copies in multiple colors or black and white, if the printer has
graphics capabilities whether the copies are produced by one of the three types
listed above, how the printer renders/blends hues if color is available, if
legible text can be reproduced in a variety of letter sizes and a font styles,
when the ink placement is off thereby causing smearing and misregistration
(poor placement of an object, word or letter on a document).
Analyzing printer performance presents issues dealing primarily with speed in
returning print jobs. If the output is text (vs. text and graphics-pictures,
pie charts etc.) alone, then the print out should occur fairly rapidly provided
the document is not incredibly long or there are several print outs trying to
occur at the same time. If the printer outputs more than one size of paper,
the printer must be able to easily accommodate a good supply of either type of
paper as well as “know” which size is needed for a particular application.
Communication between the printer and the computer will also effect the
performance of the computer used on a kiosk application.
Printer ease-of-use features should include simple set-up and printer
configuration, ease in replacement of paper and print toner as well as an easy
access to the “innards” of the printer by qualified repair personnel for spot
repairs. If the kiosk only offers front access the printer must allow printer
supplies to restocked from the front along with paper output.
How the printer will be mounted in the kiosk is very important. Some kiosk
have been physically designed primarily because of the printer being used (Card
kiosk). The printer needs to be mounted to allow easy maintenance. The
printer need to be mounted to allow paper output. The kiosk designer needs to
leave room for the large mounted paper rolls when using thermal printers.
* Axiohm, 303 County Road, E-2 West, New Brighton, Minnesota 55112, phone 800
732-8950, fax 612 638-0758.
* Cybertech Inc., 935 Horsham Road, Horsham, PA 19044, phone 800 755-9839, fax
215 674-8515.
* International Technologies & Systems, phone 800 971-3535.
* Omniprint, Inc., 6A Vanderbilt, Irvine, CA 92718, phone 800 510-9684, fax 714
457-9016.
* Syntest [purchased in March 1996 by Telpar, Inc. – 4181
Centurion Way, Dallas, TX 75244 – phone 972-233-6631, fax 972-233-8947]
481-5769.
* Westrex International, 25 Demby Road, Boston, MA 02134-1694, phone 617
254-1200, fax 617 254-6848.
The monitor is selected based on several criteria.[15] First the monitor must work with the
video card being used by the computer. For some computers the video card is
built into the system, on others the card is purchased separately. If a touch
screen is being used you must make sure that the touch screen’s monitor will
work with the selected monitor. Touch screens are normally purchased already
installed on a monitor.
One important point to keep in mind about monitors is that for kiosk
applications, the video terminal needs to be able to handle multiple input and
also support video for both computer (RGB) and regular (NTSC) inputs. The best
multimedia video displays are capable of switching among different video
sources (laserdisc, videotape player, audio soundtracks, etc.). Since most of
the kiosks will serve one customer at a time, video screens should be no
smaller than 17″ for displaying applications. This size will allow enough
pixel representation (640×480 minimum) for reasonably crisp text and graphics
without over-crowding the screen. Color monitors preferably with remote
control on-screen programming are best suited for kiosk applications since the
need to adjust contrast, brightness and hue will not require actual removal of
the kiosk enclosure for minor visual adjustments.
The kiosk speaker system is extremely vital where customer communication
requires sound in addition to pictures.[16] Self-powered speakers for multimedia
applications can actually aid in uncovering audio problems that would go
unnoticed on the primitive speakers that come with a computer. Some speaker
models come with interfaces specially designed for MIDI synthesizers or CD-ROM
software. The size of the speakers, their particular traits and the dimensions
of the kiosk enclosure will be major factors in making a purchase. Speaker
prices per pair range between $30 and $550 with amplifier output (watts per
channel ranging from 1.5- to 35-watts per channel though most are at the lower
end of this range (3–10 watts per channel). It is necessary that the speakers
you purchase match the nominal impedance rating of the computer’s audio output
lest you destroy the sound capability on your machine. Each speaker system has
its own drivers — the cones within the unit that actually produce the sound.
All speakers come in three different types:
* full-range – one speaker cone that can carry the entire frequency
spectrum
* two-way – contains woofers (lower frequency tones) and tweeters (high
end frequencies)
* three-way – contains woofers, tweeters and mid-range (carries
mid-level frequencies).
Although two-way systems are more favorable than one-way (full-range) systems,
a three-way system may not necessarily give you better quality than a two-way
system. Some systems also include sub-woofers for even greater control over
the low-level frequencies. Please note that these speaker systems are
specially designed for computer technology to provide stereo imaging or
sound-processing circuits that can recreate stereo sound on a monotone source.
The speakers can be optimized to work with a computer, CD-ROM drive, or sound
card at an area within 20 Hz to 20 kHz — a frequency response range ideal for
average human hearing. In examining sound reproduction on self-amplified
speakers, the wider and flatter the frequency response and the higher the
amplifier power output the better. Speakers with more tone controls on the
front panel give greater control over the overall sound output. Some panels
simply have separate bass and treble level regulators, other panels also
include additional bass boost buttons (for sub-woofer systems) and microphone
trim dials (adjust microphone input to alleviate distortion). Additional
supplies for mounting come with some models and the dimensions and weight of
each model may vary from 5x2x3 to 6x13x16 and 1.5 lbs. to 28lbs.
respectively.
Directional speakers will eventually be available for kiosks. These speakers
will allow the kiosk designer to direct the speaker output to a specific
location. The speaker generated sound at other locations will be greatly
attenuated. This will provide the kiosk user with greater security from eves
dropping and help prevent sound pollution in from the kiosk.
Ticket printers and encoders are usually small impact printers (see Printers
5.2.1). Often the ticket is preprinted in color and loaded into the ticket
printer. When a ticket is dispensed validating information is printed onto the
ticket to validate it.
Once the client population and desired location have been considered, the
process of selecting the shell of the kiosk can begin. A kiosk enclosure must
be designed for the access of clients and service personnel. Each group has
different design concerns, and ignoring either group will ruin a kiosk design.
If client use is low because of a poor enclosure design, that kiosk’s services
will go unused. If a poor design makes maintenance and servicing difficult,
the cost of the kiosk becomes greater since these are the primary long term
expenses for a kiosk.
The kiosk enclosure should be designed to protect the computer and peripherals
it contains from theft and physical damage and allow access for service and
maintenance. Controlled access to the computer hardware should be designed
into the kiosk from the beginning, so that updates and repair can be performed
without too much difficulty. The base of the kiosk is often designed to be
locked in place to prevent theft of the entire unit. Protection of the
peripherals is normally accomplished by providing lockable access doors in the
front of the kiosk. All access panels should be sturdy and difficult to pry
open. If all service access is done from the front of the kiosk any attempts
at theft or vandalism will be in full public view. The kiosk can be serviced
when it is against a wall without moving it if the access doors are in the
front. Since most kiosks are bolted to the floor this can be very important.
Many kiosk manufacturers insist on handling the entire kiosk design project,
hardware and software. The manufactures build a prototype system that the
producer evaluates according to a predetermined set of criteria. The kiosk
system is modified with the negotiated changes and the purchaser has a kiosk.
Several other manufacturers handle only the kiosk hardware. The buyer works
with the manufacturer to specify a kiosk systems hardware. The purchaser could
be buying the kiosk shell only, or purchase a kiosk with the desired
peripherals added. The manufacturer will normally be able to suggest a source
for contract software support if the buyer request it. Such support is
purchased separately and includes some consultation time for the software
contractor to make sure that the hardware will support the software.
Most of the kiosks manufactured today are built around a steel frame which
houses the computer and peripherals. The frame is covered with various
materials to make it attractive to the eye and to protect it from dirt, dust,
and other associated indoor hazards. The other standard type of kiosk is
manufactured as a steel or aluminum housing which holds the computer and
peripherals. The surface is painted, and exterior material can be applied for
decoration.
Almost all kiosks are designed and built for use in non-hostile enclosed areas.
The computer and the peripheral equipment used in the kiosk are sensitive to
temperature, humidity, and moisture. Those kiosks which are exposed to the
outdoors (ATM machines) are normally built into the sides of a building and
protected from the elements. It is possible to construct a building to house
the kiosk; as might be expected, though, the cost build a kiosk for outdoor use
in most environments is prohibitive.
* ADCO, 3800 South 48th Terrace, St. Joseph, MO 64503, phone 800-821-2255.
* Advanced Video Integration, Suite B, 2153 O’Toole Ave., San Jose, CA phone
408 955-0500.
* Compass Technologies, phone 212 669-2006.
* Diebold, Inc., 5995 Mayfair Rd., N. Canton, OH 47720, phone 216 497-5747
* Exhibit Masters, phone 909 923-9446.
* Factura Composites, Inc., Rochester, NY, phone 716 264-9600.
* GrAN Design, 214 California Drive, Burlingame, CA, phone 415 347-2301.
* Kiosk Information Systems, Inc., Unit C, 575 Burbank St., Broomfield, CO,
phone 303 466-5471.
* Lexitech, 32 Park Drive East, Branford, CT 06045, phone 203 495-6500.
* Moss Matrix, phone 800 881-0864.
* North Communications, Santa Monica, CA, phone 310 828-7000.
* Parkhouse Contract Interiors, phone 512 328-9233.
* TouchNet, 15520 College Boulevard, Lenexa, KS 66219, phone 913 599-6699
A proximity detector is used to detect the presence of a possible user. Some
detectors are part of a smart system which recognizes authorized users. Other
simple systems monitor localized conditions to detect when a user may be
near.
The In-Charge system, by Racom Systems, consists or a radio frequency (RF)
proximity reader which detects a credit sized transponder which utilizes an
application specific integrated circuit (ASIC). The transponder is recognized
by the kiosk and read when it comes in range. The card can be read to provide
information about the user including biometric data to authenticate the card
user as the card owner. Information can also be written to the card to provide
an audit trail. These card can hold from 256 to 4,096 bits of information.
These cards are currently being used for automatic billing of services provided
to users on the move since no physical contact is made between the card and the
scanner.
Proximity detectors which monitor local conditions are usually based on
infrared detectors, microwave detectors, or heat detectors. The microwave
detectors register false detections along the fringe of the detectable area due
to surface reflections from moving and stable objects. Heat detectors are
often not responsive due to air conditioning which has changed the local
temperature from when the detector was calibrated. The heat detector can also
be fooled by clothing which insulates the wearer from detection or generates a
false signal by detecting the heat absorbed by the clothing.
Lawrence Livermore National Laboratory has developed an indoor radar which
would work with kiosk systems.[17] The
result is a 1.5″ unit costing from $10 to $1 in quantity. The unit detects
echoes of rapid radar pulses reflected from objects (1 million per second).
The unit can be set to detect objects within a radius of 0 to 200 feet.
Most sound cards (sound boards) developed today are incorporated into IBM
compatible PCs. Since most Macs already have built-in audio playback,
additional audio applications are essentially unnecessary. The sound card
should be purchased according to the customers ideal recording and playback
quality preferences. Understanding certain component specifications and the
primary subsystems of the sound card are also essential in making a smart
purchase. The subsystems of a sound card come in three types:
* audio digitizer – a pair of analog-to-digital and digital-to-analog
converters
* waveform synthesizer – generates a carrier wave for the sound signal
* mixer – combines the signals from the digitizer and the synthesizer
and possibly another audio source (for CD-ROM)
The most significant component specifications to analyze are sample size and
sample rate. The sample size indicates the number of bits of digitized sound
the card can support (usually 8-, 10-, 12-, and 16-bit cards). The higher the
bits the greater the sample rate. Sample rate normally ranges from 22-, 44.1-,
or 48-kHz where the 8-bit cards sample at 22-kHz and the 16-bit cards sample at
44.1-kHz (only sensitive ears should detect the change in the 44.1- and 48-kHz
sample rates).
Video capture cards are used to “capture” images for still frame or full-motion
visual presentations.[18] They come in a
large price range spanning from $250 up to a whopping $5,000. Selecting the
proper video card requires some general knowledge on cards and some specific
knowledge on your application. You should know you intended output format, the
desired image size, the rate of image presentation and the number of colors
captured in a particular image.
The intended output format dictates the input parameters depending on whether
you want CD-ROM, videotape on-screen presentation, etc. for your final
product. If you can match the input and output formats by supplying the output
format with only essential capture information, you will save system resources
and get a quality image. The size of an image can range from small window to
broadcast quality (160×120 pixels to 704×485 pixels by U.S. standards,
respectively). This parameter will be largely determined by the size of your
display monitor. Image presentation rate indicates the “shakiness” of an image
as it is being reproduced. The rate is measured in frames per second (fps) and
the smoother the motion becomes, the better. The jerky types of motion occur
around 5 fps while 20 fps gives a more fluid image presentation thought some
flickering may still be visually discerned. A 30 to 70 fps will remove most of
the flicker from the image.
Capture color will determine the realism in a particular scene image. For most
realistic color scenes the bit size should be around 24 bits per pixel (over 16
million colors). If realism is not of major concern, it may be possible to use
a simpler 8 bit per pixel image (rendering 256 colors).
Additional information that would be valuable in making a purchasing decision
includes card configuration, platform, capture rate, hardware and software
compression supported input video formats, video encoding, S-video support
audio capture and throughput and video throughput.
Most of the capture software is configured to run on either a PC or Mac
machine. The machine should be a Intel 80286 or faster machine for PCs and
should accept ISA adapter cards. Macintosh machines will need a NuBus system
which runs QuickTime to support a video capture card. Motion capture boards
require Video for Windows or QuickTime drivers software.
The issue of compression basically deals with how the pixels are used to
represent a captured image. The problem that arises is that the video data can
take up an enormous amount of space if the pixels are represented in their
“native” state. For 15 fps on 16 bit per pixel video, the data on a 160×120
pixel window would consume about 34 MB per minute. To conserve some of this
space, hardware, proprietary software or operating system extensions are used
to compress the captured data. The best yet most expensive method is
hardware-assisted compression via video boards which run a JPEG (Joint
Photographic Experts Group) or DVI (Digital Video Interactive) algorithms.
Other compression methods include MPEG chip technology used by chip-based video
boards. Software compression is normally a process that requires the data to
remain in an uncompressed form before being change to a compressed state.
Software and hardware that provide fast playback and high compression take
longer to reach a final compressed state. Fractal-based software compressors
have the ability to compress video data as a stand alone package though some
compressors are bundled with existing video software. Capture rate for video
data represents the number of images that can be output from the input data and
varies from 15 fps to 30 fps (60 fps {fields per second}). Video input comes
in these formats:
* NTSC – National Television System Committee; refresh rate of 59.94 Hz
(fields/sec.) and 29.97 Hz (frames/sec.); horizontal frequency of 15.734 kHz
and 262.5 (lines/field)
* PAL – Phase Alternation Line; U.K. video standard with vertical
frequency of 50 Hz and 25 (frames/sec.) and horizontal frequency of 15.625 kHz
with 312.5 (lines/field)
* SECAM – French acronym for System for Electronic Color with Memory;
color video encoding system displaying 625 lines at 50 Hz
* RGB – 3-D Cartesian axis color modeling system where each axis is
represented by Red, Green, and Blue
If the kiosk is at all interactive, it will require a storage system of some
type. This system would be used for keeping records (kiosk transactions),
storing a complex presentation, or used as a cache when downloading data for
the user.
CD-ROM storage devices come from various makers and will soon be standard
according to one article in New Media magazine, but the key issues in
purchasing the right CD-ROM drive for your kiosk will be speed and access time,
regardless of your application.[19]
Today’s drives come in double, triple, and quadruple speeds. These speeds
correspond to the actual speed of the CD-ROM drive in relation to the early
“single speed” standard. The double speed drive has data transfer rate of no
less than 300 KB per second and 200 – 400 ms of access time; quadruple speed
drives run a 600 KB per second data transfer rate. If your kiosk application
requires that a wide range of information be accessed at once, it would be wise
to look into a multiple CD-ROM drive changer with triple or quadruple speed.
In order to measure the performance of a particular drive, it is necessary to
look at both the data transfer rate, which is the speed at which extended
lengths of data can be read off the disc, and average access time, which refers
to the search time for random bits of information on a disc. The faster the
transfer rate the smoother the video and audio playback. This is due to fewer
frames of video being dropped during playback.
Cache size can also have a dramatic effect on the speed of your CD-ROM drive.
The hardware cache can perform one of two roles. First, the cache can at as a
read-ahead buffer, accessing the next block of information on the disk.
Second, the cache can act as a transfer buffer, anticipating the desire of the
user to reread a recently accessed piece of information. The cache is most
efficient when used to page through an electronic encyclopedia or database. It
maxes out quite quickly when continuous data streams are flowing, as in
multimedia playback. Additional features that might be attractive are audio CD
playback capability, line outputs for speaker systems, manual eject button and
automatic cleaning mechanisms for frequent anticipated use.
* Seek time – The time it takes to move the head across the platter to a
particular track to read or write data. The buyer should ask whether this
number indicates read-seek time, write-seek time or an average of the two write
seek time is the slowest latency the time it takes for a drive to vertically
position the head over the track to begin data transmission.
* Access time – the sum of the average seek time and the average latency
Rotation speed the speed of the drive is measured in rotations per minute.
Most general purpose drives operate at about 5400 revolutions per minute.
Consider optical juke-boxes for kiosk applications that require storage or
enormous amounts of data. An optical jukebox is designed to hold 6 GB to 12 TB
(terabytes) of data at a time. They come with one or several drives (5 1/4″,
12″ and 14″ disk sizes) and range in price from $6,000 to $600,000. Juke-boxes
come in one of three drive types: WORM, re-writable and multifunction. WORM
(Write-Once, Read-Many) drives were the first type to come out prior to the
advent of the mega-storage space available today and can be utilized with ever
disk size available. Re-writable storage is used in applications that do not
require permanent files and utilize the magneto-optical erasable technology
specifically available for 5 1/4″ disks. Multifunction drive units simply
combine the re-writable (erasable) and permanent disk access into one jukebox.
Other important issues in selecting an optical jukebox include:
* For what is storage needed?
* Cartridge-to-drive ratio.
The proper cartridge to drive (#disks-to-drive) ratio is extremely important
since it is directly related to the access time of the machine. High access
time translates into poor performance. Average access time after swapping for
most optical drives is around 1.5 seconds with a range of .037 to 6.4 seconds
to swap time — locating the proper disk for reading by a laser operated arm
— can also have an important effect on performance — locating the proper
disk. Average optical drive swap time is 8.26 seconds with a range of 5 to 32
seconds. According to one San Jose, California Optical Jukebox maker, the rule
of thumb in selecting a proper ratio is 2 or 3 drives for every 120 disks.
This ratio should allow 8 separate users to access the network a potential set
of kiosks may run on simultaneously.
Understanding the purpose for storage will dictate the type of drive type you
seek. For kiosk applications that require temporary updates of data that will
eventually be archived, a multifunction WORM/re-writable drive system is most
efficient. If the data being transferred to disk is strictly permanent data,
clearly WORM is the only option. Dynamic allocation of data to disk is best
suited for re-writable drives. Keep in mind that the ability to alter or never
alter data makes these drives options risky since a time may arise when you
need to modify the jukebox to increase or decrease its storage capacity.
5.8
Uninterruptible Power Supplies
Uninterruptible power supplies (UPS) are used to protect equipment and critical
data stored in a kiosk.[20] A UPS
supplies static/surge protection and power for several minutes when power is
knocked out. This allows the computer and equipment to be powered down in an
elegant manner. During this time automated credit card readers can eject
credit cards currently being billed. It allows the kiosk to finish current
transactions and close open files before shutting down.
UPSs are selected by determining the type of protection required, the equipment
being protected, and the amount of protection time needed. Calculate the
voltage amps requirement for each piece of equipment by multiplying the voltage
by the current needed. Add the voltage amps required by each piece of
equipment to determine the needed UPS capacity needed. Select a UPS with a
capacity higher than required calculated.
A quick check list to find the right UPS for your kiosk follows:
1. Find out which equipment will need protection:
a. modems
b. CD-ROMs
c. monitors
d. terminals
e. external hard drives
f. other devices
2. Find out the voltage amps (VA) for each device:
a. Multiply the voltage and amp requirements on the back of each device to
determine the VA for the device.
b. For devices with no voltage or amp specs, convert the watts to VA by
multiplying the wattage by 1.4.
c. Add up the VA requirements for all components.
3. Pick a UPS
a. With a VA capacity at least as large as the setup requires
b. With a capacity higher than is currently need for future component
upgrades.
Every peripheral and every different medium used in a kiosk system has to be
handled by software. Even within a given platform, or within a given
combination of platforms, the range of programs available can be confusing.
Once the desired functions of the kiosk system have been chosen, selecting the
accompanying software can be made less baffling by comparing against some
common parameters and capabilities.
Payment processing is a very important part of transactional kiosk. Point of
Sale software provides integrated credit authorization and electronic draft
capture. Communications with the credit network handled by the software over a
modem. Printing of the complete charge data is handled automatically. Some
POS software handles automatic settlement of daily charges.
* AccuSell, 405 W. Washington St., Suite 465, San Diego, CA 92103, phone (619)
528-2900.
* datacap systems, inc. I212A Progress Drive, Montgomeryville, PA 18936, phone
(215) 699-7075, fax (215) 699-6779.
The 3-D graphics and animation software of today combines fundamental 2-D
drawing program software techniques with intuitive new tools. Most every 3-D
package will require an understanding of the fundamentals of drawing in 3-D
space to make an intelligent purchasing choice:
* model building
* surface attribution
* animation of model (movement)
* light detail
* rendering of final product
Initial shape models can be built from user drawings or from mathematical
formulas.
Shading the surface of a 3-D object gives the illusion of an actual thing in
real world space. The proper shading on a cube could render a TV, wastebasket,
or meat locker. The mapping techniques make this possible briefly discussed
below make shading possible:
* texture – adding animation or a piece of 2-D artwork to a 3-D model
wrapping the artwork around the surface of the 3-D object;
* spherical – textural mapping onto spherical objects;
* cylindrical – textural mapping onto cylindrical objects;
* cubic – textural mapping onto cubic objects;
* bump – adds dimension to a model without building it via the surface
* reflection – mimics the appearance of shiny surfaces by simulating
reflectivity;
* environmental – allows objects in the environment to be reflected on
other objects in the environment (e.g., an office reflected onto a shiny
desktop);
* procedural – allows textural attributes to be created rather than
imported to an object (e.g., determining the number of markings in a floor
tile);
To understand 3-D animation, it is necessary to understand the principles
associated with timelines. The desired effects are created by placing cameras,
objects and lights at key positions on the screen over time. The software
purchased will handle the in-between motion. To achieve more advanced
life-like movements, your software should be able to implement one or all of
the following:
* hierarchical motion – used to link armatures of objects together in
order to restrict movement to a confined space;
* physics – The physical system is evolved into a system of partial
differential equations. The solution to the equations is used to derive
animation.
* behavioral – making an object move according to the known physical
properties of that object.
The quality of lighting is essential in choosing the proper software.
Run-of-the-mill scenes are separated from professional quality 3-D scenes by
good lighting. Several light sources can be incorporated into any 3-D
software:
* ambient – non-specific; overall lighting level that lightens or
darkens a scene dictating warmth or coolness.
* spots – light source able to illuminate an object within a restricted
angular cone area.
* advanced – allows control over the time of day or month, and fog
simulating the diffusing effect of distance on light.
Essentially, rendering is the process of properly combining all of the actions
used to create a scene in order to output the final picture to the screen.
Other issues in choosing the right 3-D package include user experience, the
quality and productivity level required by your project.[21] Decisions must be made as to whether
you are choosing your software to create a multimedia (disk-based
presentation), video or film project design. 3-D programs come in a variety of
complexities for every range of 3-D graphics skill. For print, video and film,
the 3-D package purchased must have high-level (increased complexity in use and
learning) programming capabilities while disk-based multimedia applications are
more suited for low-level (simple use and learning) programming attributes.
The fundamentals described above come in most of the various programs
available. Some 3-D graphics packages also have a modeler that offers basic
extrude and revolve functions. The most notable features of a modeler
include:
* automatic type extrusion;
* capability to shape one form with another (e.g., punching a sphere through a
cube);
* putting a “skin” over multiple shapes to create one shape.
* in “organic” modelers, the ability to control spline curves makes forming
irregular and abstract shapes easy.
Software availability varies from system to system. According to NewMedia
magazine, the Macintosh has the largest number of available 3-D software on the
market. Unfortunately, most of the software is not integrated (able to design
the model and assign surface attributes, animation and rendering from one
programming package)–modelers are a primary example. PC multimedia
applications are most popular with 3D Studio and Digital Arts software by
Autodesk. Both graphics packages are fully integrated, but the things that
make them special vary. Digital Arts has two interesting features. First, it
allows batch processing for multiple files for automatic rendering. Second,
its animation files are actually simple text files written in ASCII. This is
advantageous because it simplifies troubleshooting. 3D Studio contains an
editing module that allows edits between finished animations, permitting
segments of animation to be essentially cut, pasted or repositioned in
different sequences as well as introduced into video switcher-type transitions;
its rendering is rapid and it provides automatic drivers for animation
controllers use in video.
The software evaluated in the magazine was supported by a variety of platforms
including NEXTStep, DOS, Mac, SGI, Amiga, Symbolics, Windows, DEC, IBM
RISC/6000, IBM RICS board, and Sun — the majority of which were supported by
Mac and Windows. The file formats supported by the software varied also with
DXF, TIFF and PICT file formats being the most common for import and export of
file information. Among the modeling capabilities, vertex/spline-based,
hierarchy, font extrusion and inherit attributes are the most common
facilities. Boolean and skin functions were found in the more powerful
software packages. Most of the software studied held well over 20 sample
models with perspective and orthographic modeling views being the most common.
Some packages allowed the perspective and or the graphic views to be
user-defined. In surface shading and lighting, almost all of the packages
contained the capability to perform ray tracing, flat shading, Phong shading
and hidden-line wireframes. Surface mapping on the more complete packages
provided the ability to perform texture, bump, reflection, procedural, shadow
and environment techniques. Lighting on most of the software consisted of
parallel, spot and radial types with camera and architectural combined on a few
others.
See Video Cards, section 5.6.
See Sound Boards, section 5.5.
Authoring software is used for complex multimedia creations bypassing
presentation program limitations.[22]
Scripting languages are incorporated into most of the software for even greater
flexibility. Authoring software incorporates true interactivity,”–not just
button pressing” to applications including:
* interactive kiosks
* simulations
* prototypes
* demo disks
* guided tours.
The price range for this software begins around $100 and escalates to a
whopping $5000. In New Media magazine, the Authoring software falls into one
of four categories the article coins as metaphors:
* icon
* timeline
* card
* script
Iconic authoring software shows how media elements will work together by
building flowcharts and diagrams (a technique called event-driven programming).
Various packages support importable:
* text
* graphics
* animation
* full-motion video clips
* MIDI/digitized sound
* still frame pictures
* stereo sound.
The two different approaches to network communication are circuit-switched and
packet-switched.[23] Telephone systems
use circuit-switched networks by establishing a circuit from one computer modem
to another via a switching office, trunk lines and a remote switching office.
In packet-switched networks the traffic on the network is dived into small
pieces called packets. These packets are multiplexed onto high capacity
intermachine connections.
7.1
Circuit Switched Telephone Connection
A telephone in a kiosk can be the source of several problems and the solutions
to several problems. The first problem associated with the telephone is the
possibility that someone could use the phone for long distance phone calls.
This can be solved by using a menu driven call method that limits the possible
numbers accessible. You can also make user identification and billing method
part of the sequence of events used to place a phone call. The phone must also
be set to run in pulse code mode to disallow people accessing phone numbers
simply using the proper tones.
The phone line can also be used by a kiosk modem to provide security, billing,
use information, and status reports. As the kiosk is being used the computer
can collect information which can later be used for billing and kiosk use
statistics. The computer can use the modem to transmit this information to a
central location for later processing. The modem can be used to debit
customers by verifying credit cards and recording transactions. When the kiosk
security has been compromised the modem can be used to call for assistance.
The modem can be used to request assistance when supplies are low or an error
condition exist.
Packet-switched networks are not able to guarantee network capacity. The
primary reasons for using a packet-switched network are cost and performance.
The cost is low since multiple machines can share a network and fewer
interconnections are required. The performance is high due to the availability
of high speed network hardware. There is a general tradeoff between speed and
distance for packet-switched networks.
7.2.1
Local Area Networks (LAN)
LAN technology provide the highest speed connections for computers. This speed
is responsible for the reduced ability to span large distances. The typical
speed ranges from 4 Mbps and 2 Gbps.
7.2.2
Metropolitan Area Networks (MAN)
MAN technology span intermediate geographic areas and are able to operate at
medium to high speeds. There is less delay introduced by MANs than WANs but
MANs cannot span the same long distances. The typical speed ranges from 56
Kbps to 100 Mbps.
7.2.3
Wide Area Networks (WAN)
WAN technology spans large geographic areas but operate at slower speeds and
have longer connection delays. The typical speeds for a WAN range from 9.6
Kbps to 45 Kbps.
Wireless networks is a networking alternative which is growing in popularity.[24] These networks are easy to install and
reconfigure. It is an excellent solution for instances where networking
locations are not permanent. The two main types of wireless LANs are infrared
and radio-frequency(RF) transmission. Infrared has greater bandwidth, and is
immune to interference from competing electro-magnetic signals but is
line-of-sight only. RF is the clear choice when for network transmission that
must breach walls and other obstacles. Wireless LANs have a slower throughput
and work over shorter distances. You run a greater security risk with some
types of wireless LANs since data is more easily intercepted.
Kiosk systems provide a service. Consequently, kiosk security consists of two
main topics:
* ensuring that the service is provided correctly despite the actions of
malicious (or clumsy) agents, and
* ensuring that the deployment of the kiosk system does not make new forms of
fraud possible.
A principle that we have found to be true, unfortunately, is that
service-enabling technology all too frequently is also fraud-enabling
technology. Kiosk systems are no exception.
Our analysis of kiosk security gives rise to three main themes:
* Risks exist. Kiosk systems permit risks that existed for previous
vehicles, only on a much larger scale. Kiosk systems also permit new types of
risks.
* Solutions exist. There are economically feasible techniques that can
address most of these risks.
* Multi-level approaches are necessary. Locking a door does not good if
the window is unlocked. Locking both is necessary, and also putting up a fence
is even better. Effective kiosk security requires a set of solutions that are
coherent and complementary.
In this chapter, we examine these issues. Section 8.1 enumerates the main
threat types facing kiosk services. Section 8.2 explores the points of attack
in a kiosk system, where these threats can be carried out. Section 8.3
catalogs some techniques that can protect these points of attack. Elsewhere we
provide a lengthy exploration of these issues.[25]
Kiosk systems, like other electronic service vehicles, face three primary
threat types. We examine each in turn.
8.1.1
Disclosure of Information
Many kiosk systems involve private information. Some require the client to
enter private information — such as a PIN or a password — as part of user
authentication. Others require private information — such as a Social
Security Number, an income level, or a set of disease symptoms — as part of
the provided service. Kiosk services may also provide private information —
such as a benefits level or a diagnosis — as part of the service.
All information that has the expectation of privacy needs to be protected.
This protection may be required by law (e.g., the Privacy Act), and also by
practical reasons: private information can be a valuable target for thieves.
Disclosure of information is an area that can demonstrate the second main
aspect of kiosk insecurity: enabling frauds not while performing correct
service. For example, a perpetrator can monitor a commerce kiosk in order to
assemble a long list of names, credit card numbers, and expiration dates. This
list can then be used to enable other frauds — although the original kiosk
services proceed unhindered.
We note that private information can also consist of things beyond the actual
data being moved around in a kiosk session. The simple fact that certain users
are requesting certain services can be valuable to perpetrators. Security
scientists are fond of citing the example of a recent U. S. military action
that was no surprise to Washington’s pizza shops, since the number of
late-night pizzas ordered by Pentagon staff had skyrocketed.
The concept of integrity has two aspects:
* uncorrupted wholeness, and
* operating in a trustworthy, correct fashion.
Kiosk systems are vulnerable to violations of integrity on both these levels.
Kiosks store and provide data, and have internal programs and operating
software. They may be connected over networks to remote computers, which also
store data and software. The integrity of all this information can be
compromised by a determined hacker.
Another aspect of integrity is the correctness of the service provided. The
designer of a kiosk system should ask herself two questions:
* What implicit assumptions am I making about this service?
* Can a perpetrator subvert these assumptions for personal benefit?
For one example, a kiosk system that sells concert tickets may limit each
individual to purchasing four tickets. A greedy perpetrator may determine a
way to impersonate other individuals in order to circumvent this limit. For
another example, a university system may impose a strict time deadline on when
a student submits their homework. A student who determines how to make the
clock on a kiosk run slow can then submit homework late. All of these attacks
would constitute violations of integrity.
A key property of service delivery system is that it deliver the service.
Perpetrators may attack a kiosk system simply to have it deny service to
legitimate clients. Such attacks could have effects ranging from mere
annoyances to loss of confidence in the deploying institution to (in extreme
cases) lawsuits and fines.
Compared to traditional service vehicles of telephones and offices, kiosk
systems are much more exposed. Kiosks are stationed in isolated places, often
away from direct human supervision, and can be interconnected with physical
wire that is also exposed. This exposure results in many points of attack that
a perpetrator can use. (It is interesting to note, however, that the most
powerful point of attack — the insider threat — arises from the one of the
few roles that humans retain in the system.)
Perhaps the most obvious point of attack is the user interface: attacks
commitable by using the normal “front end” that a kiosk provides to clients. A
perpetrator may try to masquerade as another user in order to obtain
information or change records; a perpetrator may also deny service to users by
bombarding the system with resource-consuming requests.
A more advanced use of this point of attack would be to exploit a bug or
trapdoor in the user interface in order to gain access to the kiosk’s internal
computing environment, and then to carry out threats possible from that point
of attack (Section 8.2.3).
A significant component of the kiosk is its physical environment: its case,
input/output devices, and physical arrangement. This environment may also be
attacked. A perpetrator may exploit the physical arrangement in order to
shoulder surf: surreptitiously observe the private data that clients
enter. (Shoulder-surfing is a significant cause of telephone-card fraud in the
U. S.) A perpetrator may dumpster-dive: examine the trash near a kiosk
for discarded receipts containing information that can be used for fraud. A
perpetrator may jam the card reader (this was a technique used in the
Connecticut fake ATM case in order to direct clients away from real ATMs),
empty or jam the printer, or even steal an entire kiosk.
As with the user interface, a more advanced use of this point of attack would
be to physically penetrate the kiosk while leaving it in a functioning state,
and then use the resulting access to the internal computing environment to
carry out threats from that point of attack (Section 8.2.3).
Another significant component of the kiosk is its internal computing
environment. Attacks on this level can be particularly devastating.
Perpetrators may insert Trojan Horses that gather private information.[26] Perpetrators may deactivate security
measures to enable other types of frauds; they may alter or crash the software,
or learn cryptographic keys which make it possible to forge access cards.
If the kiosk is networked to a remote host and the network front end on that
host can be subverted, then perpetrators can use access to the kiosk software
to gain insider access to the host computer, and carry out attacks from there
(Section 8.2.5.)
Networked kiosk systems carry their own vulnerabilities. A perpetrator may tap
into the line and eavesdrop on or modify legitimate messages. A perpetrator
may insert messages of their own, or even sever the line altogether. Fending
off these attacks will become even more challenging when kiosks move to
wireless technology.
Insiders — employees of the deploying institution or its contractors —
constitute one of the most serious threats to a system. Insiders can directly
insert Trojan Horses and trapdoors in kiosk and host software, can peruse and
modify databases, and can damage or delete necessary system components.
Host computers often have lines to permit remote access over the Internet or
the telephone system. If the front end on such a line can be subverted — or
if a front end does not even exist — then remote lines provide a way for
perpetrators from anywhere in the world to obtain insider access, and carry out
attacks from Section 8.2.5. These attacks are possible even for kiosks that
are not networked — if the computers on which the kiosk software was developed
permitted remote access.
We caution the deployer of a kiosk system to examine this issue carefully. Our
experience in vulnerability analysis has too often revealed the existence of
dial-in lines — for off-hours emergency repair — that even the institution’s
security officers did not know about.
Examinations of kiosk security frequently devote much attention to user
authentication: making sure the user is who she says she is. However, the
converse problem is also important: assuring the user that the kiosk is in fact
genuine. A well-known example of a successful fake kiosk attack is described
elsewhere[27]; perpetrators installed a
fake ATM — that actually dispensed money — in a Connecticut shopping mall,
and used it to gather account numbers and PINs (later used for illegitimate
withdrawals from real ATMs.)
Fake kiosks can also result in indirect denial of service attacks, in that
clients will be discouraged from using real kiosks, and may possibly lose
respect for an institution’s reliability.
The increasing intertwining of kiosk services and Internet services — and the
consequent easing of remote access to legitimate services — will make more
likely a new twist: fake kiosks that provide legitimate service. For example,
suppose an institution deploys a kiosk system that provides many services for
free. A perpetrator could deploy a fake kiosk that purports to be part of this
institution’s system, and in fact actually provides these services, while also
requesting credit card numbers as part of authentication.
Fortunately, solutions exist for many of these threats. We briefly consider
solution techniques relevant to the various points of attack; a much more
detailed survey can be found elsewhere.[28]
Probably the most central security threat in many kiosk systems is user
authentication. Is the user who she says she is? (Will the deploying
institution be liable if it provides private information to the wrong party?)
A large suite of techniques have been developed to address this problem.
Informally, these techniques reduce to verifying the user’s identity on the
basis of one of three things:
* something the user has;
* something the user knows; or
* something the user is.
A common example of the first technique is the personal token: a card
which the user carries and inserts into the kiosk. These tokens range from
primitive OCR cards to highly advanced PCMCIA tokens offering powerful
computational environments. Effectiveness — and cost — varies
tremendously.
A common example of the second technique is the password or PIN: a short
alphanumeric sequence which the user types into the machine. Other
knowledge-based techniques might use personal details about a client, like
their date of birth and employee ID number.
A common example of the third technique is biometric authentication:
special devices on the kiosk measure physical properties of the user, and
compare these measurements to stored references. Physical properties commonly
used are fingerprints and hand geometry; advanced iris-scanning technology
(which the user does not even observe occurring) looks particularly
promising.
Our third security theme stressed the need for multiple levels. User
authentication is a demonstration of that theme: we caution the designer to use
at least two factors in the user authentication scheme. We also caution the
designer to be aware that good design is necessary — if the two factors are
magnetic-stripe card and PIN but the PIN is encoded on the magnetic stripe,
then compromising one factor (e.g., stealing the card) can still suffice for
impersonation.
A critical implementation issue for most user authentication techniques is
enrollment. The clients of a system need to go through some
registration process, and may need to have special cards issued to them. This
can be expensive and difficult in some cases, such as a kiosk system intended
to provide a low-priority service to a huge population. In such instances, it
may be feasible to piggyback on pre-existing authentication systems.
Other techniques that can increase the security of the user interface are
psychological deterrents (warning the would-be perpetrator that fraud will be
detected and prosecuted), strict limits on the power of kiosks, and anomaly
detection on usage patterns).[29]
A standard suite of privacy measures and secure hardware techniques exist to
address this problem. Some of these derive from common sense: positioning the
CRT so only the client can read it, and positioning the keypad so that no
bystanders can observe the entering of a PIN. Other techniques are more
advanced, such as secure cabinet materials and construction.
Combating fraudulent access to the kiosk’s internal computing environment
raises many challenges. Basic techniques — such as restricting the power of
the kiosk’s computer to that strictly necessary for the provided service — can
be very effective. More advanced techniques employ the use of secure
coprocessors to provide tamper-proof “envelopes” in which to keep
sensitive computation and data out of the reach of perpetrators who have
succeeded in penetrating that far.[30]
One aspect of network security pertains to the physical network itself.
Physical security techniques on the wires or fibers themselves certainly help,
as does using sound fault-tolerant design practices (to make denial of services
attacks more difficult). Using private networks may be more expensive than
using leased lines or the Internet, but often will provide increased
security.
The other main aspect of network security is information security: using
sound cryptographic protocols to prevent perpetrators from modifying or
inserting messages, or replaying old messages which were originally legitimate.
Standard techniques of public-key cryptography, session keys and symmetric-key
cryptography, message digests, secure hash functions, nonces, and sequence
numbers all address these issues. We refer the reader to Chapter 3 in
[Hochberg 1995], or any of the standard reference works, such as [Schnier
1994].
We have focused on the network. The connection between the network and any
host computers is also an area vulnerable to attack, and for which many
techniques (such as firewalls) have been developed. A good survey of
these techniques is available.[31]
Formality of operations, automatic procedures and automated audit analysis all
help here. A good discussion of these topics is available.[32]
Sound firewall design as well as strong user authentication and automated
analysis techniques help address this threat. We also caution the designer to
be wary of securing telephone lines by the use of dial-back modems: many
popular modems can be fooled by a perpetrator calling, and then transmitting a
dial-tone.
Strong physical security techniques combined with client education can help
address this threat. In the extreme case, the same strong authentication
techniques applied to users can be applied to kiosks, although this may require
the user having their own computational environment (such as a smart card).
To evaluate the kiosk design it must be evaluated by two sets of criteria. It
must be evaluated by how well it satisfies the requirements of Service
Providers who wanted the kiosk built. It must also be evaluated by how well it
meets the requirements of the Service Users for whom it was designed.
Provider acceptance is evaluated by determining whether or not the delivered
kiosk meet the requirements of the RFQs. The RFQ’s were written to specify a
solution to the problem that the kiosk was designed to solve. The RFQ’s were
written after determining the kiosk’s requirements, attributes, and
constraints. The RFQ is the contract between the Service Provider and the
kiosk designer.
The Service Users Acceptance is determined by the effectiveness of the kiosk.
The only way to determine this is by studying how the users interact with the
kiosk. There are several different techniques which can be used to evaluate
the success of a kiosk. Whenever possible, aspects of system operations
relevant to user acceptance should also be measured empirically.
First, we must define a set of evaluation criteria by which the system should
be judged. These are the following:
* choice of applications
* quality of implementation
* security
* cost/benefit analysis (business case)
Second, we must specify methodologies by which one can evaluate the system’s
performance according to the defined criteria. We will suggest the following
methodologies:
* client feedback
* automatic tracking
* administrative review
If desired, one can use a pilot phase to test a variety of applications,
implementations, and security measures. It can evaluate their relative
performance, and adopt the most favorable ones after completing the pilot
phase.
This criterion breaks down into two subcriteria:
* Exclusion. Are there additional applications that clients would like
to see on the kiosks?
* Inclusion. Has the agency implemented applications that clients do
not want to use? These must be distinguished from applications that clients do
not use because of poor design.
9.2.1
Quality of implementation
Several subcriteria apply to the client’s perspective. Some of these are
general:
* Overall interface. Is the user interface self-explanatory and easy to
use, or is it intimidating or confusing?
* Applications. Are the screens for specific applications easy to
use?
* Turnaround. Does the kiosk react quickly to user input, or do users
have to wait too long for new screens or printouts?
* Accessibility. Does the kiosk accommodate a wide range of users,
varying in their age, disability, and cultural background? An ideal system will
provide alternative means of access for clients with special needs: a switch
that enlarges the font size on the screen display, a variety of authentication
options for the disabled, a speech recognition option for visually impaired
clients, and a multitude of languages to choose from. It will also be tolerant
of user errors. While field offices will always remain available for clients
who cannot use kiosks, making the kiosks maximally accessible will benefit both
the clients and the agency’s finances.
Other subcriteria from the client’s perspective pertain to security when it is
being used. We believe that success on these criteria is vital: a secure
system is worthless if its clientele will not use it.
* Comfort. Does security make the kiosk unpleasant to use? The user
authentication procedure should not be frightening, humiliating, or intrude on
the user’s privacy. These factors, respectively, may cause problems for retina
recognition, fingerprint recognition, and knowledge-based authentication based
on a set of facts about the user.
* Convenience. Does security make the kiosk inconvenient to use? If the
user authentication procedure is slow, this will annoy the client currently at
the kiosk as well as others waiting for the client to finish. If the
authentication system or automated audit analysis system has a high false
reject rate, this will be very frustrating for bona fide clients who are
refused access to the system, or whose current sessions are interrupted when
the kiosk mistakenly detects an anomaly.
* Accessibility. Does security make it hard for certain types of
clients to use the system? Depending on their age, disability, and cultural
background, clients may have difficulty with knowledge-based authentication
(e.g., remembering a PIN), certain biometrics (e.g., signature, recognition),
sight-based user interfaces (e.g., a keyboard), and language-specific
instructions. Clients unskilled in kiosk usage may make many errors,
triggering a negative response from the automated audit analysis system.
The implementation should also be evaluated from a management perspective:
* Output. Do kiosk sessions result in output that is of use to the
kiosk owner? For example, do kiosk-based requests for information often need to
be re-keyed by hand?
* Standards. Does the kiosk system meet established standards for
information technologies? There are several different technologies and
techniques that have been considered for use in the implementation of the kiosk
system. In the case of magnetic stripes and bar codes, well defined standards
have been adopted by the ISO (International Standards Organization). If the
kiosk owner is part of the federal government, it is either required to follow
standards for security and cryptography specified by NIST[33] or attain a written waiver making them
exempt for the regulations. For many of the technologies discussed in this
report, such as smart cards and biometrics, standards do not yet exist but are
under development.
* Enabling evaluation. Does the kiosk programming include functions
that enable managers to evaluate the system? (This includes on-line surveys,
self-tracking, etc. — see evaluation methodologies below.)
* User authentication. Does the security system effectively screen out
masqueraders? The percentage of false accepts should be kept to some acceptable
minimum. This should be lower than the false accept rate found in telephone
interactions, given the higher potential of electronic fraud. At the same
time, the false reject rate must be kept low enough not to annoy bona fide
clients (see convenience above).
* Auditing. Is the kiosk system’s automatic auditing capability
effective? Does it provide security officers with all the information they need
to determine whether the system is secure? Does it provide a minimum of
superfluous information? Is there an automatic system for analyzing the audit
data? How useful is it?
* Response. If the security system detects invalid behavior, does it
respond in near real-time, and in what manner? The faster and more effective
the response, the better.
The kiosk system will be a success from the business perspective if its
benefits outweigh its costs. Costs include:
* Start-up. This includes designing, constructing, and installing the
kiosks, and enrolling users or issuing cards, if required.
* Operation. This includes hardware and software maintenance, and
ongoing labor costs for interacting with users on kiosk-related issues (e.g.,
enrolling new users, replacing lost cards, answering questions)
We stress that an over-emphasis on economy at start-up may increase operational
costs and/or reduce benefits. Initial expenditures along the following lines
are likely to lower later costs:
* Flexibility. It is worth spending more money to implement a kiosk
system that the kiosk owner can easily change in the future, rather than one it
would need to replace.
* Durability. As in any major purchase, quality matters.
Better-quality hardware and software will require less maintenance and
replacement.
Expenditures along the following lines are likely to increase benefits, and
thus improve the cost-benefit ratio:
* Speed. The faster the user turnaround, the more satisfied users will
be, and the more likely they will be to use kiosks instead of the 800 number or
field agents.
* User interface. Initial costs in careful design and testing of the
user interface will pay off in satisfied users and usable kiosk output.
* Security. Initial costs to build in security will minimize expensive
fixes down the road and maintain user (and Congressional) confidence in the
system.
Benefits from the kiosk system should include the following:
* Drop/no increase in other services. This is the heart of the benefits
side of the business case. The main financial motivation for going to kiosks
is to reduce costs for other means of service delivery(800 number, field
offices), or at least to hold down increases in these services in future years.
If the kiosks merely attract new users (who were not intending to access
services otherwise), but do not divert established users from existing means of
service delivery, it will cost the kiosk owner money rather than saving it.
* Public relations. The kiosk system should appeal to the public and
show it that the kiosk owner cares about its clients and is in step with modern
technology.
* Decrease in fraud. A truly secure kiosk system could reduce the
overall risk of fraud.
* Increased service delivery. While this benefit is hard to reconcile
with the key goal of saving money, it is still feasible. If the kiosks attract
users who otherwise would have used the 800 number or a field office, and if
they can additionally accommodate new users, then the system can be said to
have increased service delivery while lowering costs.
We have just described a set of criteria by which the kiosk system can be
judged. How can the one determine whether the system meets these criteria? We
propose three methodologies below. Wherever possible, one should compare the
results of these evaluations to results of evaluations of other means of
service delivery.
We have found [Hix 1993] to be a valuable resource in preparing this section.
The kiosk owner should get feedback both from clients who use the kiosks and
from those who do not: the former to learn about system usage, and the latter
to find out how the system might be changed to encourage wider usage. It
should get feedback as the interface is being developed (formative evaluation)
as well as when the kiosks are fielded (summative evaluation). Feedback can be
objective or subjective, quantitative or qualitative. Clients can provide
feedback in the following ways:
* Videotaping. This is one of the best ways to learn about kiosk usage.
One can get an overall impression of whether users enjoy the system, whether
they make a lot of errors, and of what type, and how system usage differs from
what is expected. A posted or on-line notice should let users know that they
are being videotaped.
* Concurrent verbal protocol talking. A client is asked to talk out
loud while using the kiosk, describing “what they are trying to do, or why they
are having a problem, what they expected to happen that did not, what they
wished had happened, and so on.”[34]
* On-line feedback. Screen design can include a comment button that
allows a user to give feedback at any time. Additionally, or alternatively,
the kiosk could prompt the user to complete an on-line survey after finishing
all transactions. The survey can ask general questions about user satisfaction
as well as specific questions about different aspects of the system: speed,
intrusiveness of user authentication system, etc. It can also ask users
whether they have used the kiosk instead of the 800 phone service or a field
office.
There are several possible formats for on-line feedback, whether collected via
comment buttons or a post-transaction survey. Users may enter feedback orally,
or by typing. They may provide feedback in a fixed format, e.g., rating the
system overall from 1 to 5, or in free text. Fixed-format input is easier to
analyze, though free-form input may be more in-depth.
A problem with on-line feedback is that only users who choose to do so will
provide feedback. Any statistician will testify that such a self-selecting
group of respondents will produce a biased result: typically, individuals who
are dissatisfied with the system will be disproportionately represented. The
kiosk owner can lessen this problem, at least with regards to an on-line
survey, by encouraging more users to complete the survey. The survey should be
short; the kiosk may present it to all users without first asking if they want
to complete it. At the extreme, the kiosk could require a user to complete the
survey before returning his or her card, if one is used.
* Personal interviews. One can interview both users and non-users to
learn their reactions to the system. One should also provide a process for
capturing informal feedback from clients. The field office representatives in
the offices which provide kiosks will undoubtedly be the recipients of
comments, both positive and negative, on the kiosk system.
* Focus groups. The kiosk owner can conduct “focus group” sessions like
those used by marketers and advertisers to evaluate new products and
advertising campaigns. In such a session, a group of users, hopefully
stratified by age, socioeconomic class, disability, etc. would discuss the
kiosk system with employees for an hour or two.
The kiosk programming should include a tracking system that keeps quantitative
records of system performance. At a minimum, this system should record how
many clients use the kiosk, and each specific service on the kiosk, each day.
Adding more detail, the system could record the amount of time each user spends
at the kiosk. More detailed timing data can yield the time spent on each kiosk
sub-function: introductory screens, user authentication, navigational screens,
and screens for specific kiosk services. This information on frequency and
speed of transactions and services can help managers estimate the cost of each
transaction and the success of the user interface.
Other extensions of automatic tracking are possible. The system could record
the frequency of errors such as unstopped input (e.g., a nine-digit Social
Security number) or incorrect use of a touch screen (e.g., users’ pressing
inactive areas of the screen). Tracking could also serve as a trigger for more
detailed analysis. For example, it could operate in conjunction with a
videotaping system that continuously loops unless triggered to save. If a user
spent an unusually long interval of time on a particular screen, this could
trigger the system to save the videotape segment corresponding to that
interval, as well as a few minutes before and after the interval, for context.
System managers and security officers will be an important part of the kiosk
evaluation. System managers will determine whether the implementation meets
government standards, enables evaluation, and is accessible to a satisfactory
range of clients. During the pilot they can determine whether kiosk output is
of satisfactory quality. They can determine whether the kiosks present a good
business case. This evaluation must take into account such factors as the
speed of transactions, the cost of operating the system (including answering
questions, replacing lost cards, etc.), and the relationship between phone
service and kiosk service.
Security officers will determine whether the user authentication system is
sufficiently rigorous, and whether false reject rates are within reasonable
limits. They will also play a key role in evaluating any automated audit
analysis system that is built into the kiosks. Security officers should be
tasked to review all suspicious incidents reported by the audit analysis
system. If most of these turn out to be non-fraudulent, and in fact not worth
investigating, it is likely that the reporting criteria in the system should be
tightened. At the same time, security officers should review kiosk frauds not
detected by the audit analysis system (though detected by other means). If
this number is large relative to the number of detected frauds, then the kiosk
owner should consider loosening the reporting criteria and/or adding new
criteria.
This work was performed under the auspices of the United States Department of
Energy.
The following table shows the cost for a kiosk over a 5 year period.[35] Notice that as the number of kiosk
increase the cost for software, hardware, the enclosure, and the computer
decrease. At the same time the costs associated with the Service and Support
increase.
Table 3: Kiosk Cost for 5 years
1 10 100 1000
Non Software 25,000 15,000 2,000 500
Reoccurring Hardware 0 2,000 2,000 500
Expenses[36]
Reoccurring Enclosure 10,000 2,000 1,500 1,000
Expenses[37] Computer 5,000 5,000 4,500 4,000
Service Service 0 1,000 2,500 3,000
and Support[38]Support 0 0 3,000 3,000
Average Cost 40,000 25,000 15,000 12,000
per kiosk
If you purchase 100 kiosks your average monthly cost per kiosk over the 5 year
period is:
$15,000 / 60 months = $250 per month
If you rent the kiosks from a kiosk vender who is responsible for both service
and support it will cost approximately twice the average monthly cost for each
kiosk:
2 X $250 = $500 per month
The value gained by using a kiosk must be greater than $500 per month to be
cost effective.
AManufacturer 1994 Appliance Manufacturer, Indoor Radar. May, 1994, pp
98-99.
Besse 1994 Conversation with Lee J. Besse, President, Advanced Video
Integration Inc., April 11, 1994.
Cheswick 1994 Cheswick, W.R. and S.M. Bellovin, Firewalls and Internet
Security: Repelling the Wily Hacker. Reading, MA: Addison-Wesley, 1994.
Comer 1991 Comer, D.E., Internetworking With TCP/IP, Vol I:, Principles,
Protocols, and Architecture, Second Edition. Englewood Cliffs, N.J.: Prentice
Hall, 1991, pp 18-19.
DiCarlo 1994 DiCarlo, L., {UPSs} power up on monitoring. PC Week, January,
1994, p. 81.
Higgs 1994 Higgs, S. and M. Chandrika, Head to Head: The newest lase, ink-jet,
dot-matrix, and color printers via for top honors in our applications-base
rankings. Byte, May, 1994. p. 168.
Hix 1993 Hix, D. and H.R. Hartson, Developing User Interfaces. New York: John
Wiley and Sons, 1993.
Hochberg 1993a Hochberg, J.G., K.A. Jackson, J.F. McClary, and D. Simmonds,
Addressing the insider threat. In Proceedings of the 1993 DOE Computer
Security Group Conference, 1993.
Hochberg 1993b Hochberg, J.G., K.A. Jackson, C.A. Stallings, J.F. McClary, D.
DuBois, and J. Ford, NADIR: An Automated System for Detecting Network Intrusion
and Misuse. Computers and Security, vol. 12, (3) May, 1993, pp. 235-48.
Hochberg 1995 Hochberg, J.G., S. Smith, B. Yantis, M. Murphy, and P. Pedersen,
Kiosk Security Handbook. Los Alamos Unclassified Report, to appear May,
1995.
Miller 1993 Miller, D., New Products. PC World, January, 1993. p. 66.
NIST 1988 National Institute of Standards and Technology, Data encryption
standard. Federal Information Processing Standards Publication 46-1. Available
by anonymous FTP at csrc.nist.gov or from the National Technical Information
Service (NTSIS), 5285 Port Royal Road, Springfield, VA 22161.
PC-Week 1993 PC-Week, August 30, 1993, p. 83.
Robinson 1994 Robinson, P., Authoring Software. New Media Magazine, March,
1994, pp. 19-23.
Rosenthal 1994 Rosenthal, S., {QuickTime} and AVI Capture Cards. New Media
Magazine, March, 1994, pp. 75-76, 81.
Schneir 1994 Applied Cryptography. New York: John Wiley & Sons, 1994.
Smith 1994 Smith, S.W., Secure Distributed Time for Secure Distributed
Protocols. Ph.D. thesis. Computer Science Technical Report CMU-CS-94-177,
Carnegie Mellon University, September 1994.
Thieves 1993 “Thieves Use Fake ATM to Raid Bank Accounts.” San Jose Mercury
News, May 12, 1993, p. 1A.
Thompson 1987 Thompson, K., Reflections on Trusting Trust. In ACM Turing Award
Lectures: the First Twenty Years, R. L. Ashenhurst and S. Graham (Eds.),
Reading, MA: Addison-Wesley, 1987.
Tygar 1993 Tygar, J.D. and B.S. Yee, Dyad: A System for Using Physically Secure
Coprocessors. Proceedings of the Joint Harvard-MIT Workshop on Technological
Strategies for the Protection of Intellectual Property in the Network
Multimedia Environment, April, 1993.
Van Bergen 1993 Van Bergen, J., Microphones: A Choosers’s Guide. TCI,
November, 1993, pp. 48-53.
Vince 1990 Vince, J., The Language of Computer Graphics. New York: Van
Nostrand Reinhold, 1990.
Vizard 1993 Vizard, F., Dial a Picture. Popular Mechanics, June, 1993, pp.
106, 110.
Waring 1994a Waring, B., Large-Screen Presentation Displays. New Media
Magazine, March, 1994, pp. 123.
Waring 1994b Waring, B., {CD-ROM} Drives. New Media Magazine, March, 1994, pp
109, 112-113.
Weaning 1994 Weaning, L. and J.B. Nomdic, 3-D Graphics and Animation, March
1994, pp. 29-38
Weibel 1991 Weibel, B. and D. Tynan, Postcript Lasers. PC World, December,
1991, pp. 174-175.
Yavelow 1994 Yavelow, C., Self-Powered Speakers for Multimedia. New Media
Magazine, March, 1994, pp. 69-71.
Yee 1994 Yee, B.S., Using Secure Coprocessors. Ph.D. thesis. Computer
Science Technical Report CMU-CS-94-149, Carnegie Mellon University, May 1994.
2003
Los Alamos paper on kiosks. This paper, titled “Kiosk Security,” was published by Los Alamos National Laboratory (LANL) in 2003. It addresses security concerns and best practices for public-access computer kiosks. Here are some key points about the paper:
-
The paper was written by Wayne O. Pollock from the Los Alamos National Laboratory.
-
It was published as part of LANL’s efforts to improve cybersecurity and public infrastructure protection.
The paper primarily discusses:
-
Security risks associated with public kiosks
-
Potential attack vectors on kiosk systems
-
Recommended security measures for kiosk deployment
The paper highlights several security issues, including:
-
Unauthorized access to system resources
-
Data theft or manipulation
-
Malware installation
-
Physical tampering with kiosk hardware
Some of the key recommendations from the paper include:
-
Using specialized kiosk software to restrict user actions
-
Implementing robust authentication mechanisms
-
Regular security audits and updates
-
Physical security measures to prevent tampering
This paper has been influential in shaping security practices for public kiosks and continues to be referenced in discussions about kiosk security.