What are the hidden challenges of kiosk application development?

Kiosk Application - Device Control

This article was originally written for and published at KioskMarketPlace.com.

http://www.kioskmarketplace.com/blog/8041/What-are-the-hidden-challenges-of-kiosk-application-development

You are half way through your kiosk project. You have secured the budget and organizational buy-in, and have even selected kiosk hardware and devices. Now, you are trying to build a kiosk application with the capability to increase revenue and enhance the customer experience. Great! You are on the right track.

But at the same time, kiosk managers need to make sure not to overlook the hidden challenges of kiosk application development – the device management. In many cases, a kiosk system needs to control various kiosk I/O devices such as printers, magnetic card readers and barcode readers. Here is why it is so challenging:

Device control

Let's take a thermal printer as an example. There are many kiosk printer vendors that offer a diverse product lineup. Depending on the manufacturer and the model, each printer has different specifications. A kiosk application developer needs to thoroughly understand the selected printer's functionalities and API (application programming interface) defining the behaviors, sequence, control, events, exceptions and status of the device.

Complying with the API could be a tedious process but critical in kiosk application development to avoid unexpected device errors. For example, the program has to "initialize" each device by sending commands such as open, claim, check version and "finalize" by release and close commands. Without these steps, the kiosk application will not be able to function properly, which will lead to errors and malfunctions.

Monitoring and error handling

Each device needs to be monitored and any errors and exceptions have to be handled properly to minimize the impact on the kiosk performance. For example, if the printer ran out of paper, the kiosk should hold in out-of-service mode until the kiosk operator fills paper. We will discuss this area in more detail in future posts.

Qualification of the developers
The engineers who have the capabilities and experience in POS programming are much more scarce compared with the large pool of web application developers and designers. Even if you can luckily find qualifying engineers who are experienced in this field, they may not necessarily excel at designing and implementing a user friendly application interface.

As a kiosk vendor, our approach is to provide a middleware platform that takes care of these device related challenges. When kiosk vendors provide the means to integrate kiosk applications with kiosk hardware and devices, kiosk application developers can focus on the application user interface instead of struggling with technical problems. This will increase the chance of successful kiosk rollout while reducing the costs of application development and support services.

Subscribe to the PFU Systems’ blog and follow us on Twitter for the latest insight into the kiosk industry.

How to protect your kiosk

Kiosk Software Security

This article was originally written for and published at KioskMarketPlace.com.

http://www.kioskmarketplace.com/blog/7669/How-kiosk-applications-differ-from-websites

As we discussed in the previous post, kiosk security is one of the greatest challenges organizations need to deal with during kiosk application development.

Self-service kiosks are often in unsupervised locations, and thus vulnerable to threats such as information theft, virus and malware, and unauthorized access to the kiosk system. Organizations must have rock-solid security measures in place to protect their kiosks from any security breach.

The following are some of the most common threats and countermeasures related to kiosk software:

Unauthorized access to the kiosk software and operating system
If users can access the operating system of the kiosk, they could do pretty much anything they want to cause damage -- display unauthorized websites, steal/alter sensitive data stored in the file system, download and install malicious applications or a virus, use the kiosk to attack other computers or access the organization's system, to list a few.

Therefore, limiting access to the operating system is one of the most important countermeasures to any security threats. Using kiosk platform software that allows a lockdown of the OS and browser is the most common method. This kind of software ensures that any and all kiosk usage is restricted to its intended purpose by concealing Windows and browser menus, controlling URL access, disabling key combinations such as Ctrl+Alt+Del, and blocking pop-ups and dialogs.

Information theft
Theft of sensitive data such as credit card numbers, Social Security numbers, passwords, and medical records can result in tremendous damage to the business and reputation.

Although it sounds pretty simple, the best countermeasure is not to store any customer information on the local disk of the individual kiosks. Instead, data should be sent to the central host server via an encrypted connection.

In order to protect each user's private information, it is also important to delete all cookies and cache at the end of every session. In addition, in the case that a user leaves before their session completes, delete the customer information and reset to the top page after a certain period of inactivity. Most kiosk platform software has the capability to automatically handle this.

Virus and malware
Virus and malware can seriously impair the performance of a kiosk system. In a worst case scenario, the affected kiosk might be used to attack other computers or lead to a data breach.

For regular computers, the most effective measures are Automatic Windows Updates and antivirus software. However, they may not work the best for a kiosk particularly when it is a complex system equipped with I/O devices. Although keeping the system updated with the most recent patches and antivirus definitions sound great, automatic updates of the system could cause unexpected results. For example, a major Windows update could lead to incompatibility with a device driver which is used in the kiosk system. Also, it often makes troubleshooting of kiosk problems much more difficult. Therefore, all changes to the system should be tested in a testing environment before implemented at every single kiosk in production.

Actually, as long as unauthorized access to the kiosk is blocked, the chance of a kiosk system being infected with virus or malware is very low, unless it is used to browse various websites. So focusing on locking down the kiosk software and operating system is much more effective.

If you are considering deploying security software, we recommend "white-list" based solutions that are widely used in embedded systems. When white-list based security software is deployed, only pre-configured and authorized applications become executable and no virus or malware can run on the system.

Since this post is a part of a series discussing kiosk software development, here we focused on the software aspects of kiosk security. But needless to say, kiosk hardware protection is equally (or even more) important when considering kiosk security measures. In a future post, we will come back to the security topic again to discuss kiosk hardware protection. Subscribe to the PFU Systems’ blog and follow us on Twitter for the latest insight into the kiosk industry.