How to switch users in a smooth way in a Point-Of-Sale system?

Question

I am designing a Point-Of-Sale system for a small shop. The shop just have one Point-Of-Sale but often they are one to three users (sellers) in the shop. Each user have their own user account in the system so they login and logout very often. How should I design the login/logout system in a good way?

For the moment the users don't use passwords, because it takes so long time to type the password each time they login.

The Platform is Windows Vista but I would like to support Windows 7 too. We use Active Directory on the Network. The system is developed in Java/Swing for the moment, but I'm thinking about to change to C#.NET/WPF.

I am thinking about an SmartCard solution, but I don't know if that fits my situation. It would be more secure (which I like) but I don't know if it will be easy to implement and smooth to use, i.e. can I have the POS-system running in the background or started very quickly when the users switch? Are SmartCard solutions very expensive? (My customers are small shops) Is it preferred to use .NET or Java in a SmartCard solution?

What other solutions do I have other than passwords/no passwords/smartcards?

• How should I design the login/logout system in a good way?
• Is there any good solution using SmartCards for this purpose?
• I would like suggested solutions both for C#.NET/WPF and Java/Swing platforms.
• I would like suggested solutions both for Active Directory solutions and solutions that only use one user profile in Windows.

How is this problem solved in similar products? I have only seen password-solutions, but they are clumsy.

Answer 1

An interesting solution is to use "Fast User Switching", i.e. the capability to have multiple user sessions open on the same PC. The POS software could be launched through the Startup folder of each seller account and would stay active in each seller session.

I thought that being in a domain (i.e. using Active Directory) disables Fast User Switching, but according to The old new thing, this was true on XP only. I just checked with my Win7 machine at work: it is in a domain but still has the "switch user" menu item.

The main advantage is that if your software is already multi-user aware, you don't need to change it.

I should have made the Fast User Switching check before writing what is below, because this seems to be the simplest solution. Here are other ideas, anyway.

Another solution is what you mention of having a single Windows user but several "virtual users" that your application manages. A smart card is a good way to implement a pseudo-login. In C++, the API allows detecting the removal or insertion of a card, so the application could detect this and read the card after insertion to know who's currently in front of the computer. .NET can easily call this API through P/Invoke; I don't know much of Java, except that JNI could be a solution to call the native API if there is no managed library that publishes this capability. What should be done is researching the different types of card and how to talk to them, as your app should use a card that does not require a PIN to be accessed (or you are back to the slow login system, except if tying a 4-digit number is not considered too slow).

I've seen restaurants where waiters insert a key into the cash register in order to be identified. I googled "cash registers" but could only find a complete solution package, rather than the components like a key reader.

An almost idiotic question is: how much security do you need ? Does it make sense to have big buttons on the first screen of the app, where people click in order to tell the system who they are ? When they are done, they click on a "Finish" button and the app goes back to the "identify" screen. I've put this at the end because it is so simplistic that it has a low probability of being useful.

Answer 2

I'm not familiar with a broad range of smart card provider solutions, but I know Gemalto has a .Net friendly setup. Most others are geared to Java, but support is widening.

With regards to switching user sessions and your application, it depends on how "heavy" your application is. If your app requires quite a bit of start-up time / resources then you might consider creating the basic application as a service on the machine which can run in the background continuously and then you can load a light-weight UI to interact with the service with each user session (maybe launch via Startup menu).

There is a C# project on CodeProject which provides a framework for interacting with smart card services in windows - might be interesting reading.

Answer 3

Hi, maybe you want to think about using barcode scanner... probably you already have this device on POS ... my software for bars and restaurants use barcode scanner to recognize users. You have 2 options for using: first, user must log in with own barcode card, then he can use the application ... the second is better, everyone can use application, but to print the receipt user must use barcode card. After then he is responsible for that amount on this receipt.