So my question here is What is the host here? and if I am wrong please explain in short what you are saying about that whole host thing and interconnection between plc and mobile phones.
Here is one, of
many, possibilities:
(That hand-drawn mish-mash in the mobile app is supposed to be a QR code - also, the mobile app will probably not receive the station location, but rather a code that the customer's station will display - ah, now there are code displays at each station, cha-ching!).
The outer main gateway on the left is for security: only your payment provider communicates with the scheduler host across this main gateway, whether push and/or pull - perhaps the payment processor sends an email and the scheduler host checks every 10s or so.
The inner gateway on the right is to secure the PLCs, which are by nature insecure; to my mind, this is the main reason for a scheduler host i.e. it is far easier and cheaper to secure a non-PLC scheduler host than to have a PLC communicate with anything else.
If there is no external path (e.g. wireless/cellular) to the cloud and the payment processor, you may need to provide a third wifi network and gateway locally for mobile users - you do not want any mobile users on either of the other networks.
You do not want
- Any part of the payment process behind these gateways
- Any wifi behind the main gateway, only physical cable connections secured in a locked closet or other location that is not accessible to customers. N.B. I could be wrong here, maybe wifi is better because any part of a cable that has to run outside the closet can be cut and spliced.
- Mobile phones connecting directly to your PLCs, or even the scheduler behind these gateways, in any way, other than perhaps scanning a QR code to release and pick up an order.
This approach still has many problems that need to be resolved:
- Security, security, security; both physical and digital.
- It will be very difficult to implement this without at least one person present, at least part time, to replace supplies, clean things up, discourage malicious behavior, etc. Security cameras might downgrade the cost of this to a part-time service.
- The way it is set up, I can fake-order a drink from several time zones away, never intending to pick it up. which will shut down one of the PLC systems until someone picks it up and puts it in the trash. For the price of a few drinks, I could shut down the entire system.
- How does someone know where to get their drink?
- Does there need to be feedback from the scheduler to the payment processor to the mobile?
- There could be a display stating which order is at which station
- Perhaps the payment processor can return a QR code to the purchaser's mobile, and each PLC has a device to scan the code from the mobile screen and open one of several delivery doors.
- That way there is no need of feedback from scheduler to payment processor to mobile.
- The Little Caesar's chain uses this to distrbute pizza; see this video.
- But an automated system like this will have problems (even malicious ones; see the fake-order scenario described above).
- And it is probably no different, cost-wise, than a kiosk.
The scheduler host *could* be a PLC, but I don't know if TLS is available on PLCs, and all security will rest on the main gateway on the left in the diagram.
Another configuration has the mobile user connecting directly with the scheduler host, but then payment information passes through that scheduler - you do not want any part of that.
To my mind, the scheduler host and the PLCs are the smallest and cheapest pieces of this puzzle. E.g. unless I was in the security business, which I am not, I wouldn't even implement the scheme above without having it evaluated by a professional, and then re-evaluated after the implementation
Anyway, these are just random thoughts, there are probably many many other issues I have not even touched on.
And you thought the kiosk was expensive.