WO2001022200A2 - Electronic voting scheme employing permanent ballot storage - Google Patents
Electronic voting scheme employing permanent ballot storage Download PDFInfo
- Publication number
- WO2001022200A2 WO2001022200A2 PCT/US2000/007986 US0007986W WO0122200A2 WO 2001022200 A2 WO2001022200 A2 WO 2001022200A2 US 0007986 W US0007986 W US 0007986W WO 0122200 A2 WO0122200 A2 WO 0122200A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- computer
- ballots
- electronic ballots
- electronic
- data storage
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
- G06F21/645—Protecting data integrity, e.g. using checksums, certificates or signatures using a third party
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C13/00—Voting apparatus
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3218—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/46—Secure multiparty computation, e.g. millionaire problem
- H04L2209/463—Electronic voting
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/56—Financial cryptography, e.g. electronic payment or e-cash
Definitions
- the following relates generally to electronic voting schemes.
- the Internet is increasingly being used to conduct a variety of activities, including research, communication or document exchange, and "electronic commerce," in part, because it facilitates electronic communications with large databases, between individuals, and between vendors and purchasers.
- the Internet comprises a vast number of computers and computer networks interconnected through communication channels. One individual can use a personal computer to connect via the Internet to another's computer.
- the acceptance and wide-spread use of electronic commerce depends, in large part, upon the ease-of-use of conducting such electronic commerce or other activities. For example, if electronic commerce can be easily conducted, then even the novice computer user will choose to engage in such activities. Therefore, it is important that techniques be developed to facilitate conducting such activities electronically.
- the Internet facilitates conducting activities electronically, in part, because it uses standardized techniques for exchanging information. Many standards have been established for exchanging information over the Internet, such as electronic mail, Gopher, and the World Wide Web (“WWW”).
- the WWW service allows a server computer system (i.e., web server or web site) to send graphical web pages of information to a remote client computer system. The remote client computer system can then display the web pages.
- Each resource (e.g., computer or web page) of the WWW is uniquely identifiable by a Uniform Resource Locator ("URL").
- URL Uniform Resource Locator
- a client computer system specifies the URL for that web page in a request (e.g., a HyperText Transfer Protocol ("HTTP”) request).
- HTTP HyperText Transfer Protocol
- the request is forwarded to the web server that supports that web page.
- that web server receives the request, it sends the requested web page to the client computer system.
- the client computer system receives that web page, it typically displays the web page using a browser.
- a browser is typically a special-purpose application program for requesting and displaying web pages.
- HTML HyperText Markup Language
- HTML provides a standard set of tags that defines how a web page is to be displayed.
- the browser sends the request to the server computer system to transfer to the client computer system an HTML document that defines the web page.
- the browser displays the web page as defined by the HTML document.
- the HTML document contains various tags that control the display of text, graphics, controls, and other features.
- the HTML document may contain URLs of other web pages available on that server computer system or on other server computer systems.
- the World Wide Web portion of the Internet is especially conducive to conducting electronic commerce, and a host of other activities that individuals have previously performed manually or over the phone.
- One activity that has been difficult to transfer to the Internet or Word Wide Web has been voting.
- An electronic voting scheme must ensure the privacy of each voter, as well as provide strict audit trails so that election officials or independent observers can verify no fraud has occurred.
- Ballot types must range from simple yes/no initiatives to complex multi-way candidate races allowing for the possibility of write-in candidates.
- the ballots must be tamper free, and must be sufficiently non-transitory, so that months after an election, the ballots and results can be reviewed by some independent authority. To date, the inventors are unaware of any system that fulfills these requirements.
- Figure 1 is a block diagram illustrating an environment for use with an embodiment of the invention.
- Figure 2 is a block diagram illustrating one embodiment for permanently storing electronic ballots for use with the environment of Figure 1.
- Figure 3 is a flow diagram showing steps performed by the embodiment of Figure 2.
- Figure 4 is a block diagram illustrating an alternative embodiment for permanently storing electronic ballots for use with the environment of Figure 1.
- ballots are permanently stored using a Write-Once, Read-Many (WORM) drive.
- WORM Write-Once, Read-Many
- the electronic ballot box is formed as one or more web pages in an electronic "bulletin board” or voting website hosted by one or more web servers.
- Alternative embodiments employ other permanent data storage devices, as explained below.
- FIG. 1 and the following discussion provide a brief, general description of a suitable computing environment in which aspects of the invention can be implemented.
- embodiments of the invention will be described in the general context of computer-executable instructions, such as routines executed by a general-purpose computer, such as a personal computer or web server.
- a general-purpose computer such as a personal computer or web server.
- aspects of the invention can be practiced with other computer system configurations, including Internet appliances, hand-held devices, multiprocessor systems, microprocessor-based or programmable consumer electronics, network PCs, mini computers, cell phones, mainframe computers, and the like.
- aspects of the invention can be embodied in a special purpose computer or data processor that is specifically programmed, configured or constructed to perform one or more of the computer-executable instructions explained herein.
- the invention can also be practiced in distributed computing environments where tasks or modules are performed by remote processing devices, which are linked through a communications network, such as a Local Area Network (LAN), Wide Area Network (WAN), and the Internet.
- LAN Local Area Network
- WAN Wide Area Network
- program modules or sub-routines may be located in both local and remote memory storage devices.
- the construction and operation of the various blocks shown in Figure 1 and 2 are of conventional design. As a result, such blocks need not be described in further detail herein, as they will be readily understood by those skilled in the relevant art.
- a suitable environment of system 100 includes one or more voter or client computers 102, each of which includes a browser program module 104 that permits the computer to access and exchange data with the Internet, including web sites within the World Wide Web portion 106 of the Internet.
- the voter computers 102 may include one or more central processing units or other logic processing circuitry, memory, input devices (e.g., keyboards and pointing devices), output devices (e.g., display devices and printers), and storage devices (e.g., fixed, floppy, and optical disk drives), all well known but not shown in Figure 1.
- the voter computers 102 may also include other program modules, such as an operating system, one or more application programs (e.g., word processing or spread sheet applications), and the like.
- there are N number of voter computers 102 representing voters 1, 2, 3 . . . N.
- a server computer system 108 coupled to the Internet or World Wide Web ("Web") 106, performs much or all of the ballot collection, storing and other processes.
- a database 110 coupled to the server computer 108, stores much of the web pages and data (including ballots) exchanged between the voter computers 102, one or more voting poll computers 112 and the server computer 108.
- the server computer system 108 including the database 110, may employ security measures to inhibit malicious attacks on the system and to preserve the integrity of the ballots and other data stored therein.
- the voting poll computer 112 is a personal computer, server computer, mini-computer, or the like, positioned at a public voting location to permit members of the public, or voters who may not have ready access to computers coupled to the Internet 106, to electronically vote under the system described herein.
- the voter computers 102 may be positioned at individual voter's homes, where one or more voting poll computers 112 are located publicly or otherwise accessible to voters in a public election.
- the voting poll computer 112 may include a local area network (LAN) having one server computer and several client computers or voter terminals coupled thereto via the LAN to thereby permit several voters to vote simultaneously or in parallel.
- LAN local area network
- the system 100 may be used.
- the voter computers 102 may be laptops or desktop computers of shareholders, and the voting poll computer 112 can be one or more computers positioned within the company (e.g., in the lobby) of the company performing the election. Thus, shareholders may visit the company to access the voting poll computer 112 to cast their votes.
- One or more optional authority or organization computers 114 may also be coupled to the server computer system 108 via the Internet 106. The authority computers 114, in certain electronic voting schemes, each hold a key necessary to decrypt the tally of electronic ballots stored in the database 110.
- Threshold cryptographic systems require that a subset t of the total number of authorities n (i.e., t ⁇ n) agree to decrypt the ballots, to thereby avoid the requirement that all authorities are needed for ballot decryption.
- the authority computers 114 may provide decryption shares based on their keys to the server computer system 108 after the voting period ends so that the server computer system may decrypt the tally results.
- the server computer 108 includes a server engine 120, a web page management component 122, a database management component 124, as well as other components shown more clearly in Figure 2.
- the server engine 120 performs, in addition to standard functionality, performs one or more electronic voting protocols, such as the protocols described in U.S. Patent Application No.
- the server engine 120 performs all necessary ballot transmission to authorized voters, ballot collection, verifying ballots (e.g., checking digital signatures and passing verification of included proofs of validity in ballots), vote aggregation, ballot decryption and/or vote tabulation.
- the web page component 122 handles creation and display or routing of web pages such as an electronic ballot box web page, as described below. Voters and users may access the server computer 108 by means of a URL associated therewith, such as http: Wwww.votehere.net, or a URL associated with the election, such as a URL for a municipality.
- the municipality may host or operate the server computer system 108 directly, or automatically forward such received electronic ballots to a third party vote authorizer who may operate the server computer system.
- the URL or any link or address noted herein, can be any resource locator.
- the web page management process 122 and server computer 108 may have secure sections or pages that may only be accessed by authorized people, such as authorized voters or system administrators.
- the server computer 108 may employ a secure socket layer ("SSL") and tokens or cookies to authenticate such users. Indeed, for small elections, or those where the probability of fraud is low (or results of fraud are relatively inconsequential), the system 100 may employ such simple network security measures for gathering and storing votes as explained below, rather than employing complex electronic encrypted ballots, as described in the above-noted patent application.
- Methods of authenticating users (such as through the use of passwords), establishing secure transmission connections, and providing secure servers and web pages are known to those skilled in the relevant art.
- the server computer system 108 includes a router 202 coupled between the Internet 106 and a firewall 204.
- the router 202 acts as an interface between the Internet 106 and the server computer system 108.
- the router 202 receives incoming electronic ballots or votes produced by the voter computers 102 or voting poll computer 112, and routes them through the firewall 204 to a web-load balancing system 206.
- the firewall 204 protects the server computer system 108 from attacks or security breaches directed at the system from the Internet 106.
- Any of various known firewall systems may be employed, such as those employing screened subnet architecture (e.g., packet filtering), and multi-homed host architecture (e.g., application gateway or dedicated proxy methods), although any of the many known firewall architectures may be employed.
- the web-load balancing system 206 balances load on several web server computers 208 (three of which are shown in Figure 2). Load balancing is a technique well known in the art for distributing the processing load between two or more computers, to thereby more efficiently process instructions and route data. In the present context, the web-load balancing system 206 helps distribute received electronic ballots evenly between the web servers 208, which can be particularly important at peak traffic times.
- each of the web servers 208 include internally or have coupled thereto write-once, read-many (WORM) drives 210.
- the WORM drives 210 permanently store received electronic ballots.
- the web load balancing device 206 may directly route received ballots to the WORM drives 210 (as opposed to having such ballots first being directed to the web servers 208).
- the web-load balancing system 206 acts as an interface to the WORM drives 210 to provide load balancing for such drives so that all electronic ballots are permanently stored on the WORM drives in an efficient manner, particularly during times of peak traffic, and to overcome relatively slow write times (as compared to, for example, random access memory (RAM) write times).
- Each of the web servers 208 executes a software enabled application programming interface (API) running as a service thereon to enable writing of the electronic ballots onto the associated WORM drive 210.
- APIs for interfacing an application program such as the ballot collection and vote tallying process noted above and the writing of received ballots to the WORM drives 210 is similar to conventional APIs for permitting application programs for writing data to WORM drives or other similar drives.
- web servers 208 and WORM drives 210 are employed for not only efficient load balancing of received web traffic and/or electronic ballots, but also for redundancy and fault tolerance reasons. Indeed, while only a single router 202, firewall 204 and web-load balancing system 206 are shown in Figure 2, the server computer system 108 may employ two or more such devices/systems to further improve fault tolerance for the system. To further improve processing efficiency, the web servers 208 may employ cryptographic accelerator cards or math coprocessors not shown to expedite cryptographic functions when the server computer system 108 execute cryptographically complex electronic elections. Likewise, the voting poll computer 112 and/or voter computers 102 can employ such cryptographic accelerator cards or math coprocessors for similar reasons.
- WORM drives Any of several known WORM drives may be employed, such as Model No. CMO R540 MO, by Sony Corporation, Model No. HP5200ex SureStore, by Hewlett Packard, and Model No. T6-5200, by Maxoptix. These drives typically employ a 5.2 inch (13.2 centimeter) diameter, optical disk or cartridge, enhanced polycarbonate-type continuous composite WORM (CCW), having up to 5.2 Gigabytes of storage.
- CCW enhanced polycarbonate-type continuous composite WORM
- DVD drives may be used instead of the WORM drives 210.
- DVD drives offer wide support on various computing platforms, as well as high capacity, wide feature set, numerous drivers supporting such disks, low cost, and the like.
- CD- Write once media may also be employed, but may suffer from low memory capacity when used with large elections employing encrypted ballots.
- the web servers 208 may be coupled to one, or a bank of, smart cards, printed circuit boards or cartridges containing programmable read-only memory (PROM), electronically programmable read-only memory (EPROM), and the like.
- PROM programmable read-only memory
- EPROM electronically programmable read-only memory
- Such memory may provide faster write times than WORM drives, but may be less tamper resistant and more expensive, particularly for elections with numerous voters and large ballots.
- Other computer-readable media may include magnetic disk drives, Bernoulli cartridges, and flash memory cards, if sufficient safeguards are employed (both hardware and software) to ensure that ballots stored thereon are tamper proof and not subject to fraud once ballots had been written thereto.
- the server computer system 108 provides a website or "bulletin board" to which each voter posts his or her digitally signed electronic ballot.
- the server computer system 108 permanently stores each ballot in the database 110, so that ballots may not be altered or erased, as described herein.
- the web server computer system 108 verifies each ballot and aggregates or tallies them to produce a final tally, although verification, and some or all portions of ballot aggregation, decryption and tallying can be performed as ballots are received (or "on the fly”).
- step 300 a process 300 performed by the server computer system 108 and voting organization providing such system is shown.
- each component or step is generally described as a single function performed by the server computer system 108 (or authority employing such system).
- the server computer system 108 provides electronic ballots to authorized voters. Voters may be authorized in any number of processes, such as those described in U.S. Patent Application
- Each electronic ballot includes all predete ⁇ riined voting issues, instructions for voting, and any relevant cryptographic keys or processes.
- each electronic ballot includes a digital signature provided by the server computer system 108.
- voters who receive such ballots may check the digital signature to ensure that the ballot has not been corrupted or altered.
- the electronic ballots may be emailed to each of the authorized voters.
- the database 110 includes the email addresses, URLs, links or other logical addresses for the voter computers 102 and voting poll computer 112.
- the server computer system 108 then automatically retrieves each logical address and forwards the appropriate electronic ballot to each address.
- the server computer system 108 may provide a web page to be accessed by the voting computers 102 and voting poll computer 112. By accessing such web page, and proving authentication of the relevant voter, the voter may then download from the server computer system 108 an electronic ballot.
- These two methods of electronic ballot distribution represent server initiated and client initiated distribution methods; of course, many other similar methods may be employed whereby the server computer system 108 forwards electronic ballots to authorized users, or where the voter computers 102 and voting poll computer 112 request electronic ballots.
- the server computer 108 receives electronically signed ballots from the voters.
- the server computer system 108 provides the above-noted web page bulletin board that allows each voter to post his or her ballot thereto during a predetermined voting period.
- other methods for receiving electronic ballots are possible, including email, wireless data transmission (e.g., via cell phone or portable/wearable computer), and the like.
- the server computer 108 may provide a digitally signed receipt to the voter recognizing receipt of the voter's electronic ballot.
- the server computer 108 may first provide such receipt to one or more of the authority computers 114 who in turn add their digital signatures before forwarding the receipt to the voter.
- the server computer 108 no longer permits additional ballots to be received and written to the WORM drive 210.
- the server computer system 108 continues to collect additional ballots after the predetermined voting period, but flags each ballot as being late or otherwise provides some indication about when such ballots were received.
- the web server computer 208 does record such late ballots via the WORM drives 210.
- the web servers 208 in the server computer system 108 write each received ballot to the WORM drives 210 or other permanent data storage media devices.
- the server computer system 108 may employ solid state memory (e.g., RAM) or other electronic memory buffers to buffer and hold electronic ballots temporarily before being written to one of the WORM drives 210.
- solid state memory e.g., RAM
- Such electronic buffers are particularly useful during peak traffic times, however, may suffer from possible security shortcomings in that a fraudulent voting organization could tamper with electronic ballots, when in the buffer, before they are written to the WORM drives 210.
- the server computer system 108 verifies each received ballot.
- the verification can include checking the digital signature of each received ballot, and verifying the validity of each ballot, such as verifying correct hash function output and/or proofs of validity, such as under zero knowledge proofs.
- Such verification can be performed as the server computer system 108 sequentially reads each ballot previously written to the WORM drives 210.
- the server computer system 108 can perform some or all of such verification of received ballots before step 306 (before they are written to the WORM drives 210).
- the server computer system 108 can verify the digital signature or compute the hash function of each ballot before writing it to the WORM drives 210.
- the server computer system 108 may discard such ballots, and not write them to the WORM drives 210.
- third party voting verification authorities may request that all received ballots be permanently stored before any unauthorized ballots are discarded.
- step 310 the server computer system 108 aggregates the stored ballots and decrypts the results, with a threshold number of authorities if such an encryption protocol is employed. Ballot authorization and decryption under a threshold number of authorities is described in greater detail in the Multi-Way
- the voting organization providing the server computer system 108 may provide the storage data to a voter verification authority.
- the voting organization may provide one or more WORM disks from the WORM drives 210 to a third party organization who verifies that no fraud had occurred during the vote or ballot tabulation. Any method of physically transferring the WORM disks to such a third-party vote verifying organization may be employed, including courier services.
- the server computer system 108 may employ a one-way hash function or simple error correction/detection technique (e.g., cyclic redundancy check (CRC)) to the data, or groups of data stored on the WORM disk.
- CRC cyclic redundancy check
- the server computer system 108 at predetermined times, or after a predetermined number of electronic ballots have been received, perform such a hash function or other method to provide an additional level of security and verification to ballots stored by the WORM drives 210.
- the results of the hash function are then likewise stored by the WORM drive, and can be presented to and verified by the third-party voting verification authority.
- the voting organization running the server computer system 108 and/or third-party voting verification authority may destroy the WORM disks after a predetermined time period.
- Many elections require that all ballots be saved or stored for a predetermined time period during which third parties may challenge or review election results to ensure that no fraud occurred. After such predetermined time period, however, the ballots typically must be destroyed. Therefore, the WORM disks may then be destroyed in step 314, to thereby effectively eliminate all electronic ballots.
- the voter computers 102 may each have stored thereon, their own ballots, but this option is left to each voter.
- electronic ballots may be digitally signed by each authorized voter and posted by the voters to an area on a bulletin board or website representing a "ballot box.” Ballots are encrypted by the voters but never decrypted. Multi-way elections are possible using both discrete log, elliptic curve and general group cryptosystems, all of which employ homomorphic properties to allow ballots to be combined to produce encrypted tallies. This multi-way election scheme ensures universal verifiability since any third party can see who voted without seeing how they voted and duplicate the combination of the encrypted ballots to obtain the encrypted tally.
- Ballots are accompanied with zero -knowledge proofs of validity to ensure that a voted ballot includes only allowable options, without leaking any information about which ballot option the voter chose. Such proofs are non-interactive and all received ballots are automatically stored permanently by the WORM drives 210.
- the encrypted tallies are decrypted by t of n authorities without reconstructing the authorities' private key, using threshold encryption techniques.
- the decryption protocol requires a zero-knowledge proof which ensures that the correct ciphertext (ballot) has been decrypted using the private-key share corresponding to the authorities' group public-key. Further, compromise of the voter privacy would require a conspiracy of at least t of the n number of authorities.
- the server computer system 108 with the WORM drives 210 or other permanent data storage devices, are useful for not only storing electronic ballots, but also for registering preregistered write-in candidates for elections, and other data for write-in candidates and votes.
- a write-in candidate submits his or her name, ballot or precinct identifier and a race identifier.
- the server computer system 108 generates a candidate number for the identified race and computes a unique encryption generator.
- the candidate's name, ballot identifier, race identifier, candidate number and generator are stored by the WORM drive 210.
- a database is created containing a record for each person eligible to hold any office appearing on the ballot.
- the record contains the person's name, unique identifier and an encryption generator.
- the voter may fill in the name of a write-in candidate on the electronic ballot.
- the server computer system 108 queries the database for that name, and if a match is found, the unique identifier and any necessary encryption data are used to form the vote for that candidate on the electronic ballot.
- the WORM drive 210 may be used to create a permanent record of such database for all eligible people to hold office on a given ballot. This permanent record could then be later reviewed by a third-party vote verification authority to ensure that all relevant names were included in the database.
- FIG. 4 an alternative embodiment of the invention is depicted as a system 400.
- the web server computers 208 are coupled directly to the internet 106, such as by means of only SSL and TCP/IP ports.
- the web servers 208 have only a limited command set and are thus more secure than platforms coupled to the internet by means of a router or other high functionality/command set devices.
- the web servers 208 are coupled to an array of WORM drives 210 by means of a distributed file server 402.
- a distributed file server or system is a type of file system in which the file system itself manages and transparently locates pieces of information (e.g.
- the distributed file server 402 also manages read and write functions to the WORM drives 210 and database 110.
- the distributed file server 402 may be a process running on each, or one of, the web servers 208, or on a separate hardware device. Indeed, one of the web servers 208, WORM drives 210, and the database 110 may be enclosed within a single box to form a "vote engine" that may be connected directly to the Internet 106 as a stand alone product.
- the distributed file server 402 receives ballots from the web servers 402 and determines which of several WORM drives 210 to instruct to write the ballot.
- the distributed file server 402 also stores the received ballots in the database 110 for rapid access and rapid write-time with respect to the web servers 208.
- the request is provided to the distributed file server 402, which in turn identifies where the ballot or desired file is stored, retrieves such ballot/file, and provides it to the web server.
- one of the authority computers 114 also includes a WORM drive 210 coupled thereto.
- the authority computers may store such receipts. To enhance data integrity, such received receipts may be stored in the WORM drive 210.
- the authority computer can ensure that the web server computers 208 have not eliminated any ballots from the final tally.
- the authority computer 114 may receive and store on the WORM drive 210 other information, including ballots that may be forwarded thereto, and the like.
- the concepts of the invention can be used in various environments other than the Internet.
- the concepts can be used in an electronic mail environment in which electronic mail ballots or forms are processed and stored.
- a web page or display description e.g., the bulletin board
- various communication channels such as local area networks, wide area networks, or point-to-point dial-up connections, may be used instead of the Internet.
- the various transactions may also be conducted within a single computer environment, rather than in a client/server environment.
- Each voter or client computer may comprise any combination of hardware or software that interacts with the server computer or system.
- These client systems may include television-based systems, Internet appliances and various other consumer products through which transactions can be performed.
- a "link” refers to any resource locator identifying a resource on the network, such as a display description of a voting authority having a site or node on the network.
- resource locator identifying a resource on the network
- hardware platforms such as voter computers, terminals and servers, are described herein, aspects of the invention are equally applicable to nodes on the network having corresponding resource locators to identify such nodes.
Abstract
Description
Claims
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU39226/00A AU3922600A (en) | 1999-03-25 | 2000-03-24 | Electronic voting scheme employing permanent ballot storage |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US12608099P | 1999-03-25 | 1999-03-25 | |
US60/126,080 | 1999-03-25 | ||
US14962199P | 1999-08-16 | 1999-08-16 | |
US60/149,621 | 1999-08-16 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2001022200A2 true WO2001022200A2 (en) | 2001-03-29 |
WO2001022200A9 WO2001022200A9 (en) | 2002-08-08 |
Family
ID=26824267
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2000/007986 WO2001022200A2 (en) | 1999-03-25 | 2000-03-24 | Electronic voting scheme employing permanent ballot storage |
PCT/US2000/007737 WO2001020562A2 (en) | 1999-03-25 | 2000-03-24 | Multiway election method and apparatus |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2000/007737 WO2001020562A2 (en) | 1999-03-25 | 2000-03-24 | Multiway election method and apparatus |
Country Status (2)
Country | Link |
---|---|
AU (2) | AU3922600A (en) |
WO (2) | WO2001022200A2 (en) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2002056230A3 (en) * | 2000-11-22 | 2003-05-01 | Votehere, Inc. | Electronic voting system |
US6950948B2 (en) | 2000-03-24 | 2005-09-27 | Votehere, Inc. | Verifiable, secret shuffles of encrypted data, such as elgamal encrypted data for secure multi-authority elections |
US7099471B2 (en) | 2000-03-24 | 2006-08-29 | Dategrity Corporation | Detecting compromised ballots |
US7360094B2 (en) | 2001-03-24 | 2008-04-15 | Demoxi, Inc. | Verifiable secret shuffles and their application to electronic voting |
US7389250B2 (en) | 2000-03-24 | 2008-06-17 | Demoxi, Inc. | Coercion-free voting scheme |
US8554607B2 (en) * | 2001-03-13 | 2013-10-08 | Science Applications International Corporation | Method and system for securing network-based electronic voting |
US20140012635A1 (en) * | 2012-07-09 | 2014-01-09 | Everyone Counts, Inc. | Auditing election results |
US10186102B2 (en) | 2011-03-28 | 2019-01-22 | Everyone Counts, Inc. | Systems and methods for remaking ballots |
US11087578B2 (en) | 2018-11-15 | 2021-08-10 | Daniel Bernard Ruskin | Voting booth, system, and methods of making and using same |
Families Citing this family (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FI20010761A (en) * | 2001-04-11 | 2002-10-12 | Suomen Posti Oyj | Method, system and device for voting |
JP4774650B2 (en) | 2001-08-07 | 2011-09-14 | 日本電気株式会社 | Zero-knowledge proof system and method showing discrete logarithmic match or mismatch |
AU2002338954A1 (en) * | 2001-12-12 | 2003-06-23 | Scytl On Line World Security, Sa | Secure electronic voting method and the cryptographic protocols and computer programs used |
US20070116283A1 (en) * | 2003-11-03 | 2007-05-24 | Koninklijke Philips Electronics N.V. | Method and device for efficient multiparty multiplication |
WO2014177581A1 (en) | 2013-04-30 | 2014-11-06 | Thomson Licensing | Threshold encryption using homomorphic signatures |
US10445966B1 (en) | 2018-07-27 | 2019-10-15 | Hart Intercivic, Inc. | Optical character recognition of voter selections for cast vote records |
US11956350B2 (en) | 2021-03-31 | 2024-04-09 | Seagate Technology Llc | Yes and no secret sharing with hidden access structures |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5495532A (en) | 1994-08-19 | 1996-02-27 | Nec Research Institute, Inc. | Secure electronic voting using partially compatible homomorphisms |
US5682430A (en) | 1995-01-23 | 1997-10-28 | Nec Research Institute, Inc. | Secure anonymous message transfer and voting scheme |
-
2000
- 2000-03-24 WO PCT/US2000/007986 patent/WO2001022200A2/en active Application Filing
- 2000-03-24 AU AU39226/00A patent/AU3922600A/en not_active Abandoned
- 2000-03-24 AU AU37702/00A patent/AU3770200A/en not_active Abandoned
- 2000-03-24 WO PCT/US2000/007737 patent/WO2001020562A2/en active Application Filing
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6950948B2 (en) | 2000-03-24 | 2005-09-27 | Votehere, Inc. | Verifiable, secret shuffles of encrypted data, such as elgamal encrypted data for secure multi-authority elections |
US7099471B2 (en) | 2000-03-24 | 2006-08-29 | Dategrity Corporation | Detecting compromised ballots |
US7389250B2 (en) | 2000-03-24 | 2008-06-17 | Demoxi, Inc. | Coercion-free voting scheme |
WO2002056230A3 (en) * | 2000-11-22 | 2003-05-01 | Votehere, Inc. | Electronic voting system |
US8554607B2 (en) * | 2001-03-13 | 2013-10-08 | Science Applications International Corporation | Method and system for securing network-based electronic voting |
US7360094B2 (en) | 2001-03-24 | 2008-04-15 | Demoxi, Inc. | Verifiable secret shuffles and their application to electronic voting |
US10186102B2 (en) | 2011-03-28 | 2019-01-22 | Everyone Counts, Inc. | Systems and methods for remaking ballots |
US20140012635A1 (en) * | 2012-07-09 | 2014-01-09 | Everyone Counts, Inc. | Auditing election results |
US11087578B2 (en) | 2018-11-15 | 2021-08-10 | Daniel Bernard Ruskin | Voting booth, system, and methods of making and using same |
Also Published As
Publication number | Publication date |
---|---|
AU3770200A (en) | 2001-04-17 |
AU3922600A (en) | 2001-04-24 |
WO2001020562A2 (en) | 2001-03-22 |
WO2001022200A9 (en) | 2002-08-08 |
WO2001020562A3 (en) | 2001-10-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7565540B2 (en) | Fully electronic identity authentication | |
US6973581B2 (en) | Packet-based internet voting transactions with biometric authentication | |
US7418401B2 (en) | Secure internet transactions on unsecured computers | |
Cranor et al. | Sensus: A security-conscious electronic polling system for the internet | |
US11100743B1 (en) | Blockchain-based election system | |
US7640181B2 (en) | Distributed network voting system | |
US20060095376A1 (en) | Virtual meetings | |
Cranor et al. | Design and implementation of a practical security-conscious electronic polling system | |
US20050132201A1 (en) | Server-based digital signature | |
US20020133396A1 (en) | Method and system for securing network-based electronic voting | |
WO2001022200A2 (en) | Electronic voting scheme employing permanent ballot storage | |
Helbach et al. | Secure internet voting with code sheets | |
Pereira | Individual verifiability and revoting in the Estonian internet voting system | |
Gaweł et al. | Apollo–end-to-end verifiable internet voting with recovery from vote manipulation | |
CN113014394B (en) | Electronic data certification method and system based on alliance chain | |
Al-Rawy et al. | A design for blockchain-based digital voting system | |
KR100453616B1 (en) | Method, article and apparatus for registering registrants, such as voter registrants | |
Hastings et al. | Security considerations for remote electronic UOCAVA voting | |
WO2004092965A1 (en) | Self-enrollment and authentication method | |
Pan et al. | Enhanced name and vote separated E‐voting system: an E‐voting system that ensures voter confidentiality and candidate privacy | |
Stenbro | A survey of modern electronic voting technologies | |
Nestås | Building trust in remote internet voting | |
US11967186B1 (en) | Blockchain-based election system | |
WO2022125041A1 (en) | Electronic election and voting method and system with privacy protection and biometric authentication | |
Prosser et al. | Implementing an Internet-Based Voting System for Public Elections: Project Experience |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A2 Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG US UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A2 Designated state(s): GH GM KE LS MW SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |
|
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |
|
AK | Designated states |
Kind code of ref document: C2 Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG US UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: C2 Designated state(s): GH GM KE LS MW SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
COP | Corrected version of pamphlet |
Free format text: PAGES 1-18, DESCRIPTION, REPLACED BY NEW PAGES 1-19; PAGES 19-23, CLAIMS, REPLACED BY NEW PAGES 20-29; PAGES 1/4-4/4, DRAWINGS, REPLACED BY NEW PAGES 1/4-4/4; DUE TO LATE TRANSMITTAL BY THE RECEIVING OFFICE |
|
122 | Ep: pct app. not ent. europ. phase | ||
NENP | Non-entry into the national phase in: |
Ref country code: JP |