WO2002045396A2 - Secure telephone polling - Google Patents
Secure telephone polling Download PDFInfo
- Publication number
- WO2002045396A2 WO2002045396A2 PCT/GB2001/005224 GB0105224W WO0245396A2 WO 2002045396 A2 WO2002045396 A2 WO 2002045396A2 GB 0105224 W GB0105224 W GB 0105224W WO 0245396 A2 WO0245396 A2 WO 0245396A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- correspondent
- service provider
- database
- personal
- data
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C13/00—Voting apparatus
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M3/00—Automatic or semi-automatic exchanges
- H04M3/42—Systems providing special services or facilities to subscribers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M3/00—Automatic or semi-automatic exchanges
- H04M3/42—Systems providing special services or facilities to subscribers
- H04M3/487—Arrangements for providing information services, e.g. recorded voice services or time announcements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M2203/00—Aspects of automatic or semi-automatic exchanges
- H04M2203/10—Aspects of automatic or semi-automatic exchanges related to the purpose or context of the telephonic communication
- H04M2203/1041—Televoting
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M3/00—Automatic or semi-automatic exchanges
- H04M3/42—Systems providing special services or facilities to subscribers
- H04M3/42008—Systems for anonymous communication between parties, e.g. by use of disposal contact identifiers
Definitions
- the organisation of polls may take three forms. They solicit votes in order to: a) Confer a mandate upon selected representatives of the participating electorate. b) Confer an honor upon selected individuals. c) Register opinion about selected issues.
- the organisation of a mandatory poll needs to protect both the privacy of individual voters and the poll against fraudulent or malicious individuals.
- the present invention is concerned primarily with enabling private polls of the type a) above to be conducted by telephone calls, but may also have application in the cases of b) and c). Principles of the present invention may also be applied more generally in cases where an individual is required to identify themselves through entry of Personal Identification Numbers (PINs).
- PINs Personal Identification Numbers
- a feature of the present invention is that it can, in principle, all be operated by telephone, using a single call session to authenticate the caller and thereafter, to conduct a given poll. This feature is made possible by requiring the caller only to confirm personal data that is already pre-stored in existing public or commercial records.
- the present invention requires the caller to enter only fragments of the identifiers held in the pre-stored records, for example, the first six digits of an eight digit PIN.
- This use of identifier fragments allows the poll organiser a very high degree of certainty that a caller could not accidentally enter data matching their personal identifiers held in the pre-stored records.
- the use of identifier fragments entered on a telephone keypad also means that the caller need never give their name, address, or full PIN, which prevents anyone obtaining the poll organiser's records discovering the actual identity of the caller. Yet, the same data is sufficient to pinpoint a valid caller's postal area.
- Voter registration is the preliminary step to that of voting.
- registration could be included as part of each voting event, or in a second embodiment, registration could be a one-off event that registered a caller as a voter for subsequent telephone voting in polls arranged by the same organisers.
- data about the prospective voter should be obtained from at least two, or more, independent public record sets, or databases.
- independent public record sets, or databases For open balloting, such as raising a petition by telephone, it may be acceptable to register a signatory with data drawn from just one database. If the signatory voluntarily provides their personal telephone number, then independent monitors can validate the petition's authenticity by calling back a given sample of signatories.
- the present invention addresses these secret ballot requirements in the following ways:
- the voter only supplies a fragment of any given ID they have, for example, only the 6 digits of their 3 letter 6 digit UK National Insurance no. This prevents anyone with access to either the poll organiser's database, or the voter's telephone calls, from gaining enough information to consult other record sets in order to find out the voter' s name.
- the data fragmentation described in 2 above also means that the owners of public records can supply their records to a poll organiser, in a way that never breaches their Data Privacy obligations to individual citizens.
- the record owners may further secure their data from a poll organiser by "locking" the display mode of their computer database files, so that for instance, all file data is displayed in password format, ****.
- Proprietary software applications like Microsoft Access enable owners to set this type of data protection so that only users with the owner's password can change the file design.
- the present invention does not allow either the poll organisers, or telephone eavesdroppers, to deduce the voter's name or address.
- the present system cannot prevent a) above if it is achieved by means such as mail interception, or disclosure by the voter, which is also a problem with other secure systems, such as credit cards and electoral registration.
- the present invention could make use of voice "signatures" if required. These voice entries could be recorded as WAV files, for instance. In the event of a fraud investigation the WAV files could be matched with recordings made by suspects. 5.
- the telephonic system linking the caller to the poll organiser via the telephone carrier is shown schematically in Figure 1.
- the poll organiser's telephone exchange system calls are relayed to a series of voice response interfaces, each linked to a personal computer, with each said computer being linked to a main server, in which the poll organisers keep their master database.
- voice may refer either to a human operator or a set of pre-recorded voice messages.
- the master database holds pre-stored personal identification data supplied by two record set holders who are independent of each other and do not share data. Callers are prompted to enter their details using either speech or the telephone keypad.
- Speech entries are recognised and processed either by a human operator or by voice recognition software installed on the controlling computer for the response interface. Hie communication between the response interfaces and computers would be managed by existing software, such as British Telecommunication's Meridian application, ranning on personal or main frame computers, linked either to an automated, or operator controlled telephone exchange. The sequence of registration procedures is then shown schematically in Figure 2.
- the poll organiser asks the caller to enter at least two individual ID numbers, a and c, where a is an element of a personal data set .1, stored in Database 1 and c is an element of a personal data set j p2, stored in Database 2.
- Database 1 is owned by the Department of Social Security, an organisation which does not share any of its record data with the National Health Service, the owners of Database 2. Nor do the said owners share information through any intermediary such as the said poll organiser, because the said owners only supply the said poll organiser with fragments of the said sets lumber and p2.
- the said poll organiser can match the said caller's entries a and c by finding a common factor, the said caller's postcode, in the intersection of sets pi and /?2.
- the general principle illustrated here is that the caller's personal data set ⁇ p ⁇ , can only qualify for inclusion in the registry of valid voters ⁇ V ⁇ held in the poll organiser's master database, if it satisfies the following general criterion:
- the total number n, of 6 digit sequences taken from an NHS ID can only be 1 million. So potentially, at least 40 of the 40 million UK electors ⁇ V ⁇ , share the same 6 digit sequence for either an NI or NHS no. By coincidence, there may also be another 40 electors sharing one of the million or so valid UK Postcodes, ⁇ R ⁇ .
- the security set-up of the present invention is then, based on a statistical notion of certainty.
- the use of PIN fragments helps to disguise the voter's identity.
- the criteria for relatmg the said PIN fragments give a very high level of confidence that they identify the same voter - and that the high odds against the registration of rogue voters effectively prevents them from participating in telephone polls.
- Figure 5 shows a database set-up for the above embodiment. Callers enter the first six digits of their NHS number and the six digits of their NI number. For the purposes of example, the second columns of the NHS and NI data records are shown "unhidden". However, in practice, both these columns would be displayed in password format, as illustrated in Figure 5, and the design of the tables be "locked” in that view by the owner's choice of a 20 digit security password. The two query tables could also be locked in the same way, which still allows the database user to view the necessary query data.
- PIN numbers are automatically assigned to every caller as their data is entered on the table called "Caller" in this example.
- the PINs will comprise of much longer digit sequences than those shown in the example.
- Each data field in the "Caller" table is set to reject duplicate data entries, so that each record of each call in which the caller seeks registration is unique and any caller entering the same identification details more than once cannot be registered more than once.
- caller 1 has entered erroneous information for their NI number and Caller 5 for their NHS number. Only callers listed in the "Match Postcodes" query will have their PIN numbers validated for use in the next phase, that of voting.
- FIG. 6 schematically shows the processes in the preferred embodiment that enable callers who have successfully registered themselves to cast their votes in a subsequent telephone poll.
- the said callers are guided through a menu of options, from which they may then make a selection by keying in the item numbers on their telephone keypad.
- data fields are set to reject duplicate voter details and thus to prevent the same caller voting more than once. 10.
- the voting options are defined on a table "Options for Election 001 and all votes cast by registered callers are entered on a form linked to a table, "Votes for Election 001.
- a sub-programme embedded in the form matches the caller's entries with the register of users and will not open the choice box in event of mismatches, which in turn, prevents the call from being recorded as an entry on the master database.
- the votes cast can then be counted and correlated with specific geographical areas by matching the individual votes with postcodes, as in the kind of crosstab query illustrated. 11.
- Figure 2 shows that the information given by callers during the voting process does allow the poll organisers to correlate the following personal information about the caller:
- the present system does not allow the said the poll organisers, or eavesdroppers to deduce the voter's individual identity, nor their name and individual address. So the present system provides a very high level of guarantee that the caller is the person who is described by public identification systems, and the system also secures the voter's right to anonymity. Only someone with legal authority to search all the databases used in the present system could reverse the odds to match the data with a particular individual. However, data protection legislation may allow the said poll organisers to supply to third parties, trend details abstracted from the above information, such as votes cast by geographic region.
- Voter's check on how their vote has been recorded A fiirther benefit of the present invention over traditional voting systems is that voters can, if they wish, call the poll organisers to verify how their vote was recorded in a given poll. This they may do by calling another service, which operates as shown in the schematic of Figure 8.
- the voter dials the service number for the poll they wish to check and logs on by entering their registration PIN.
- the computer interface then automatically uses that PIN to searches the data table "Voter Cross Check" illustrated in Figure 8, matches the PIN with the vote option number and the name of that option.
- the option name is then announced by voice to the caller, via the response interface system.
Abstract
Many automated systems already exist that allow voters to review options and cast votes using normal telephones. A secure telephone polling system enables users to vote anonymously from poll organisers and eavesdroppers, whilst still allowing authorised investigators to check that only legitimate voters have participated in the poll. The method by which a voter preserves his anonymity is to submit to the organisers, only parts of the symbol sequences that comprise his existing personal identification codes, such as his National Insurance number. A poll organiser requires two or more trusted third parties to provide only the same partial codes related to a single personal detail, such as a home postal code. When the organiser successfully matches two or more code entries to a single personal detail, this gives a very high probability that the person entering the codes is the same person fully recorded on the third party's original databases.
Description
SECURE TELEPHONE POLLING
BACKGROUND
In general, the organisation of polls may take three forms. They solicit votes in order to: a) Confer a mandate upon selected representatives of the participating electorate. b) Confer an honour upon selected individuals. c) Register opinion about selected issues.
The organisation of a mandatory poll needs to protect both the privacy of individual voters and the poll against fraudulent or malicious individuals. The present invention is concerned primarily with enabling private polls of the type a) above to be conducted by telephone calls, but may also have application in the cases of b) and c). Principles of the present invention may also be applied more generally in cases where an individual is required to identify themselves through entry of Personal Identification Numbers (PINs).
1. Prior Art
There are numerous systems designed to handle telephone polls of types b) and c) above. In respect of a) above, patent searching reveals that existing solutions for validating a caller's subscription to a telephone service fall into three main categories: 1. Those that use telephone peripherals, such as a telephone card reader, which requires the caller to identify himself by use of a card issued by the service provider (US5412727, US4995081, WO96/02044)
2. Those that build recognition hardware into the telephone system, e.g. an identity chip on the caller's home telephone set, or a system that recognises the telephone set from which a call is being made (WO97/04602A2, US5838774, JP9081821A, JP8137969A,
JP8044919A, WO99/26396)
3. Those that request the caller to enter PINs on the telephone keypad and match those PINs with pre-stored data about the caller (WO97/46031A1, US5689247, US5528670, US5311594, US3644675). The present system falls under this category.
Pilot tests for political telephone voting have been run in the USA and Canada in the 1970's and 80 's.1 The systems used there still relied upon elements of non-telephonic activity, such as postal correspondence. A feature of the present invention is that it can, in principle, all be operated by telephone, using a single call session to authenticate the caller and thereafter, to conduct a given poll. This feature is made possible by requiring the caller only to confirm personal data that is already pre-stored in existing public or commercial records.
To safeguard both the voter's privacy and anonymity, the present invention requires the caller to enter only fragments of the identifiers held in the pre-stored records, for example, the first six digits of an eight digit PIN. This use of identifier fragments allows the poll organiser a very high degree of certainty that a caller could not accidentally enter data matching their personal identifiers held in the pre-stored records. The use of identifier fragments entered on a telephone keypad also means that the caller need never give their name, address, or full PIN, which prevents anyone obtaining the poll organiser's records discovering the actual identity of the caller. Yet, the same data is sufficient to pinpoint a valid caller's postal area. The means by which the present invention achieves these said features, are now described by a combination of working principles and embodiments.
DESCRIPTION
1. Voter registration
Voter registration is the preliminary step to that of voting. In the preferred embodiment of the present invention, registration could be included as part of each voting event, or in a second embodiment, registration could be a one-off event that registered a caller as a voter for subsequent telephone voting in polls arranged by the same organisers.
2. Data Sources For secret balloting, data about the prospective voter should be obtained from at least two, or more, independent public record sets, or databases. For open balloting, such as raising a petition by telephone, it may be acceptable to register a signatory with data drawn from just one database. If the signatory voluntarily provides their personal telephone number, then independent monitors can validate the petition's authenticity by calling back a given sample of signatories.
3. Secret balloting and data protection
For secret balloting, the following requirements are essential: 1. Only the voter knows what choice he or she has made.
2. The voter's personal details are neither shared nor disclosed in a manner contrary to data protection laws
The present invention addresses these secret ballot requirements in the following ways:
3. The voter never supplies their name, or address.
4. The voter only supplies a fragment of any given ID they have, for example, only the 6 digits of their 3 letter 6 digit UK National Insurance no. This prevents anyone with access to either the poll organiser's database, or the voter's telephone calls, from gaining enough information to consult other record sets in order to find out the voter' s name.
5. The data fragmentation described in 2 above also means that the owners of public records can supply their records to a poll organiser, in a way that never breaches their Data Privacy obligations to individual citizens. The record owners may further secure their data from a poll organiser by "locking" the display mode of their computer database files, so that for instance, all file data is displayed in password format, ****. Proprietary software applications like Microsoft Access enable owners to set this type of data protection so that only users with the owner's password can change the file design.
4. Fraudulent voting and misuse of data It is desirable to protect against the following polling abuses:
1. Fraudulent acquisition of another person' s identity numbers.
2. Eavesdropping, such as telephone tapping.
3. Unauthorised use or distribution of individual records by the database holder.
The present invention does not allow either the poll organisers, or telephone eavesdroppers, to deduce the voter's name or address. However, the present system cannot prevent a) above if it is achieved by means such as mail interception, or disclosure by the voter, which is also a problem with other secure systems, such as credit cards and electoral registration. The present invention could make use of voice "signatures" if required. These voice entries could be recorded as WAV files, for instance. In the event of a fraud investigation the WAV files could be matched with recordings made by suspects.
5. Data Entry
The data entry and system responses for the prefeixed embodiment of the present invention are now described by example. The telephonic system linking the caller to the poll organiser via the telephone carrier is shown schematically in Figure 1. At the poll organiser's telephone exchange system, calls are relayed to a series of voice response interfaces, each linked to a personal computer, with each said computer being linked to a main server, in which the poll organisers keep their master database. The term "voice" may refer either to a human operator or a set of pre-recorded voice messages. The master database holds pre-stored personal identification data supplied by two record set holders who are independent of each other and do not share data. Callers are prompted to enter their details using either speech or the telephone keypad. Speech entries are recognised and processed either by a human operator or by voice recognition software installed on the controlling computer for the response interface. Hie communication between the response interfaces and computers would be managed by existing software, such as British Telecommunication's Meridian application, ranning on personal or main frame computers, linked either to an automated, or operator controlled telephone exchange. The sequence of registration procedures is then shown schematically in Figure 2.
6. Data Matching In the following example, the poll organiser asks the caller to enter at least two individual ID numbers, a and c, where a is an element of a personal data set .1, stored in Database 1 and c is an element of a personal data setjp2, stored in Database 2. Database 1 is owned by the Department of Social Security, an organisation which does not share any of its record data with the National Health Service, the owners of Database 2. Nor do the said owners share information through any intermediary such as the said poll organiser, because the said owners only supply the said poll organiser with fragments of the said sets jpl and p2.
As shown in the Venn diagram in Figure 4, the said poll organiser can match the said caller's entries a and c by finding a common factor, the said caller's postcode, in the intersection of sets pi and /?2. The general principle illustrated here is that the caller's personal data set {p}, can only qualify for inclusion in the registry of valid voters {V} held in the poll organiser's master database, if it satisfies the following general criterion:
For all {p} ≡ {(a,b),(c,d)}, { .} is amember of {V} if and only if b = d and a ≠ c≠ b (1)
In this example, the total number n, of 6 digit sequences taken from an NHS ID, can only be 1 million. So potentially, at least 40 of the 40 million UK electors {V}, share the same 6 digit sequence for either an NI or NHS no. By coincidence, there may also be another 40 electors sharing one of the million or so valid UK Postcodes, {R}.2 However, the odds against finding at random in { V), a pair of NT & NHS 6 digit sequences (a, c) that both correspond to the same post code b = d, are l/[(V/n )/V\ [(V/n2)/V {(V/P)IF = 1/(40/4x107)(40/4xl07)(40/106) = 2.5 x 1018 to 1 (2)
Since there are 40 million pairs of NHS and NI that do satisfy equation (1) above, then a rogue caller entering two 6 digit numbers at random has the following odds of getting his or her entry registered:
1 in (2.5 x 1018)/(4 x 107) = 1 in 6.25 x 1010 (3)
The security set-up of the present invention is then, based on a statistical notion of certainty. On the one hand, the use of PIN fragments helps to disguise the voter's identity. On the other hand, the criteria for relatmg the said PIN fragments give a very high level of confidence that they identify the same voter - and that the high odds against the registration of rogue voters effectively prevents them from participating in telephone polls.
7. Prior preparation of record sets To safeguard against freak duplications in originating databases, it is necessary to search the said databases for duplicate values before using them for registration purposes. Before use, these said databases are filtered by date of birth, to remove all individuals under the voting age. Finally, each PIN is stripped down to 6 digits by removing the unwanted letters or digits in the manner illustrated in Figure 4. The removal of letters from the required data entry has the benefit of making data entry by telephone much easier for the caller.
8. Embodiment of a database set-up
Figure 5 shows a database set-up for the above embodiment. Callers enter the first six digits of their NHS number and the six digits of their NI number. For the purposes of example, the second columns of the NHS and NI data records are shown "unhidden". However, in practice, both these columns would be displayed in password format, as illustrated in Figure 5, and the design of the tables be "locked" in that view by the owner's choice of a 20 digit security password. The two query tables could also be locked in the same way, which still allows the database user to view the necessary query data.
PIN numbers are automatically assigned to every caller as their data is entered on the table called "Caller" in this example. In practice, the PINs will comprise of much longer digit sequences than those shown in the example. Each data field in the "Caller" table is set to reject duplicate data entries, so that each record of each call in which the caller seeks registration is unique and any caller entering the same identification details more than once cannot be registered more than once. In the example shown in Figure 5, caller 1 has entered erroneous information for their NI number and Caller 5 for their NHS number. Only callers listed in the "Match Postcodes" query will have their PIN numbers validated for use in the next phase, that of voting.
9. The voting process
This is the second of two processes, wherein registered callers can cast their votes in a poll. Figure 6 schematically shows the processes in the preferred embodiment that enable callers who have successfully registered themselves to cast their votes in a subsequent telephone poll. The said callers are guided through a menu of options, from which they may then make a selection by keying in the item numbers on their telephone keypad. As for the registration database, data fields are set to reject duplicate voter details and thus to prevent the same caller voting more than once. 10. Data Matching
As shown in the example database, illustrated in Figure 7, the voting options are defined on a table "Options for Election 001 and all votes cast by registered callers are entered on a form linked to a table, "Votes for Election 001. A sub-programme embedded in the form matches the caller's entries with the register of users and will not open the choice box in event of mismatches, which in turn, prevents the call from being recorded as an entry on the master database. The votes cast can then be counted and correlated with specific geographical areas by matching the individual votes with postcodes, as in the kind of crosstab query illustrated.
11. Data Privacy and Security
Figure 2 shows that the information given by callers during the voting process does allow the poll organisers to correlate the following personal information about the caller:
(1st 6 of 10 digits of NHS no.) + (Postcode) + (Option choice). But once again, the present system does not allow the said the poll organisers, or eavesdroppers to deduce the voter's individual identity, nor their name and individual address. So the present system provides a very high level of guarantee that the caller is the person who is described by public identification systems, and the system also secures the voter's right to anonymity. Only someone with legal authority to search all the databases used in the present system could reverse the odds to match the data with a particular individual. However, data protection legislation may allow the said poll organisers to supply to third parties, trend details abstracted from the above information, such as votes cast by geographic region.
12. Voter's check on how their vote has been recorded A fiirther benefit of the present invention over traditional voting systems is that voters can, if they wish, call the poll organisers to verify how their vote was recorded in a given poll. This they may do by calling another service, which operates as shown in the schematic of Figure 8. The voter dials the service number for the poll they wish to check and logs on by entering their registration PIN. The computer interface then automatically uses that PIN to searches the data table "Voter Cross Check" illustrated in Figure 8, matches the PIN with the vote option number and the name of that option. The option name is then announced by voice to the caller, via the response interface system.
Claims
What is claimed is: 1. A system for a service provider to authorise a correspondent to be a legitimate user of the service without recording the personal identity of the said correspondent, wherein: a) the said provider records, on a database, the identification codes of any potential correspondent in a one-to-one relationship with at least one of the said correspondent's personal details, such as his home postal code b) a said correspondent enters onto the said database, only parts of the full sequences of symbols that comprise his said identification codes, such as the first six digits of an eight digit sequence c) the said provider authorises a said correspondent as a service user on the condition that two or more of the said correspondent's partial identification code entries match the same said personal detail that is related to each said personal identification code on the said database d) the said provider offers services such as voting to said correspondents who have entered said partial sequences of identification codes that satisfy the said condition for matching the said individual records on the said database.
2. The method according to claim 1 whereby the said service provider may authorise the said correspondent as a legitimate user of the said service, on the condition that one or more of the said correspondent's identification code entries match with the identification codes that already exist in a said one-to-one correspondence with the said correspondent's personal details on the said database.
3. The apparatus of claim 1, wherein the said service provider records data about said correspondents on a computer, using existing software that can automate actions and responses to and from the computer, including those said actions necessary for maintaining a telecommunication dialogue with the said correspondent.
4. The apparatus of claim 1, wherein a said correspondent enters his said personal identification symbols onto a computer database from a location remote from the said computer, by using a computer peripheral device such as a keyboard or a telephone.
5. The apparatus of claim 1, wherein the said service provider may use telecommunication devices such as telephone handsets, to present a spoken or printed menu of choice options to a correspondent who is authorised on the said service provider's database by the matching of said identification codes with said personal details.
6. The apparatus of the preceding claims, where a said correspondent may use the said peripheral devices to enter his choices of said options presented by the said service provider onto the said service provider's computer database.
7. A method where the said service provider may use computer database software to relate a number of said correspondent choice selections to the said correspondents' personal details, in order to produce summary information lists, such as those relating all the entries of one particular choice to one particular postal district.
8. A method wherein the said service provider obtains the data about said users from third parties who do not share their complete data with any other parties, who provide the said service provider only with parts of the said data, such as six of eight symbols from the said user's personal identification codes, and who provide identification codes that are related only to a user's postal code, not to his name or address.
9. A method where the said service provider cannot learn the full identity of a said correspondent who has been authorised by the methods according to the preceding claims, but can only identify the said correspondent as an anonymous person who has overcome high statistical odds against entering at random, one or more said partial identification codes that correspond with personal details supplied by the said independent third part data owners.
10. The method according to claim 9, where the said odds against random symbol entries matching said personal details increase with the number of symbols comprising a said personal identification code and comprising a said personal detail, such as a postcode.
11. The method according to claim 9, where the said odds against random symbol entries matching said personal details increases with the number of said third party databases stored by the said provider and therefore, the number of said partial identification code sequences that must be entered by the said correspondent.
12. A method where an authorised investigative agency may take the said service provider's database records and relate them back to the records of the said third party data suppliers to establish with a statistical probability that a particular person was the correspondent who entered a particular choice onto the said service provider's database.
13. A method wherein the said service provider may record the choices made by a correspondent and relate the said choice to the said correspondent's data set on a said database, in order that the said correspondent can use again the service described in the preceding claims, to check which choices have been related to his data set on the said database.
14. The apparatus of claim 13, where the said service provider may use computer software to record user choices and enable any said user to check the said records by using computer peripheral devices as described in the preceding claims.
15. A system as claimed in any preceding claim for a user to correspond with a remote service provider and to choose service options, such as voting for a political candidate, without disclosing their full identity to the said service provider.
16. A telecommunication voting system substantially as herein described and illustrated in the accompanying figures and diagrams.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU2002228147A AU2002228147A1 (en) | 2000-11-28 | 2001-11-27 | Secure telephone polling |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB0028940.5 | 2000-11-28 | ||
GB0028940A GB2374446B (en) | 2000-11-28 | 2000-11-28 | Secure telephone polling |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2002045396A2 true WO2002045396A2 (en) | 2002-06-06 |
WO2002045396A3 WO2002045396A3 (en) | 2002-09-06 |
Family
ID=9903992
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/GB2001/005224 WO2002045396A2 (en) | 2000-11-28 | 2001-11-27 | Secure telephone polling |
Country Status (3)
Country | Link |
---|---|
AU (1) | AU2002228147A1 (en) |
GB (1) | GB2374446B (en) |
WO (1) | WO2002045396A2 (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2005048201A1 (en) * | 2003-11-12 | 2005-05-26 | David Parkinson Howcroft | Surveying system |
US20170085550A1 (en) * | 2015-09-17 | 2017-03-23 | Global Mobile, LLC | Mobile voting and voting verification system and method |
US10187372B2 (en) * | 2015-09-17 | 2019-01-22 | Global Mobile, LLC | Mobile voting and voting verification system and method |
US10848476B2 (en) * | 2015-09-17 | 2020-11-24 | Global Mobile, LLC | Mobile voting and voting verification system and method |
US20210051017A1 (en) * | 2015-09-17 | 2021-02-18 | Global Mobile, LLC | Mobile voting and voting verification system and method |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4317957A (en) * | 1980-03-10 | 1982-03-02 | Marvin Sendrow | System for authenticating users and devices in on-line transaction networks |
US5400248A (en) * | 1993-09-15 | 1995-03-21 | John D. Chisholm | Computer network based conditional voting system |
US6021200A (en) * | 1995-09-15 | 2000-02-01 | Thomson Multimedia S.A. | System for the anonymous counting of information items for statistical purposes, especially in respect of operations in electronic voting or in periodic surveys of consumption |
WO2000021041A1 (en) * | 1998-10-06 | 2000-04-13 | Chavez Robert M | Digital elections network system with online voting and polling |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4752676A (en) * | 1985-12-12 | 1988-06-21 | Common Bond Associates | Reliable secure, updatable "cash" card system |
-
2000
- 2000-11-28 GB GB0028940A patent/GB2374446B/en not_active Expired - Fee Related
-
2001
- 2001-11-27 WO PCT/GB2001/005224 patent/WO2002045396A2/en not_active Application Discontinuation
- 2001-11-27 AU AU2002228147A patent/AU2002228147A1/en not_active Abandoned
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4317957A (en) * | 1980-03-10 | 1982-03-02 | Marvin Sendrow | System for authenticating users and devices in on-line transaction networks |
US5400248A (en) * | 1993-09-15 | 1995-03-21 | John D. Chisholm | Computer network based conditional voting system |
US6021200A (en) * | 1995-09-15 | 2000-02-01 | Thomson Multimedia S.A. | System for the anonymous counting of information items for statistical purposes, especially in respect of operations in electronic voting or in periodic surveys of consumption |
WO2000021041A1 (en) * | 1998-10-06 | 2000-04-13 | Chavez Robert M | Digital elections network system with online voting and polling |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2005048201A1 (en) * | 2003-11-12 | 2005-05-26 | David Parkinson Howcroft | Surveying system |
US20170085550A1 (en) * | 2015-09-17 | 2017-03-23 | Global Mobile, LLC | Mobile voting and voting verification system and method |
US10027647B2 (en) * | 2015-09-17 | 2018-07-17 | Global Mobile, LLC | Mobile voting and voting verification system and method |
US10187372B2 (en) * | 2015-09-17 | 2019-01-22 | Global Mobile, LLC | Mobile voting and voting verification system and method |
US10848476B2 (en) * | 2015-09-17 | 2020-11-24 | Global Mobile, LLC | Mobile voting and voting verification system and method |
US20210051017A1 (en) * | 2015-09-17 | 2021-02-18 | Global Mobile, LLC | Mobile voting and voting verification system and method |
US11575516B2 (en) * | 2015-09-17 | 2023-02-07 | Global Mobile, LLC | Mobile voting and voting verification system and method |
Also Published As
Publication number | Publication date |
---|---|
GB2374446B (en) | 2004-07-21 |
GB0028940D0 (en) | 2001-01-10 |
AU2002228147A1 (en) | 2002-06-11 |
GB2374446A (en) | 2002-10-16 |
WO2002045396A3 (en) | 2002-09-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8060918B2 (en) | Method and system for verifying identity | |
US8738921B2 (en) | System and method for authenticating a person's identity using a trusted entity | |
US7702918B2 (en) | Distributed network system using biometric authentication access | |
US8103246B2 (en) | Systems and methods for remote user authentication | |
CA2487055C (en) | Use of public switched telephone network for authentication and authorization in on-line transactions | |
EP1721256B1 (en) | Use of public switched telephone network for capturing electronic signatures in on-line transactions | |
US10783733B2 (en) | Electronic voting system and control method | |
EP3455998A1 (en) | Identity authentication and information exchange system and method | |
US20060173792A1 (en) | System and method for verifying the age and identity of individuals and limiting their access to appropriate material | |
US20060239513A1 (en) | Privacy protected cooperation network | |
AU2015209909A1 (en) | Electronic voting system and method | |
US20200242229A1 (en) | System and method for biometric electronic voting | |
US20140244510A1 (en) | Privacy protection system and method | |
US20070277244A1 (en) | Privacy protection system and method | |
WO2002045396A2 (en) | Secure telephone polling | |
US20030142800A1 (en) | Method and system for voting by telephone | |
US20070067330A1 (en) | Security method for verifying and tracking service personnel | |
US6590966B2 (en) | Interactive voting method | |
US20060070119A1 (en) | Internet voting | |
EP3249850B1 (en) | Device and method for transmitting non-identifying personal information | |
Averin et al. | Review of e-voting systems based on blockchain technology | |
WO2022097028A1 (en) | Device and method for registering a user | |
Paquette | The Caesar Cipher and Stacking the Deck in New York State Voter Rolls. | |
BG113567A (en) | Method for implementing an electronic technology election system (etes) | |
CN115982680A (en) | Double authentication method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A2 Designated state(s): AU BR CA CN ID IN JP MX PH PL RU US |
|
AL | Designated countries for regional patents |
Kind code of ref document: A2 Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
122 | Ep: pct application non-entry in european phase | ||
NENP | Non-entry into the national phase in: |
Ref country code: JP |
|
WWW | Wipo information: withdrawn in national office |
Country of ref document: JP |