CA2923483A1 - System and method for hybrid model electronic voting - Google Patents
System and method for hybrid model electronic voting Download PDFInfo
- Publication number
- CA2923483A1 CA2923483A1 CA2923483A CA2923483A CA2923483A1 CA 2923483 A1 CA2923483 A1 CA 2923483A1 CA 2923483 A CA2923483 A CA 2923483A CA 2923483 A CA2923483 A CA 2923483A CA 2923483 A1 CA2923483 A1 CA 2923483A1
- Authority
- CA
- Canada
- Prior art keywords
- ballot
- voter
- election
- voting
- data network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 54
- 230000008569 process Effects 0.000 claims abstract description 14
- 230000002452 interceptive effect Effects 0.000 claims abstract description 3
- 230000007246 mechanism Effects 0.000 claims description 33
- 238000005266 casting Methods 0.000 claims description 30
- 230000000007 visual effect Effects 0.000 claims description 24
- 238000012790 confirmation Methods 0.000 claims description 20
- 230000006870 function Effects 0.000 claims description 14
- 238000010200 validation analysis Methods 0.000 claims description 14
- 230000005540 biological transmission Effects 0.000 claims description 10
- 230000015654 memory Effects 0.000 claims description 9
- 230000003287 optical effect Effects 0.000 claims description 9
- 238000004891 communication Methods 0.000 claims description 8
- 230000009471 action Effects 0.000 claims description 6
- 230000009977 dual effect Effects 0.000 claims description 2
- 238000005516 engineering process Methods 0.000 description 7
- 230000001105 regulatory effect Effects 0.000 description 7
- 238000004590 computer program Methods 0.000 description 4
- 238000012545 processing Methods 0.000 description 4
- 238000012905 input function Methods 0.000 description 3
- 238000005457 optimization Methods 0.000 description 3
- 238000012795 verification Methods 0.000 description 3
- 238000012550 audit Methods 0.000 description 2
- 239000003795 chemical substances by application Substances 0.000 description 2
- 230000003213 activating effect Effects 0.000 description 1
- 238000007792 addition Methods 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000004888 barrier function Effects 0.000 description 1
- 230000001143 conditioned effect Effects 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 239000003550 marker Substances 0.000 description 1
- 239000011159 matrix material Substances 0.000 description 1
- 238000010297 mechanical methods and process Methods 0.000 description 1
- 230000005226 mechanical processes and functions Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000007639 printing Methods 0.000 description 1
- 230000001953 sensory effect Effects 0.000 description 1
- 238000012384 transportation and delivery Methods 0.000 description 1
- 238000012800 visualization Methods 0.000 description 1
- 230000003936 working memory Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C13/00—Voting apparatus
Landscapes
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Time Recorders, Dirve Recorders, Access Control (AREA)
Abstract
Hybrid model electronic voting system and method for enabling individual voters to remotely cast a ballot electronically via inputs to a receiver where a user controls a mechanical system that produces a physical, readable ballot. The system comprises means for voting via an interactive user interface connected by a secure, anonymizing channel over a data network to a mechanical receiver where a ballot is visibly marked. Mechanical receiver comprises a device that receives controls from secure, remote inputs, authenticates a ballot for a voter and marks a ballot through a physical process via secure remote input controls into an identifiable, cast ballot.
Description
Title:
System and Method for Hybrid Model Electronic Voting =
=
Field of Invention:
The present invention generally relates to electronic voting and, more particularly, to electronic voting in an election via a public data network such as the internet to remotely control a mechanical device that produces a physical ballot.
Background of the Invention:
In the construct of the present invention, an election is to be construed as a means for a voter to elect a public, private or governmental agent, party or body but also cast a vote in a poll, referendum or any other type of election wherein persons may choose between two or more alternatives or options and communicate their choice as a vote or by means of a vote collecting authority.
An important aspect of said election is that participation in an election, poll or referendum is restricted to eligible persons based on but not limited to registration, membership or criteria outlined by the respective governing body of said election to authenticate valid participants.
At present, an election for a public body, for example, requires that a person has to register prior to or at a polling station to fill out a ballot form or vote electronically by pushing buttons on a voting machine. For expats living abroad, votes may be forwarded by mail to the central polling station to be counted together with the collected ballot forms electronic votes in the total election result.
Previous attempts at incorporating technology as a means of enhancing the efficiency of an election have been met and implemented with varied results. Electronic voting machines still require voters to report to a polling station to cast their vote and the machines themselves have been proven to be prone to reporting errors which can cast skepticism over accurate ballot results.
Even electronic voting that includes data network connectivity to cast a vote from a remote access location has received criticism due to the fact that three key vulnerabilities exist that run counterintuitive to fundamental democratic voting elements: validation, anonymity and secure ballot tabulation.
As previously stated, elections are restricted to eligible participants to ensure accurate representation and negation of fraudulent votes. Electronic transference of data and automation systems can be prone to manipulation. At present time the formal method of physical, in person identification is still the de facto method of preventing electoral fraud.
The second issue of anonymity is also a critical issue pertaining to free democratic systems. Secret ballots are essential as voters must be protected from identifiers that link them to their vote as this knowledge can be used to manipulate, threaten or coerce the individual and hinder their democratic right to vote freely without fear of intimidation.
Similarly to the problem of digital validation, electronic tabulation of ballots are vulnerable to manipulation. In 2010, India's Electronic Voting Machines which are the most widely used method of electronic voting in the world, were proven to possess security flaws.
These flaws extend to all machines that tabulate an electronic vote as a data because the data can be corrupted without leaving evidence of the corruption. Current methodology of counting physical ballots, while not entirely secure, is still essential to transparent and auditable elections as the effort required to manipulate physical ballots is exponentially more difficult to achieve than alteration of programming code.
Description of Prior Art:
Canadian patent #2531618 comprises the means and method of casting an electronic vote over a data network on a digital ballot and then tabulating the final count electronically. The methods validation process where registered voters are mailed a secure key that allows them to sign into the interface and vote. It creates a digital association between the voter and the ballot that prevents over voting by invalidating votes that have been cast twice from the same special signature. This method also relies on voter ID numbers to be communicated to voters through means that are also vulnerable to intrusion, if a malicious agent was to obtain the voter ID
numbers prior to an election, votes could be cast fraudulently and disrupt the electoral process.
The method's composition of electronic voting explains how a vote might be transferred electronically to a remote voting machine for electronic tabulation but it does not address the problem that by relying on digital tabulation, the data remains questionable as to the validity of a final count.
In an ideal application of electronic voting, simply transmitting a voter's intent through an electronic system is simple and easy. Realistically, elections, especially ones where elected officials have the power to make laws and regulations with wide spread effect have incentives from interference from parties like but not restricted to, foreign governments, corporations, hackers, clandestine groups or criminal organizations.
In the context of the present invention, the term "electronic vote" has to be construed as method of a voter inputting the instruction to cast a vote by means of an electronic interface via an electronic voting transmission system to a vote collecting authority.
For a hybrid model electronic voting system to be successful, the system should meet the requirements expected from a formal election system, for example, voters residing outside of the country or primary residence, who under formal systems have the allowance to cast a vote by mail.
In addition, the technology used should be such that a significant majority of the expected potential users should be able to use the system over a regular data network connected device, without onerous installation requirements or advanced technical aptitude.
Inaccessibility and unfamiliarity with internet technologies are one of the factors that precluded electronic voting from becoming a more relevant issue pertaining to the general public. Currently, the prevalence of internet accessibility is widespread in modern societies through means such as personal computers, laptops, smartphones, tablets or other internet enabled devices.
Smartphones especially are an example of an internet enabled device with a low barrier of technical aptitude that the majority of adults now possess which can enable online voting to take place on a wider scale.
Despite the current climate of internet access has never been more agreeable to the implementation of technological solutions to the electoral process, the vulnerabilities outlined in the prior cited examples still preclude the application of said solutions. One major issue pertaining to the said application is the problem that as fast as systems can be designed, developed and deployed; exploits to these same software systems are also being discovered and thus the fundamental issue of security once again begins anew.
A simple "software" based solution to something as important to a countries processes as the election of its governing bodies, falls short of the necessary requirements administered to every eligible voter to a fair, transparent, accountable and anonymous election.
Electronic based voting machines at polling locations do nothing to add to the electoral process except expedite tabulation at the cost of increased security vulnerabilities.
Patent xxxxxxx adds accessibility through data networks but still relies on archaic and vulnerable security measures and traditional mail delivery to ensure its method of encryption is secure.
Present technological standards on Internet capable devices permit the use of a myriad of technologies capable of creating a multi-faceted experience when applied to electronic voting systems. Smartphones, for example, are equipped with not only a processor but also typically include GPS, camera(s) and various radio transmitters.
An electronic voting system must do more than amend current methods with technological alternatives. For this to occur, a paradigm shift in the application of how technology is implemented is necessary. It must do more than just increase efficiency, it must enhance the electoral process by providing more accessibility, better security while still maintaining the fundamental aspects of the democratic electoral process that have resulted in the widespread use of the paper ballot method.
The present invention intends to combine the best available aspects of both an electronic system and traditional paper ballot method to create a widely accessible, easy to understand election voting system that takes technological permeation of the world as it exists now and how people interact with this technology in the modern societies into consideration in its implementation.
Summary of the Invention:
In light of the pre-disclosed conditions, it is the objective of the present invention to provide an improved electronic voting system. The present invention allows remote users to electronically communicate their votes to a machine which physically identifies a ballot and allows tabulation of said ballots by a vote collecting authority. The present invention aims to satisfy all theoretical requirements that can be defined by a well controllable democratic election system.
In its application, the present invention will be executed with a trade-off between requirements that can be met by proper design and implementation of the hybrid model electronic voting system, and requirements which can be met through organizational measures.
Certain requirements may also be administered by electoral regulatory bodies over the present inventions application. In practice, these requirements would be applied in such a way that an optimum between system functions, organizational measures and governmental administration is obtained.
The following criteria should be at least be met, either by the voting system itself, or by a combination of organizational requirements and administrative regulations.
- only eligible persons can vote;
= no person can vote more than once;
= the vote is anonymous and secret = each valid vote is counted = the voters can trust that their vote is cast and counted correctly The present invention, a hybrid model electronic voting system and method for enabling individual voters to remotely cast a ballot electronically via inputs to a receiver where a user controls a mechanical system that produces a physical, readable ballot, comprises:
= means for producing a physical unmarked ballot.
= means to randomize and encrypt the electable subject list on a ballot.
= means for producing an election reference record of all ballots to be used in an election and registered voters eligible to vote.
= means of registering voters eligible to vote in an election.
= means of storing and retrieving an election referencing record database comprised of eligible voters.
= means of communicating said database comprised of eligible voters registrations to the electronic voting system.
= means of creating an interface application that allows a voter to take part in the secure voting online session.
= means to load said interface application onto a voters device.
= means for visually authenticating an eligible voter for validation in said election.
= means for generating a secure session environment for communicating between voter and vote casting mechanism.
= means for vote casting mechanism to operate securely and validate that the process is operating in a secure and protected system.
= means for generating a unique ballot subject identifier code for each electable subject on said ballot.
= means for anonymizing data connection between voter and ballot casting mechanism.
= means for authenticating ballot casting mechanism to said voter.
= means for securing data connection between interface input controls and ballot casting mechanism.
= means for ballot casting mechanism to respond to input from voter and mark corresponding ballot in an identifiable and human readable format.
= means for voter to confirm that said ballot has been properly marked with correct voter intention.
= means for voter post-ballot confirmation to validate voter participation in said election and prevent dual voting from being registered in said election.
= means for confirmation of marked ballot and voter participation to be communicated to said voter.
= means for collecting and tabulation of cast ballots.
= means for allowing transparent auditing of electronic voting system by an election authority or authorized third party.
In accordance with the first aspect of the above mentioned criteria, a stipulation exists that will be appreciated by those skilled in the art, that registering and maintain the database necessary to corroborate eligible voters is typically organized by a government or election authority. The present invention allows for optimization of such a database as well a further embodiment of the invention, a means to register voters through submission of accepted IDs or other acceptable identification requirements directly through the present inventions user interface. The present inventions interface is intended to be used but not restricted to computers or smartphones which typically feature cameras, allowing for two way visual authentication methods.
Those familiar with electoral regulations understand that the practice of any voting method is bound by governmental legislation and regulations from a voting authority, the present invention allows for improved efficiency of authentication as per its own database creation mechanism but reserves the prospect that mandated verification methods from a voting authority as a means of registering and validating eligible voters will supersede the present inventions means of registration.
Despite the aforementioned stipulation, the present inventions method of registering and creating a database of eligible voters comprises means of accepting but not limited to the necessary identification as well as photo identification of the voter. This registration allows for eligible voter participation that satisfies the first aforementioned criteria and can be validated upon participation of the election by means of visual authentication and regulated voter identification requirements.
The present invention visually authenticates voters by a recognition algorithm, human authentication or a combination of both.
The present inventions method of creating a physical ballot is conditioned on the subject list to be included on a ballot be provided by an election authority. In a further embodiment of the invention, the visual representation of said subjects on a ballot is relative to the subject list provided by the election authority. In practice, the present invention provides the means to create a set of ballots for use in an election by way of but not restricted to an image editing computer program. The present invention provides the allowance for the ballots to be created for the electronic voting method by an election authority prior to loading into the ballot casting mechanisms. It is the present inventions preference to print the ballots using a controlled computer program due to the inclusion of an additional security measure of encrypting the optical element that connects the ballot to the ballot casting mechanism as well as randomizing the subject list using but not limited to symmetric encryption. The present invention provides the means for the key created during the production of specialized ballots to be loaded into the central processing unit that controls the ballot casting mechanism to provide an additional layer of security. It is appreciated by those skilled in the art, that this method of producing physical ballots may be authorized only by the regulations assigned to an election authority.
The present invention also comprises means to create additional ballots under the same aforementioned security protocols allowing for an unlimited number of ballots to be generated in the case of discarded, uncompleted ballots or additional registration of eligible voters not previously included in the election authorities database.
It is understood by those familiar with election regulations and authorities that ballot creation may fall under the organizational measure, which requires optimization from an election authority to satisfy the necessary regulations pertaining to the practice of the hybrid model electronic voting system in an election.
It will be appreciated by those skilled in the art, with regards to voter identification, this requirement is typically regulated by the specific voting authority of said election. The present invention allows for optimization between these regulated requirements and the database required to validate said voters eligibility in said election. If the regulators administer a voter ID
number to be assigned to a voter for database management, the present invention allows for such an identifier to be created in the election reference record but the present invention does not rely on such a number for anything other than to corroborate eligibility in an election or reference voter participation to an election authority. The present invention utilizes visual authentication as the preferred means of validation but due to regulatory expectations, allows for input of necessary election authority regulations over voter identification requirements such as name, government issued ID, social insurance/social security number, to coincide with visual authentication as a means to satisfy regulated identification requirements and validate voter eligibility.
To authenticate voter eligibility in an election, the present invention provides the means for a database to be created based on an election authorities necessary requirements for voter registration. This database is to be loaded into a server which validates voter eligibility. The present invention provides the means for the inclusion of visual authentication of voters via submitted election authority accepted IDs and also voter submitted photographic images that can be tested against the database either by but not restricted to a recognition algorithm or human visual authentication.
In the context of the present invention, the term vote casting mechanism is to be construed as the machine the physically marks the ballot by means of remote input from said voter hereafter further referred to as "the voting machine". The vote casting mechanism also is the end point IP
address of the end-to-end secure session created when a voter logs into the interface.
To satisfy the second aforementioned criteria, the secure session is a one-time use link between the voter and the voting machine over a data network for use not only in establishing an encrypted link between voter and voting machine but also for session validation to avoid double voting. The secure session is to be closed by means of confirmation from the voter that their ballot has been successfully cast. Due to the data networks possibilities of dropped signals, packet loss, packet duplication or interference, a session and the confirmed ballot will be discarded without final confirmation and will not be included in final tabulation. This session confirmation designates whether a voter has participated in the election by casting a valid ballot, if the conformation is not received by the session indicator, a second attempt at casting a ballot will be permitted.
This confirmation of a valid ballot marker is applicable to the current understanding that a ballot is only valid if handed to a vote collecting authority and subsequently marked using the correct identifiers mandated by the regulations pertaining to the specific election.
To satisfy the third aforementioned criteria, the present invention makes use of anonymizing technology to mask the connection between the voter and the marked ballot.
Established network protocols such as TOR relays or proxy servers are capable of creating such an anonymous link over open data connections such as the internet. The present invention comprises means to mask the destination IP, MAC or any other identifiers from not only outside signal observers but also from the electronic voting system itself. The data records of the action between interface and voting machine are also self-obliterating to ensure guaranteed secrecy when casting a ballot. Although additionally as a further embodiment of the present invention, allows for an element of the protocol used in securing the remote voting action to be used to allow the voter to confirm that their vote has been registered, post-confirmation, accurately. This single connection drawn between voter and vote is used to help satisfy the fourth aforementioned criteria of a voters trust in their said vote and will be known only to the election reference records to register that a vote had taken place and to the voter if they so choose to validate through said means and only if applicable under election authority regulations.
The fourth aforementioned criteria denotes that a voter must have trust that their vote has been cast correctly and also that their ballot is tabulated in the final vote count. In accordance with the aforementioned criteria, the present inventions method of electronic voting establishes this trust by utilizing the full potential of modern data network enabled devices to extend the voters sensory appreciation across a data network to confidently allow a mechanical device to mark the intended ballot accurately.
In the, present invention, participation in an election begins with the voter activating the application on the data network enabled device. In the context of the present invention this application will be further referred to as the "interface", which enables interactivity between the voter and voting machine. As will be appreciated by those skilled in the art, a communication enabled application activated on an operating system requires a destination IP
which in the context of the present invention will be referred to as the "reference server". The reference server is where the validation of eligibility takes place by way of user inputs but also the aforementioned visual authentication. As modern communication enabled devices are comprised of various additional functions beyond the standard functions of a standard computer, the present invention utilizes these additional functions such as but not limited to; the front facing camera, hereafter referred to as "front camera", the back facing camera hereafter referred to as "back camera", GPS
receivers, location enabling protocols, microphone, speaker, haptic touch interface, vibration motors and haptic or tangible keyboards.
In a further embodiment of the present inventions utilization of these features, the reference server establishes a secure channel to the communication devices front camera and corroborates the inputs and visual validation algorithm against the election reference records and visual authentication system. As will be appreciated by those skilled in the art, formal election participation is mandated upon both visual and electoral regulated databases to ensure that the registered voter is in fact eligible to participate in the election. The present invention appeases these traditional methods by way of a recognition algorithm that matches a voters picture identity located on the election reference record against the cameras real-time visual field. This recognition matching algorithm can be either replaced or used in conjunction with human observers to validate voter eligibility visually.
After validation has occurred a unique secure session channel is created between the interface and the voting machine. This unique channel is strengthened by an encryption protocol such as but not limited to ZRTP which is a real-time transport protocol enabling secure visual communication between the voter interface and the voting machine. In a further embodiment of the invention, the voting machines act as a relay server which encrypts the destination IP and other identifiable information from the reference server and outside observers. While the destination IP of the designated voting machine for the designated voter is established in the initialization of unique secure session channel, this encrypted information is known only to the machine and the voter interface and only for as long as the session is open until confirmation of the ballot being completed denotes the termination of the unique secure session channel.
This embodiment of the invention is advantageous as it ensures secrecy from observers but also creates a strong defense against malicious interference as the layers of encryption and unknown destination IP make it hard to ascertain a direct link between voters originating from a particular geographic location to a preconfigured destination IP address. Even if a malicious attempt was somehow successful in fraudulently altering a single vote, subsequent attempts would be equally as difficult to accomplish which appeals to the conventional wisdom that poll based voting is secure due to the high-risk, low-reward involved in voter fraud.
In the context of the present invention the voting machine can incorporate multiple different machines that are mechanically identical to each other. These machines are construed to be comprised of 4 main technical properties. The first is the computer, a processing unit with the standard CPU and memory aspects that houses the election reference record ballot database and allows for electronic control over the mechanisms comprising the rest of the machine. The second is the camera which is in a fixed position to incorporate the view on the ballot for visual appreciation of the voter. The third is the server system which acts as the IP
relay for the anonymizing network and destination IP for the unique secure session channel.
The fourth is the ballot holder and marking mechanism which is used to load unmarked ballots, identify them with a visual indicator and subsequently disperse them from the machine to the holding area to await confirmation of validity.
In accordance with further embodiments of the invention that these components comprising the voting machine may be housed together or connected together from separate housing units but the system and function thereof constitutes the voting machine as a whole.
It is in accordance with the embodiment of the invention that the computer system further referred to as the "computer" is a standard processing unit affixed to a circuit with memory and relevant input/output controls to the mechanisms. It is also in accordance with the embodiment of the invention that the other mechanisms may also contain processing units that may perform checksum n-version programming functions against the central operating system but the computer is the central device authorizing the controls of the components said voting machine. It is the further embodiment of the invention that the server may be understood to be a standard server program performing computational client-server models in addition to its role as relay and destination IP for the unique secure session channel. Additionally, in another embodiment of the invention, the camera mechanism is in view of a screen that incorporates a connection to the front camera of the voter interface, allowing for the voter to visually witness themselves inside the machine alongside the ballot in a further verification of authenticity of vote security. It will be appreciated that the mechanism housing the ballot unit, vote casting mechanism and dispensing mechanism it to be considered a whole unit, controlled by the computer and dispensed into a separate holding area before finally exiting the voting machine for tabulation.
The aforementioned system comprises the voting machine for use in the hybrid model electronic voting system as a receiver to mechanically mark a physical ballot from input commands from a remote interface. In practice, the present inventions application is to provide a secure operating channel between the interface and the vote casting machine, which allows for authenticated physical voting from anywhere a data connection between the voters device and the voting machine receiver can be established.
It will be appreciated that the voting machine receives input commands via the unique secure session channel from the interface by such means but not limited to haptic touch, voice instructions, or manual control functions. Upon establishment of the unique secure session channel from the reference server, the voter will visually see the ballot by means of the communication devices screen. It is a further embodiment of the invention that as an extra authentication measure, an additional screen will be connected to the front camera of the communication device which will display the voter's live stream in the machine, alongside the ballot to visually affirm that the connection is secure and the voter is in fact marking an official ballot.
The invention provides the means for the computer to create a connection between the ballot and the input controls by means of optical codes, read by the camera mechanism and transferred via the unique secure session channel to the interfaces input controls. These optical codes such as but not limited to QR codes, barcodes or data matrix can transmit data of the ballot selection to the voter and correspond the voters input commands to the ballot casting mechanism to cast a vote.
As an extra measure to strengthen security, these optical codes can be encrypted to provide both secure data and input control transmission through the unique secure session channel.
Accordingly, the hybrid model electronic voting systems use of real-time secure channel visualization lowers vulnerabilities related to packet loss or latency issues because the only data packet that requires transference over the data network is the vote itself and any double reception of data would be counted towards and given the same priority so long as the destination mechanism was the same.
Additionally, the present invention provides the means for receiving input controls from the interface to control a mechanism that physically marks a ballot as intended by the voter. The mechanism is situated in the voting machine in such a way that the view of the ballot through the camera does not obstruct the ability for the voter to see the ballot in its entirety. It is a further embodiment of the invention that the vote casting mechanism be placed above the ballot and use a physical identifier such as but not restricted to ink, piercing, rupture, coloration, stamping or tear as a means to physically identify that a ballot has been marked. It is the embodiment of the invention that this mechanism be an automated device controlled by the computer via input controls from the interface by the voter.
In addition, as an extra security measure, the present invention provides the means for the generation of a unique code to visually authenticate the unique secure session channel. The generation of the unique code is visually authenticated to the voter through the interface and then exchanged upon the establishment of the unique secure session channel creation with the voting machine through a key exchange. It is a further embodiment of the invention that this corresponding unique code be visually authenticated on the ballot by means such as but not limited to visual display, audio transmission or by real time marking on the ballot. This unique key provides two separate functions:
- Visual authentication of secure channel validity to the voter which ensures protection from man-in-the-middle type intrusion attacks. If the unique code does not match the displayed authentication key a reasonable assumption should be made that an attack is indicated and the session can be discarded.
- The key is used as a secure and anonymous voter identification method to transmit cast ballot authentication to voter. The present invention provides means for this code to correspond to the marked ballot by means of a visual identifier, transmitted to the voter, which can then be loaded into the final tabulation database for use by the voter to authenticate that their vote was correctly counted.
Upon completion of marking the ballot, it is a further embodiment of the invention for the camera to take a picture of the completed ballot and store the image in the computer's memory until confirmation has been authenticated by the final input from the unique secure session channel.
After completion has been authenticated, the image is encoded with a termination code and transmitted to the voters interface as final validation that the vote has been successfully cast.
It is the further embodiment of the invention that the ballot be loaded into the vote casting tray in view of the camera by means of an automated feed, controlled via the computer.
Once marked the invention provides the means for the feed to dispense the marked ballot out of the machine and into a holding tray for tabulation.
Once final validation from the voters interface has occurred, the invention provides the means for termination of unique secure session channel and deletion of data from the operating memory of the computer pertaining to the actions committed by the user via input controls from the interface.
Once final validation of participation of a voter in an election has occurred, the invention provides the means for the voters interface to transmit the voter's completion of participation in an election to the election reference record via the reference server and terminates the ability for the interface to create a unique secure session channel in order to avoid double voting.
The present invention also provides the means to tabulate the physically marked ballots through either a visual electronic counting system such as but not limited to optical mark counting or by human tabulation. Human tabulation of marked ballots is intended to be performed not unlike the traditional method of counting the marked ballot subject and tabulating the results and transmitting them to a central voting authority.
In a further embodiment of the invention, a report log and code depository of the operation of said voting system is created upon completion of said election to allow an election authority or authorized third party to verify accurate system operation. This accountability is possible due to the fact that the payload of the system is a physical ballot rather than a piece of data that needs to be secured. The method is open to audit due to the fact that the method of said present invention is structured around securing the transmission of data and not the protection the result of said transmission. The security of a physical ballot trail remains intact as the result does not differ from traditional methodology regarding current understanding of optimum operations of a democratic election system.
In another aspect of the invention relates to a computer program product, comprising program code means stored on a computer readable medium, for performing the or part of the steps according to the invention as disclosed above, if loaded into an internal working memory of a computer and operated by the computer. In accordance with the invention, the computer program product may be arranged but not restricted to, as a tool for generating ballots for use in the voting machine, as a tool for creating an election reference database for use in validating eligible electors, as a tool for loading onto a computer running computer controlled voting machine or as but not limited to, as a tool for creating the interface for use with a voters preferred data communication enabled device performing the steps of the invention as disclosed above.
The invention will now be disclosed in more detail, in a non-limiting manner, using a schematic drawing of the hybrid model electronic voting system as a whole.
Detailed description of the Invention:
With reference to the drawing, reference numeral 1 indicates, as a whole, in a general and schematic manner, a hybrid model electronic voting system that allows a voter to cast a vote, through a data network such as the internet, over a secure connection, to a machine that physically marks a ballot for counting.
Reference numeral 2 designates the user interface. The user interface is a software that allows for data transmission over a data network, such as the internet, to be used in conjunction with the capabilities of the hardware the software is loaded on, as the input control to the physical voting machine as indicated by reference numeral 24.
Reference numeral 3 designates the means for generating the software interface as indicated in reference numeral 2. As each device the interface may be loaded can vary in terms of operating system, the means for generating the necessary utility to function per across a range of devices may vary in terms of programming requirements, but the expected function of creating an interactive, responsive interface that can visually verify the ballot to the voter operating the input controls through the interface can be appreciated by those familiar in the art.
Data Network as indicated by reference numeral 25, refers to a public network that allows the transmission of data, such as the internet. This data network can be accessed by reference numeral
System and Method for Hybrid Model Electronic Voting =
=
Field of Invention:
The present invention generally relates to electronic voting and, more particularly, to electronic voting in an election via a public data network such as the internet to remotely control a mechanical device that produces a physical ballot.
Background of the Invention:
In the construct of the present invention, an election is to be construed as a means for a voter to elect a public, private or governmental agent, party or body but also cast a vote in a poll, referendum or any other type of election wherein persons may choose between two or more alternatives or options and communicate their choice as a vote or by means of a vote collecting authority.
An important aspect of said election is that participation in an election, poll or referendum is restricted to eligible persons based on but not limited to registration, membership or criteria outlined by the respective governing body of said election to authenticate valid participants.
At present, an election for a public body, for example, requires that a person has to register prior to or at a polling station to fill out a ballot form or vote electronically by pushing buttons on a voting machine. For expats living abroad, votes may be forwarded by mail to the central polling station to be counted together with the collected ballot forms electronic votes in the total election result.
Previous attempts at incorporating technology as a means of enhancing the efficiency of an election have been met and implemented with varied results. Electronic voting machines still require voters to report to a polling station to cast their vote and the machines themselves have been proven to be prone to reporting errors which can cast skepticism over accurate ballot results.
Even electronic voting that includes data network connectivity to cast a vote from a remote access location has received criticism due to the fact that three key vulnerabilities exist that run counterintuitive to fundamental democratic voting elements: validation, anonymity and secure ballot tabulation.
As previously stated, elections are restricted to eligible participants to ensure accurate representation and negation of fraudulent votes. Electronic transference of data and automation systems can be prone to manipulation. At present time the formal method of physical, in person identification is still the de facto method of preventing electoral fraud.
The second issue of anonymity is also a critical issue pertaining to free democratic systems. Secret ballots are essential as voters must be protected from identifiers that link them to their vote as this knowledge can be used to manipulate, threaten or coerce the individual and hinder their democratic right to vote freely without fear of intimidation.
Similarly to the problem of digital validation, electronic tabulation of ballots are vulnerable to manipulation. In 2010, India's Electronic Voting Machines which are the most widely used method of electronic voting in the world, were proven to possess security flaws.
These flaws extend to all machines that tabulate an electronic vote as a data because the data can be corrupted without leaving evidence of the corruption. Current methodology of counting physical ballots, while not entirely secure, is still essential to transparent and auditable elections as the effort required to manipulate physical ballots is exponentially more difficult to achieve than alteration of programming code.
Description of Prior Art:
Canadian patent #2531618 comprises the means and method of casting an electronic vote over a data network on a digital ballot and then tabulating the final count electronically. The methods validation process where registered voters are mailed a secure key that allows them to sign into the interface and vote. It creates a digital association between the voter and the ballot that prevents over voting by invalidating votes that have been cast twice from the same special signature. This method also relies on voter ID numbers to be communicated to voters through means that are also vulnerable to intrusion, if a malicious agent was to obtain the voter ID
numbers prior to an election, votes could be cast fraudulently and disrupt the electoral process.
The method's composition of electronic voting explains how a vote might be transferred electronically to a remote voting machine for electronic tabulation but it does not address the problem that by relying on digital tabulation, the data remains questionable as to the validity of a final count.
In an ideal application of electronic voting, simply transmitting a voter's intent through an electronic system is simple and easy. Realistically, elections, especially ones where elected officials have the power to make laws and regulations with wide spread effect have incentives from interference from parties like but not restricted to, foreign governments, corporations, hackers, clandestine groups or criminal organizations.
In the context of the present invention, the term "electronic vote" has to be construed as method of a voter inputting the instruction to cast a vote by means of an electronic interface via an electronic voting transmission system to a vote collecting authority.
For a hybrid model electronic voting system to be successful, the system should meet the requirements expected from a formal election system, for example, voters residing outside of the country or primary residence, who under formal systems have the allowance to cast a vote by mail.
In addition, the technology used should be such that a significant majority of the expected potential users should be able to use the system over a regular data network connected device, without onerous installation requirements or advanced technical aptitude.
Inaccessibility and unfamiliarity with internet technologies are one of the factors that precluded electronic voting from becoming a more relevant issue pertaining to the general public. Currently, the prevalence of internet accessibility is widespread in modern societies through means such as personal computers, laptops, smartphones, tablets or other internet enabled devices.
Smartphones especially are an example of an internet enabled device with a low barrier of technical aptitude that the majority of adults now possess which can enable online voting to take place on a wider scale.
Despite the current climate of internet access has never been more agreeable to the implementation of technological solutions to the electoral process, the vulnerabilities outlined in the prior cited examples still preclude the application of said solutions. One major issue pertaining to the said application is the problem that as fast as systems can be designed, developed and deployed; exploits to these same software systems are also being discovered and thus the fundamental issue of security once again begins anew.
A simple "software" based solution to something as important to a countries processes as the election of its governing bodies, falls short of the necessary requirements administered to every eligible voter to a fair, transparent, accountable and anonymous election.
Electronic based voting machines at polling locations do nothing to add to the electoral process except expedite tabulation at the cost of increased security vulnerabilities.
Patent xxxxxxx adds accessibility through data networks but still relies on archaic and vulnerable security measures and traditional mail delivery to ensure its method of encryption is secure.
Present technological standards on Internet capable devices permit the use of a myriad of technologies capable of creating a multi-faceted experience when applied to electronic voting systems. Smartphones, for example, are equipped with not only a processor but also typically include GPS, camera(s) and various radio transmitters.
An electronic voting system must do more than amend current methods with technological alternatives. For this to occur, a paradigm shift in the application of how technology is implemented is necessary. It must do more than just increase efficiency, it must enhance the electoral process by providing more accessibility, better security while still maintaining the fundamental aspects of the democratic electoral process that have resulted in the widespread use of the paper ballot method.
The present invention intends to combine the best available aspects of both an electronic system and traditional paper ballot method to create a widely accessible, easy to understand election voting system that takes technological permeation of the world as it exists now and how people interact with this technology in the modern societies into consideration in its implementation.
Summary of the Invention:
In light of the pre-disclosed conditions, it is the objective of the present invention to provide an improved electronic voting system. The present invention allows remote users to electronically communicate their votes to a machine which physically identifies a ballot and allows tabulation of said ballots by a vote collecting authority. The present invention aims to satisfy all theoretical requirements that can be defined by a well controllable democratic election system.
In its application, the present invention will be executed with a trade-off between requirements that can be met by proper design and implementation of the hybrid model electronic voting system, and requirements which can be met through organizational measures.
Certain requirements may also be administered by electoral regulatory bodies over the present inventions application. In practice, these requirements would be applied in such a way that an optimum between system functions, organizational measures and governmental administration is obtained.
The following criteria should be at least be met, either by the voting system itself, or by a combination of organizational requirements and administrative regulations.
- only eligible persons can vote;
= no person can vote more than once;
= the vote is anonymous and secret = each valid vote is counted = the voters can trust that their vote is cast and counted correctly The present invention, a hybrid model electronic voting system and method for enabling individual voters to remotely cast a ballot electronically via inputs to a receiver where a user controls a mechanical system that produces a physical, readable ballot, comprises:
= means for producing a physical unmarked ballot.
= means to randomize and encrypt the electable subject list on a ballot.
= means for producing an election reference record of all ballots to be used in an election and registered voters eligible to vote.
= means of registering voters eligible to vote in an election.
= means of storing and retrieving an election referencing record database comprised of eligible voters.
= means of communicating said database comprised of eligible voters registrations to the electronic voting system.
= means of creating an interface application that allows a voter to take part in the secure voting online session.
= means to load said interface application onto a voters device.
= means for visually authenticating an eligible voter for validation in said election.
= means for generating a secure session environment for communicating between voter and vote casting mechanism.
= means for vote casting mechanism to operate securely and validate that the process is operating in a secure and protected system.
= means for generating a unique ballot subject identifier code for each electable subject on said ballot.
= means for anonymizing data connection between voter and ballot casting mechanism.
= means for authenticating ballot casting mechanism to said voter.
= means for securing data connection between interface input controls and ballot casting mechanism.
= means for ballot casting mechanism to respond to input from voter and mark corresponding ballot in an identifiable and human readable format.
= means for voter to confirm that said ballot has been properly marked with correct voter intention.
= means for voter post-ballot confirmation to validate voter participation in said election and prevent dual voting from being registered in said election.
= means for confirmation of marked ballot and voter participation to be communicated to said voter.
= means for collecting and tabulation of cast ballots.
= means for allowing transparent auditing of electronic voting system by an election authority or authorized third party.
In accordance with the first aspect of the above mentioned criteria, a stipulation exists that will be appreciated by those skilled in the art, that registering and maintain the database necessary to corroborate eligible voters is typically organized by a government or election authority. The present invention allows for optimization of such a database as well a further embodiment of the invention, a means to register voters through submission of accepted IDs or other acceptable identification requirements directly through the present inventions user interface. The present inventions interface is intended to be used but not restricted to computers or smartphones which typically feature cameras, allowing for two way visual authentication methods.
Those familiar with electoral regulations understand that the practice of any voting method is bound by governmental legislation and regulations from a voting authority, the present invention allows for improved efficiency of authentication as per its own database creation mechanism but reserves the prospect that mandated verification methods from a voting authority as a means of registering and validating eligible voters will supersede the present inventions means of registration.
Despite the aforementioned stipulation, the present inventions method of registering and creating a database of eligible voters comprises means of accepting but not limited to the necessary identification as well as photo identification of the voter. This registration allows for eligible voter participation that satisfies the first aforementioned criteria and can be validated upon participation of the election by means of visual authentication and regulated voter identification requirements.
The present invention visually authenticates voters by a recognition algorithm, human authentication or a combination of both.
The present inventions method of creating a physical ballot is conditioned on the subject list to be included on a ballot be provided by an election authority. In a further embodiment of the invention, the visual representation of said subjects on a ballot is relative to the subject list provided by the election authority. In practice, the present invention provides the means to create a set of ballots for use in an election by way of but not restricted to an image editing computer program. The present invention provides the allowance for the ballots to be created for the electronic voting method by an election authority prior to loading into the ballot casting mechanisms. It is the present inventions preference to print the ballots using a controlled computer program due to the inclusion of an additional security measure of encrypting the optical element that connects the ballot to the ballot casting mechanism as well as randomizing the subject list using but not limited to symmetric encryption. The present invention provides the means for the key created during the production of specialized ballots to be loaded into the central processing unit that controls the ballot casting mechanism to provide an additional layer of security. It is appreciated by those skilled in the art, that this method of producing physical ballots may be authorized only by the regulations assigned to an election authority.
The present invention also comprises means to create additional ballots under the same aforementioned security protocols allowing for an unlimited number of ballots to be generated in the case of discarded, uncompleted ballots or additional registration of eligible voters not previously included in the election authorities database.
It is understood by those familiar with election regulations and authorities that ballot creation may fall under the organizational measure, which requires optimization from an election authority to satisfy the necessary regulations pertaining to the practice of the hybrid model electronic voting system in an election.
It will be appreciated by those skilled in the art, with regards to voter identification, this requirement is typically regulated by the specific voting authority of said election. The present invention allows for optimization between these regulated requirements and the database required to validate said voters eligibility in said election. If the regulators administer a voter ID
number to be assigned to a voter for database management, the present invention allows for such an identifier to be created in the election reference record but the present invention does not rely on such a number for anything other than to corroborate eligibility in an election or reference voter participation to an election authority. The present invention utilizes visual authentication as the preferred means of validation but due to regulatory expectations, allows for input of necessary election authority regulations over voter identification requirements such as name, government issued ID, social insurance/social security number, to coincide with visual authentication as a means to satisfy regulated identification requirements and validate voter eligibility.
To authenticate voter eligibility in an election, the present invention provides the means for a database to be created based on an election authorities necessary requirements for voter registration. This database is to be loaded into a server which validates voter eligibility. The present invention provides the means for the inclusion of visual authentication of voters via submitted election authority accepted IDs and also voter submitted photographic images that can be tested against the database either by but not restricted to a recognition algorithm or human visual authentication.
In the context of the present invention, the term vote casting mechanism is to be construed as the machine the physically marks the ballot by means of remote input from said voter hereafter further referred to as "the voting machine". The vote casting mechanism also is the end point IP
address of the end-to-end secure session created when a voter logs into the interface.
To satisfy the second aforementioned criteria, the secure session is a one-time use link between the voter and the voting machine over a data network for use not only in establishing an encrypted link between voter and voting machine but also for session validation to avoid double voting. The secure session is to be closed by means of confirmation from the voter that their ballot has been successfully cast. Due to the data networks possibilities of dropped signals, packet loss, packet duplication or interference, a session and the confirmed ballot will be discarded without final confirmation and will not be included in final tabulation. This session confirmation designates whether a voter has participated in the election by casting a valid ballot, if the conformation is not received by the session indicator, a second attempt at casting a ballot will be permitted.
This confirmation of a valid ballot marker is applicable to the current understanding that a ballot is only valid if handed to a vote collecting authority and subsequently marked using the correct identifiers mandated by the regulations pertaining to the specific election.
To satisfy the third aforementioned criteria, the present invention makes use of anonymizing technology to mask the connection between the voter and the marked ballot.
Established network protocols such as TOR relays or proxy servers are capable of creating such an anonymous link over open data connections such as the internet. The present invention comprises means to mask the destination IP, MAC or any other identifiers from not only outside signal observers but also from the electronic voting system itself. The data records of the action between interface and voting machine are also self-obliterating to ensure guaranteed secrecy when casting a ballot. Although additionally as a further embodiment of the present invention, allows for an element of the protocol used in securing the remote voting action to be used to allow the voter to confirm that their vote has been registered, post-confirmation, accurately. This single connection drawn between voter and vote is used to help satisfy the fourth aforementioned criteria of a voters trust in their said vote and will be known only to the election reference records to register that a vote had taken place and to the voter if they so choose to validate through said means and only if applicable under election authority regulations.
The fourth aforementioned criteria denotes that a voter must have trust that their vote has been cast correctly and also that their ballot is tabulated in the final vote count. In accordance with the aforementioned criteria, the present inventions method of electronic voting establishes this trust by utilizing the full potential of modern data network enabled devices to extend the voters sensory appreciation across a data network to confidently allow a mechanical device to mark the intended ballot accurately.
In the, present invention, participation in an election begins with the voter activating the application on the data network enabled device. In the context of the present invention this application will be further referred to as the "interface", which enables interactivity between the voter and voting machine. As will be appreciated by those skilled in the art, a communication enabled application activated on an operating system requires a destination IP
which in the context of the present invention will be referred to as the "reference server". The reference server is where the validation of eligibility takes place by way of user inputs but also the aforementioned visual authentication. As modern communication enabled devices are comprised of various additional functions beyond the standard functions of a standard computer, the present invention utilizes these additional functions such as but not limited to; the front facing camera, hereafter referred to as "front camera", the back facing camera hereafter referred to as "back camera", GPS
receivers, location enabling protocols, microphone, speaker, haptic touch interface, vibration motors and haptic or tangible keyboards.
In a further embodiment of the present inventions utilization of these features, the reference server establishes a secure channel to the communication devices front camera and corroborates the inputs and visual validation algorithm against the election reference records and visual authentication system. As will be appreciated by those skilled in the art, formal election participation is mandated upon both visual and electoral regulated databases to ensure that the registered voter is in fact eligible to participate in the election. The present invention appeases these traditional methods by way of a recognition algorithm that matches a voters picture identity located on the election reference record against the cameras real-time visual field. This recognition matching algorithm can be either replaced or used in conjunction with human observers to validate voter eligibility visually.
After validation has occurred a unique secure session channel is created between the interface and the voting machine. This unique channel is strengthened by an encryption protocol such as but not limited to ZRTP which is a real-time transport protocol enabling secure visual communication between the voter interface and the voting machine. In a further embodiment of the invention, the voting machines act as a relay server which encrypts the destination IP and other identifiable information from the reference server and outside observers. While the destination IP of the designated voting machine for the designated voter is established in the initialization of unique secure session channel, this encrypted information is known only to the machine and the voter interface and only for as long as the session is open until confirmation of the ballot being completed denotes the termination of the unique secure session channel.
This embodiment of the invention is advantageous as it ensures secrecy from observers but also creates a strong defense against malicious interference as the layers of encryption and unknown destination IP make it hard to ascertain a direct link between voters originating from a particular geographic location to a preconfigured destination IP address. Even if a malicious attempt was somehow successful in fraudulently altering a single vote, subsequent attempts would be equally as difficult to accomplish which appeals to the conventional wisdom that poll based voting is secure due to the high-risk, low-reward involved in voter fraud.
In the context of the present invention the voting machine can incorporate multiple different machines that are mechanically identical to each other. These machines are construed to be comprised of 4 main technical properties. The first is the computer, a processing unit with the standard CPU and memory aspects that houses the election reference record ballot database and allows for electronic control over the mechanisms comprising the rest of the machine. The second is the camera which is in a fixed position to incorporate the view on the ballot for visual appreciation of the voter. The third is the server system which acts as the IP
relay for the anonymizing network and destination IP for the unique secure session channel.
The fourth is the ballot holder and marking mechanism which is used to load unmarked ballots, identify them with a visual indicator and subsequently disperse them from the machine to the holding area to await confirmation of validity.
In accordance with further embodiments of the invention that these components comprising the voting machine may be housed together or connected together from separate housing units but the system and function thereof constitutes the voting machine as a whole.
It is in accordance with the embodiment of the invention that the computer system further referred to as the "computer" is a standard processing unit affixed to a circuit with memory and relevant input/output controls to the mechanisms. It is also in accordance with the embodiment of the invention that the other mechanisms may also contain processing units that may perform checksum n-version programming functions against the central operating system but the computer is the central device authorizing the controls of the components said voting machine. It is the further embodiment of the invention that the server may be understood to be a standard server program performing computational client-server models in addition to its role as relay and destination IP for the unique secure session channel. Additionally, in another embodiment of the invention, the camera mechanism is in view of a screen that incorporates a connection to the front camera of the voter interface, allowing for the voter to visually witness themselves inside the machine alongside the ballot in a further verification of authenticity of vote security. It will be appreciated that the mechanism housing the ballot unit, vote casting mechanism and dispensing mechanism it to be considered a whole unit, controlled by the computer and dispensed into a separate holding area before finally exiting the voting machine for tabulation.
The aforementioned system comprises the voting machine for use in the hybrid model electronic voting system as a receiver to mechanically mark a physical ballot from input commands from a remote interface. In practice, the present inventions application is to provide a secure operating channel between the interface and the vote casting machine, which allows for authenticated physical voting from anywhere a data connection between the voters device and the voting machine receiver can be established.
It will be appreciated that the voting machine receives input commands via the unique secure session channel from the interface by such means but not limited to haptic touch, voice instructions, or manual control functions. Upon establishment of the unique secure session channel from the reference server, the voter will visually see the ballot by means of the communication devices screen. It is a further embodiment of the invention that as an extra authentication measure, an additional screen will be connected to the front camera of the communication device which will display the voter's live stream in the machine, alongside the ballot to visually affirm that the connection is secure and the voter is in fact marking an official ballot.
The invention provides the means for the computer to create a connection between the ballot and the input controls by means of optical codes, read by the camera mechanism and transferred via the unique secure session channel to the interfaces input controls. These optical codes such as but not limited to QR codes, barcodes or data matrix can transmit data of the ballot selection to the voter and correspond the voters input commands to the ballot casting mechanism to cast a vote.
As an extra measure to strengthen security, these optical codes can be encrypted to provide both secure data and input control transmission through the unique secure session channel.
Accordingly, the hybrid model electronic voting systems use of real-time secure channel visualization lowers vulnerabilities related to packet loss or latency issues because the only data packet that requires transference over the data network is the vote itself and any double reception of data would be counted towards and given the same priority so long as the destination mechanism was the same.
Additionally, the present invention provides the means for receiving input controls from the interface to control a mechanism that physically marks a ballot as intended by the voter. The mechanism is situated in the voting machine in such a way that the view of the ballot through the camera does not obstruct the ability for the voter to see the ballot in its entirety. It is a further embodiment of the invention that the vote casting mechanism be placed above the ballot and use a physical identifier such as but not restricted to ink, piercing, rupture, coloration, stamping or tear as a means to physically identify that a ballot has been marked. It is the embodiment of the invention that this mechanism be an automated device controlled by the computer via input controls from the interface by the voter.
In addition, as an extra security measure, the present invention provides the means for the generation of a unique code to visually authenticate the unique secure session channel. The generation of the unique code is visually authenticated to the voter through the interface and then exchanged upon the establishment of the unique secure session channel creation with the voting machine through a key exchange. It is a further embodiment of the invention that this corresponding unique code be visually authenticated on the ballot by means such as but not limited to visual display, audio transmission or by real time marking on the ballot. This unique key provides two separate functions:
- Visual authentication of secure channel validity to the voter which ensures protection from man-in-the-middle type intrusion attacks. If the unique code does not match the displayed authentication key a reasonable assumption should be made that an attack is indicated and the session can be discarded.
- The key is used as a secure and anonymous voter identification method to transmit cast ballot authentication to voter. The present invention provides means for this code to correspond to the marked ballot by means of a visual identifier, transmitted to the voter, which can then be loaded into the final tabulation database for use by the voter to authenticate that their vote was correctly counted.
Upon completion of marking the ballot, it is a further embodiment of the invention for the camera to take a picture of the completed ballot and store the image in the computer's memory until confirmation has been authenticated by the final input from the unique secure session channel.
After completion has been authenticated, the image is encoded with a termination code and transmitted to the voters interface as final validation that the vote has been successfully cast.
It is the further embodiment of the invention that the ballot be loaded into the vote casting tray in view of the camera by means of an automated feed, controlled via the computer.
Once marked the invention provides the means for the feed to dispense the marked ballot out of the machine and into a holding tray for tabulation.
Once final validation from the voters interface has occurred, the invention provides the means for termination of unique secure session channel and deletion of data from the operating memory of the computer pertaining to the actions committed by the user via input controls from the interface.
Once final validation of participation of a voter in an election has occurred, the invention provides the means for the voters interface to transmit the voter's completion of participation in an election to the election reference record via the reference server and terminates the ability for the interface to create a unique secure session channel in order to avoid double voting.
The present invention also provides the means to tabulate the physically marked ballots through either a visual electronic counting system such as but not limited to optical mark counting or by human tabulation. Human tabulation of marked ballots is intended to be performed not unlike the traditional method of counting the marked ballot subject and tabulating the results and transmitting them to a central voting authority.
In a further embodiment of the invention, a report log and code depository of the operation of said voting system is created upon completion of said election to allow an election authority or authorized third party to verify accurate system operation. This accountability is possible due to the fact that the payload of the system is a physical ballot rather than a piece of data that needs to be secured. The method is open to audit due to the fact that the method of said present invention is structured around securing the transmission of data and not the protection the result of said transmission. The security of a physical ballot trail remains intact as the result does not differ from traditional methodology regarding current understanding of optimum operations of a democratic election system.
In another aspect of the invention relates to a computer program product, comprising program code means stored on a computer readable medium, for performing the or part of the steps according to the invention as disclosed above, if loaded into an internal working memory of a computer and operated by the computer. In accordance with the invention, the computer program product may be arranged but not restricted to, as a tool for generating ballots for use in the voting machine, as a tool for creating an election reference database for use in validating eligible electors, as a tool for loading onto a computer running computer controlled voting machine or as but not limited to, as a tool for creating the interface for use with a voters preferred data communication enabled device performing the steps of the invention as disclosed above.
The invention will now be disclosed in more detail, in a non-limiting manner, using a schematic drawing of the hybrid model electronic voting system as a whole.
Detailed description of the Invention:
With reference to the drawing, reference numeral 1 indicates, as a whole, in a general and schematic manner, a hybrid model electronic voting system that allows a voter to cast a vote, through a data network such as the internet, over a secure connection, to a machine that physically marks a ballot for counting.
Reference numeral 2 designates the user interface. The user interface is a software that allows for data transmission over a data network, such as the internet, to be used in conjunction with the capabilities of the hardware the software is loaded on, as the input control to the physical voting machine as indicated by reference numeral 24.
Reference numeral 3 designates the means for generating the software interface as indicated in reference numeral 2. As each device the interface may be loaded can vary in terms of operating system, the means for generating the necessary utility to function per across a range of devices may vary in terms of programming requirements, but the expected function of creating an interactive, responsive interface that can visually verify the ballot to the voter operating the input controls through the interface can be appreciated by those familiar in the art.
Data Network as indicated by reference numeral 25, refers to a public network that allows the transmission of data, such as the internet. This data network can be accessed by reference numeral
2's interface, loaded onto a data transmission enabled device such as but not limited to, a smartphone or computer. These devices can connect to the data network by means not limited to GSM network, CDMA network, LTE network, Wi-Fi routers, and broadband or fiber optical connections. The software generated by reference numeral 3 can also be transmitted through said data network as the means to load the software onto the voter's device.
Reference numeral 4 indicates the initial destination IP for the interface software to connect to.
This destination IP is a server used to validate the identity of each individual voter and validate their eligibility according to the requirements of the voting authority, as indicated by reference numeral 6. Reference numeral 5 represents the means for generating the eligibility list by either a database provided by the voting authority, which is represented by reference numeral 6, or by its own internal database compiled by inputs through the interface software such as but not limited to, user data input fields, visual confirmation, recognition algorithm, biometrics, secure identification number or audio recognition.
The server as designated by reference numeral 4 also acts a portal where a secure connection can be established post validation. The security from interface to reference server uses standard symmetric encryption such as but not restricted to AES, as well as but not restricted to, RSA
certificates and SSL to establish a secure connection between interface and reference server.
After the voter's eligibility has been validated, a secondary level of encryption takes place while the session is transferred to the voting machine systems as indicated by the reference numerals 9. This channel is designated by reference numeral 7, and uses Real-Time Transport Protocol's such as but not restricted to ZRTP, to encrypt the session between interface and voting machine systems.
The reference numerals labeled 9, indicate a multiple of machines necessary for the election. As will be appreciated by those familiar to the art, different ballot requirements are typically required for different variables in an election such as but not limited to districts, candidates or levels of government up for election. Each machine houses a particular set of ballots, as denoted by an election authority and in a further embodiment of the invention, each machine also houses a server that acts both as a destination IP for the secure channel indicated by reference numeral 7, and also as a relay for the channel itself.
As will be appreciated by those familiar in the art, data transported over a network is typically contained in packets with a header used for routing through the network. The voting machines act as a relay for each machine as a proxy server combined with additional encryption such as but not limited to root certificate authorization or rendezvous protocols, where the destination and data is obfuscated from eavesdropping by making the destination IP difficult to ascertain in the time that the session is open. In the context of the present invention, this means that if there was an unauthorized second party to the session, they would have a very limited amount of time to figure out which machine housed the particular ballot they intended to tamper with.
Additionally, the anonymity provided by the proxy server means that linking the voter to the ballot becomes difficult and protects the integrity of the secret vote.
In addition to the protected channel as designated by reference numeral 7, a further security measure is initialized at the beginning of the session between interface and voting machine. In order to ensure and authenticate to the voter that the session is in fact free from unauthorized parties, a secure identifier is displayed to the voter on the screen of the interface as designated by reference numeral 8. This secure identifier is a cryptographic hash value such as but not restricted to a short authentication string, which displays a value or secure identifier to the voter. The same value is then displayed inside the voting machine at the destination IP to allow the voter to authenticate the security of the ballot and cast a secure vote. This security measure restricts intrusion attempts to correctly guess the secure value in one attempt, if the values at both sides do not correspond, an attack is indicated and the session will be terminated, allowing the voter to try again in another session.
Reference numeral 24 designates a single voting machine and the various components it comprises.
Reference numeral 11 is the operational computer for the machine comprising the typical associated components such as but not restricted to, processor, memory, input/output controls for the other voting machine attachments. Reference numeral 10 designates the means for generating the operational software necessary to run the machine and also the means for loading the cryptographic keys which secure the connections between servers and the hash values for cryptographic keys associated with the randomization of the ballots. These values are loaded into two active memories, the computer and the printer as indicated by reference numeral 23. The printer is the means to physically generate the ballots by printing them according to the keys generated by the means as indicated by reference numeral 10. The printer is physically separated from the voting machine to ensure incorruptibility at inception of ballot creation. The keys generated are manually loaded into the voting machine at the time of an election to prevent attacks from gaining access to the randomization block cypher used to generate the values and corresponding keys. Each time a number of ballots is printed, a corresponding key value is generated per ballot that is used by the computer to associate the input control from the interface to the correct value of the ballot selection. This measure ensures that an automated attack that automatically associates an input to a selection is not possible as the selections themselves are randomized and require direct input controls on a per ballot basis for correctly casting a voter's intention to the machine.
Reference numeral 12 is the server which establishes the connection between the machine and the interface. It also acts as the aforementioned relay proxy server to mask the IP and packet data. The server has no manual configuration interface and is only operated by the computer as indicated by reference numeral 11. This ensures that the security is contained to the location of the machine as a whole rather than a offsite location with various vulnerabilities. Upon the establishment of a connection between the server and the interface, a ballot is loaded from the holding tray as indicated by reference numeral 13, into the casting tray as indicated by reference numeral 14.
Reference numeral 15 is an authenticator, such as but not restricted to, a camera, fixed on the ballot tray. This camera is the final destination of the secure channel created between the interface and the voting machine server. The session created by, but not restricted to, the real time protocol transmits the view of this camera to the voter interface device. The voter will see the ballot and the selections of the election on the screen in real time. This secure channel will be further secured by the aforementioned secure identifier as indicated by reference numeral 8. In a further embodiment of the invention, an additional real time secure indicator will be displayed alongside the ballot, within view of the camera but not obstructing the selections on the ballot in any way as designated by reference numeral 16. This real time indicator will provide additional trust to the voter that this ballot vote is happening in real time and that this particular ballot is being marked by said voter. The real time indicator, can be but not limited to, a screen connected to the front camera that shows the voters face, a display screen of the voters identity to confirm ownership of the vote or a display confirming real time data to the voter that indicates that this vote and ballot is authentic and happening in conjunction to the voter casting their vote.
To further protect the security and integrity of the election. The camera will also transmit data to the computer from the ballot by means of optical codes assigning each selection to a desired input control. The optical codes are created and correspond to the cryptographic value designated by means produced by reference numeral 10, and loaded into the operating system at the time of the election.
At the time of the actual voting to begin, the interface highlights the selections available on the ballot by means of, but not limited to, visual indicators, audio indicators, haptic indicators or a combination of. These input controls are transmitted through the session channel by means of an encrypted input control channel as indicated by reference numeral 18. This separate layer of encryption happens at the time the voter inputs the command to mark a selection. A typical input control first arrives at a hardware controller on the devices motherboard which the interface is loaded on, which forwards them to the operating system kernel's input stack.
They are then processed by the operating system's input manager, which sends them to a queue belonging to the application window that currently has input focus. The application then retrieves the input from the queue and interprets in in context and displays the result to the user. In reference to the present invention, this input path is first diverted to a scrambler algorithm which obfuscates the input from the operating system kernel. This process takes the data and hides it from the devices own input manager as a random value. This value is then transmitted over the network through the secure channel as indicated by reference numeral 7 and deciphered by the voting machine as indicated by reference numeral 11. This action is initiated by, but not limited to, a three step verification check where the interface prompts the voter three times to confirm their selection and transmits the actual input control on the final attempt. This input function corresponds to a physical marking device as indicated by reference numeral 17 which reads the deciphered input control and marks the corresponding selection as per the computers encrypted selection value.
This mechanical process is visually authenticated by the voter by means not limited to ink, piercing, rupture, coloration, stamping or tear, and allows the voter to authenticate that the ballot was marked correctly according to their intended input function as the voter validates the result of their input command.
The scrambling algorithm and input function are both self-obliterating operations, meaning, the data of the function in the allocated memory is wiped from both the voter device and operating system by way of erasure and self-replicating code intended to delete and mask the confirmed action from surveillance. This function operates similarly to a one-time-pad cryptographic cypher in which both the keys and plaintext are to be destroyed post decryption. This function ensures the integrity of the secret vote by leaving no confirmation of the voter's intended selection after the ballot has officially been marked. This signal to delete the data from the device is transmitted after the confirmation of post ballot marking as indicated by reference numeral 20.
After a ballot has been marked, the ballot is dispensed into a holding tray as indicated by reference numeral 19. In this area the ballots can be collected and tabulated by either electronic or human means. An electronic voting tabulator would visibly scan the document and associate its physical markings to the associated algorithm as designated by means from reference numeral 10.
Alternately or in conjunction, an election authority could oversee the tabulation of marked ballots and register the final count results to the electorate as indicated by reference numeral 22.
In a further embodiment of the invention, the camera would send a snapshot of the completed ballot along with the secure indicator to the voter's device by means of reference numeral 20. This snapshot would also be a self-obliterating operation but would allow the voter the opportunity to use the secure indicator as a means to see that their vote has been correctly cast by publically displaying the keychain of secure indicators to the cast vote over but not restricted to, a data network such as the internet, TV, radio or in print. After confirmation the image would terminate itself by but not restricted to erasure and self-replicating code.
Upon completion of the ballot, the secure channel indicated by reference numeral 7 will send the voter back to the reference server indicated by reference numeral 20. Here the voter will be prompted to close the session by confirming if his vote was cast correctly.
Upon successful completion a signal will be sent to the voting machine to dispense the ballot to the correct holding tray and erase the IP from its memory. This is another further embodiment of the invention intended to secure to anonymity of the vote from any intrusion attempt including internal corruption.
Completion of a ballot confirmation also bars the user from accessing the reference server again.
This prevents the same user from over-voting and multiple ballots cast from the same individual voter. In addition, the voter's participation will be registered to the reference server's database.
To ensure transparency in an election by method of present invention, includes means to allow an election authority or authorized third party to audit the system of said electronic voting system by means of checksum operation result log and code base depository. Because the payload of the voting system is the physical ballot, the present invention offers full transparency and auditability by an election authority or authorized third party, as indicated by reference numeral 22, to ensure that no malicious operation has taken place during the method outlined above.
The invention has been disclosed above, with reference to a preferred embodiment thereof. Those skilled in the art will appreciate that modifications and additions can be made within the scope of the present invention as defined in the attached claim.
Reference numeral 4 indicates the initial destination IP for the interface software to connect to.
This destination IP is a server used to validate the identity of each individual voter and validate their eligibility according to the requirements of the voting authority, as indicated by reference numeral 6. Reference numeral 5 represents the means for generating the eligibility list by either a database provided by the voting authority, which is represented by reference numeral 6, or by its own internal database compiled by inputs through the interface software such as but not limited to, user data input fields, visual confirmation, recognition algorithm, biometrics, secure identification number or audio recognition.
The server as designated by reference numeral 4 also acts a portal where a secure connection can be established post validation. The security from interface to reference server uses standard symmetric encryption such as but not restricted to AES, as well as but not restricted to, RSA
certificates and SSL to establish a secure connection between interface and reference server.
After the voter's eligibility has been validated, a secondary level of encryption takes place while the session is transferred to the voting machine systems as indicated by the reference numerals 9. This channel is designated by reference numeral 7, and uses Real-Time Transport Protocol's such as but not restricted to ZRTP, to encrypt the session between interface and voting machine systems.
The reference numerals labeled 9, indicate a multiple of machines necessary for the election. As will be appreciated by those familiar to the art, different ballot requirements are typically required for different variables in an election such as but not limited to districts, candidates or levels of government up for election. Each machine houses a particular set of ballots, as denoted by an election authority and in a further embodiment of the invention, each machine also houses a server that acts both as a destination IP for the secure channel indicated by reference numeral 7, and also as a relay for the channel itself.
As will be appreciated by those familiar in the art, data transported over a network is typically contained in packets with a header used for routing through the network. The voting machines act as a relay for each machine as a proxy server combined with additional encryption such as but not limited to root certificate authorization or rendezvous protocols, where the destination and data is obfuscated from eavesdropping by making the destination IP difficult to ascertain in the time that the session is open. In the context of the present invention, this means that if there was an unauthorized second party to the session, they would have a very limited amount of time to figure out which machine housed the particular ballot they intended to tamper with.
Additionally, the anonymity provided by the proxy server means that linking the voter to the ballot becomes difficult and protects the integrity of the secret vote.
In addition to the protected channel as designated by reference numeral 7, a further security measure is initialized at the beginning of the session between interface and voting machine. In order to ensure and authenticate to the voter that the session is in fact free from unauthorized parties, a secure identifier is displayed to the voter on the screen of the interface as designated by reference numeral 8. This secure identifier is a cryptographic hash value such as but not restricted to a short authentication string, which displays a value or secure identifier to the voter. The same value is then displayed inside the voting machine at the destination IP to allow the voter to authenticate the security of the ballot and cast a secure vote. This security measure restricts intrusion attempts to correctly guess the secure value in one attempt, if the values at both sides do not correspond, an attack is indicated and the session will be terminated, allowing the voter to try again in another session.
Reference numeral 24 designates a single voting machine and the various components it comprises.
Reference numeral 11 is the operational computer for the machine comprising the typical associated components such as but not restricted to, processor, memory, input/output controls for the other voting machine attachments. Reference numeral 10 designates the means for generating the operational software necessary to run the machine and also the means for loading the cryptographic keys which secure the connections between servers and the hash values for cryptographic keys associated with the randomization of the ballots. These values are loaded into two active memories, the computer and the printer as indicated by reference numeral 23. The printer is the means to physically generate the ballots by printing them according to the keys generated by the means as indicated by reference numeral 10. The printer is physically separated from the voting machine to ensure incorruptibility at inception of ballot creation. The keys generated are manually loaded into the voting machine at the time of an election to prevent attacks from gaining access to the randomization block cypher used to generate the values and corresponding keys. Each time a number of ballots is printed, a corresponding key value is generated per ballot that is used by the computer to associate the input control from the interface to the correct value of the ballot selection. This measure ensures that an automated attack that automatically associates an input to a selection is not possible as the selections themselves are randomized and require direct input controls on a per ballot basis for correctly casting a voter's intention to the machine.
Reference numeral 12 is the server which establishes the connection between the machine and the interface. It also acts as the aforementioned relay proxy server to mask the IP and packet data. The server has no manual configuration interface and is only operated by the computer as indicated by reference numeral 11. This ensures that the security is contained to the location of the machine as a whole rather than a offsite location with various vulnerabilities. Upon the establishment of a connection between the server and the interface, a ballot is loaded from the holding tray as indicated by reference numeral 13, into the casting tray as indicated by reference numeral 14.
Reference numeral 15 is an authenticator, such as but not restricted to, a camera, fixed on the ballot tray. This camera is the final destination of the secure channel created between the interface and the voting machine server. The session created by, but not restricted to, the real time protocol transmits the view of this camera to the voter interface device. The voter will see the ballot and the selections of the election on the screen in real time. This secure channel will be further secured by the aforementioned secure identifier as indicated by reference numeral 8. In a further embodiment of the invention, an additional real time secure indicator will be displayed alongside the ballot, within view of the camera but not obstructing the selections on the ballot in any way as designated by reference numeral 16. This real time indicator will provide additional trust to the voter that this ballot vote is happening in real time and that this particular ballot is being marked by said voter. The real time indicator, can be but not limited to, a screen connected to the front camera that shows the voters face, a display screen of the voters identity to confirm ownership of the vote or a display confirming real time data to the voter that indicates that this vote and ballot is authentic and happening in conjunction to the voter casting their vote.
To further protect the security and integrity of the election. The camera will also transmit data to the computer from the ballot by means of optical codes assigning each selection to a desired input control. The optical codes are created and correspond to the cryptographic value designated by means produced by reference numeral 10, and loaded into the operating system at the time of the election.
At the time of the actual voting to begin, the interface highlights the selections available on the ballot by means of, but not limited to, visual indicators, audio indicators, haptic indicators or a combination of. These input controls are transmitted through the session channel by means of an encrypted input control channel as indicated by reference numeral 18. This separate layer of encryption happens at the time the voter inputs the command to mark a selection. A typical input control first arrives at a hardware controller on the devices motherboard which the interface is loaded on, which forwards them to the operating system kernel's input stack.
They are then processed by the operating system's input manager, which sends them to a queue belonging to the application window that currently has input focus. The application then retrieves the input from the queue and interprets in in context and displays the result to the user. In reference to the present invention, this input path is first diverted to a scrambler algorithm which obfuscates the input from the operating system kernel. This process takes the data and hides it from the devices own input manager as a random value. This value is then transmitted over the network through the secure channel as indicated by reference numeral 7 and deciphered by the voting machine as indicated by reference numeral 11. This action is initiated by, but not limited to, a three step verification check where the interface prompts the voter three times to confirm their selection and transmits the actual input control on the final attempt. This input function corresponds to a physical marking device as indicated by reference numeral 17 which reads the deciphered input control and marks the corresponding selection as per the computers encrypted selection value.
This mechanical process is visually authenticated by the voter by means not limited to ink, piercing, rupture, coloration, stamping or tear, and allows the voter to authenticate that the ballot was marked correctly according to their intended input function as the voter validates the result of their input command.
The scrambling algorithm and input function are both self-obliterating operations, meaning, the data of the function in the allocated memory is wiped from both the voter device and operating system by way of erasure and self-replicating code intended to delete and mask the confirmed action from surveillance. This function operates similarly to a one-time-pad cryptographic cypher in which both the keys and plaintext are to be destroyed post decryption. This function ensures the integrity of the secret vote by leaving no confirmation of the voter's intended selection after the ballot has officially been marked. This signal to delete the data from the device is transmitted after the confirmation of post ballot marking as indicated by reference numeral 20.
After a ballot has been marked, the ballot is dispensed into a holding tray as indicated by reference numeral 19. In this area the ballots can be collected and tabulated by either electronic or human means. An electronic voting tabulator would visibly scan the document and associate its physical markings to the associated algorithm as designated by means from reference numeral 10.
Alternately or in conjunction, an election authority could oversee the tabulation of marked ballots and register the final count results to the electorate as indicated by reference numeral 22.
In a further embodiment of the invention, the camera would send a snapshot of the completed ballot along with the secure indicator to the voter's device by means of reference numeral 20. This snapshot would also be a self-obliterating operation but would allow the voter the opportunity to use the secure indicator as a means to see that their vote has been correctly cast by publically displaying the keychain of secure indicators to the cast vote over but not restricted to, a data network such as the internet, TV, radio or in print. After confirmation the image would terminate itself by but not restricted to erasure and self-replicating code.
Upon completion of the ballot, the secure channel indicated by reference numeral 7 will send the voter back to the reference server indicated by reference numeral 20. Here the voter will be prompted to close the session by confirming if his vote was cast correctly.
Upon successful completion a signal will be sent to the voting machine to dispense the ballot to the correct holding tray and erase the IP from its memory. This is another further embodiment of the invention intended to secure to anonymity of the vote from any intrusion attempt including internal corruption.
Completion of a ballot confirmation also bars the user from accessing the reference server again.
This prevents the same user from over-voting and multiple ballots cast from the same individual voter. In addition, the voter's participation will be registered to the reference server's database.
To ensure transparency in an election by method of present invention, includes means to allow an election authority or authorized third party to audit the system of said electronic voting system by means of checksum operation result log and code base depository. Because the payload of the voting system is the physical ballot, the present invention offers full transparency and auditability by an election authority or authorized third party, as indicated by reference numeral 22, to ensure that no malicious operation has taken place during the method outlined above.
The invention has been disclosed above, with reference to a preferred embodiment thereof. Those skilled in the art will appreciate that modifications and additions can be made within the scope of the present invention as defined in the attached claim.
Claims (22)
1. A hybrid model electronic voting system and method for enabling individual voters to remotely cast a ballot electronically via inputs to a receiver where a user controls a mechanical system that produces a physical, readable ballot. The system comprises means for voting via an interactive user interface connected by a secure, anonymizing, data network to a mechanical receiver where a ballot is visibly marked. Mechanical receiver comprises a device that receives controls from remote inputs, authenticates a ballot for a voter and marks a ballot through a physical process via secure remote input controls into an identifiable, cast ballot. Said voting system comprises
2. Means for designing and producing a physical unmarked ballots, which said ballots are designed and produced to be read by the machine with the intent of transmitting the appearance thereof across a data network.
3. Means to randomize and encrypt the electable subject list on a ballot, of which said subject list is to correspond to the optical codes to be identified by the voting machine authenticator and be cryptographically assigned for use in the voting machine.
4. Means for producing an election reference record of all ballots to be used in an election and registered voters eligible to vote, of which said election record is to be used to verify eligibility of voters in an election through a database designed to corroborate the participant against the voter registration list to authenticate the identity of said voter upon use of said electronic voting system. Means for generating a ballot reference record comprises a database record of all ballots to be used in an election.
5. Means of registering voters eligible to vote in an election, of which said means is to be compiled by inputs through the interface software such as but not limited to, user data input fields, visual confirmation, recognition algorithm, biometrics, secure identification number or audio recognition, of which methods allow a registration list to be created to indicate a participants eligibility in an election over a data network.
6. Means of storing and retrieving an election referencing record database comprised of eligible voters, of which said means allow for reference records to be sent or transmitted to corresponding computer memories of through a data network, for use throughout said electronic voting system components, election authority systems or authorized parties.
7. Means of communicating said database comprised of eligible voters registrations to the electronic voting system, of which said database is to communicated to connected server arrangements over a data network.
8. Means of creating an interface application that allows a voter to take part in the secure voting online session, of which the means are to be created with respect to the intended devices hardware and operating system components and requirements.
9. Means to load said interface application onto a voters device, of which said application is to be loaded onto said voters device by means of transmission over a data network or by physically communicating said application to voters.
10. Means for authenticating an eligible voter for validation in said election, of which said means comprises but not limited to visual, data field inputs, audio, biometrics, GPS location or devices components or a combination thereof over a data network.
11. Means for generating a secure session environment for communicating between voter and vote casting mechanism, of which said means is to be established using encryption techniques in real time over a data network, connecting said voter via interface to physical voting machine in a secure and verifiable method.
12. Means for vote casting mechanism to operate securely and validate that the process is operating in a secure and protected system, of which said means is to be actively checking computer processes across internal network for means of authenticating secure processes.
13. Means for generating a unique ballot subject identifier code for each electable subject on said ballot, of which said means are to be optically transmitted, read and authenticated of said voting system and communicated in a encrypted manner to said voter over a data network that corresponds to said voters interface application input controls.
14. Means for anonymizing data connection between voter and ballot casting mechanism, of which said means comprises a relay system of servers designed to act as a proxy relay between interface application and destination IP address, over a data network, of which the final being the intended machine of the eligible voter for use in said electronic voting system. Said means is intended to mask the action and communication of said interface application and voting machine from outside intrusion or observation and will be constructed with the intention as such.
15. Means for authenticating ballot casting mechanism to said voter, of which means can include means to but not be limited by, visual, audio, haptic, and tactile, for use in said electronic voting system.
16. Means for securing data connection between interface input controls and ballot casting mechanism, of which said means is to be construed as establishing a secure single input control function intended to secure input control and transmit voter intention to a physical machine through an encrypted channel over a data network.
17. Means for ballot casting mechanism to respond to input from voter and mark corresponding ballot in an identifiable and human readable format, of which said means comprises a machine that responds to remote input controls over a data network and physically identifies a ballot as being marked by processes such as but not restricted to, color, ink, tear, perforation, puncture.
18. Means for voter to confirm that said ballot has been properly marked with correct voter intention, of which means comprises a confirmation to be sent from said voters interface application to said voting machine system via a data network to authenticate confirmation of successful casting of a ballot to said voter.
19. Means for voter post-ballot confirmation to validate voter participation in said election and prevent dual voting from being registered in said election, of which said means comprises a data packet to be transmitted over a data network indicating the successful competition of a ballot to voting machine system and reference server.
20. Means for confirmation of marked ballot and voter participation to be communicated to said voter, of which means comprises a authentication indicator to be transmitted from said voting machine to said voters interface application device over a data network for use in confirming participation in an election by said electronic voting system.
21. Means for collecting and tabulation of cast ballots, of which mean comprises a method for authenticating marked ballots by electronic means for transmission over a data network to a voting authority or by human tabulation by an election authority. Said means also comprises means for broadcasting results of said tabulation, publically, over a data network.
22. Means for allowing transparent auditing of electronic voting system by an election authority or authorized third party for security in practice of said electronic voting system for us in an election, of which said means comprises a report log and code depository of operations during the above methods system during an election.
it should now be appreciated that the present invention provides a hybrid model electronic voting system between an interface device and a receiver over a data network comprising secure method that safeguards against traffic analysis and eavesdropping by unauthorized parties and ensures the fundamentals of a free, democratic election system are upheld.
It is understood that the invention is not limited to the specific embodiments herein illustrated and described, but may be used otherwise without departing from the spirit and scope of the invention.
it should now be appreciated that the present invention provides a hybrid model electronic voting system between an interface device and a receiver over a data network comprising secure method that safeguards against traffic analysis and eavesdropping by unauthorized parties and ensures the fundamentals of a free, democratic election system are upheld.
It is understood that the invention is not limited to the specific embodiments herein illustrated and described, but may be used otherwise without departing from the spirit and scope of the invention.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CA2923483A CA2923483C (en) | 2016-03-10 | 2016-03-10 | System and method for hybrid model electronic voting |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CA2923483A CA2923483C (en) | 2016-03-10 | 2016-03-10 | System and method for hybrid model electronic voting |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CA2923483A1 true CA2923483A1 (en) | 2017-09-10 |
| CA2923483C CA2923483C (en) | 2024-02-06 |
Family
ID=59846840
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA2923483A Active CA2923483C (en) | 2016-03-10 | 2016-03-10 | System and method for hybrid model electronic voting |
Country Status (1)
| Country | Link |
|---|---|
| CA (1) | CA2923483C (en) |
-
2016
- 2016-03-10 CA CA2923483A patent/CA2923483C/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CA2923483C (en) | 2024-02-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11967186B1 (en) | Blockchain-based election system | |
| Ali et al. | An overview of end-to-end verifiable voting systems | |
| US7819319B2 (en) | Method and system for electronic voting over a high-security network | |
| US20070267492A1 (en) | System and Method for Electronic Voting | |
| US11138821B2 (en) | System and method for hybrid model electronic voting | |
| US20100121765A1 (en) | Electronic online voting system | |
| JP6567675B2 (en) | Electronic voting method and system implemented in portable device | |
| Krips et al. | On practical aspects of coercion-resistant remote voting systems | |
| CN105827399A (en) | Data processing method used for electronic election | |
| Helbach et al. | Secure internet voting with code sheets | |
| Oo et al. | A survey of different electronic voting systems | |
| Clarke et al. | E-voting in Estonia | |
| Selvarani et al. | Secure voting system through sms and using smart phone application | |
| WO2022020072A1 (en) | Blockchain-based voting system | |
| Khairnar et al. | Survey on secure online voting system | |
| CA2923483C (en) | System and method for hybrid model electronic voting | |
| Pan et al. | Enhanced name and vote separated E‐voting system: an E‐voting system that ensures voter confidentiality and candidate privacy | |
| CN114677794A (en) | Electronic voting method based on block chain | |
| Jamnadas et al. | Challenges & Solutions Of Adoption In Regards To Phone-Based Remote E-Voting | |
| Juma et al. | Election results' verification in e-voting systems in Kenya: a review | |
| da Silva Mendes | Trusted Civitas: Client trust in Civitas electronic voting protocol | |
| Keshk et al. | Development of remotely secure e-voting system | |
| Khokhlov | Electronic voting system design | |
| Bagnato | The impact of the Council of Europe Recommendation CM/REC (2017) 5 on eVoting protocols | |
| US10445964B2 (en) | Method and system for the secure and verifiable consolidation of the results of election processes |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| EEER | Examination request |
Effective date: 20210309 |
|
| EEER | Examination request |
Effective date: 20210309 |
|
| EEER | Examination request |
Effective date: 20210309 |
|
| EEER | Examination request |
Effective date: 20210309 |
|
| EEER | Examination request |
Effective date: 20210309 |
|
| EEER | Examination request |
Effective date: 20210309 |
|
| EEER | Examination request |
Effective date: 20210309 |
|
| EEER | Examination request |
Effective date: 20210309 |