Electronic voting system
First Claim
Patent Images
1. A method in a computing system for conducting an election, comprising:
- for each voter identified by an election worker as being eligible to vote;
generating a private key and a public key for the voter;
issuing to the voter the only copy of the generated voter private key;
signing the generated voter public key with a private key of the election worker who identified the voter;
storing a data structure containing the voter public key signed with the election worker private key;
enabling the voter to generate a voted ballot by selecting a candidate in at least one election race;
encoding the generated voted ballot by executing first distinguished code;
decoding the encoded voted ballot by executing second distinguished code;
prompting the voter to approve the decoded voted ballot if the voter approves the decoded voted ballot;
encrypting the encoded voted ballot with a single election public key;
signing the voted ballot with the voter private key;
storing the signed voted ballot for counting;
for each stored signed voted ballot;
if the signed voted ballot was signed with a private key corresponding to a stored voter public key, if the stored voter public key was signed with the private key of an election worker whose public key was signed by an election official whose authority derives from an ultimate election authority, transmitting the unsigned voted ballot to each of a plurality of decryption servers;
receiving from each of the plurality of decryption servers a response containing a partial decryption result;
combining the received responses to obtain a decrypted encoded voted ballot;
decoding the decrypted encoded voted ballot by executing the second distinguished code;
storing the decoded decrypted voted ballot; and
for each stored decoded decrypted voted ballot, tallying the decoded decrypted voted ballots.
4 Assignments
0 Petitions
Accused Products
Abstract
A facility for conducting an election is described. The facility establishes a public key infrastructure for use in the election. The facility then employs the established key infrastructure in the operation of a voting site.
-
Citations
93 Claims
-
1. A method in a computing system for conducting an election, comprising:
-
for each voter identified by an election worker as being eligible to vote;
generating a private key and a public key for the voter;
issuing to the voter the only copy of the generated voter private key;
signing the generated voter public key with a private key of the election worker who identified the voter;
storing a data structure containing the voter public key signed with the election worker private key;
enabling the voter to generate a voted ballot by selecting a candidate in at least one election race;
encoding the generated voted ballot by executing first distinguished code;
decoding the encoded voted ballot by executing second distinguished code;
prompting the voter to approve the decoded voted ballot if the voter approves the decoded voted ballot;
encrypting the encoded voted ballot with a single election public key;
signing the voted ballot with the voter private key;
storing the signed voted ballot for counting;
for each stored signed voted ballot;
if the signed voted ballot was signed with a private key corresponding to a stored voter public key, if the stored voter public key was signed with the private key of an election worker whose public key was signed by an election official whose authority derives from an ultimate election authority, transmitting the unsigned voted ballot to each of a plurality of decryption servers;
receiving from each of the plurality of decryption servers a response containing a partial decryption result;
combining the received responses to obtain a decrypted encoded voted ballot;
decoding the decrypted encoded voted ballot by executing the second distinguished code;
storing the decoded decrypted voted ballot; and
for each stored decoded decrypted voted ballot, tallying the decoded decrypted voted ballots. - View Dependent Claims (2)
-
-
3. A method in a computing system for facilitating the identification of uncounted voted ballots in an election, comprising:
-
when a voter submits a voted ballot, issuing a value indicating that the voter has submitted a voted ballot;
associating the receipt value with the voted ballot submitted by the voter; and
when the voted ballot submitted by the voter is counted, adding the receipt value to a list of receipt values associated with counted voted ballots, such that, if the issued receipt value does not appear in the list of receipt values associated with counted voted ballots, the voted ballot with which the missing receipt value is associated may be identified as uncounted. - View Dependent Claims (4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 17, 18, 19, 20, 21)
-
-
16. A portable memory device issued to an authorized voter, containing a private key assigned to the authorized voter,
such that the portable memory device may be used to authorize a ballot voted by the authorized voter by using the contained private key to sign a representation of the ballot voted by the authorized voter.
-
22. A pair of portable memory devices used by a voter, a first portable memory device of the pair containing a private key generated by the voter, a second portable memory device of the pair containing a public key generated by the voter corresponding to the private key contained in the first portable memory device,
such that the first portable memory device may be surrendered to an election official that has approved the voter'"'"'s participation in the election, enabling the election official to copy the public key into a public key store to evidence the voter'"'"'s participation in the election without receiving the private key, and such that the second portable memory device may be retained by the voter and used to sign a representation of a ballot cast by the voter.
-
23. A method in a voting station computer system for obtaining a voter'"'"'s verification of a ballot voted the voter, comprising:
-
in at least one election race, receiving input from the voter selecting a candidate in the race;
in response to the input from the voter, generating a first internal representation of the voted ballot;
translating the first internal representation of the voted ballot into an external representation of the voted ballot;
translating the external representation of the voted ballot into a second internal representation of the voted ballot;
using the second internal representation of the voted ballot to generate a confirmation display showing the candidates selected by the voter; and
if and only if the voter grants confirmation of the confirmation display, transmitting the external representation of the voted ballot to another computer system for storage.
-
-
29. A computer-readable medium whose contents cause an originating computer system to verify user input by:
-
receiving user input;
generating a first internal representation of the user input;
translating the internal representation of the user input into an external representation of the user input;
translating the external representation of the user input into a second internal representation of the user input;
using the second internal representation of the user input to generate a confirmation display showing the user input; and
if and only if the user grants confirmation of the confirmation display, transmitting the external representation of the user input to a destination computer system for processing.
-
-
31. A method in a computing system for completing a blank ballot, comprising:
-
displaying a list of two or more candidates;
receiving first user input selecting a first one of the candidates;
in response to receiving the first user input, displaying an indication that the first candidate is selected;
after receiving the first user input, receiving second user input selecting a second one of the candidates;
in response to receiving the second user input, continuing to display an indication that the first candidate is selected;
after receiving the second user input, receiving third user input deselecting the first candidate;
in response to receiving the third user input, displaying an indication that no candidate is selected;
after receiving the third user input, receiving fourth user input selecting the second candidate; and
in response to receiving the fourth user input, displaying an indication that the second candidate is selected. - View Dependent Claims (32, 33, 34, 36, 37, 38)
-
-
35. A method in a computing system for completing a blank ballot, comprising:
-
displaying a list of candidates, none of which is initially selected, up to a maximum number of which may be selected;
receiving instances of user input each identifying a candidate on the list;
in response to receiving an instance of user input identifying a candidate from the list;
if the identified candidate is presently selected, updating the displayed list of candidates to deselect the identified candidate;
if the identified candidate is not presently selected, if the maximum number of candidates are not presently selected, updating the displayed list of candidates to select the identified candidate; and
if the identified candidate is not presently selected, if the maximum number of candidates are presently selected, maintaining the displayed list of candidates unchanged.
-
-
39. A method in a computing system for completing a blank ballot, comprising:
-
displaying a list of two or more candidates;
receiving first user input selecting a first one of the candidates;
in response to receiving the first user input, displaying an indication that the first candidate is selected;
after receiving the first user input, receiving second user input selecting a second one of the candidates; and
in response to receiving the second user input, displaying a warning indicating that the selection of the first candidate is being changed to the selection of a second candidate.
-
-
40. A method in a computing system for casting a ballot, comprising:
-
receiving user input selecting one candidate in each of a plurality of races;
simultaneously displaying (a) an indication of each candidate selected by the user input, and (b) a control for approving the selections; and
casting the ballot only in response to operation of the control for approving the selections. - View Dependent Claims (41)
-
-
42. A method for facilitating voting by a voter, comprising:
-
at a registration station;
verifying the voter'"'"'s identity;
if the voter'"'"'s identity as verified qualifies the voter to vote, providing to the voter a portable memory device connoting the voter'"'"'s individuated right to vote;
at a voting station;
accessing the portable memory device to discern the voter'"'"'s individuated right to vote;
enabling the voter to select one of a plurality of candidates in each of one or more election races; and
producing for the voter a physical receipt evidencing the voter'"'"'s voting.
-
-
43. A method in a computing system for storing in a storage device records containing information derived from voted election ballots, comprising:
-
receiving a plurality of records, each record containing information derived from one of a plurality of voted election ballots; and
for each received record;
selecting a random location in the storage device at which to store the record using a hardware random-number generator; and
storing the record at the selected random location, thus dissociating the positions of the records in the storage device from the order in which the records are received. - View Dependent Claims (44, 45, 46, 47, 48, 49, 50, 51)
-
-
52. A computer memory containing a sequential series of entries, each entry capable of containing a record of the voting of a single voter among a plurality of voters, a record of the voting of each voter of the plurality being stored in a randomly-selected entry in the series of entries,
such that records of the voting of particular voters may not be identified based upon the locations of the entries containing the records of the voting.
-
53. A method in a computing system for tracking a voted ballot during processing, comprising:
-
receiving the voted ballot, the received voted ballot being encoded, then encrypted, then signed with a private key generated for the voter voting the voted ballot;
separating the signature from the encoded and encrypted voted ballot;
identifying the signature and the encoded and encrypted voted ballot without signature in such a way that an association is maintained between the signature and the encoded and encrypted voted ballot without signature;
decrypting the encoded and encrypted voted ballot without signature;
identifying the encoded and decrypted voted ballot in such a way that an association is maintained between the signature and the encoded and decrypted voted ballot;
decoding the encoded and decrypted voted ballot;
identifying the decoded voted ballot in such a way that an association is maintained between the signature and the decoded voted ballot, such that the signature of the received voted ballot may be accessed based on the identification of the decoded voted ballot to correlate the decoded voted ballot with the voter voting the voted ballot, using a public key generated for the voter voting the voted ballot.
-
-
54. A computer-readable medium whose contents cause a computing system to track a voted ballot during processing, comprising:
-
receiving the voted ballot, the received voted ballot being encoded, then signed with a private key generated for the voter voting the voted ballot;
separating the signature from the encoded voted ballot;
identifying the signature and the encoded voted ballot without signature in such a way that an association is maintained between the signature and the encoded voted ballot without signature;
decoding the encoded voted ballot without signature;
identifying the decoded voted ballot in such a way that an association is maintained between the signature and the decoded voted ballot, such that the signature of the received voted ballot may be accessed based on the identification of the decoded voted ballot to identify the sanctioned election worker signing the voted ballot to correlate the decoded voted ballot with the voter voting the voted ballot, using a public key generated for the voter voting the voted ballot.
-
-
55. A method in a computing system for determining election results, comprising:
-
receiving a plurality of cast ballots, each cast ballot having a certification provided by a particular election official connoting the approval of the voter casting the ballot; and
for each received cast ballot, counting the cast ballot only if the certification of the cast ballot can be uninterruptedly traced back to an election official who is the ultimate certification authority for voter approval. - View Dependent Claims (56, 57, 58, 62)
-
-
59. A method in a computing system for determining election results, comprising:
-
receiving a plurality of cast ballots, each cast ballot having a certification connoting the approval of the cast ballot by the voter casting the ballot; and
for each received cast ballot, counting the cast ballot only if the certification of the cast ballot is among a set of certifications issued to voters by an election authority.
-
-
60. The method of 59, further comprising determining whether the certification of the ballot is among a set of certifications issued to voters by an election authority by determining if the cast ballot is signed by a private key corresponding any of a set of public keys each corresponding to a private key issued to a voter to connote the voter'"'"'s eligibility to vote.
-
61. The method of 59, further comprising determining whether the certification of the cast ballot is among a set of certifications issued to voters by an election authority by:
-
determining if the cast ballot is signed by a private key corresponding any of a set of public keys each corresponding to a private key issued to a voter to connote the voter'"'"'s eligibility to vote; and
determining whether a public key corresponding the private key with which the cast ballot is signed has been signed with the private key of an authorized election official.
-
-
63. A method of determining whether a ballot style is proper to use in an election, comprising:
-
accessing a ballot style authorization policy established for the election, the authorization policy referencing an authority structure established for the election;
accessing a record of an authorization process performed for the ballot style, the record of the authorization process referencing the authority structure; and
determining that the ballot style is proper to use in the election only if the record of an authorization process indicates that the authorization process was performed in accordance with the authorization policy. - View Dependent Claims (64, 65, 66, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82)
-
-
67. A method for conducting an election, comprising:
-
establishing a public key infrastructure for use in an election; and
employing the established public key infrastructure in the operation of a voting site.
-
-
83. A method in a computing system for casting a ballot, comprising:
-
storing data including a reference to a public key generated for a voter; and
signing data representing a ballot voted by the voter with a private key generated for the voter. - View Dependent Claims (84, 85, 86, 87, 88, 89, 90, 91, 92, 93)
-
Specification