Secure internet transactions on unsecured computers
First Claim
1. A secure electronic registration and voting system providing access to voting related subsystems and processes through a network, the secure electronic registration and voting system comprising:
- a central hosting facility, including a system web server for housing a home page and web pages, a data storage device for storing local election office data, and an application processing segment providing the voting related subsystems and processes, the application processing segment further including;
an identification and authentication subsystem and associated services for identity proofing and assigning a roaming digital certificate to users and local election officials by the user or local election official submitting an approved credential or retrieving, completing, and submitting an identity proofing form, a voter registration subsystem and associated processes for registering a user to vote by completing an electronic application, digitally signing the application with the assigned roaming digital certificate, and having the application submitted electronically, wherein a local election official may review the application, approve or deny the application, update the status of the application, and communicate the status of the application to the user, a ballot creation subsystem and associated processes for creating a ballot definition file by an official of the local election office, transforming the ballot definition file to a standard format, validating the ballot by the local election official, and providing the ballot for use by the user, a voting subsystem and associated processes for providing secure voting by identifying and authenticating a user that logs in to vote and request a ballot, retrieving the user'"'"'s identification information and digital certificate, generating a ballot from the user'"'"'s local election office ballot definition file, digitally signing the ballot, sending the ballot to the user, receiving from the user the completed ballot digitally signed with the user'"'"'s roaming digital certificate, time stamping the ballot, encrypting the ballot with a user'"'"'s symmetric key, and storing the encrypted ballot, transmitting a ballot summary to the user for confirmation, receiving confirmation, time stamping the ballot and encrypting the user'"'"'s symmetric key with a local election office'"'"'s public key, and storing the encrypted symmetric key and associated encrypted ballot in the local election office'"'"'s electronic ballot box, a ballot tabulation and reconciliation subsystem and associated processes for reconciling encrypted ballots, wherein ballot tabulation includes providing a local election office with a token and a tabulation computer and requiring one election official to login to the tabulation computer and a second election official to login to the central hosting facility, separating voter identification information from the encrypted ballots and transferring the encrypted ballots to the tabulation computer, decrypting the ballots by decrypting the symmetric key associated with each ballot with the local election office'"'"'s public key and decrypting each ballot with its associated symmetric key, and tabulating the decrypted ballots, and a common services subsystem and associated processes;
a computer device for accessing the central hosting facility through the network, and an application residing on said computing device, wherein said computing device application presents an electronic ballot to a user and said computing device application forwards voting data to the central hosting facility in an encrypted format, said voting data comprising a user identifier, an computing device identifier, and ballot data corresponding to ballot selections by the user, and wherein said central hosting facility receives and authenticates the voting data using the user identifier and the computing device identifier, and the central hosting facility stores the encrypted voting data without decrypting the ballot data.
2 Assignments
0 Petitions
Accused Products
Abstract
The present invention is directed to a secure electronic registration and voting solution incorporating integrated end-to-end voting system architecture and processes providing secure identification and authentication, voter registration, ballot definition, ballot presentation to the voter, voting, and ballot tabulation via secure transmission over the network. The disclosed embodiments of the present invention describe an integrated solution to voting via a network, such as the Internet. A user logs into the system using through an application on a local computer that presents an electronic ballot to a user and accepts the user'"'"'s voting selections. The voting selections are then associated with the user'"'"'s login data and an identifier for the local computer. The local application than encrypts the voting data and forwards a server that authenticates the encrypted voting data using the user login and the computer identifier. The still-encrypted voting data is then stored.
13 Citations
30 Claims
-
1. A secure electronic registration and voting system providing access to voting related subsystems and processes through a network, the secure electronic registration and voting system comprising:
-
a central hosting facility, including a system web server for housing a home page and web pages, a data storage device for storing local election office data, and an application processing segment providing the voting related subsystems and processes, the application processing segment further including;
an identification and authentication subsystem and associated services for identity proofing and assigning a roaming digital certificate to users and local election officials by the user or local election official submitting an approved credential or retrieving, completing, and submitting an identity proofing form, a voter registration subsystem and associated processes for registering a user to vote by completing an electronic application, digitally signing the application with the assigned roaming digital certificate, and having the application submitted electronically, wherein a local election official may review the application, approve or deny the application, update the status of the application, and communicate the status of the application to the user, a ballot creation subsystem and associated processes for creating a ballot definition file by an official of the local election office, transforming the ballot definition file to a standard format, validating the ballot by the local election official, and providing the ballot for use by the user, a voting subsystem and associated processes for providing secure voting by identifying and authenticating a user that logs in to vote and request a ballot, retrieving the user'"'"'s identification information and digital certificate, generating a ballot from the user'"'"'s local election office ballot definition file, digitally signing the ballot, sending the ballot to the user, receiving from the user the completed ballot digitally signed with the user'"'"'s roaming digital certificate, time stamping the ballot, encrypting the ballot with a user'"'"'s symmetric key, and storing the encrypted ballot, transmitting a ballot summary to the user for confirmation, receiving confirmation, time stamping the ballot and encrypting the user'"'"'s symmetric key with a local election office'"'"'s public key, and storing the encrypted symmetric key and associated encrypted ballot in the local election office'"'"'s electronic ballot box, a ballot tabulation and reconciliation subsystem and associated processes for reconciling encrypted ballots, wherein ballot tabulation includes providing a local election office with a token and a tabulation computer and requiring one election official to login to the tabulation computer and a second election official to login to the central hosting facility, separating voter identification information from the encrypted ballots and transferring the encrypted ballots to the tabulation computer, decrypting the ballots by decrypting the symmetric key associated with each ballot with the local election office'"'"'s public key and decrypting each ballot with its associated symmetric key, and tabulating the decrypted ballots, and a common services subsystem and associated processes;
a computer device for accessing the central hosting facility through the network, and an application residing on said computing device, wherein said computing device application presents an electronic ballot to a user and said computing device application forwards voting data to the central hosting facility in an encrypted format, said voting data comprising a user identifier, an computing device identifier, and ballot data corresponding to ballot selections by the user, and wherein said central hosting facility receives and authenticates the voting data using the user identifier and the computing device identifier, and the central hosting facility stores the encrypted voting data without decrypting the ballot data.
-
-
2. A secure electronic registration and voting system providing access to voting related subsystems and processes through a network, the secure electronic registration and voting system comprising:
-
a central hosting facility connected to the network, the central hosting facility including a home page as an access point, an application processing segment for providing election processing, and a storage segment for temporary and persistent storage of data;
a remote computing device connected to the network for accessing the central hosting facility; and
an application residing on said computing device, wherein said computing device application presents an electronic ballot to a user and said computing device application forwards voting data to the central hosting facility in an encrypted format, said voting data comprising a user identifier, an computing device identifier, and ballot data corresponding to ballot selections by the user, and wherein said central hosting facility receives and authenticates the voting data using the user identifier and the computing device identifier, and the central hosting facility stores the encrypted voting data without decrypting the ballot data. - View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A method for identifying and authenticating a user through a secure electronic registration and voting system, comprising the steps of:
-
providing a computer to a user;
the computer accessing the home page of the secure electronic registration and voting system located on a remote server;
the computer forwarding a computer identifier and a user identifier to the remote server;
said remote server returning ballot data in response to the user identifier;
said computer presenting said ballot data to the user;
said computer receiving ballot response data from the user in response to the presentation of the ballot data and associating the voting data with the computer identifier and the user identifier; and
said computer encrypting the associated voting data and forwarding said encrypted associated voting data to the remote server. - View Dependent Claims (20, 21, 22, 23)
-
-
24. A method for registering a user to vote with the user'"'"'s local election office through a secure electronic registration and voting system, comprising the steps of:
-
providing a computer to the user;
a server logging the user into the secure electronic registration and voting system;
the server authenticating the user as a valid user and providing an electronic ballot to the computer;
the computer signing a completed electronic application with a digital signature assigned to the user and an identifier assigned to the computer;
said server receiving the signed completed electronic application and storing the electronic application in an encrypted format on a database; and
said server notifying the user'"'"'s local election office of the receipt of the user'"'"'s completed electronic application. - View Dependent Claims (25, 26, 27, 28, 29, 30)
-
Specification