Secure internet transactions on unsecured computers

US 20060041514A1
Filed: 07/08/2005
Published: 02/23/2006
Est. Priority Date: 02/05/2003
Status: Active Grant

First Claim

Patent Images

1. A secure electronic registration and voting system providing access to voting related subsystems and processes through a network, the secure electronic registration and voting system comprising:

a central hosting facility, including a system web server for housing a home page and web pages, a data storage device for storing local election office data, and an application processing segment providing the voting related subsystems and processes, the application processing segment further including;

an identification and authentication subsystem and associated services for identity proofing and assigning a roaming digital certificate to users and local election officials by the user or local election official submitting an approved credential or retrieving, completing, and submitting an identity proofing form, a voter registration subsystem and associated processes for registering a user to vote by completing an electronic application, digitally signing the application with the assigned roaming digital certificate, and having the application submitted electronically, wherein a local election official may review the application, approve or deny the application, update the status of the application, and communicate the status of the application to the user, a ballot creation subsystem and associated processes for creating a ballot definition file by an official of the local election office, transforming the ballot definition file to a standard format, validating the ballot by the local election official, and providing the ballot for use by the user, a voting subsystem and associated processes for providing secure voting by identifying and authenticating a user that logs in to vote and request a ballot, retrieving the user'"'"'s identification information and digital certificate, generating a ballot from the user'"'"'s local election office ballot definition file, digitally signing the ballot, sending the ballot to the user, receiving from the user the completed ballot digitally signed with the user'"'"'s roaming digital certificate, time stamping the ballot, encrypting the ballot with a user'"'"'s symmetric key, and storing the encrypted ballot, transmitting a ballot summary to the user for confirmation, receiving confirmation, time stamping the ballot and encrypting the user'"'"'s symmetric key with a local election office'"'"'s public key, and storing the encrypted symmetric key and associated encrypted ballot in the local election office'"'"'s electronic ballot box, a ballot tabulation and reconciliation subsystem and associated processes for reconciling encrypted ballots, wherein ballot tabulation includes providing a local election office with a token and a tabulation computer and requiring one election official to login to the tabulation computer and a second election official to login to the central hosting facility, separating voter identification information from the encrypted ballots and transferring the encrypted ballots to the tabulation computer, decrypting the ballots by decrypting the symmetric key associated with each ballot with the local election office'"'"'s public key and decrypting each ballot with its associated symmetric key, and tabulating the decrypted ballots, and a common services subsystem and associated processes;

a computer device for accessing the central hosting facility through the network, and an application residing on said computing device, wherein said computing device application presents an electronic ballot to a user and said computing device application forwards voting data to the central hosting facility in an encrypted format, said voting data comprising a user identifier, an computing device identifier, and ballot data corresponding to ballot selections by the user, and wherein said central hosting facility receives and authenticates the voting data using the user identifier and the computing device identifier, and the central hosting facility stores the encrypted voting data without decrypting the ballot data.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention is directed to a secure electronic registration and voting solution incorporating integrated end-to-end voting system architecture and processes providing secure identification and authentication, voter registration, ballot definition, ballot presentation to the voter, voting, and ballot tabulation via secure transmission over the network. The disclosed embodiments of the present invention describe an integrated solution to voting via a network, such as the Internet. A user logs into the system using through an application on a local computer that presents an electronic ballot to a user and accepts the user'"'"'s voting selections. The voting selections are then associated with the user'"'"'s login data and an identifier for the local computer. The local application than encrypts the voting data and forwards a server that authenticates the encrypted voting data using the user login and the computer identifier. The still-encrypted voting data is then stored.

13 Citations

View as Search Results

30 Claims

1. A secure electronic registration and voting system providing access to voting related subsystems and processes through a network, the secure electronic registration and voting system comprising:
- a central hosting facility, including a system web server for housing a home page and web pages, a data storage device for storing local election office data, and an application processing segment providing the voting related subsystems and processes, the application processing segment further including;
  
  an identification and authentication subsystem and associated services for identity proofing and assigning a roaming digital certificate to users and local election officials by the user or local election official submitting an approved credential or retrieving, completing, and submitting an identity proofing form, a voter registration subsystem and associated processes for registering a user to vote by completing an electronic application, digitally signing the application with the assigned roaming digital certificate, and having the application submitted electronically, wherein a local election official may review the application, approve or deny the application, update the status of the application, and communicate the status of the application to the user, a ballot creation subsystem and associated processes for creating a ballot definition file by an official of the local election office, transforming the ballot definition file to a standard format, validating the ballot by the local election official, and providing the ballot for use by the user, a voting subsystem and associated processes for providing secure voting by identifying and authenticating a user that logs in to vote and request a ballot, retrieving the user'"'"'s identification information and digital certificate, generating a ballot from the user'"'"'s local election office ballot definition file, digitally signing the ballot, sending the ballot to the user, receiving from the user the completed ballot digitally signed with the user'"'"'s roaming digital certificate, time stamping the ballot, encrypting the ballot with a user'"'"'s symmetric key, and storing the encrypted ballot, transmitting a ballot summary to the user for confirmation, receiving confirmation, time stamping the ballot and encrypting the user'"'"'s symmetric key with a local election office'"'"'s public key, and storing the encrypted symmetric key and associated encrypted ballot in the local election office'"'"'s electronic ballot box, a ballot tabulation and reconciliation subsystem and associated processes for reconciling encrypted ballots, wherein ballot tabulation includes providing a local election office with a token and a tabulation computer and requiring one election official to login to the tabulation computer and a second election official to login to the central hosting facility, separating voter identification information from the encrypted ballots and transferring the encrypted ballots to the tabulation computer, decrypting the ballots by decrypting the symmetric key associated with each ballot with the local election office'"'"'s public key and decrypting each ballot with its associated symmetric key, and tabulating the decrypted ballots, and a common services subsystem and associated processes;
  
  a computer device for accessing the central hosting facility through the network, and an application residing on said computing device, wherein said computing device application presents an electronic ballot to a user and said computing device application forwards voting data to the central hosting facility in an encrypted format, said voting data comprising a user identifier, an computing device identifier, and ballot data corresponding to ballot selections by the user, and wherein said central hosting facility receives and authenticates the voting data using the user identifier and the computing device identifier, and the central hosting facility stores the encrypted voting data without decrypting the ballot data.

2. A secure electronic registration and voting system providing access to voting related subsystems and processes through a network, the secure electronic registration and voting system comprising:
- a central hosting facility connected to the network, the central hosting facility including a home page as an access point, an application processing segment for providing election processing, and a storage segment for temporary and persistent storage of data;
  
  a remote computing device connected to the network for accessing the central hosting facility; and
  
  an application residing on said computing device, wherein said computing device application presents an electronic ballot to a user and said computing device application forwards voting data to the central hosting facility in an encrypted format, said voting data comprising a user identifier, an computing device identifier, and ballot data corresponding to ballot selections by the user, and wherein said central hosting facility receives and authenticates the voting data using the user identifier and the computing device identifier, and the central hosting facility stores the encrypted voting data without decrypting the ballot data.
- View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 3. The secure electronic registration and voting system of claim 2, wherein the computing device further comprises a local election office application processing segment for providing election processing at a local election office.
  - 4. The secure electronic registration and voting system of claim 2, wherein the central hosting facility further comprises:
    - a first firewall between the network and the home page for protecting the central hosting facility from unauthorized access from the network; and
      
      a second firewall between the home page and the processing segment providing additional protection from unauthorized access to the central hosting facility.
  - 5. The secure electronic registration and voting system of claim 2, wherein the home page further comprises a home page and common services element.
  - 6. The secure electronic registration and voting system of claim 5, wherein the home page and common services element further comprises:
    - presentation services;
      
      logging and auditing services;
      
      application integration services;
      
      common services;
      
      access control and authorization services; and
      
      data access services.
  - 7. The secure electronic registration and voting system of claim 2, wherein the application processing segment further comprises an identification and authentication process element.
  - 8. The secure electronic registration and voting system of claim 7, wherein the identification and authentication process element further comprises:
    - on-line absentee voter application services;
      
      identity proofing services;
      
      registration services;
      
      registered user login services; and
      
      roaming digital certificate and managed public key infrastructure services.
  - 9. The secure electronic registration and voting system of claim 2, wherein the application processing segment further comprises a voter registration process element.
  - 10. The secure electronic registration and voting system of claim 9, wherein the voter registration process element further comprises:
    - electronic voter registration services;
      
      status checking services;
      
      communications and transmittal of electronic absentee voter application services;
      
      secure messaging services;
      
      voter registration verification and update services; and
      
      voter registration database creation and maintenance services.
  - 11. The secure electronic registration and voting system of claim 2, wherein the application processing segment further comprises a ballot definition process element.
  - 12. The secure electronic registration and voting system of claim 11, wherein the ballot definition process element further comprises:
    - balloting system interface services;
      
      ballot conversion services;
      
      ballot definition services; and
      
      ballot database creation and maintenance services.
  - 13. The secure electronic registration and voting system of claim 2, wherein the application processing segment further comprises a voting engine process element.
  - 14. The secure electronic registration and voting system of claim 13, wherein the voting engine process element further comprises:
    - ballot generation services;
      
      ballot presentation services;
      
      vote casting and symmetric encryption services;
      
      vote review, change, and confirmation services;
      
      cast ballot database creation and maintenance services; and
      
      vote auditing services.
  - 15. The secure electronic registration and voting system of claim 2, wherein the application processing segment further comprises a ballot reconciliation and tabulation process element.
  - 16. The secure electronic registration and voting system of claim 15, wherein the ballot reconciliation and tabulation process element further comprises:
    - controlled login for local election office services;
      
      ballot reconciliation services;
      
      voter identification and ballot separation services;
      
      cast ballot local election office database creation and maintenance services;
      
      download encrypted ballot to local election office services;
      
      dual login and ballot decryption services;
      
      cast ballot tabulation services;
      
      cast ballot conversion services; and
      
      auditing services.
  - 17. The secure electronic registration and voting system of claim 2, wherein the data storage segment further comprises physically separated storage space for each local election office using the secure electronic registration and voting system.
  - 18. The secure electronic registration and voting system of claim 2, wherein the data storage segment further comprises logically separated storage space for each local election office using the secure electronic registration and voting system.

19. A method for identifying and authenticating a user through a secure electronic registration and voting system, comprising the steps of:
- providing a computer to a user;
  
  the computer accessing the home page of the secure electronic registration and voting system located on a remote server;
  
  the computer forwarding a computer identifier and a user identifier to the remote server;
  
  said remote server returning ballot data in response to the user identifier;
  
  said computer presenting said ballot data to the user;
  
  said computer receiving ballot response data from the user in response to the presentation of the ballot data and associating the voting data with the computer identifier and the user identifier; and
  
  said computer encrypting the associated voting data and forwarding said encrypted associated voting data to the remote server.
- View Dependent Claims (20, 21, 22, 23)
- - 20. The method of claim 19, further comprising the steps of:
    - the remote server determining the existence of the user'"'"'s department of defense credential; and
      
      the remote server determining the existence of the user'"'"'s digital signature if no department of defense credential does not exist.
  - 21. The method of claim 20, further comprising the step of the remote server providing an identity proofing form to the user if the user'"'"'s digital signature does not exist.
  - 22. The method of claim 21, further comprising the steps of:
    - completing the identity proofing form by the user;
      
      notarizing the identity proofing form; and
      
      sending the identity proofing form to a verification entity.
  - 23. The method of claim 22, further comprising the steps of:
    - validating the identity proofing form by the verification entity; and
      
      issuing a digital signature to the user.

24. A method for registering a user to vote with the user'"'"'s local election office through a secure electronic registration and voting system, comprising the steps of:
- providing a computer to the user;
  
  a server logging the user into the secure electronic registration and voting system;
  
  the server authenticating the user as a valid user and providing an electronic ballot to the computer;
  
  the computer signing a completed electronic application with a digital signature assigned to the user and an identifier assigned to the computer;
  
  said server receiving the signed completed electronic application and storing the electronic application in an encrypted format on a database; and
  
  said server notifying the user'"'"'s local election office of the receipt of the user'"'"'s completed electronic application.
- View Dependent Claims (25, 26, 27, 28, 29, 30)
- - 25. The method of claim 24, further comprising the step of checking the status of the electronic application.
  - 26. The method of claim 24, further comprising the step of sending a communication by the user'"'"'s local election office.
  - 27. The method of claim 26, further comprising the step of reviewing a communication from the user'"'"'s local election office.
  - 28. The method of claim 24, further comprising the step of reviewing the electronic application.
  - 29. The method of claim 24, wherein the step of reviewing the electronic application further comprises the steps of:
    - logging in to the secure electronic registration and voting system by an official of the local election office;
      
      authenticating the official as an approved official from the local election office;
      
      reviewing the user'"'"'s electronic application by the local election office official;
      
      approving the electronic application by the local election office official;
      
      updating status information for the user in the database on the secure electronic registration and voting system assigned to the user'"'"'s local election office; and
      
      updating status information for the user in a local database.
  - 30. The method of claim 24, wherein the step of reviewing the electronic application further comprises the steps of:
    - logging in to the secure electronic registration and voting system by an official of the local election office;
      
      authenticating the official as an approved official from the local election office;
      
      reviewing the user'"'"'s electronic application by the local election office official;
      
      rejecting the electronic absentee voter application by the local election office official;
      
      updating status information for the user in the database on the secure electronic registration and voting system assigned to the user'"'"'s local election office; and
      
      updating status information for the user in a local database.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Accenture Global Services Limited (Accenture PLC)
Original Assignee
Accenture Global Services GmbH (Accenture PLC)
Inventors
Almond, Carl, Bogasky, John J., Schafer, Andrew

Granted Patent

US 7,418,401 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/64
CPC Class Codes

G06Q 20/382 insuring higher security of...

G07C 13/00 Voting apparatus

Secure internet transactions on unsecured computers

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

13 Citations

30 Claims

Specification

Use Cases

Quick Links

Others

Secure internet transactions on unsecured computers

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

13 Citations

30 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others