Description

The present invention relates to a method for secure voting, a voting ballot comprising a hidden unique security code, an apparatus for electronic voting, a voting input device, a vote recording computer and an electronic voting system.

So far, political election needed to be conducted in such a way that the voters needed to show up personally in specified locations to vote for a party or a certain candidate. Voting systems used so far do not allow for secure distance voting.

WO20 0010564A2 describes an electronic voting system in a polling station. US20030006282A1 discloses a system and method for electronic voting for voting in a polling station using a plurality of voting modules connected via a network.

WO2006126004A1 discloses a voting system comprising a wireless transceiver connected to a vote recording computer to communicate with a smartcard reading device. US7516891 B2 discloses ballot integrity system to verify the integrity of paper ballots.

US7077313B2 discloses an electronic voting method for an optically scanned ballot.

US7431209B2 discloses an electronic voting apparatus, a system and a method. The problem underlying the present invention is the provision of a voting method enabling secure distance voting. The problem underlying the present invention is solved in a first embodiment by a method for secure distance voting utilizing a unique citizen identifying code and a voting ballot comprising a hidden unique security code, a. wherein the unique citizen identifying code and the unique security code are also data records in a database, where the data record for the unique citizen identifying code is assigned to the data record of the unique security code, b. wherein at least one vote is cast outside an official polling station, c. comprising the following steps: i. a voter unhides the security code, ii. the voter enters the security code using a code entering device, iii. the voter is then prompted to enter the unique citizen identifying code, iv. the database is checked, whether the two entered codes are assigned to each other, v. the result of this check is presented to voter,

V!. if the codes are not assigned to each other in the database or the code has been requested before, the voting process either terminates or the voter is prompted to start from step ii., vii. the date of the retrieval is recorded in the database and assigned to the data record for the unique citizen identifying code and/or the data record of the unique security code, viii. the voter then casts a vote.

One of the many advantages of this method is that also disabled people (e.g. blind, deaf, physically handicapped) may vote more easily.

Unique code in the sense of the application means that for a particular voting process there are no tow identical unique ballot codes or unique security code.

The present invention enables secure distance voting for the first time. The method may be employed by governments for election, communities, associations, clubs, societies, unions, meetings of shareholders, competitions and even betting. Shareholders for example may securely vote for the board of a company even when not personally present at the meeting of shareholders. In addition, a unique ballot code may advantageously be placed on the ballot. The unique ballot code may also advantageously be a database record assigned to the unique citizen identifying code and/or to the unique security code.

The unique citizen identifying code may be a social security number, a tax identity number, a T.C. kimlik number or a passport number. This increases security of the methods, since the information is confirmed by governmental agencies.

In step c.v., preferably also the information, whether the code has been requested before, if applicable, is presented to the voter. This greatly increases the security and the ability for the voter to determine, whether the ballot is authentic or not. Preferably, additional information is given to the voter in this case selected from the group comprising time, location and/or type of ballot of the earlier request. This will help the voter to determine, whether the earlier request was fraudulent and therefore increase the security of the method according the present invention.

Some or all transmission of data may be encrypted. The encryption methods may be selected from typical encryption method or AES. This also increases the security of the method according to the present invention.

The information given to the voter in step c.v. preferably does not comprise the security code. This also increases the security of the method according to the present invention.

Preferably, the database is hosted on a centrally administered server computer. After step c.ii. the entered code may be transmitted to the centrally administered server computer, in particular over a mobile phone network, a network of computers and/or over the internet. This also increases the security of the method according to the present invention.

The entered code may preferably be transmitted by a method selected from the group comprising SMS, telephone, internet, regular mail, email and/or fax. The code may be transmitted as an image or as characters. This also increases the security of the method according to the present invention.

In a preferable embodiment, the code may be entered by taking a picture of the code with a mobile phone, e.g. using an app (application running on the mobile phone) and then sending the picture to the server hosting the database or first recognizing the code in the mobile phone and then transmitting the corresponding characters to the server hosting the database.

When the voter is entering the code of step c.ii., the location of the voter may preferably be acquired using a typical method like GPS, cellular phone triangulation or IP geolocation. This information may also be transmitted and stored in the database. This technical measure increases the security of the method according to the present invention, since it may later be used to compare this information with any address information that may be on file already.

Together with the entered code, other information selected from the group compris- ing location, type of ballot, time or combinations thereof may preferably be transmitted to the centrally administered server computer hosting the database. This additional information may be stored in this database and assigned to the data record of the entered code or written in corresponding data fields of the data record of the entered code. This also increases the security of the method according to the present invention.

Preferably, the information gained in steps c. ii., iii., vii. and/or viii. is transmitted to an independent supervisory body. This supervisory body may be the entity responsible for the voting process, such as the governmental agency in charge of the voting process. The information may be transmitted over a network and/or the internet. The transmission may be encrypted. The transmission may be made to a centrally administered server computer under control of the supervisory body. The supervisory body may also create the unique security code before manufacturing the ballots. Any voting attempt may be noticed to the supervisory body by any means, in particular by electronic means. Alternatively, the supervisory body may run the centrally administered server computer itself. These measures also increase the security of the method according to the present invention.

The hidden unique security code may be hidden by a scratch panel, a flap or a perforated cover.

The codes may be independently selected from alphanumeric characters, numbers, alphabetic characters, combination of numbers and alphabetic characters, barcode, one dimensional barcode, two-dimensional barcode, QR codes, hologram and/or braille. Braille may also be placed onto the ballot additionally next to the respective code. This would have the advantage to make the method accessible to the blind and therefore increase security of the voting method according to the present invention. The barcode or QR code may also be placed onto the ballot additionally next to the respective code. This would have the advantage to make the method accessible to processing/recognition by machines such as mobile phones or other computers and therefore increase security of the voting method according to the present invention.

The codes may independently from each other have a minimum length of 10 characters or encode for at least 10 characters. The security code may be a random code. This code may be technically generated by the centrally administered server computer hosting the central database. This also increases the security of the method according to the present invention.

Preferably, there is no interaction between the various codes. The unique ballot code and the unique security code are preferably different. In particular, there may not be any algorithmic interdependence between the unique ballot code and the unique security code.

Preferably, the at least one vote in step b. is cast by a voting input device selected from a mobile phone, a landline phone, a personal computer at home or at work or a mobile computing device such as a laptop, netbook or a notebook. Preferably, one possible response in step c.v. is that either code does not exist. This information may also be transmitted to the supervisory body. Independently therefrom, the code may be communicated to the voter by a visual device such as a display or by an audio device such as a speaker or headphone.

Preferably, the entered and transmitted code is deactivated after the last step of the method according to the present invention to increase the overall security of the method. To further increase the security of the method according to the present invention, the frequency of entering codes in step c.ii. may also be recorded. This information may also be transmitted and saved in the database. Either a computer program on the code entering device such as an application running on a mobile phone or a computer program running on the server hosting the database may analyze the frequency of entering codes to detect fraud. In particular, the computer program may disable the entering capability of the code entering device, if a certain threshold of entering attempts has been reached from an individual code entering device such as an application running on a mobile device. This threshold may be at most 10 attempts per hour. This also increases the security of the method according to the present invention.

The ballot may advantageously also comprise additional information such as the name and/or the address of the voter. The name may advantageously be also encoded as a one- or two-dimensional barcode or a QR code. The name and/or address may also be data records in the database assigned to the data record of the unique security code and/or the unique citizen identifying code.

After entering either the unique security code or the unique citizen identifying code, the voter may be prompted to confirm that his name is the name assigned to the data record of the respective entered code in the database to further increase the security.

To further enhance the security of the method according to the present invention, additional security features may be captured from the voter and transmitted to the centrally administered server computer hosting the database together with the entered code. These additional security features may be selected from the group of biometric features (e.g. distance of eyes), retina scan, finger print and/or a software certificate. These security features may also replace the unique citizen identifying code. This alternative may be preferable, if the vote organizing entity is in possession of any of these features for the voter and these features can be stored on the database as data records assigned to the unique security code.

Preferably, the time window where voting is possible is defined. The time window may preferably open 24 h before closing, in particular it may open at most only 8 h ^ before closing. This also increases the security of the method according to the present invention.

Preferably, the method of the present invention is adapted to the case where at least one voter did not receive the ballot. In this case, the voter may request a new ballot by indicating his unique citizen identifying code. The new ballot may be sent by registered mail or registered letter with reply advice.

In the case where the entered code is transmitted to a centrally administered server computer via a regular phone, the centrally administered server computer may advantageously be equipped with a speech recognition module and/or a speech synthesizer. Both can be selected from typical or market standard solutions. The voter may call a telephone number in step c.ii. and this telephone number is assigned to the centrally administered server computer. A speech synthesizer or a prerecorded message may prompt the voter to enter the unhidden security code. The voter may then either punch in the numbers or characters using his dialpad on the telephone or in an alternative embodiment spell the security code, which then would need to be recognized by a speech recognition module on the centrally administered server computer. Also the supervisory body may use the information to confirm the identity of the voter on the phone. In step c.viii. the voter may then be presented with various voting options by the speech synthesizer or a prerecorded message and may then vote one of the options by spelling or saying his choice or using the dialpad of the phone.

After the last step of the voting method, the vote may then be recorded locally or on the centrally administered server computer, after it has been transmitted to the centrally administered server computer. This may be achieved by above mentioned transmission means.

The voting method according to the present invention is well suited for elderly or disabled people. Blind and elderly people can comfortably vote using their phone. Deaf and mute people can comfortably vote using their smartphone or computer.

In another embodiment of the invention, the problem underlying the invention is solved by a voting ballot comprising a hidden unique security code.

The voting ballot may advantageously and independently comprise all or some or one aforementioned features describing the ballot itself.

A unique ballot code may be additionally placed on the ballot. This increases security of the methods, since the information is confirmed by governmental agencies. The hidden unique security code may be hidden by a scratch panel, a flap or a perforated cover.

The codes may be independently selected from alphanumeric characters, numbers, alphabetic characters, combination of numbers and alphabetic characters, barcode, one dimensional barcode, two-dimensional barcode, QR codes, hologram and/or braille. Braille may also be placed onto the ballot additionally next to the respective code. This would have the advantage to make the method accessible to the blind and therefore increase security of the voting method according to the present invention. The barcode or QR code may also be placed onto the ballot additionally next to the respective code. This would have the advantage to make the method accessible to processing/recognition by machines such as mobile phones or other computers and therefore increase security of the voting method according to the present invention.

The codes may independently from each other have a minimum length of 10 characters or encode for at least 10 characters. The security code may be a random code. This code may be technically generated by the centrally administered server computer hosting the central database. This also increases the security of the method according to the present invention.

Preferably, there is no interaction between the various codes. The unique ballot code and the unique security code are preferably different. In particular, there may not be any algorithmic interdependence between the unique ballot code and the unique security code.

The ballot may advantageously also comprise additional information such as the name and/or the address of the voter.

The security code of the ballot may be fixed to the ballot in form a sticker that cannot be removed from the ballot without destroying the integrity of the sticker. The sticker may be coated with a scratch panel, which would have to be scratched off by the voter to unhide the unique security code.

In another embodiment of the invention, the problem underlying the invention is solved by an apparatus for electronic voting, the apparatus adapted to perform the method according to the present invention and comprising: a. a code entering device, b. a connected database, where records of at least one unique citizen identifying code and at least one hidden unique security code are assigned to each other, c. a code output device, and d. a vote facilitating device, wherein the connected database may be physically run on a computing device within the apparatus for electronic voting, which is wired to the other components, or may be connected to the apparatus via a network or the internet. The apparatus for electronic voting may advantageously and independently comprise all or some or one aforementioned features describing the apparatus itself. The apparatus is adapted to perform the method according to the present invention.

The apparatus for electronic voting may advantageously be adapted to receive the security code via a dialpad or a keyboard. The apparatus for electronic voting may advantageously be adapted to forward the entered code to the centrally administered server computer. This may be achieved by a network interface such as LAN or WIFI connectivity to send the entered code to the centrally administered server computer over a local network or the internet. The apparatus for electronic voting may advantageously be adapted to then receive the unique ballot code from the centrally administered server computer via the same connectivity. The apparatus for electronic voting may advantageously be adapted to then output the unique ballot code by a built in display or a speaker in combination with a speech synthesizer. The apparatus for electronic voting may advantageously be adapted to receive the vote by the voter by presenting the choices for voting and then receiving the vote by any input device, in particular by a dialpad, a keyboard, a micro- phone in combination with a speech recognition module.

In another embodiment of the invention, the problem underlying the invention is solved by an electronic voting system adapted to perform the method according to the present invention comprising: a. at least one administrative module, comprising i. a centrally administered server computer, ii. a database hosted on the centrally administered server computer, where records of at least one unique citizen identifying code and at least one hidden unique security code are assigned to each other, iii. at least one communication means to connect with the administrative module, iv. a computer program executed on the centrally administered server computer, performing the tasks of

(1 ) receiving a code as input, retrieving another code assigned to the received code from the database and returning the assigned code, and

(2) receiving a vote from the voting module and storing the vote in a data record in the database, assigning this data record to the unique ballot code and/or the hidden unique security code, b. at least one voting module, comprising i. at least one code input device, ii. at least one code output device, iii. at least one communication means to connect with the administrative module, iv. at least one vote selection device.

The administrative module may be implemented as a centrally administered server computer hosting a database, having components selected from the group of communication means such as e.g. LAN or WIFI, data storage such as a hard drive, a CPU, a display such as a monitor, a keyboard, a mouse. The administrative module may be physically located at a location controlled by the supervisory body. The centrally administered server computer may also comprise components such as a speech synthesizer, a speech recognition module and/or a port for an incoming phone line. This port may be implemented as software or as hardware.

The centrally administered server computer in the sense of the present invention may comprise several distributed computers or computing devices to perform the various tasks laid out above.

Communication between the administrative module and the voting module may be encrypted, e.g. using algorithms like AES.

The voting module may be implemented as a regular phone. The code input device may be selected from the dialpad or the microphone of the phone. The code output device may be selected from the speaker or a display. The communication means may be the landline or (in case of a mobile phone) the mobile phone network. The vote selection device may be selected from the dialpad or the microphone of the phone.

The voting module may also be implemented as a mobile computing device such as a smartphone, a laptop, a netbook, or any other mobile computing device. The code input device may be a microphone, a touchscreen, a camera, a keyboard and/or a dialpad. The code output device may be a display or a speaker. The communication means may be LAN connectivity, WIFI connectivity, any other network connectivity and/or the mobile phone carrier network. A computer pro- gramm (e.g. an app on smartphones, or a regular computer program on a mobile computer) may be executed on the mobile computing device to perform the tasks required by the voting module performing the method of the present invention. In particular, the computer program may prompt the user to enter the security code by taking a picture of the security code, the processing the picture to extract the code itself in the computing device and sending the code to the centrally administered server computer or sending the picture to the centrally administered server com- puter for processing. The computer program may then prompt the user to enter the unique citizen identifying code, which would then be transmitted to the centrally administered server computer for processing. The server computer would then determine, whether the codes are assigned to each other in the database. The voter would then be presented with the choices for the vote and select one or more of the choices, depending on the nature of the voting procedure. The vote may then be sent to the centrally administered server computer for recording the vote. The computer program may also be adapted to capture additional security features such as biometric data via a built in camera or a software certificate using a built in smart card reader.

Description of Figures The figures shall not limit the scope of the claims, since they represent examples of the present invention.

Fig. 1 shows a ballot according to the present invention with a scratch panel hiding the unique security code.

Fig. 2 shows the same ballot with the unhidden unique security code. The backside of the ballot may contain the following text: "Please scratch off the scratch panel to unhide the security code. Then call 1 -800-VOTENOW, visit our website www.votenow.com or download our app for your Android or iOS device. Then enter the unique security code using your dialpad. You will then be asked to enter your social security number and verify your name in order to confirm that your ballot is an authentic ballot and has not been used before. You will then be presented with your voting choices and you may enter your choice at any time using your dialpad following the # sign"

Fig.3 shows a typical process flow of the method according to the present invention.

* * * * * * *