KR20170022857A - System and method for operating electronic vote, and recording medium thereof - Google Patents

Abstract

The present invention relates to an electronic vote operating system having improved security and a method thereof. According to the present invention, an operating method of a security key is improved wherein the security key encodes and decodes vote information to preclude leakage and fabrication of the vote information and enable verification in case of a dispute, thereby fundamentally preventing a proxy vote by a third party.

Description

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an electronic voting operating system having improved security, a method and a recording medium storing a computer readable program capable of executing the method,

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a system and method for electronic voting operation, and is directed to a technique for maintaining the confidentiality of votes, preventing illegal votes, and verifying conflicts.

The traditional voting method consists of visiting the polling place designated on the election day, signing the identification on paper, putting it on the ballot box. Thereafter, the ballot box is opened and the ballot is manually checked to count the ballots.

However, traditional voting methods are time and space constrained, and voting and counting procedures are cumbersome. Particularly, national elections are designated as public holidays and are allowed to participate in the voting. However, the voting rate is very low because the private voting, such as election of apartment vote, requires extra time.

To this end, electronic voting system that conducts voting online is under study. That is, even if the voter does not visit the polling place, he / she exercises the right to vote by using the voting terminal, so that there is no time and space restriction and the vote count can be done immediately through computerization.

However, in the case of electronic voting, it is difficult to verify the identity, so there is a fear of proxy voting, and there is also concern about the illegal act of manipulating the sign information.

On the other hand, Korean Patent Laid-Open No. 10-2005-0112008 is known as a related art related to electronic voting.

SUMMARY OF THE INVENTION The present invention has been made in order to solve the problems of the prior art as described above, and it is an object of the present invention to improve the operation method of a security key for encrypting and decrypting sign information, making it impossible to leak or manipulate sign information, And an object of the present invention is to provide a system and method for electronic voting which can prevent proxy voting by a third party.

According to another aspect of the present invention, there is provided a method of operating an electronic voting system, comprising: (a) receiving a nautical-mode password from a plurality of nautical-mode terminals before starting an election; (B) generating an encryption key for counting keys and a decryption key for counting through a first combination sequence in which the plurality of nautical control ciphers are combined; (C) generating an encryption key for verification and a decryption key for verification through a second combination order in which the plurality of nailership passwords are differently combined; (D) after encrypting the counting decryption key through a first combination procedure, storing the counting encryption key and the encrypted counting decryption key, and deleting the counting decryption key; (E) encrypting the verification decryption key by a second combination procedure, storing the verification encryption key and the encrypted verification decryption key, and deleting the verification decryption key; (F) providing the voter terminal with the voting terminal's encryption key and the verification decryption key according to a voting participation request of the voter terminal; The voter terminal receives the voting ballot information encrypted using the voting ticket encryption key and stores it in the first voting box, receives the encrypted voting information encrypted using the verification encryption key, and stores it in the second voting box g) step; (H) receiving the nautical control passwords from the plurality of nervous system terminals after the completion of the election; (I) decrypting the encrypted voting decryption key through the first combination procedure; And (j) decrypting the voting ballot information encrypted and stored in the first voting box through the decrypted voting decryption key to proceed with counting.

Here, the voting ballot information stored in the first voting box may be secured by secretly dividing the voter information in the form of plain text and the sign information encrypted with the encryption key for counting, so that the secret ballot can be guaranteed.

The method may further include: (k) receiving, when a dispute arises in the counting result according to the step (j), the ninth password from the plurality of nervous system terminals; (L) decrypting the encrypted verification decryption key through the second combination procedure; And (m) decrypting the verification vote information stored in the second voting box encrypted through the decryption key for verification to perform verification.

The verification voting information stored in the second voting box can be verified whether or not the proxy voting is performed during the verification process by combining the voter information and the nomenclature information together with the verification key for encryption.

(N) encrypting one of the two confirmation files through the nautical password when the nautical password is input through the step (a); (O) encrypting the other one of the two confirmation files via the nautical password when the nautical password is input through the step (h); And confirming whether or not the confirmation file encrypted in step (n) is identical to the verification file encrypted in step (o), thereby confirming whether the nautical password is correctly input even if the nautical password is not stored.

(P) of receiving the photo information photographed in real time from the voter terminal before or after the step (f), comparing the received photographed real time photographed information with pre-stored photo information to authenticate the legitimate voter, Step;

On the other hand, the present invention includes a recording medium storing a computer-readable program capable of executing the above method.

According to another aspect of the present invention, there is provided an electronic voting system comprising: an information receiving unit receiving a plurality of e-mails from a plurality of narding station terminals; And a second combination order in which the plurality of nautical control ciphers are combined differently to generate a verification key and an authentication decryption key through a first combination sequence in which the plurality of nautical control ciphers are combined, And decrypts the counting decryption key in a first combination order, and then stores the counting-use encryption key and the encrypted counting-use decryption key, and deletes the counting decryption key, A secret key generation unit for encrypting the decryption key through a second combination procedure and storing the encryption key for verification and the encryption verification key for encryption, and deleting the encryption key for verification; The voter terminal provides the voter terminal with the voter terminal with the encryption key for counting and the decryption key for verification according to the voting participation request of the voter terminal, receives the voter-vote voting information encrypted using the voting terminal encryption key at the voter terminal, A voting processor for receiving the encrypted voting information for verification using the encryption key for verification and storing the encrypted voting information in a second voting box; And a counting unit for counting the counting ballot information by decrypting the counting voting information, wherein when the information receiving unit receives a plurality of nenryquery passwords inputted from the plurality of nenry terminal units after the end of the election, 1 decryption key for decrypting the encrypted vote-counting decryption key, and the counting unit decrypts the counting ballot information encrypted and stored in the first voting box through the decrypted decryption key for decryption, so as to count the votes.

Here, the voting ballot information stored in the first voting box may be secured by secretly dividing the voter information in the form of plain text and the sign information encrypted with the encryption key for counting, so that the secret ballot can be guaranteed.

And a verifier for decrypting and verifying the voting information for verification, wherein, when a dispute arises in the result of counting votes through the counting unit, the information receiver receives the nautical control password from the plurality of nervous system terminals And the verification key decrypting unit decrypts the encrypted verification key through the second combining procedure, and the verifying unit decrypts the verification voting information encrypted and stored in the second voting box through the decryption verification decryption key It is possible to decrypt and proceed with verification.

The verification voting information stored in the second voting box can be verified whether or not the proxy voting is performed during the verification process by combining the voter information and the nomenclature information together with the verification key for encryption.

When the nEC password is received through the information receiving unit, one of the two confirmation files is encrypted through the nEC password, and when the nEC password is received after the election, Encrypting the other one of the confirmation files, and verifying whether or not the two encrypted verification files are identical to each other, so that even if the nautical password is not stored, Can be confirmed.

The present invention has the following effects.

First, when the voter is acted on the voter terminal, the ballot information for voting and the verification vote information are respectively encrypted and stored in the voting box. At this time, the voter information and the encrypted sign information of the plain text are randomly stored in the voting ballot information. Thus, during the election, as well as the completion of counting, a secret ballot is guaranteed because the specific voter does not know which candidate has voted.

In addition, if a dispute arises about the result of counting the votes, the voter information and the ballot information are bound together, and the encrypted voting information for verification can be decrypted and verified, so that cheating such as proxy voting can be detected.

In particular, when the voting action is performed, the photograph information photographed in real time is compared with the photographed image information stored in the voter informa- tion information to confirm whether or not it is an authorized voter, so that proxy voting can be prevented in advance.

Furthermore, by combining biometrics information with signage information and encrypting it, it is impossible to manipulate the synthesized information, thereby preventing third parties from stealing an ID or a voter terminal to vote.

In addition, first, a plurality of election management committee members receives the NEC password and generates an encryption key (key A, key C) and a decryption key (key B, key D) D) is stored again by encrypting (key eB, key eD) and deleting the nautical password or decryption key (key B, key D) without leaving it in the system. Can be prevented from being counted incorrectly.

In addition, when confirming whether or not the nautical authority password is matched, since it is checked whether the pair of verification files are encrypted and the encrypted verification file is identical, safety is ensured because there is no need to store the nautical authority password itself.

In addition, even if one of the election officials loses the password, it encrypts the lost password with the password of the other election commissioner and sends it to the lost person's e-mail, so if there is a will of the lost person, It is possible to reacquire the lost password.

1 is a block diagram for explaining an electronic voting operation system according to an embodiment of the present invention;
2 is a flowchart illustrating a process of generating an encryption key and a decryption key in an electronic voting operation method according to an embodiment of the present invention.
3 is a flowchart illustrating a voting process among electronic voting operations according to an embodiment of the present invention.
4 is a view for explaining an example of voting information stored in a first voting box and a second voting box in the electronic voting operating system shown in Fig. 1; Fig.
FIG. 5 is a flowchart illustrating an electronic voting process in the electronic voting operation method according to the embodiment of the present invention. FIG.
6 is a diagram for explaining a process of verifying a balloting result according to the occurrence of a complaint in an electronic voting operation method according to an embodiment of the present invention.
FIG. 7 is a diagram for explaining a process of further improving security of verification voting information in an electronic voting operation method according to another embodiment of the present invention. FIG.
8 is a diagram for explaining a process of preparing for loss of an e-voting password in an electronic voting operation method according to an embodiment of the present invention.
9 is a diagram for explaining a process of confirming a lost NEC password among the electronic voting operation methods according to the embodiment of the present invention.
FIG. 10 is a view for explaining an example of authenticating a voter through photographs among electronic voting operation methods according to an embodiment of the present invention; FIG.
FIG. 11 is a diagram for explaining another example of authenticating a voter through a photograph of an electronic voting operation method according to an embodiment of the present invention. FIG.
12 is a view for explaining an example of a process of composing images for generating verification voting information among electronic voting operation methods according to another embodiment of the present invention;

Hereinafter, preferred embodiments of the present invention will be described with reference to the accompanying drawings. However, some configurations which are not related to the gist of the present invention may be omitted or compressed, but the configurations omitted are not necessarily required for the present invention, and they may be combined by a person having ordinary skill in the art to which the present invention belongs. .

In addition, each component, server, and system described below does not necessarily have to be an independent component or server that performs each function, but may be implemented as one or more programs or one or more servers or a collection of one or more systems, May be shared.

1 is a block diagram for explaining an electronic voting operation system according to an embodiment of the present invention. 1, an electronic voting system 100 according to an exemplary embodiment of the present invention is connected to a plurality of manager terminals 190, a plurality of nervous sensor terminals 310, 320, and 330, a voter terminal 400 via a wired / wireless network, In the process, necessary information can be transmitted and received. The electronic voting operating system 100 may be a system operated by the election management committee or a system in which the voting operation is entrusted to an organization that intends to conduct the voting. Also, the electronic voting operating system 100 can be linked to the mail server for sending the voting information for verification, which will be discussed again. Hereinafter, the electronic voting operation system 100 will be referred to as a " system " for convenience.

The administrator terminal 190 is a terminal used by an employee of an organization responsible for the election and inputs election information such as candidate information, flag information, voting information, and election period through the administrator terminal 190, Lt; / RTI >

The nervous system terminals 310, 320, and 330 are terminals used by the election management committee. Election committee members set their own NEC passwords and transmit them to the system 100 to generate the necessary security keys for conducting the voting. Herein, although the ninety-five password input may be inputted through the administrator terminal 190 associated with the system 100, a method of inputting and transmitting the nineteenth-century password through the nineteenth terminal 310, 320, and 330, . As the nanny terminals 310, 320 and 330, a desktop computer, a notebook, a smart phone or a tablet PC can be used. Also, in order to improve the security, it is supposed that there should be a plurality of election management committee members. In this embodiment, it is assumed that three election management committee members use each of the three election management terminals 310, 320, and 330.

The voter terminal 400 is a terminal used by a voter having a voting right, and the voter terminal 400 can be applied to various types such as the nanny terminals 310, 320, Hereinafter, it is assumed that the voter terminal 400 is a smart phone.

The electronic voting operating system 100 includes an interface providing unit 110, an information receiving unit a 115, an information providing unit a 120, a password checking unit 125, a security key generating unit 130, a voting unit 135, A voting unit 140, a verifying unit 145, a security key storing unit 150, an election information storing unit 155, a first voting box 160, and a second voting box 165.

The interface providing unit 110 connects a communication channel for sending and receiving information to and from the administrator terminal 190, the ninth terminal terminal 310, 320, and 330 and the voter terminal 400, and provides a user interface .

The information receiving unit 115 is provided to receive various information from the administrator terminal 190, the ninth terminal 310, 320, and 330, and the voter terminal 400. For example, the information receiving unit 115 may receive the election information input from the administrator terminal 190. [ Also, the information receiving unit 115 can receive the navel password inputted from the navel terminal units 310, 320 and 330. Also, the information receiving unit 115 can receive voting information from the voter terminal 400 that has completed voting.

The information providing unit 120 is provided to provide various information to the administrator terminal 190, the ninth guiding terminal 310, 320, and 330 and the voter terminal 400 side. For example, the information providing unit (a) 120 may transmit the candidate information, the flag information, and the encryption key to the voter terminal 400 side.

The password check unit 125 is provided to check whether the noyalty password before the start of the election and the noyalty password after the end of the election inputted by the nodal terminal units 310, 320,

The security key generation unit 130 is provided for generating a security key such as an encryption key for encrypting the sign information and a decryption key for decrypting the encrypted sign information using the ninth security code inputted from the nerve terminal units 310, . Also, the security key generator 130 encrypts and stores the decryption key again to improve security, and decrypts the decrypted decryption key at the end of the election.

The voting processing unit 135 processes a series of processes according to the voting procedure to the voter terminal 400 accessing the system 100 during the election period. For example, the voting processing unit 135 may extract candidate information, base marker information, and the like stored in the election information storage unit 155 at the request of the voter terminal 400, The encryption key stored in the security key storage unit 150, or the signing information may be received and stored in the voting boxes 160 and 165.

The counting unit 140 performs counting by decrypting the voting information from the voting ballot information stored in the first voting box 160 using the decryption key decrypted by the security key generating unit 130 at the end of the election.

The verification unit 145 performs verification by decrypting the verification vote information stored in the second voting box 165 using the decryption key decrypted by the secret key generation unit 130 in order to prepare for future occurrence of a dispute.

The security key storage unit 150, the election information storage unit 155, the first voting box 160, and the second voting box 165 are databases for storing various information necessary for the voting process.

The security key storage unit 150 stores the encryption key for counting vote, the decryption key for counting, the encryption key for verification, and the decryption key for verification generated by the security key generation unit 130. [ Also, the security key storage unit 150 stores the decryption key for decryption and the decryption key for verification in the secure key generation unit 130 when the decryption key is encrypted.

The election information storage unit 155 is provided for storing information such as candidates' information, base cover information, voting information, and election time for running for the election. Here, the voter information is information about the persons having the right to vote, and may include ID, mobile phone number, resident registration number, name, photo information, and the like.

The first voting box 160 is provided for storing voting ballot information, and the second voting box 165 is provided for storing validation voting information.

The voter terminal 400 includes an information receiving unit b 405, an information providing unit b 410, a screen output unit 415, a key input unit 420, a sign processing unit 425, and a photographing unit 430.

The information receiving unit b 405 is provided for receiving candidate information, base marker information, encryption key, and the like from the system 100.

The information providing b 410 is provided for transmitting the voting information inputted by the voter to the system 100.

The screen output unit 415 is provided for outputting candidates information and base cover information. The key input unit 420 displays the candidate information for the specific candidate (or pros and cons) through the base cover information output through the screen output unit 415 It is prepared to enter the signing act. Here, the screen output unit 415 and the key input unit 420 may be integrally manufactured by a touch screen method.

The sign processing unit 425 is provided to perform the entire process required in the voting process. For example, the sign processing unit 425 receives the voter's login information and transmits it to the system 100. When the voter authentication is completed in the system 100, the sign processing unit 425 controls the candidate information and the base page information to be displayed on the screen. And is provided for copying, encrypting and transmitting the signature information to the system 100 when inputted.

The photographing unit 430 is provided for photographing a photograph or a moving image.

Here, the voter terminal 400 may be a smartphone possessed by a voter, and a series of voting processes may be performed through a dedicated application transmitted through the system 100 or a separate app store. That is, the voter processing unit 425 of the voter terminal 400 may be a software configuration that is processed through a dedicated application installed in the voter terminal 400, rather than a hardware configuration.

The description of the configurations of the electronic voting operating system 100 and the voter terminal 400 according to the above-described embodiments of the present invention will be described with reference to the explanation of the electronic voting operation method explained in FIGS. 2 to 12 It will be more concrete.

2 to 9 are views for explaining an electronic voting operation method according to an embodiment of the present invention.

Prior to the description, definitions of various kinds of information to be described below will be described in advance.

[NEC]: It is a password entered by each election management committee through the nineteenth party terminals 310, 320 and 330, and is for performing encryption key and decryption key generation, encryption of a decryption key, and decryption of an encrypted decryption key. Three election officials are exemplified and distinguished by the first NEC code, the second NEC code and the third NEC code, respectively.

[Key A]: An encryption key generated through a first combination sequence of the NEC codes (for example, a combination of the 1-2-3 NEC codes), and is used to encrypt sign information from the ballot information for counting votes. The RSA (Rivest Shamir Adleman) Public Key method is applied when encrypting signatories information.

[Key B]: This is a decryption key generated through a first combination sequence of the nautical control password (for example, combination of the 1-2-3 nautical control passwords), and is used when decrypting the key information encrypted with the key A. In other words, it is used in the process of counting. The RSA private key method is applied when decrypting the signing information.

[Key C]: An encryption key generated through a second combination order of the nautical authority password (for example, a combination of the 3-2-1 nautical policy passwords), and is used to encrypt the entire voting information for verification. RSA public key method is applied for encryption.

[Key D]: This is a decryption key generated through a second combination sequence of the nautical control cipher (for example, a combination of the 3-2-1 nautical control cipher) and is used for decrypting the verification voting information encrypted with the key C. That is, it is used in the verification process. When decrypting, the RSA private key method is applied.

[Key eB]: The key B is encrypted in the first combination order, and the AES (Advanced Encryption Standard algorithm) method is applied.

[Key eD]: The key D is encrypted in the second combination order, and the AES scheme is applied.

[Voting ballot information]: Information including voter information (ID, mobile phone number, social security number, name, signature, photograph) that can identify the voter and sign information that selects (or selects) . In voting ballot information, only the ballot information is encrypted with key A.

[Voting for verification]: Includes voter information and voting information, but the voter information and the voting information are combined and are all encrypted together with the key C. In addition, when performing the process of FIG. 7, the biometric information is synthesized with the signature information so that the whole information can be encrypted together with the voter information.

[Confirmation File A, Confirmation File B]: Confirmation file A and B are the same dummy file in order to check whether the nautical password input from the nineteenth party terminal (310, 320, 330) agrees with the first inputted password. That is, the verification file A is encrypted through the initial NEC password, the verification file B is encrypted through the NEC password, and then compared with each other, it can be confirmed whether the NEC password has been correctly input. Of course, if there are three NEC codes, you have to encrypt the NEC files A and B with each NEC secret code.

FIG. 2 is a flowchart illustrating a process of generating a secret key in an electronic voting operation method according to an embodiment of the present invention. That is, the electronic voting operating system 100 shown in FIG. 1 receives a nautical control password from the nautical control terminals 310, 320, and 330 to generate and store an encryption key and a decryption key.

First, the pre-election election commissioner inputs the NEC password through each nose terminal 310, 320, and 330 and transmits it to the system 100 (S205). At this time, since it is possible to enter wrong password of the NEC, it can be confirmed by inputting it twice. Whether or not the two-entered nautical password is matched may be a process of encrypting the confirmation file and reviewing the correspondence, which will be described in FIG. 5 below.

When the information receiving unit a 115 of the system 100 receives the three noyalty passwords (the first ninth custody password to the third ninth census password), the password checker 125 encrypts the confirmation file A with each nanny password Quot; S210 ". At this time, the confirmation file B paired with the confirmation file A is not encrypted, and is used for confirming whether or not the nautical authority password is matched at the time of counting or verification.

Then, the security key generating unit 130 of the system 100 generates a key A, which is an encryption key for counting, and a key B, which is a decryption key for counting, through a first combination sequence in which three nautical control passwords are combined in a specific order >.

Also, the security key generation unit 130 generates a key C, which is an encryption key for verification, and a key D, which is a verification decryption key, through a second combination order in which the order of the novice secrets is different.

Thereafter, the security key generation unit 130 generates the key eB by encrypting the key B, which is the decryption key for the counting, through the first combination order, and encrypts the key D as the decryption key for verification through the second combination order Key eD < S230 >. When encrypting the key B and the key D, the AES method is applied.

The generated key A, key eB, key C, and key eD are stored in the secure key storage unit 150. During the election, the decryption keys, Key B and Key D, should not exist in the system 100. That is, since the key B and the key D can decrypt the voting information, they are completely deleted after being encrypted with the key eB and the key eD, respectively.

In the present embodiment, both the encryption key (key A and key C) and the encrypted decryption keys (key eB and key eD) are stored and stored in the security key storage unit 150 of the system 100, (Key eB, key eD) may be stored in a separate server capable of maintaining security.

When generating the decryption key (key B, key D) and encrypted decryption key (key eB, key eD) in the secret key generation unit 130, a predetermined election period can be set together. That is, if the election period is not ended, decryption keys (key eB, key eD) can not be decrypted even though the ninth decryption key is input through an impure path, and the decryption keys (key B, key D) The encryption of the voting information can not be released even if it is deleted.

FIG. 3 is a flowchart for explaining a voting process among electronic voting operation methods according to an embodiment of the present invention. That is, the security key is generated through the process of FIG. 2 through the electronic voting operating system 100 shown in FIG. 1 through the eNew password, and the process of the voters participating in the voting is started. Prior to the discussion, voters can participate in online voting on desktop computers, laptops, smartphones, or tablet PCs. Below are examples of smartphone users with pre-installed applications for voting, .

The voter can connect to the system 100 by driving a dedicated application of the voter terminal 400 and inputting a predetermined ID and password. Of course, the voting processing unit 135 of the system 100 may go through the authentication process using the ID and the password for the connection of the voter terminal 400. [ Of course, in addition to ID and password, real name authentication may be performed through fingerprint recognition or certificate checking, or an authentication process may be performed through photographic information shot in real time to prevent proxy voting. Here, the authentication procedure using the photo information will be described again with reference to FIG. 10 and FIG.

When the voter terminal 400 accesses the system 100 and performs a predetermined authentication procedure and requests participation of the vote <S305>, the voting processing unit 135 of the system 100 registers the candidate stored in the election information storage unit 155 And provides the information to the voter terminal (400). The voting processing unit 135 also provides the voting terminal 400 with the encryption key (key A, key C) stored in the security key storage unit 150.

When receiving the candidate information, the banner information, and the encryption key (key A, key C) through the information receiving unit b 405 of the voter terminal 400, the nominal processing unit 425 associates with the screen output unit 415, When the voter who confirmed the candidate information selects the specific candidate from the cover page through the key input unit 420 and completes the reference, the reference processing unit 425 displays the information of the completed reference information (S320). The reason for copying the signatory information is to use it not only for counting but also for verification in the event of a dispute.

Then, the ticket processing unit 425 of the voter terminal 400 encrypts only the ticket information through the key A, prepares the voting ballot information in which the voter information (information capable of identifying the voter, such as ID) and the ticket information are separated (S325 >. Here, encrypting only the voting information means that voter information is prepared in plain text, not in cipher text.

Subsequently, the ticket processing unit 425 transmits to the system 100 the voting ballot information in which the voter information and the ticket information are separated through the information providing unit b 410 (S330). When transmitting voting information, the secure transmission function of https is applied. When the information receiving unit 115 of the system 100 receives the voting ballot information, the voting processing unit 135 separates the voter information and the nomenclature information from the voting ballot information into the first voting box 160 and stores it. At this time, since the voter information and the nomenclature information are separated from each other in the voting ballot information, it is possible to randomize them as shown in the example shown in Fig. In other words, the voting ballot information received from one voter includes both the voter information and the nomination information, but when the voting processor 135 stores the voting ballot information in the first voting box 160, the voter information includes voter information, Is stored in a random manner so as not to coincide with each other. Accordingly, even if the first voting box 160 is opened, it is not possible to know which candidate has been voted by a specific voter (guarantee of secret voting).

Thereafter, the voting processing unit 135 of the system 100 requests the voter terminal 400 for the verification vote information S340. When the voter terminal 400 receives the request for the verification vote information, the signature processing unit 425 prepares the verification vote information by encrypting the whole of the combination of the voter information and the sign information through the key C (S345). Here, encrypting the whole means that unlike vote-counting voting information, voter information is unified and encrypted together.

Thereafter, the signature processing unit 425 transmits the entire encrypted verification verification information to the system 100 through the information providing unit b 410 (S350). Similarly, when transmitting voting information, the secure transmission function of https is applied. When the information receiving unit 115 of the system 100 receives the verification voting information, the voting processing unit 135 stores the verification voting information in the second voting box 165 (S355). At this time, since the voter information and the sign information in the verification vote information are encrypted and bound together, they are stored separately in the second voting box 165 without being separately stored and matched as shown in FIG.

Thereafter, the voting processing unit 135 counts the number of votes stored in the first voting box 160 and the second voting box 165 to check whether the voting ballot information and the verification voting information are correctly stored without error (S360). If the counting is normally performed, the voting processing unit 135 instructs the voter terminal 400 to complete the voting in connection with the information providing unit 120 and the interface providing unit 110 (S365).

Meanwhile, the second voting box 165 for storing the verification vote information may be located outside the system 100. In other words, the voting information for verification is the information that is read only when there is a dispute after the election period ends and there is a court ruling. In addition, the electronic voting operation system 100 may be a system 100 that is not operated directly by the election management committee, but is operated only by being entrusted only to the election period (up to a mark). In other words, in a state in which it is impossible to know when to view, the voting information for verification can not be stored in the system 100 that is temporarily entrusted. Accordingly, the second voting box 165 for storing the voting information for verification may be a separate database (not shown) directly operated by the election management committee, not by the system 100.

Alternatively, when the system 100 receives the voting information for the verification from the voter terminal 400, the voting processing unit 135 associates with the information providing unit a 120 via a separate mailing server (not shown) It may be sent by e-mail to the designated Election Commission. That is, after sending the e-mail, the voting information for verification is deleted from the system 100 or the mailing server, and the voting information for verification is stored only in the e-mail account of the election management committee. In this case, the second ballot box 165 may be a depository of the e-mail used by the election management committee staff member.

FIG. 3 illustrates a series of voting procedures for one voter. During the election period, a plurality of voters can repeat the process of FIG. 3 to participate in the voting.

FIG. 5 is a flowchart illustrating an electronic voting operation method according to an embodiment of the present invention.

That is, through the process of FIG. 3, when a plurality of votes are made during the election period, and the election period ends, the system 100 performs a process for counting votes. That is, the counting unit 140 of the system 100 requests the input of the nailership password to the nardin terminal 310, 320, 330 and inputs the navel password at the nardin terminal 310, 320 or 330 and transmits it to the system 100 <S505> (The first ninth custody password to the third ninth custody password) in the information receiving unit 115 of the control apparatus 100. The password check unit 125 checks the confirmation file B paired with the confirmation file A Encryption is performed with each received NEC password <S510>. Then, in the process of FIG. 2, it is confirmed whether or not the encrypted verification file A is matched with the verification file B encrypted by the nautical-mode password input for counting <S515. If the encrypted verification files A and B do not match (S520), the password checker 125 determines that the password is inconsistent and needs to be re-entered to the nerve terminal units 310, 320, and 330 in association with the information providing unit 120 (S525). On the other hand, if the encrypted verification files A and B match (S520), the security key generation unit 130 generates the encryption key for decryption, which is encrypted through the first combination procedure used for encrypting the decryption key for decryption (key B) Decodes the key (key eB) (S530). The decryption key for decryption (key B) is prepared and decrypted (Step S535) by using the key B to encrypt and store the encrypted signature information in the first voting box 160 to proceed with counting <S540.

Here, in the process of confirming whether the nautical-qualification password inputted in the counting process matches with the nautical-qualification password input for generating the security key before the election, the pair of dummy files are encrypted with respective nautical-qualities passwords, It is possible to confirm whether or not the nautical authority password is matched even if it is not saved in the system 100. Therefore, there is no fear that the NEC password will remain in the system 100.

Meanwhile, in the security key generation process of FIG. 2, it is possible to erroneously input the NEC code so that it is inputted twice. In this case, whether or not the NEC code entered twice is encrypted is also encrypted A comparison method can be used.

FIG. 6 is a diagram for explaining a process of verifying a balloting result according to the occurrence of a complaint in the electronic voting operation method according to the embodiment of the present invention.

In other words, normal voting and counting may be completed through the process up to FIG. 5, but a dispute may arise such as a complaint of a candidate or possibility of error in computation. If a ruling is made that a dispute has arisen and needs to be verified by the court, a verification process as shown in FIG. 6 is performed.

The verification unit 145 of the system 100 requests the novale terminal 310, 320, or 330 to input the noypal code and when the novelliptic terminal 310, 320 or 330 receives the noval password and transmits it to the system 100 in step S605, The decryption unit 130 decrypts (S610) the decryption key for encryption (key eD) encrypted through the second combination sequence previously used for encrypting the verification decryption key (key D). Of course, the password check process using the confirmation files A and B can be performed even when receiving the NEC password for verification.

Accordingly, a verification decryption key (key D) is prepared, and verification S615 can be performed by decoding the verification voting information encrypted and stored in the second voting box 165 using the key D (S615).

Here, the voting information for verification stored in the second voting box 165 is the one in which the voter information and the sign information are combined and encrypted. Therefore, if the verification voting information is decrypted using the key D, the voter information and the sign information will be extracted in a matched state. In other words, it is possible to see which voter participated in the voting and which candidate was voting.

There may be several reasons for the dispute over the results of the election. Among them, proxy voting is the most problematic in electronic voting. In other words, it is registered in the voting information, but there is a complaint that the voting was done even though the voting was not done, or another person may have taken an ID and participated in the proxy voting. Therefore, if verifying voting information that matches voter information and voting information is verified, voting by voters who have impure intentions, or verification of signatures, can be detected.

On the other hand, the voting information for verification may be kept in a separate e-mail used by the Election Commission's staff. In this case, when performing the verification process, the election management committee can re-commission the system 100 and download the verification voting information stored in the e-mail of the staff member to provide the system 100 with the verification.

In addition, the voter information matched with the signature information in the verification vote information may further include photograph information or moving picture information in addition to the ID and signature of the voter. At this time, the photo information and the motion picture information are information shot in real time in the voting process through the process of FIG. 7, FIG. 10, or FIG. Therefore, by checking photo information or video information captured and stored in real time, proxy voting can be accurately detected.

7 is a diagram for explaining a process of further improving the security of the verification voting information in the electronic voting operation method according to another embodiment of the present invention. The voting process shown in FIG. 7 is substantially similar to the process of FIG. 3, but differs in that biometric information is utilized in the billing process.

When the voter terminal 400 requests the voting participation (S705) by accessing the system 100, the voting processing unit 135 of the system 100 extracts the candidate information and the cover page information stored in the election information storage unit 155 And provides it to the voter terminal 400. The voting processing unit 135 also provides the voting terminal 400 with the encryption key (key A, key C) stored in the security key storage unit 150 (S710).

When the voter terminal 400 receives the candidate information, the base tag information, and the encryption key (key A, key C), the base tag processing unit 425 associates the candidate information and the base tag information with the screen output unit 415, do.

Furthermore, the sign processing unit 425 outputs an input guidance screen of the biometric information. Biometric information can be a face photograph taken in real time using a camera, a fingerprint inputted through a fingerprint recognition means, and the like. In other words, the biometric information can specify a person who is currently using the voter terminal 400, and is information that is not originally possible to be input by another person such as an ID or a signature.

After the biometric information is input in real-time <S715>, when the voter who confirmed the candidate information selects the specific candidate from the base cover through the key input unit 420 and completes the base, the base processing unit 425 obtains the base- (S720).

Then, the voter processing unit 425 of the voter terminal 400 encrypts only the voting information via the key A, and prepares ballot voting information in which the voter information (information capable of identifying the voter, such as an ID) and the voting information is prepared <S725 And transmits the balloting voting information to the system 100 through the information providing b 410 (S730). When the information receiving unit 115 of the system 100 receives the balloting voting information, the voting processing unit 135 separates the voter information and the ballot information from the ballot voting information into the first ballot box 160, <S735>.

Then, the voting processing unit 135 of the system 100 requests the voter terminal 400 for the verification vote information (S740). When the voter terminal 400 receives the request for the verification vote information, the signature processing unit 425 synthesizes the biometric information with the signature information (S745).

Biometric information is face photograph or fingerprint information, which can be commonly generated as an image file. Also, the sign information can be prepared as an image file in which a ballot stamp is shot on a specific candidate. Referring to FIG. 12, an example (facial photograph) of the biometric information image can be confirmed through FIG. 12 (a), and an example of the reference information image can be confirmed through (b). Synthesizing biometric information with the signature information refers to an operation of superimposing an image layer called biometric information on the image layer called sign information and synthesizing the biometric information into one image file as shown in FIG. 12 (c).

When the biometric information is synthesized with the sign information, the sign processing unit 425 prepares the verification vote information by encrypting the whole of the combination of the voter information and the sign information (the biometric information is synthesized) through the key C <S750>. Of course, when biometric information is synthesized by the image synthesis method in the sign information, the text form voter information (ID, etc.) can also be synthesized together with the sign information as an image. If both the voter information and the biometric information are synthesized in the sign information , It is possible to prepare the verification vote information in which the entire necessary information is encrypted even if only the sign information is encrypted.

Thereafter, the sign processing unit 425 transmits the entire encrypted verification verification information to the system 100 through the information providing unit b 410 (S755). When the information receiving unit 115 of the system 100 receives the verification voting information, the voting processing unit 135 stores the verification voting information in the second voting box 165 and the first voting box 160 and the second voting box 160 Counts the number of votes stored in the voting box 165 and confirms whether the voting ballot information and the verification voting information are correctly stored without error (S760). If the counting is normally performed, the voting processing unit 135 instructs the voter terminal 400 to complete the voting in connection with the information providing unit 120 and the interface providing unit 110 in step S765.

7, the voting ballot information stored in the first voting box 160 is the same as the voting ballot information stored through the procedure of FIG. The verification voting information stored in the second voting box 165 is different. That is, in the voting information for verification stored in the process of FIG. 7, the voter information (ID, etc.) as well as the nomenclature information and the biometric information are synthesized into an image. The biometric information can be a face photograph or fingerprint information obtained during the voting process, so that it is clear to whom the actual vote was made. In other words, biometric information is information that is not originally input by another person such as an ID or a signature. Therefore, the verification process reveals the possibility of proxy voting, thereby preventing an attempt of a proxy voting by a third party.

Furthermore, the biometric information does not use previously stored information but uses information acquired in real time at the time of voting. Since the biometric information is encrypted in the state that the biometric information is synthesized with the reference information as shown in FIG. 12 (c) It is also impossible to manipulate only the content of the signature information in the synthesized image.

In the process of FIG. 7, the voter terminal 400 may be pre-authenticated through the photo information in the process of transmitting the ballot voting information at the time of first connection or after the ballot is completed. .

FIGS. 8 and 9 are views for explaining a process of preparing for loss of an e-voting password in an electronic voting operation method according to an embodiment of the present invention.

That is, according to the present invention, before the election is started, the election administration cipher is inputted respectively from three election management committee members to generate a security key, and at the end of the election period, Lt; / RTI &gt; At this time, in order to decrypt the decryption key, it is necessary to combine three decryption keys. Therefore, even if one election commissioner loses his or her password, it can not be counted and verified.

As a method to prepare for loss of the nautical authority password, there is a method to write each NEC cipher code in a manual and seal it and keep it in a safe. In addition, in order to prevent the leakage of the password, an ultraviolet pen may be used. Sealed and stored in safe, the NEC code can be unsealed only when all the election officials are present at the time of the loss of the password.

In addition, the prevention measures shown in Figs. 8 and 9 may be applied. For example, it is assumed that the first election management committee using the first ninth exemplary terminal 310 has lost the first nemesis password.

2, when an e-commerce secret code is input and transmitted to the system 100 (S205), the secret code check unit 125 of the system 100 transmits the first secret code to the second secret code Encrypt <S805> with a combination of passwords. Then, the encrypted first nautical-mode password is transmitted to the e-mail of the first registered electoral administration committee <S810>.

Of course, it is not known who will lose the password of the three election officials, so take the same action for other election officials.

If the first election management committee recognizes that the password has been lost in the counting preparation process or in the preparation for the verification and notifies the system 100 of the password <S905>, the system 100 transmits the password to the first ninth exemplary terminal 310 And requests the encrypted first nautical authority password <S910>.

In other words, the first election committee member can download the 'Encrypted First NCO code' in a file form when accessing his or her e-mail, although he can not remember the first nCO password. Of course, the encrypted First NCO code can not be confirmed by the first election official.

When the first election management committee thus receives the encrypted first nautical power password in the e-mail, it transmits it to the system 100 (S915). Even if the information receiving unit 115 of the system 100 receives the encrypted first noyalty password, the system 100 can not yet know what the first noyanny password is.

The password check unit 125 requests the second and third nervous system terminals 320 and 330 to input the nervous system password at step S920 and the second and third nervous terminal terminals 320 and 330 The system control unit 125 of the system 100 transmits the first noyalty password encrypted with the combination of the second noyowniary password and the third noyannen password to the system 100 By decrypting < S930 >, the first ninth privilege encryption can be obtained (S935).

8 and 9, even if one of the electoral management committee members misses the password, the remaining election commissioner obtains the lost password by using the NEC password, so that normal canvassing and verification It is possible.

Of course, there should be no intentional acquisition of any one password by the other two. To this end, the preventive measure can be verified only if two other people have helped, and the lost password can be confirmed only by accessing the lost person's e-mail. Therefore, it is a structure to re-acquire the lost password only if there is a will of the lost person.

10 and 11 are diagrams for explaining a process of authenticating a voter among the electronic voting operation methods according to the embodiment of the present invention. That is, if a voter accesses the system 100 for voting, he or she can perform identity verification through ID, password, and certificate, but can not completely prevent proxy voting. For this purpose, it is possible to apply a method of authenticating the rightful voter through real-time photographic information. In the case of the authentication through the photo information, the voting process may be performed after the authentication is completed, or the voting completion process may be performed through the authentication after the voting is finished. FIG. 10 is a process of the former, And the like.

3, the voter terminal 400 accesses the system 100 and requests participation of the voter (S305). The voter processing unit 135 of the system 100 transmits the voter participation request to the voter terminal 400 Requesting the photograph information <S1005>.

Here, the request for the photo information is not a request for the photo information stored in the voter terminal 400 but requests the photo information photographed in real time. Therefore, upon receiving a request for a photograph information from the information receiving unit b 405 of the voter terminal 400, the nominal processing unit 425 drives the photographing unit 430 and processes the photographing interface so as to output <S1010.

When the voter <S1015> photographs the face of the user, the nominal processing unit 425 transmits the photograph information photographed in conjunction with the information providing unit (b) to the system 100 (S1020).

Upon receiving the photo information from the information receiving unit 115 of the system 100, the voting processing unit 135 obtains the photo information of the corresponding voter (identified by the ID) from the voter information stored in the election information storage unit 155 . As described above, the voting information stored in the election information storage unit 155 may include an ID, a mobile phone number, a resident registration number, a name, photograph information, and the like. Accordingly, it is determined whether or not the voter information is valid through the ID of the connected voter, and the already stored photo information is compared with the photographed information photographed in real time from the voter terminal 400 (S1025) can do. Here, in order to confirm whether the same person is the same person through the comparison of the face photographs, a known facial recognition technique may be applied.

If it is authenticated that the valid voter is a valid voter by comparing the photographic information stored in the voter information with the photographic information photographed in real time, the baseball information, the key A, and the key C are provided to the voter terminal 400 S310. &Lt; / RTI >

On the other hand, if the authentication is not performed in the comparing process of the photograph information, the voter terminal 400 is notified that the authentication has failed (S1035). If the authentication fails, the voter terminal 400 does not provide the sign information or the encryption key, and measures such as photographing and transmitting the photograph again can be performed.

11 is a view for explaining another example of the voter authentication process through photo information. That is, if there is a voting participation request S305 of the voter terminal 400 in FIG. 3, the system 100 once transmits the base tag information, the key A, and the key C to the voter terminal 400, &Lt; S315 >

11, the ticket processing unit 425 of the voter terminal 400 drives the photographing unit 430 to output the photographing interface < S1105 >. The voter photographs the face of the person himself / herself (S1110) do. At this time, video shooting can be performed together with photo shooting.

When photographed picture information and moving picture information are temporarily stored in a memory (not shown) of the voter terminal 400, the sign processing unit 425 outputs a signature screen to the screen output unit 415 (S1115). A signature is used to confirm that a voter has voted directly. A signature screen can be displayed on the touch screen to perform a signature.

At this time, the photo information or the moving picture information photographed in the preceding process may be output together with a partial area (e.g., the bottom) of the signature screen. In other words, the voter can check whether the photographed photo or video was taken properly while signing.

When the voter completes the signature and touches a separate completion button <S1120>, the signature processing unit 425 copies one copy of the signature information <S1125>.

Thereafter, the sign processing unit 425 encrypts only the sign information through the key A, and prepares the counting vote information in which the voter information and the sign information are separated (S1130). Here, in addition to the ID and the mobile phone number, the voter information includes the signature information input through the signature screen, the photograph information and the moving picture information shot in real time.

When the ballot voting information is prepared in this manner, the nominal processing unit 425 transmits (S1135) to the system 100 through the information providing unit b 410. Upon receipt of the voting ballot information at the information receiving unit 115 of the system 100, the voting information is not stored in the first voting box 160 but is authenticated through the photo information.

In other words, the voting processing unit 135 extracts the photograph information for the corresponding voter from the voting information stored in the election information storage unit 155, and includes the voting ballot information in the plain text state (meaning that it is not encrypted) (S1140) by comparing with the photographic information of the voter information.

If the valid voter is authenticated (S1145), the voting processing unit 135 of the system performs the subsequent process of FIG. 3, which randomizes the voter information and the sign information into the first voting box 160 and randomizes it.

On the other hand, if it is not authenticated in the process of comparing the photograph information, the voter terminal 400 is informed that the authentication has failed (S1150), and the photographing and the signing process are performed again.

On the other hand, the photograph information photographed in real time included in the voter information is used for authenticating beforehand whether the legitimate voter is voting before the voting is finished, and the video information is also included in the later verification voucher information, It is used to verify that you are a valid voter during the verification process.

Of course, in the process of FIG. 7 described above, it has already been explained that the photo information to be combined with the sign information is used for later verification but is difficult to operate.

As described above in detail, according to the present invention, the following effects can be obtained.

When the voter terminal 400 performs the voting operation, the voter information and the verification voting information are encrypted and stored in the voting box. At this time, the voter information of the plain text and the encrypted reference information are randomized . Thus, during the election, as well as the completion of counting, a secret ballot is guaranteed because the specific voter does not know which candidate has voted.

In addition, if a dispute arises about the result of counting the votes, the voter information and the ballot information are bound together, and the encrypted voting information for verification can be decrypted and verified, so that cheating such as proxy voting can be detected.

In particular, when the voting action is performed, the photograph information photographed in real time is compared with the photographed image information stored in the voter informa- tion information to confirm whether or not it is an authorized voter, so that proxy voting can be prevented in advance.

Furthermore, by combining the biometric information with the sign information, the synthesized information can not be manipulated, thereby preventing the third party from voting by stealing the ID or the voter terminal 400. [

In addition, first, a plurality of election management committee members receives the NEC password and generates an encryption key (key A, key C) and a decryption key (key B, key D) D) is stored again by encrypting (key eB, key eD) and deletes the nautical password or decryption key (key B, key D) without leaving it in the system 100, It is possible to prevent an incorrect counting before inputting.

In addition, when confirming whether or not the nautical authority password is matched, since it is checked whether the pair of verification files are encrypted and the encrypted verification file is identical, safety is ensured because there is no need to store the nautical authority password itself.

In addition, even if one of the election officials loses the password, it encrypts the lost password with the password of the other election commissioner and sends it to the lost person's e-mail, so if there is a will of the lost person, It is possible to reacquire the lost password.

The foregoing description of the preferred embodiments of the present invention has been presented for the purpose of illustration and it will be apparent to those skilled in the art that various modifications, additions and substitutions are possible within the spirit and scope of the invention, And additions should be considered as falling within the scope of the claims of the present invention.

100: Electronic voting operation system
110: interface provisioning
115: information receiving unit a
120: Information providing a
125: Password check section
130: Security key generation unit
135:
140:
145:
150: Security key storage unit
155: election information storage section
160: 1st Voting Box
165: 2nd Voting Box
190: administrator terminal
310: First nose terminal
First NCO password
320: The second nose terminal
Second NEC password
330: Third NEC terminal
Third NEC code
400: Voter terminal
405: Information receiving section b
410: Information providing b
415:
420: key input unit
425:
430:

Claims (12)

(A) receiving nautical mileage passwords from a plurality of nautical mile terminals before the start of the election;
(B) generating an encryption key for counting keys and a decryption key for counting through a first combination sequence in which the plurality of nautical control ciphers are combined;
(C) generating an encryption key for verification and a decryption key for verification through a second combination order in which the plurality of nailership passwords are differently combined;
(D) after encrypting the counting decryption key through a first combination procedure, storing the counting encryption key and the encrypted counting decryption key, and deleting the counting decryption key;
(E) encrypting the verification decryption key by a second combination procedure, storing the verification encryption key and the encrypted verification decryption key, and deleting the verification decryption key;
(F) providing the voter terminal with the voting terminal's encryption key and the verification decryption key according to a voting participation request of the voter terminal;
The voter terminal receives the voting ballot information encrypted using the voting ticket encryption key and stores it in the first voting box, receives the encrypted voting information encrypted using the verification encryption key, and stores it in the second voting box g) step;
(H) receiving the nautical control passwords from the plurality of nervous system terminals after the completion of the election;
(I) decrypting the encrypted voting decryption key through the first combination procedure; And
(J) decrypting the voting ballot information encrypted and stored in the first voting box through the decrypted voting decryption key to proceed with counting.
The method according to claim 1,
Wherein the ballot voting information stored in the first ballot box is randomly divided and stored as a voter information in a plain text form and encrypted reference information encrypted with the encryption key for counting, Way.
The method according to claim 1,
(K) receiving the nautical-mode passwords from the plurality of nautical terminal devices when a dispute arises in the result of the counting process according to the step (j);
(L) decrypting the encrypted verification decryption key through the second combination procedure; And
Further comprising: (d) decrypting the verification vote information encrypted and stored in the second voting box through the decryption key for verification to perform verification.
The method of claim 3,
Wherein the verification voting information stored in the second voting box is a combination of the voter information and the nomenclature information and is encrypted and stored through the encryption key for verification so that the proxy voting operation can be confirmed when the verification is in progress.
The method according to claim 1,
(N) encrypting one of the two confirmation files through the super administrator password when the super administrator password is input through the step (a);
(O) encrypting the other one of the two confirmation files via the nautical password when the nautical password is input through the step (h); And
It is possible to confirm whether or not the nautical password is correctly input even if the nautical password is not stored by checking whether the confirmation file encrypted in the step (n) and the confirmation file encrypted in the step (o) Electronic voting operation method.
The method according to claim 1,
(P) receiving photo information photographed in real time from the voter terminal before or after the step (f), comparing the received photographed photographed information with pre-stored photographed information to authenticate a valid voter; Further comprising the steps of:
A recording medium on which a computer-readable program capable of executing the method of any one of claims 1 to 6 is stored.
An information receiving unit for receiving a plurality of nailership passwords input from a plurality of nerve center terminals;
And a second combination order in which the plurality of nautical control ciphers are combined differently to generate a verification key and an authentication decryption key through a first combination sequence in which the plurality of nautical control ciphers are combined, And decrypts the counting decryption key in a first combination order, and then stores the counting-use encryption key and the encrypted counting-use decryption key, and deletes the counting decryption key, A secret key generation unit for encrypting the decryption key through a second combination procedure and storing the encryption key for verification and the encryption verification key for encryption, and deleting the encryption key for verification;
The voter terminal provides the voter terminal with the voter terminal with the encryption key for counting and the decryption key for verification according to the voting participation request of the voter terminal, receives the voter-vote voting information encrypted using the voting terminal encryption key at the voter terminal, A voting processor for receiving the encrypted voting information for verification using the encryption key for verification and storing the encrypted voting information in a second voting box; And
And a counting unit for counting the counting ballot information by decoding the counting ballot information,
When the information receiving unit receives a plurality of NEC passwords input from the plurality of nNOC terminals after the end of the election, the security key generator decrypts the encrypted voter's decryption key through the first combination order, And decrypts the counting ballot information encrypted and stored in the first voting box through the decrypted decryption key for counting to proceed with the counting process.
9. The method of claim 8,
Wherein the ballot voting information stored in the first ballot box is randomly divided and stored as a voter information in a plain text form and encrypted reference information encrypted with the encryption key for counting, system.
9. The method of claim 8,
And a verification unit decoding the verification vote information to conduct verification,
When a dispute arises in the counting result through the counting unit, the information receiving unit receives the nenyiness level passwords from the plurality of nenly terminal units, and the secret key generation unit generates the encrypted verification decryption key through the second combination order Wherein the verification unit decrypts the verification voting information stored in the second voting box through the decryption verification key for decryption, and performs the verification.
11. The method of claim 10,
Wherein the verification voting information stored in the second voting box is a combination of the voter information and the nomenclature information and is encrypted and stored through the encryption key for verification so that the proxy voting operation can be confirmed when the verification is in progress.
9. The method of claim 8,
Encrypts one of the two confirmation files through the optician password when the optician password is received before the start of the election through the information receiver, and if the optician password is received after the election is terminated, And a password check unit for verifying whether or not the two encrypted verification files are identical to each other,
Wherein the electronic voting operation system can confirm whether the nautical-mode password is correctly input even if the nautical-mode password is not stored.

Images