Certified online voting software
Certificate for online elections
- More information about the first certificate for online voting systems
- Learn which security requirements exist for online elections
- Read about the results of POLYAS Core 2.2.3 certificate
Certificate for POLYAS online voting software
The certificate for online elections was first awarded by the German Federal Office for Information Security (BSI) in 2016. POLYAS CORE 2.2.3. is the first online voting software that received this certificate through the BSI according to Common Criteria Standards.
The basis for the certification is the security profile BSI-DSZ-CC-0862-2016, which formulates the system requirements for online elections. The POLYAS online voting software CORE 2.2.3. was evaluated regarding its functionality and reliability by the German Research Centre for Artificial Intelligence (DFKI).
Security requirements for online voting systems
The Basic Security Requirements for Online Election Products are governed by universal voting principles (free, equal, secret, universal and direct). Thus, online elections configured by POLYAS CORE 2.2.3. are secure according to BSI requirements and meet the rigorous standards of democratic elections.
The following features belong to POLYAS (version 2.2.3):
- The identity of the voter cannot be traced from the vote they've cast
- Voters cannot share their decision with third parties
- The electorate has to be clearly and reliably identified and authenticated, so that only registered persons from the electoral roll may vote
- Voters can cast their vote only once
- Votes cannot be changed, deleted or added during their transfer through the network.
- Votes in the ballot box cannot be additionally changed, deleted or added
- Interim inputs are not counted.
With the certification on March, 15 2016 the POLYAS CORE Software obtained the security certificate BSI-DSZ-CC-0862-2016.
Results of the certification
The evaluation, which is documented in the certification report, includes all features of the software as well as the system architecture.
The certification report provides the following statements regarding the POLYAS election system:
- The online elections system records the relevant security events of each sub-system in separate log files. The election administrator can view this protocol data in a comprehensible and readable form. Data integrity violations trigger security warnings, which are recorded and sent to the election committee via email.
- The electoral roll (number of voters), in which the identity of the voter is clear, and the ballot box containing the votes, are completely separate entities.
- The communication between voters and the ballot box is encoded, so that only eligible voters can gain access. The votes are also locked and stored together with a random value.
- During the counting and archiving of the election, an archive checksum is generated and used as protection against manipulation.