Home Security in Online Voting Secure authentication
Secure authentication with POLYAS

Secure authentication

Digital voting and elections with POLYAS are not only secure; they are also secret. Eligible voters who have logged in are anonymized using cryptographic methods. At the same time, eligible voters are unambiguously identified and authenticated, so multiple votes are prevented.

POLYAS offers various options for secure authentication, so that you as the election organizer can choose the method that suits the requirements of your election system, the underlying security level and the needs of your electorate.

Authentication in POLYAS CORE 2.5.0

In the Online Voting System POLYAS CORE 2.5.0, a successful login generates a token (anonymous, non-traceable identifier). 

This is generated by the system and is invisible to the voter. The token anonymizes the user identity, which permanently preserves voting secrecy for all voters.

Start now >

Authentication in POLYAS CORE 3.0

When an eligible voter uses a voter ID and password to log into the online voting system POLYAS CORE 3.0, the password is used in the client to generate a private key and a hashed password. The private key is used to sign the ballot paper when the binding vote is cast. The hashed password is used to authenticate the voter and to verify their right to vote. Only if there is a match between the hashed password in the electoral roll and the voter’s hashed password will the voter be forwarded to the ballot paper. If a voter then casts a vote, the ballot paper is encrypted and signed in the browser. This means that the ballot paper is already in encrypted form when is is transported to and stored in the POLYAS ballot box. 

POLYAS authentication method

1) Login with an ID and password 
By default, POLYAS requires eligible voters to authenticate by entering an ID and the associated password.

  • The ID is a fixed, unique attribute, such as a personnel number or matriculation number, a date of birth, or the user’s e-mail address. If desired, the ID can be anonymized so that POLYAS does not receive any personal data.
  • The POLYAS system generates the one-time password by using certain security algorithms.

Only if they have the correct combination of both sets of login data can users authenticate themselves and cast a vote. The ID and password are transmitted either by e-mail or letter, and they can be transported separately.

2) SecureLink in your own intranet
Your eligible voters login to your intranet or a protected member area using their usual access credentials. After authentication in the intranet, a single click takes your voters to the POLYAS Online Voting System, where they can cast their votes. With SecureLink authentication, all personal data remains with the election organizer and POLYAS receives the electoral roll in pseudonymized form only. Learn more about authentication using SecureLink  >

3) Authentication by digital identity card
Voters can conveniently and securely authenticate themselves via an interface to the digital authentication mechanisms of the new identity card “nPA” (Germany only). Please contact us if you wish to use this variant for your institution.

Button: To the Online Voting Manager > https://configure.polyas.com

Additional features for your authentication method

Various features can be booked for the Online Voting Manager, which additionally increase the security of your authentication:

  • Independent voting checkbox: The confirmation of independent voting serves to further secure voting eligibility, similar to a ballot paper for postal voting. Eligible voters can only vote if they have confirmed their identity and authorization with the checkbox.
  • Two-factor authentication: You can increase the security of your authentication method by transmitting an additional password via an additional channel, e.g. by SMS. This effectively minimizes the likelihood of unauthorized access.
  • Independent password generation: As an additional security measure, passwords can be generated by an independent service provider. In this case, POLYAS and the election organizer have the hashed passwords only, which prevents so-called ballot stuffing

 

POLYAS Tip: The security of the POLYAS system as well as the secrecy of the ballot is guaranteed at all times and with every authentication procedure. Learn more about system security at POLYAS now.

 

Maximum security for your online voting

Regardless of which authentication method and which POLYAS voting system you choose, voting secrecy and data protection are guaranteed at all times with POLYAS. You can be sure that, whether you choose the CORE 2.2.3 or the CORE 3.0, your election will be conducted in adherence to the highest standards of security and data protection, and that the applicable voting principles are observed. 

The voting system and authentication method that you choose depend on the requirements of your election regulations and the needs of your voters. 
POLYAS Support, which is subject to a fee, will assist you in finding the right solution for your election.

 * You may be subject to electoral laws or regulations within your institution that stipulate the requirements for sending voter credentials. Please find out whether transmission by e-mail constitutes legally compiant delivery.