Appendix A

California Internet Voting Task Force

Technical Committee Recommendations


Table of Contents

11 Glossary


ActiveX control: A program packaged in a format designed by Microsoft that is downloaded from a web server to a client browser and run within the browser, all as a mere side effect of visiting a web page.

Applet: A program in Sun Microsystemsí Java programming language that is downloaded from a web server to a browser and run in the browser as a side effect of visiting a web page.

Atomic: A multi-step operation is atomic if, whenever it is attempted, it either fails completely, accomplishing nothing at all, or succeeds completely, accomplishing all of the steps, but never stops in an intermediate, partially-completed state.

Authentication: Verification of the true source of a message. In the case of i-voting, this refers to verification that an electronic ballot really is from the person it claims to come from, and not just from someone trying to electronically impersonate that person.

Biometric: A digitizable characteristic of a personís physiology or behavior that uniquely identifies him or her. Examples include thumb print, DNA sample, voice print, hand-writing analysis, etc.

Browser: An application program such as Microsoft Internet Explorer or Netscape Navigator that allows the user to navigate the World Wide Web, and interact with pages from it.

Certification: The process the state uses to determine that a voting system meets the requirements of the California Election Code and can be used by any county that decides to select it.

Client: In a common two-computer interaction pattern, one of them, the client, initiates a request, and the other, the server, acts on that request and replies back to the client. In the case of i-voting, "client" refers to the voterís computer that initiates the process of voting, and the server is the computer that accepts the ballot and replies to the client that it accepted it.

Cryptography: The mathematical theory of secret codes and related security issues.

Decryption: Decoding an encrypted message (usually using a secret key).

Digital signature: Cryptographically-generated data block appended to a document to prove the document was processed by the person whose secret key was used to generate the data block.

Encryption: Encoding (i.e. scrambling) a message using a secret key so that anyone intercepting the message but not in possession of the key cannot understand it..

Failure tolerance: The ability of a system to continue to function in spite of the failure of some of its parts.

eCommerce: Electronic commerce, i.e. financial transactions conducted over a computer network or the Internet.

Email: Electronic mail, i.e. messages and documents sent from one party to other specific, named parties.

Firewall: One or more computers standing between a network ("inside") and the rest of the Internet (outside). It intercepts all traffic in both directions, forwarding only the benign part (where "benignness" may be defined by a complex policy), thereby protecting the inside from attacks from the outside.

HTML: Hypertext Markup Language, the notation used for formatting text and multimedia content on web pages.

HTTP: Hypertext Transfer Protocol, the communication protocol used between web browsers and web servers for transporting web pages through the Internet.

i-voting: Internet voting

Integrity: Protecting data from undetected modification by unauthorized persons, usually through use of a cryptographic hash or digital signature.

Internet: The worldwide system of separately-owned and administered networks that cooperate to allow digital communication among the worldís computers.

IP: Internet Protocol, the basic packet-exchange protocol of the Internet. All other Internet protocols, including HTTP (the Web) and SMTP (email) use it.

IP Address: A unique number (address) assigned to every computer on the Internet, including home computers temporarily connected to the Internet.

ISP: Internet Service Provider; a company whose business is to sell access to the Internet, usually through phone lines or CATV cable, to homes, businesses, and institutions.

Key: A typically (but not always) secret number that is long enough and random-looking enough to be unguessable; used for encrypting or decrypting messages.

Key pair: A pair of keys, one used for encrypting messages and the other for decrypting them. Used in public key cryptographic protocols for authentication, digital signatures, and other security purposes.

Kiosk: A booth- or lectern-like system with a screen, keyboard, and mouse mounted so they are available to users, but with a tamper-proof computer inside and a secure Internet connection to the server.

Mirroring: Keeping two or more memory systems or computers identical at all times, so that if one fails the other can continue without any disruption of service.

LAN: Local Area Network; a short-range (building-size) network with a common administration and with a only small number of hosts (computers) attached. The hosts are considered to be sufficiently cooperative that only light security precautions are required.

Malicious code: A program with undesirable behavior that operates secretly or invisibly, or is disguised as part of a larger useful program; in this document, the same as "Trojan horse".

NC: network computer; a widely-discussed hypothetical product that does not store software or files locally, but works only through a network.

Online: Generally, a synonym for "on the Internet", or sometimes, more specifically, "on the web".

Out-of-band communication: Communication through some means other than the primary channel under discussion. If the primary communication channel is the Internet, then out-of-band channel might be via U.S. mail, or a voice telephone connection, or any other channel that does not involve the Internet.

Packet: The smallest unit of data (along with overhead bytes) transmitted over the Internet in the IP protocol.

PC: Personal computer; any commercial computers marketed to consumers for home or business use by one person at a time. In 1999, this includes Intel-based computers (and clones) running a Microsoft operating system or a competitor (e.g. Linux, BeOS, etc.), and it also includes Macintoshes.

Plug-in: A software module that permanently extends the capability of a web browser.

Privacy: Protecting data from being read by unauthorized persons, generally by encrypting it using a secret key.

Private key: A key, or one member of a key pair, that must be kept secret by one or all members of a group of communicating parties.

Protocol: An algorithm or program involving two or more communicating computers.

Public key: One member of a key pair that is made public.

Public key cryptosystem: A cryptographic protocol involving a pair of keys, one of which is made public and the other held secret.

Redundancy: Excess storage, communication capacity, computational capacity, or data, that allows a task to be accomplished even in the event of some failures or data loss.

Replication: A simple form of redundancy; duplication, triplication, etc. of resources or data to permit detection of failures or to allow successful completion of a task in spite of failures.

Script: In the context of this document this term refers to a program written in the JavaScript language, embedded in a web page, and executed in browser of the web client machine when it visits the web page.

Security: General term covering issues such as privacy, integrity, authentication, etc.

Server: In a two-computer interaction pattern, one of them, called the client, initiates a request, and the other, the server, acts on that request and replies to the client. In the case of i-voting the computer that receives and stored the ballots from voters is the server.

Spoof: To pretend, usually through a network, to be someone or somewhere other than who or where you really are

Trojan horse: A program with undesirable behavior that operates secretly or invisibly, or is disguised as part of a larger useful program; in this document, the same as "malicious code".

Tunnel: A cryptographic technique in which a computer is in effect attached to a remote LAN via the Internet, even if there is an intervening firewall.

URL: Uniform Resource Locator, i.e. a name for a web page, such as .

USB port: Universal Serial Bus port; a port (connector) on newer computers used for high speed serial communication with attached devices.

Virus: A Trojan Horse program that actively makes, and covertly distributes, copies of itself.

Vote client: The computer that voters use to cast their ballots, which are then sent to the vote server.

Vote server: The computer(s) under control of the county that receives and stores votes transmitted by Internet from vote clients.

Web: The world-wide web, or WWW; the worldwide multimedia and hypertext system that, along with email, is the most familiar service on the Internet.

Web site: A collection of related web pages, generally all located on the same computer and reachable from a single top-level "home page".

Web page: A single "page" of material from a web site.