Optical Scanner

From Scantegrity Wiki

The scanner software is described as components with specific responsibilities.

TBD: Needs to better reflect the current design and the direction we are heading.

Contents 1 Startup 2 Scanner Interface 3 Data Processing 3.1 Image Processing 3.2 Ballot Rules Engine 4 Data Storage 5 Logging 6 Shutdown 7 User Interface 8 Reduced Operational States

[edit] Startup

After the system boots into the operating system, execution begins with the startup module. This module is responsible for putting the system into a state where it is able to scan and store ballots. It performs the following actions consecutively:

1. Search for, load, and verify correctness of a configuration file [1].
2. Initialize all necessary hardware devices and systems (Image Scanner, LEDs, storage disks, filesystem mounts, et al.) and verifying that they are connected and working from the perspective of the operating system.
3. Making the first entries into the audit log and storage record(s).
4. Requesting and verifying authentication to start the election.
5. Passing control back to the driving system (usually the user interface module).

Each action depends on the successful completion of the previous action. If an error occurs in this module, it will cause the scanner to send out a notification and go into an error state. Depending on the particular error, the error state may be recoverable in one of the following ways:

1. Troubleshooting, replacing, or repairing malfunctioning hardware and rebooting.
2. Unsealing the scanner, replacing the memory chips with proper configuration, and resealing the scanner.
3. Using a printed piece of paper with the necessary configuration data.

[edit] Scanner Interface

The scanner interface interacts with the hardware device (scanner) performing the image acquisition. It provides functionality to:

1. Probe if the hardware is connected.
2. Start and Stop the hardware.
3. Returning raw image data from scanning one or many documents.

Returning the raw image data is handled in two ways to support . The first way requires registration of an image routine. The image acquisition runs in its own thread and calls a registered routine every time a new scanned image is available. In the second way the image acquisition is a normal function call. This configuration allows the scanner to support absentee (bulk) and polling place (single) balloting processing operations.

[edit] Data Processing

After the image data is acquired, an image processing routine generates 2D ballot data which is then passed to a ballot rules engine.

[edit] Image Processing

The image processor uses configuration data to identify a ballot and produce a 2D mapping of voter choices. It's functions can roughly be broken down into:

1. Find alignment marks
2. Rotate and reposition the ballot
3. Read ballot barcode
4. Using barcode data, identify the ballot type.
5. Based on configuration for that ballot type, check each markable position, and produced a 2D grid of that data.

Different types of alignment marks mean that different modules for it can be used. Code for the image processor can be found here:

[ http://scantegrity.org/svn/trunk/src/org/scantegrity/scanner/BallotReader.java ]

[edit] Ballot Rules Engine

The rules engine is responsible for determining if a ballot should be accepted or rejected based on the ruleset given by the configuration file. These rules may vary by particular contest, so the configuration data needs to represent that. Usually this just checks for overvotes.

[edit] Data Storage

Data is to be stored using a one-way random storage solution to multiple storage devices. Currently this is a utility that rewrites jarfiles stored on each device and purposefully ignores any timing data. This is insufficient and should alternatively work with a memmory mapped file or filesystem that enforces appropriate anonymity protections.

The data storage module is initialized by the startup module, and it could/should use cryptographic protection of the data.

[edit] Logging

Logs all system events that do not identify ballots. Includes times ballots are recorded/rejected. Any system faults. Start and stop of election. etc.

[edit] Shutdown

Closes the data storage, the user interface, and shuts down the operating system.

[edit] User Interface

The user interface module controls everything the user interacts with. The current user interface is a gui meant to work with a touch screen. The newer user interface will have an LED screen and a few simple serial controlled buttons.

[edit] Reduced Operational States

One goal of the scanner is that in any situation where the scanner is capable of scanning and storing ballot data the error would be noted and the election would continue. Here are a couple of examples:

1. If configuration data is missing or tainted, the scanner would configure itself to record all raw ballot data.
2. If interface hardware is down, the scanner would ignore that particular part of the interface.
3. If cryptographic hardware fails, the scanner could fall back to software routines.

Configuration files or a specific "system build" could control which types of recovery are possible. Notably, if the software fails to load or the scanner cannot transmit image data to the system, it is impossible to operate in any reduced operational state.