1. The Field of the Invention
The invention generally relates to methods and systems for distributing educational content, and more particularly to systems and methods for distributing and administering high-stakes exams.
2. The Relevant Technology
Web-based learning management systems (LMS) and content management systems (CMS) have been increasingly used by corporations, government agencies, and higher education institutions as effective and efficient learning tools. An LMS is a software package that facilitates the management and delivery of online content to learners, often in order to enable the individualized and flexible access to learning content. Typically, an LMS allows for an online teaching environment, where a CMS is a computer software system that is typically used to manage the storing, controlling, versioning, and publishing of the educational content. Using a combination of the above technologies, several educational systems have been developed in the art that offer flexible online learning solutions for educators.
Due to the flexible and individualized nature of the systems, users and employees can take courses on their own time and at their own pace, in accordance with their various daily commitments, while educators, management, and human resource departments are able to track progress. Further, because the systems may be easily updated and modified, the systems often provide more relevant information than is currently available using traditional teaching tools.
One advantage of these courses is the ability to give users information they need outside the confines of the traditional university buildings or classrooms. For example, distance learning users can gain access to the course materials by connecting to the Internet or other global network. Thus, several institutions have implemented online or hybrid courses where the course is administered wholly or partially on computing devices in the online setting.
While course materials may be distributed in the online setting, it may be difficult to securely administer high-stakes online examinations. High-stake exams may include such examinations as college and postgraduate entrance examinations, certification examinations, final examinations or other examinations on which the examinees are highly motivated to perform at a high level because of the stakes involved.
In the past, examinees have gone to a proctor-controlled environment, where the exams are administered on paper after which they are collected, scanned in, and graded. In a distributed learning system, proctoring centrally-controlled examinations may be difficult due to the general lack of control exercised on computing devices used to complete online courses and the cost associated with providing additional computing devices specifically for testing. Some issues may include users attempting to crack the exam or share the exams, and/or validate the results not only for themselves, but others as well. For example, some users may attempt to subrogate security measures by loading screen grabbers, key stroke recorders, or other capturing mechanisms.
In a computing environment, including an educational management system having a server, a method for administering a high-stakes exam includes securing at least one computing device having a processor and memory on which the high-stakes exam is to be administered by controlling the processor's access to the memory, verifying at least one aspect of the environment in which the high-stakes exam is to be administered, and administering the high-stakes exam on the computing device.
In another example, a method for administering high-stakes exams includes encrypting the high-stakes exam to form an encrypted high-stakes exam and at least one key for decrypting the encrypted high-stakes exam, distributing the encrypted high-stakes exam to a computing device to the educational management system, and verifying at least one aspect of an environment in which the computing device is to administer the high-stakes exam, and distributing the key to the computing device.
In yet another example, a system for distributing and administering high-stakes exams in a computing environment includes an educational management system including a server and a database, the educational management system being configured to distribute high-stakes exams a plurality of computing devices, and a plurality of computing devices security features, the computing device security features being configured to control the operation of a computing device to secure the computing devices to prevent the computing devices from accessing unauthorized programs. The educational management system is configured to distribute the high-stakes exams to the computing devices, wherein the high-stakes exams are administered at least partially on the computing devices.
These and other aspects of the present invention along with additional features and advantages will be set forth in the description that follows, and in part will be obvious from the description, or may be learned by the practice of the invention. The features and advantages of the invention may be realized and obtained by means of the instruments and combinations particularly pointed out in the appended claims. These and other features of the present invention will become more fully apparent from the following description and appended claims, or may be learned by practice of the invention as set forth hereinafter.
To further clarify the above and other advantages and features of the present invention, a more particular description of the invention will be rendered by reference to specific embodiments thereof which are illustrated in the appended drawings. It is appreciated that these drawings depict only typical embodiments of the invention and are therefore not to be considered limiting of its scope. The invention will be described and explained with additional specificity and detail through the use of the accompanying drawings in which:
Methods and systems are provided herein for distributing educational content, and more particularly for distributing and administering high-stakes exams. One method includes encrypting a high-stakes exam to form an encrypted high-stakes exam and a key or keys for decrypting the high stakes exam. The encrypted high-stakes exam may then be distributed to the users. The encryption applied to the high-stakes exam may reduce the likelihood that a user will be able to make use of the encrypted high-stakes exam before or after the user has the corresponding key.
In addition to encrypting high-stakes exams, a method may include providing steps for establishing a secure environment on a computing device on which a high-stakes exam is to be administered. In particular, one or more computing device security feature may be used to secure a computing device. The computing device security features may include memory devices with software stored thereon. The software may be used to operate the computing device instead of running the software residing on the computing device. Administrators may be able to readily control which software is on the security feature. Accordingly, by using the software on the security feature to run the computing device, administrators may therefore be able to secure the operation of the computing device, regardless of which programs were previously loaded onto the device, including programs for cheating and/or helping others to cheat on the high-stakes exam.
Systems and methods are also provided for verifying various aspects regarding the exam environment or the environment associated with the administration of the high-stakes exam. Any number of aspects may be verified to establish trust between the computing device environment and an educational management system. The elements may include the configuration of the computing device and in particular that the computing device has been secured. Other elements of the administration may include a verification that the test is being administered in the right location, such as by verifying a network connection either implicitly or explicitly. Implicitly verifying a network connection may include providing the exam on a local area network or local wireless connection in which the user is able to take the exam while in communication with the network. Explicitly verifying the network connection may include a verification of a machine address or other identifier unique to a network or network location. In addition to verifying details regarding the computing device and/or its location, systems and methods may also be provided for verifying the identity of the user taking the high-stakes exam. For example, one or more characteristics unique to each user, such as fingerprints or other characteristic may be ascertained before the exam and then verified at the time of exam.
Systems and methods are also discussed for providing the key to the controlled and verified environment to unlock the encrypted high-stakes exam. The high-stakes exam may then be administered with increased confidence that the high-stakes exam results will remain valid because of the likelihood that a user will not have been able to cheat or help others cheat in the future by accessing programs on the computing device.
As used herein, the term “user” may be used to describe students, employees, content providers, educators, employers, or course administrators who are accessing the education management system using a computer. The computer may be any general computer system that is equipped to receive, send, and process educational content. The computer may be, for example, a personal computer, portable computer, handheld device, or any other computing machine. A suitable computer system may include a modem, a monitor, a keyboard, a mouse, system software including support for TCP/IP communication, and other various types of software. Further, more than one user may connect to the education management system using the same computer.
For ease of reference, a network connection will be discussed incorporating a single exam. Other connections may be used to access the high-stakes exam 115 or establish a connection with the users 130a-n. As will be understood by one of ordinary skill in the art, the network 120 may be any local or global network, including a LAN, WAN, wireless network, internet connection, and the like.
In at least one example, the education management system 100 includes a server 150 capable of sending and receiving communications and data via the network 120, along with a database 160 capable of storing a plurality of educational software, programs, and data, including the high-stakes exam 115. In addition, the database 160 can be used to store data relating to the user identification. As will be understood by one of ordinary skill in the art, any number of configurations may be used to create an education system, including systems using a series of interconnected databases, computers, and servers.
The high-stakes exam 115 may be administered at various locations in a device-secured manner, as will be discussed in more detail below. All types of educational content may be used in a similar manner as described below. Here, the content provider 110 may be a third party who is responsible for creating the high-stakes exams 115, such as a public education system, a private testing company, and/or a certifying agency or company.
One example of distribution of the high-stakes exam 115 will be discussed in more detail below with reference to an encrypted high-stakes exam. The high-stakes exam 115 may be distributed in any suitable manner to the users 130a-n. In many examples, in addition to providing for the distribution of the high-stakes exam 115, the present system is also configured to secure the operation of the computing devices used by each of the users 130a-n. In particular, the distributed learning platform system 10 may also include one or more security feature, referred to herein after as a security feature 165.
The distributed learning platform 10 further includes a security feature 165. The security feature 165 secures computing devices being used by one or more of the users 130a-n taking the high-stakes exam. All types of computing devices may be secured including computing devices which the distributing learning platform system 10 exercises control over, computing devices that are provided to the users as part of the distributed learning platform system and which remain in the user's possession and/or computing devices users obtain independently. The distributed learning platform system may exercise control over computing devices by periodically synching the computing device with the educational management system 100, which in turn may exercise control over which programs are allowed to run on the computing device. Still other computing devices may be secured and used to take high-stakes exams using the distributed learning platform system 10, including devices which the user provides and over which the user may generally exercises control.
The computing device security features may include memory devices with software stored thereon. The software may be used to operate the computing device instead of running the software residing on the computing device. Administrators may be able readily control which software is on the security feature. Accordingly, by using the software on the security feature to run the computing device, administrators may therefore be able to secure the operation of the computing device, regardless of which programs were previously loaded onto the device, including programs for cheating and/or helping others to cheat on the high-stakes exam.
One method of distributing and administering a high-stakes exam will now be discussed with reference to
Referring to both
Next, at step 210, the educational management system 100 encrypts the high-stakes exam 115 to form an encrypted high-stakes exam 170 and one or more associated key 175. The high-stakes exam 170 and key 175 are illustrated at both the content provider 110 and the educational management system 100 to emphasize that the high-stakes exam may be encrypted at either or both locations. It may be desirable to increase the security of transmitting the high-stakes exam 115 by sending the encrypted high-stakes exam 170 and/or the key 175 over one or more secure channels. It should be noted that the encrypted high-stakes exam 170 and/or the key 175 may be sent over unsecured channels as well. If the education management system 100 receives the high-stakes exam 115 from the content provider 110 in an unencrypted format, step 210 of encrypting the high-stakes exam will be performed first, after which step 200 in which educational management system stores encrypted high-stakes exam 170 and the key 175 on the database 160 of the educational management system 100.
In one example, the step of encrypting the high-stakes exam 115 includes the use of a cryptographic envelope, also referred to as a cryptolope. In particular, the high-stakes exam 115 may be encrypted by packing the high-stakes exam into a container, such as a .ZIP file, to form a cryptolope 300, which is illustrated in
When the high-stakes exam 115 (
Different encryption keys 315a-n may be encrypted with different section keys 320a-n. In particular, separate section keys may be used to encrypt selected parts, which may include different versions of the high-stakes exam 115. Accordingly, multiple versions of the same high-stakes exam may be included as different parts 310a-n. For example, the encrypted high-stakes exam 170 may include versions of a high-stakes exam with the same questions, but which are numbered differently. Providing different section keys to each computing device, such as by providing different section keys with each security feature 165 may allow for the convenient administration of different versions of the same test while minimizing the possibility that users will be able to make unauthorized use of the various versions of the high-stakes exam 170 (
Regardless of whether multiple versions of a high-stakes exam 115 are encrypted, the master and section keys may be used to allow a user to access the high-stakes exam 115. In addition to encrypting the parts 310a-n, a parts list 325 is created. The parts list 325 may then be encrypted using a master key 330. The master key 330 provides a key for decrypting the parts list 325. In another example, parts of the high-stakes exam 115 may be included in the cryptolope 300 unencrypted. Part encryption keys 315a-n are not generated for those parts.
Referring to
The use of the caching servers 180, 185a-b may allow the educational management system 100 to distribute content, including the high-stakes exams 115, in an efficient manner. In particular, users 130a-n may access the caching servers 185a-b as primary access points, rather than accessing the educational management server 150 directly. The caching server 185 may communicate with the educational management server 150 when bandwidth is available, thereby decreasing congestion which would be associated with each user contacting the educational management server 150 directly. Accordingly, high-stakes exams and/or results may be sent and received by the caching servers 185a-b over a period of time.
Such a method of distribution may be capable of distributing large amounts of data widely without requiring the content provider 110 or server 150 to incur the large costs of hardware, hosting, and bandwidth resources that would otherwise be required to distribute the educational content. A scheduled transmission can populate the caching servers 180, 185a-b with encrypted high-stakes exams 170 over a controlled distribution.
When the encrypted high-stakes exam 170 is stored on the caching servers 185a-b, the encrypted high-stakes exam 170 may be accessible to any number of users. The encryption may allow the system 10 to reduce the unauthorized, undesired, and/or unintended use of the encrypted high-stakes exam 170 by parties whom administrators and/or the content provider 110 wish to prevent from using the encrypted high-stakes exam 170. In particular, while a user may be able to download the encrypted high-stakes exam 170 from the caching servers 185a-b, in its encrypted format, the encrypted high-stakes exam 170 may display as a useless combination of characters.
Accordingly, the key 175 may be provided to intended users 130a-n to allow the users to use the encrypted high-stakes exam 170. In one example, the key 175 may be delivered with the security feature 165. Delivering the key 175 with the security feature 165 may allow the distributed learning platform system 10 to secure a computing device before the key 175 may be used to decrypt the encrypted high-stakes exam 170. Once the security feature 165 has secured the computing device, the key 175 may be used to decrypt the encrypted high-stakes exam 170 to allow the access to take the high-stakes exam 110 in a controlled manner.
If the encrypted high-stakes exam 170 is sent over the network 120 on an unsecured channel, it may be possible for unintended parties to intercept the encrypted high-stakes exam 170. However, as previously discussed, the security measures applied to the encrypted high-stakes exam 170 may reduce the possibilities that an intercepting party will be able to use the encrypted high-stakes exam 170 without the key 175.
Further, the encryption applied to the encrypted high-stakes exam 170 may prevent the likelihood that a user will be able to access the encrypted high-stakes exam 170 before the user receives the key 175. Accordingly, step 220 may further include distributing the encrypted high-stakes exam 170 to the user. In addition to distributing the encrypted high-stakes exam 170 through the use of caching servers 180 and 185a-b, the educational management system 100 may also distribute the encrypted high-stakes exam 170 over the network 120 without the use of the caching servers 180, 185a-b.
The present method at step 230 also includes securing each computing device on which the exam will be administered. In one example, the computing device security feature 165 may be used to secure the computing devices. The computing devices on which the exam is administered may include devices that are physically maintained at the exam location or computing devices which the users bring with them to the exam. Computing devices brought by the user may include computing devices issued to the student as part of the distributed educational platform system 10, which are issued by another authority or system, or computing devices which the students have independently obtained. Each of these computing devices may be secured using a security feature 165, such as a boot-up control feature.
The boot-up control feature 440 may have an exam program 450 residing thereon which may include an operating system and other software for administering the exam. In one example, the processor 410 loads the exam program 450 rather than booting the computing device 400 using internal memory 420. The exam program 450 may further include instructions for limiting or preventing the processor 410 from loading programs from the internal memory 420 while allowing the processor 410 to retrieve information designated by the exam module 450, such as an encrypted high-stakes exam 170, which may be stored on internal memory 420. Such a configuration may reduce the likelihood that a user has loaded software for cheating or for copying or otherwise making unauthorized use of the high-stakes exam 115 (
In another example (not shown), the boot-up control feature 440 may have its own processor. The boot-up control feature 440 may then be configured to scan the computing device 400 for programs which are being used by the computing device 400. If the boot-up control feature 440 determines that unauthorized programs are being used, the program can instruct the processor 410 to terminate the program and/or can make a note of the program that is being used.
In at least one example, managing the configuration of the computing device 400 may be an ongoing process. In particular, the computing device 400 may be synched with the educational management system 100 periodically. In such a case, the configuration of the computing device 400 may be monitored and/or updated during a synching process to thereby help ensure that the computing device 400 does not have unauthorized programs loaded. Such unauthorized programs may include programs used to cheat and/or to steal the high-stakes exam 115 (
Referring again briefly to
The location may also be verified by requiring a password, known only to a teacher or proctor to be entered. Or, it might require the presence of an additional security device such as a smart card or secure USB key. Some secure environments may make use of two or more factors such as a smart card and a password. Likewise, such environments may use those factors to directly secure the master key required to decrypt the exam.
In addition to verifying details regarding the computing device, the educational management system 100 may also be configured to verify the identity of the user taking the high-stakes exam 115 (
Once the computing device has been verified, at step 250 the key 175 (
As illustrated in
The master key 330 may be distributed to each member of a selected group, such as a group of examinees, class, a discussion group, or other selected group. In one example, the private master key 330 may be distributed as a password. The password may be distributed by a proctor or other user at the exam environment to allow distributed users to access the encrypted high-stakes exam 170. The master key 330 allows users to access open the encrypted educational content by allowing access to the parts list. However, the content within the encrypted high-stakes exam 170, such as each of the parts discussed above is encrypted with a part encryption key, which is in turn secured by a corresponding section key.
The unlocked section key or keys 320a may then be used to decrypt a portion or the entire encrypted high-stakes exam 170. In at least one example, when the section key 320a is removed, the encryption applied to the encrypted high-stakes exam 170 prevents further use of the encrypted high-stakes exam 170. As a result, although the encrypted high-stakes exam 170 may remain on the computing device 400, the encryption reduces the likelihood that the user will be able to make further use of the encrypted high-stakes exam without the master and section keys.
Once the section key 320a is accessible, the method continues at step 260 (
In another example, it may be desirable to send the responses to a remote location relative to the computing device 400, such as to the educational management system 100 (
The responses are stored until administration of the high-stakes exam 115 is completed. Thereafter, the responses are scored at step 270. In another example, the responses may be scored on a response by response basis. The electronic format may allow some responses, such as multiple choice questions, to be scored quickly. The responses may be scored at any location using any number of scoring methods. Scoring the responses may include assigning a point value for each response.
Scoring the questions may further include making a determination about each user's performance. In particular, criteria may be established in advance for performance on the high-stakes exam 115, such as criteria relating to a number of points earned from the responses. For example, some high-stakes exams make use of a scale in which a raw score is assigned a point value. Other high-stakes exams include determining whether a user has displayed sufficient mastery of one or more subject areas. Accordingly, various criteria may be used to determine the student's performance.
Once the high-stakes exams have been scored, at step 280 the appropriate parties are notified. The parties may include the users 130a-n, the content provider 11, and/or other parties such as verification and certification authorities of the results. In one example, the notification provided to the users may include a certificate of completion, similar to those associated with courses that culminate in a high-stakes exam such as advanced placement courses or information technology courses. The verification and certification authorities may be able to authenticate the certificate because these authorities have also received a notification from the educational management system 100 of the results. One example of encrypted educational content is described in more detail below.
Embodiments of the present invention may include or be conducted using a special purpose or general-purpose computer, processor, or logic device including various computer hardware and devices, as discussed in greater detail herein or known to one of ordinary skill in the art. Embodiments within the scope of the present invention can also include computer-readable media for carrying or having computer-executable instructions or data structures stored thereon. Such computer-readable media can be any available media that can be accessed by a general purpose computer, special purpose computer, or a logic device. By way of example, and not limitation, such computer-readable media can comprise RAM, ROM, EEPROM, CD-ROM or other optical disk storage, magnetic disk storage, other magnetic storage devices, or any other medium which can be used to carry or store desired program code means in the form of computer-executable instructions or data structures and which can be accessed by a general purpose computer, special purpose computer, or other logic devices.
When information is transferred or provided over a network or other communication connection (either hardwired, wireless, or a combination of hardwired or wireless) to a computer, the computer can properly view the connection as a computer-readable medium. Thus, any such connection is properly termed a computer-readable medium. Various combinations of the above should also be included within the scope of computer-readable media. Computer-executable instructions comprise, for example, instructions, logic, and data which cause a general purpose computer, special purpose computer, or logic device to perform a certain function or group of functions.
Each of the processors described herein can be a single conventional general purpose computer, special purpose computer, or logic device, or each processor can be multiple processors including multiple conventional general purpose computer, special purpose computers, or multiple logic devices. Moreover, many of the functions that take place using a processor can be implemented on other types of logic devices, such as programmable logic devices. In addition, additional processors, logic devices, or hardware may be implemented to carry out a given function or step according to additional embodiments of the present invention. For example, additional processors may be implemented for storage and retrieval of data as is known to one of ordinary skill in the art. Such details have been eliminated so as to not obscure the invention by detail.
The present invention may be embodied in other specific forms without departing from its spirit or essential characteristics. The described embodiments are to be considered in all respects only as illustrative and not restrictive. The scope of the invention is, therefore, indicated by the appended claims rather than by the foregoing description. All changes which come within the meaning and range of equivalency of the claims are to be embraced within their scope.
This application claims priority to Provisional Application Ser. No. 60/824,750, filed Sep. 6, 2007 and Provisional Application Ser. No. 60/945,875, filed Jun. 22, 2007, which applications are incorporated herein by specific reference.
Number | Date | Country | |
---|---|---|---|
60824750 | Sep 2006 | US | |
60945875 | Jun 2007 | US |