Illinois unifying PKI program
- By Diane Frank
- Jan 23, 2001
Illinois Technology Office
Illinois has decided to standardize its electronic transaction authentication
system, but questions remain about how it will work.
The state's public-key infrastructure program, which uses digital certificates
to authenticate users for electronic transactions, will be standardized
on Entrust Technologies Inc.'s system, said Brent Crossland, deputy technology
officer for Illinois, speaking Monday at the Entrust SecureSummit 2001 conference
in San Diego.
Illinois has been using Entrust's technology for almost a year. But
in order for citizens with just one certificate to interact with the state,
Illinois officials will require every agency to use the central certificate
authority, which issues and manages the digital certificates.
"We want to be able to bring together all the efforts across the state,"
Crossland said. "It's enterprisewide, no exceptions."
The state has decided that the certificates will be for identification
and authentication only; each agency will have to manage authorization levels
for each user.
But officials must deal with several other policy issues before their
PKI will be fully functional, Crossland said.
* Registration. The state is doing face-to-face registration of citizens
receiving digital certificates, but officials want a Web-based system that
can be trusted by agencies and still be easy enough for anyone to use.
* Revocation. Should each agency be responsible for revoking certificates
over authorization issues? Or will the state have to revoke certificates
over problems such as fraud?
* Cross-certification. The state must make technology and policy decisions
that will allow Illinois' certificates to be accepted by other states and
federal agencies and, in turn, allow the state to accept other jurisdictions'
* Private sector. Will companies be able to use the Illinois certificates
to identify citizens for business transactions the way they now use state-issued
The state is approaching each of the issues from a new viewpoint, so
as not to simply transfer paper-bound processes to the Internet, Crossland
"We're trying to approach [our PKI] as a way to fundamentally change
the way government interacts," he said.