Illinois unifying PKI program

Illinois Technology Office

Illinois has decided to standardize its electronic transaction authentication

system, but questions remain about how it will work.

The state's public-key infrastructure program, which uses digital certificates

to authenticate users for electronic transactions, will be standardized

on Entrust Technologies Inc.'s system, said Brent Crossland, deputy technology

officer for Illinois, speaking Monday at the Entrust SecureSummit 2001 conference

in San Diego.

Illinois has been using Entrust's technology for almost a year. But

in order for citizens with just one certificate to interact with the state,

Illinois officials will require every agency to use the central certificate

authority, which issues and manages the digital certificates.

"We want to be able to bring together all the efforts across the state,"

Crossland said. "It's enterprisewide, no exceptions."

The state has decided that the certificates will be for identification

and authentication only; each agency will have to manage authorization levels

for each user.

But officials must deal with several other policy issues before their

PKI will be fully functional, Crossland said.

These include:

* Registration. The state is doing face-to-face registration of citizens

receiving digital certificates, but officials want a Web-based system that

can be trusted by agencies and still be easy enough for anyone to use.

* Revocation. Should each agency be responsible for revoking certificates

over authorization issues? Or will the state have to revoke certificates

over problems such as fraud?

* Cross-certification. The state must make technology and policy decisions

that will allow Illinois' certificates to be accepted by other states and

federal agencies and, in turn, allow the state to accept other jurisdictions'


* Private sector. Will companies be able to use the Illinois certificates

to identify citizens for business transactions the way they now use state-issued

driver's licenses?

The state is approaching each of the issues from a new viewpoint, so

as not to simply transfer paper-bound processes to the Internet, Crossland


"We're trying to approach [our PKI] as a way to fundamentally change

the way government interacts," he said.


  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

  • IT Modernization
    Blue Signage and logo of the U.S. Department of Veterans Affairs

    VA plans 'strategic review' of $16B software program

    New Veterans Affairs chief Denis McDonough announced a "strategic review" of the agency's Electronic Health Record Modernization program of up to 12 weeks.

Stay Connected