Illinois unifying PKI program

Featured eBooks
Health Tech
Read Now

Next-Generation Computing

Read Now

Space Tech

Read Now
Insights & Reports
Cyber-Informed Engineering for OT Security and AVEVA PI Users
Presented By Carahsoft
Download Now
Revolutionizing Workforce Management for Federal Employees
Presented By Ultimate Kronos Group
Download Now
By Diane Frank

By Diane Frank

|

The state is getting down to the nittygritty in establishing its system to allow secure online transactions

Illinois Technology Office

Related Links

"'John Hancock' Goes Digital"

"How PKI Works"

Illinois has decided to standardize its electronic transaction authentication

system, but questions remain about how it will work.

The state's public-key infrastructure program, which uses digital certificates

to authenticate users for electronic transactions, will be standardized

on Entrust Technologies Inc.'s system, said Brent Crossland, deputy technology

officer for Illinois, speaking Monday at the Entrust SecureSummit 2001 conference

in San Diego.

Illinois has been using Entrust's technology for almost a year. But

in order for citizens with just one certificate to interact with the state,

Illinois officials will require every agency to use the central certificate

authority, which issues and manages the digital certificates.

"We want to be able to bring together all the efforts across the state,"

Crossland said. "It's enterprisewide, no exceptions."

The state has decided that the certificates will be for identification

and authentication only; each agency will have to manage authorization levels

for each user.

But officials must deal with several other policy issues before their

PKI will be fully functional, Crossland said.

These include:

* Registration. The state is doing face-to-face registration of citizens

receiving digital certificates, but officials want a Web-based system that

can be trusted by agencies and still be easy enough for anyone to use.

* Revocation. Should each agency be responsible for revoking certificates

over authorization issues? Or will the state have to revoke certificates

over problems such as fraud?

* Cross-certification. The state must make technology and policy decisions

that will allow Illinois' certificates to be accepted by other states and

federal agencies and, in turn, allow the state to accept other jurisdictions'

certificates.

* Private sector. Will companies be able to use the Illinois certificates

to identify citizens for business transactions the way they now use state-issued

driver's licenses?

The state is approaching each of the issues from a new viewpoint, so

as not to simply transfer paper-bound processes to the Internet, Crossland

said.

"We're trying to approach [our PKI] as a way to fundamentally change

the way government interacts," he said.

NEXT STORY: Roster Change