Public Key Infrastructure Cryptography

Digital certificates provide identity information, resist forgery and can be verified by an official third party (Illinois' PKI).  Illinois certificates obtain information such as the name of the certificate holder, a serial number, expiration dates, a copy of the holder's public key and a digital signature of Illinois CA to assist recipients with certificate validation.  Illinois' digital certificates conform to the X.509 standard. 

Service recipients can utilize digital certificates for digitally signing documents, files and emails.  When sending digital messages and documents, the digital signature associated with the certificate ensures the messages originate with a known sender (i.e., authentication) who cannot deny sending the message (i.e., non-repudiation) and ensures the message has not been altered (i.e., integrity).

A simple way of viewing this is that when two persons or two machines want to communicate electronically, both ends of the exchange are validated by a central (third party) Certificate Authority assuring that each end of the conversation is:

1. Who it is supposed to be;
2. Exchange between the two ends is both private and secured;
3. Contents of the document have not been altered.

Encrypted Communications

Encrypted communication, the second cryptographic service available, ensures that the method of transporting the message, document or data is secure and not compromised.  Secure Socket Layer (SSL) communications, as an example, creates an exchange between two machines ensuring that the server of origination is valid, the receiving server is valid and that the exchange between the sender and receiver is encrypted and cannot be "sniffed" or read when traversing the public network.

When going to the login page of a website or making a purchase online via providing a credit card, a "lock" appears at the bottom or top of the browser indicating the communication with the receiving server is secure and verified.  DoIT can assist with setting up SSL security. 

Standard

Certificate Type

• Personal (e.g., individuals)
• Device (e.g., servers) certificates

Trust Levels

• Level 1 certificates: uses an online interface to verify information from your State of Illinois driver's license or ID card
• Level 2 certificates: initial "face to face" identity verification along with two forms of identification
• Level 3 certificates: requires Level 2 verifications plus a background check
• Level 4 certificates: requires all verifications through Level 3 plus a biometric validation such as a fingerprint, retinal scan, etc., before the appropriate system access is granted

​Supporting Software

• ​Encryption & Signing requires Entrust Entelligence Security Provider (EESP) -desktop client that manages certificates and enables certificate services within the native user OS environment.  Meets DoD secure delete requirements.
• Entrust Entelligence Security Provider for Outlook - Outlook plugin for encrypting and signing emails

Service can be procured, modified or cancelled by selecting the "Order Services" button near the top of the right pane.

• Service provisioning and implementation
• Incident resolution
• Routine maintenance
• Provide 24/7 support for questions and/or problems
• Maintain contracts with vendor
• Notify customer of any changes to the product
• Provide instructions to complete the creation of the digital ID

• Develop and implement agency governance to ensure staff compliance with DoIT incident reporting and request requirements
• Identify requirements and assess the assurance level needed for accessing your application 
• Work with the PKI Team to identify service requirements and develop implementation plans. Depending on the scale of the plan, the DoIT governance process may be required
• Provide end-user training as needed 

• Certificates for in-state applicants completed on-line within 5 minutes
• Out-of-state applications processed within 2 business days of receipt