Illinois was a pioneer among state governments in the area of PKI and strong encryption and was the first State to gain trusted status to the Federal PKI Bridge. There are roughly forty-eight State agencies, boards, commissions and units of local government utilizing digital certificates managed by BCCS.
CMS, by Legislative directive, is the sole source of digital certificates for State agencies, boards, commissions, universities and those who do business with them. This service can also be used by local, county and municipal governmental entities.
A digital certificate used to digitally sign a file, document or email, creates three points of assurance that an electronic communication is valid and unaltered.
A simple way of viewing this is that when two persons or two machines want to communicate electronically, both ends of the exchange are validated by a central (third party) Certificate Authority assuring that each end of the conversation is:
- who it is suppose to be;
- exchange between the two ends is both private and secured;
- contents of the document have not been altered.
A digital certificate used for encryption ensures that a file, document, or email can only be read by the intended recipient or recipients. Complex mathematical algorithms are used to ensure that the data cannot be decrypted by brute force attempts.
BCCS was certified in 2001 as a self-signed PKI certificate authority (CA), following an independent audit and "root key" generation ceremony, and as a trusted Registration and Certificate Authority (RA and CA). Annual "third party" audits are required to maintain this status, ensuring that the digital certificates issued are secure and trustworthy.
Digital certificates ensure that the message or document exchanged is unaltered, from the signed author, and can only be ready by the intended recipients. Encrypted communication, the second cryptographic service available, ensures that the method of transporting the message, document or data is secure and cannot be compromised. Secure Socket Layer (SSL) communications, as an example, creates an exchange between two machines ensuring that the server of origination is valid, the receiving server is valid, and that the exchange between the sender and receiver is encrypted and cannot be "sniffed" or read when traversing the public network.
If you open your Internet browser and go to a login page of a site or make a purchase online by providing credit card numbers, you should see a little "lock" displayed at the bottom or top of the browser indicating that the communication with the receiving server is secure and verified. BCCS can assist you in setting up that security.
- Certificates for in-state applicants can normally be completed on-line within 5 minutes. Out-of-state applications will be processed within 2 business days upon receipt. Instructions to complete the creation of the digital ID is sent to the home address provided on the submitted application through the United States Postal Service. Please allow for appropriate delivery time.
- Encryption software can take up to five minutes or more to download and install depending on your connection speed. Quick start installation guides are available.
- Four levels of certificates (i.e., trust). The higher the certificate level, the more assurance you have of the person's identity.
- Level 1 certificates use an online interface to verify information from your State of Illinois driver's license or ID card.
- Level 2 certificates require initial "face to face" identity verification along with two forms of identification.
- Level 3 certificates require Level 2 verifications in addition to a fingerprint background check.
- Level 4 certificates require all verifications through Level 3, plus a biometric validation such as a fingerprint, retinal scan, etc. before the appropriate system access is granted.
- Prompt, courteous and well-trained service staff
- 24/7/365 operation with 99.9% uptime
- Identity self-service options (password resets, updating of email addresses, etc)
- Trusted identity, document and transaction protections within electronic information exchanges
(Note: For out-of-state registrants, there is a paper-based process provided which relies on a notary public to validate identity. Please inquire for additional information.)