Skip Ribbon Commands
Skip to main content

Breadcrumb

  1. Home
  2. Services
  3. Catalog
  4. Security
  5. Cryptography

Cryptography (PKI)

Category: Security

Contact Customer Support; PKI Digital Certificate - Customer Support hours: Monday thru Sunday, 8:00 am to 4:30 pm 866-465-9119.  Please respond by saying “I need help obtaining my digital certificate”.
 
Illinois was a pioneer among state governments in the area of PKI and strong encryption and was the first State to gain trusted status to the Federal PKI Bridge. There are roughly forty-eight State agencies, boards, commissions and units of local government utilizing digital certificates managed by BCCS.
 
CMS, by Legislative directive, is the sole source of digital certificates for State agencies, boards, commissions, universities and those who do business with them. This service can also be used by local, county and municipal governmental entities.
 
Digital Certificates
A digital certificate used to digitally sign a file, document or email, creates three points of assurance that an electronic communication is valid and unaltered.
 
A simple way of viewing this is that when two persons or two machines want to communicate electronically, both ends of the exchange are validated by a central (third party) Certificate Authority assuring that each end of the conversation is:
  1. who it is suppose to be;
  2. exchange between the two ends is both private and secured;
  3. contents of the document have not been altered.
A digital certificate used for encryption ensures that a file, document, or email can only be read by the intended recipient or recipients. Complex mathematical algorithms are used to ensure that the data cannot be decrypted by brute force attempts.
 
BCCS was certified in 2001 as a self-signed PKI certificate authority (CA), following an independent audit and "root key" generation ceremony, and as a trusted Registration and Certificate Authority (RA and CA). Annual "third party" audits are required to maintain this status, ensuring that the digital certificates issued are secure and trustworthy.
 
Encrypted Communications
Digital certificates ensure that the message or document exchanged is unaltered, from the signed author, and can only be ready by the intended recipients. Encrypted communication, the second cryptographic service available, ensures that the method of transporting the message, document or data is secure and cannot be compromised. Secure Socket Layer (SSL) communications, as an example, creates an exchange between two machines ensuring that the server of origination is valid, the receiving server is valid, and that the exchange between the sender and receiver is encrypted and cannot be "sniffed" or read when traversing the public network.
 
If you open your Internet browser and go to a login page of a site or make a purchase online by providing credit card numbers, you should see a little "lock" displayed at the bottom or top of the browser indicating that the communication with the receiving server is secure and verified. BCCS can assist you in setting up that security.

Rates



What is Included?

  • Two types of certificates are offered by BCCS ("organizational" certificates are not available):
    • Personal (e.g. individuals)
    • Device (e.g. servers) certificates
  • An independently certified, highly secured environment ensuring transactions and data are protected.
  • Expertise and background gained with implementation of digital signage serving 48 State and local governmental entities to date.
  • Digital identity assignments for individuals or systems.
  • Software necessary to enable encryption/digital signature functionality.
  • Help desk support.

What Should You Expect?

  • Certificates for in-state applicants can normally be completed on-line within 5 minutes.  Out-of-state applications will be processed within 2 business days upon receipt.  Instructions to complete the creation of the digital ID is sent to the home address provided on the submitted application through the United States Postal Service.  Please allow for appropriate delivery time. 
  • Encryption software can take up to five minutes or more to download and install depending on your connection speed. Quick start installation guides are available.
  • Four levels of certificates (i.e., trust). The higher the certificate level, the more assurance you have of the person's identity.
    • Level 1 certificates use an online interface to verify information from your State of Illinois driver's license or ID card.
    • Level 2 certificates require initial "face to face" identity verification along with two forms of identification.
    • Level 3 certificates require Level 2 verifications in addition to a fingerprint background check.
    • Level 4 certificates require all verifications through Level 3, plus a biometric validation such as a fingerprint, retinal scan, etc. before the appropriate system access is granted.
  • Prompt, courteous and well-trained service staff
  • 24/7/365 operation with 99.9% uptime
  • Identity self-service options (password resets, updating of email addresses, etc)
  • Trusted identity, document and transaction protections within electronic information exchanges
(Note: For out-of-state registrants, there is a paper-based process provided which relies on a notary public to validate identity. Please inquire for additional information.)

How Can You Help?

  • Start by realistically looking at your requirements and objectives. With identity theft on the rise and privacy laws on the books, you need to assess the level of security your application needs before any technical questions are addressed.
  • Anticipate that an implementation of a PKI supported system or integration will be a required need for the environment or system contemplated, warranting both the time and expense to impose these higher levels of security. While BCCS can provide software and installation assistance, it is up to the individual entity to provide any actual coding or application development work necessary to implement the solution.
  • Use of digital certificates to protect eMail is a less technical area, but user training is recommended as a part of such implementations.
  • If contemplating the use of digital certificates to protect a new system, it is important to involve BCCS early in the planning process through the BCCS governance process.