Illinois to join federal PKI project
- By Dipka Bhambhani
- Mar 18, 2003
Judith Spencer sees more PKI interoperability.
Illinois this month intends to join the Federal Bridge Certification Authority and make its digital certificates work with those of four federal agencies.
With the General Services Administration, the state will test the interoperability of its certificates with those of the Treasury and Defense departments, the Agriculture Department's National Finance Center and NASA, which are part of the bridge authority. It would be the first state to join the bridge authority.
Illinois uses digital certificates to conduct business online among state agencies, lawmakers and businesses.
When they started, the technology was 'bleeding edge,' said Georgia Marsh, associate director for the Illinois Department of Revenue, who also serves on the state's public-key infrastructure policy authority.
The Illinois Department of Aging created the first application supported by the state's PKI in 2000. It managed online access to records.
From there, the state developed levels of authentication. Users provide information online from their driver's licenses or state-issued identification cards. The system cross-checks the data with state records. 'We have several levels of certificates,' said Scott Kennedy, the state technology officer. For some transactions, users must provide additional information, he said.
Illinois hired certificate authority Entrust Inc. of Addison, Texas, when it started its PKI project, but then decided to be its own certificate and registration authority. 'Identity management is a role of government, and as such we're not looking at opportunities to outsource,' Marsh said.
The state wanted the ability to process secure online transactions because that was the initial purpose of its Web site, Marsh said.
Judith Spencer, chairman of the federal PKI Steering Committee at GSA, said state and federal officials are developing policy mapping to verify certificates and conduct interoperability tests.
'This is where we put the certification authorities through their paces,' she said. 'We have to ensure that we can issue cross certificates and that they can be recognized.'
'Nothing regarding the deployment has been easy, but the return on opportunity for citizens to do joint federal and state transactions, and our new ability to securely and confidentially communicate with our federal counterparts, makes it all worthwhile,' Marsh said.
Illinois has to be able to read the other agencies' directories of certificates and vice versa.Longtime plans
Once the technical testing is complete and the bridge authority has a copy of the state's compliance audit, cross-certification can begin.
Marsh said Illinois prepared for federal interoperability long before it began its current work. The state began looking at mapping strategies, internal audits of PKI policy and process performance with GSA about a year ago. 'We did it in parallel to the federal and Canadian systems because there was the interoperability in the backs of our minds,' she said.
The process is the same for federal agencies that want to join the bridge, Spencer said. Illinois submitted its application to the federal bridge in January.
She touted the online business tax registration, which in 2 weeks will include a federal component.
'Businesses will receive their state tax numbers and provisional [federal employer identification number] in one online session,' she said.
Illinois' Small Business Development Centers are building an application for online counseling that will be supported by the state's PKI.
The center counsels small business owners on topics such as starting up operations, applying for grants and managing finances.
'Very personal information is exchanged,' Marsh said.
Putting the process online will let more businesses participate, Kennedy said.