In 1999 Illinois placed a big security bet on public-key infrastructure for e-commerce, but three years ago its PKI project faltered as state agencies foundered badly when issuing the digital certificates to citizens.

It wasn’t supposed to turn out that way. The state’s landmark Electronic Commerce Security Act had given digitally signed documents an equal legal status to wet-signature paper ones in 1999, putting Illinois on the cusp of the PKI revolution. “Over the next 18 months we hope to distribute over a million digital IDs to citizens and businesses to enable them to do business with the state of Illinois as an integrated secure Web-driven government,” proclaimed then-Governor George Ryan.

The idea was to decrease paper-based exchange in favor of electronic documents in every sphere of government on every level by having citizens submit digitally signed forms instead of written signatures.

Click to see: State of Illinois IT executives Doug Kasamis (right) and Mark Anderson have been immersed in reshaping the state’s once-disappointing PKI project.

In early 2001, that still sounded possible, as Illinois had the technology contracts in place -- primarily one with Entrust -- making digital-certificate registration, issuance and management software available to state agencies. But the agencies were flummoxed by the intricacies of PKI, in which sender and recipient can exchange encrypted and signed documents through a public-private key pair also used to verify contents haven’t been altered.

“By 2003, we had less than 6,000 certificates issued,” acknowledges Doug Kasamis, acting deputy director of the state's IT department, the Central Management Services (CMS) Bureau of Communication and Computer Services.

More wheels were coming off the wagon as Gov. Ryan, once praised for setting up a cabinet-level chief technology office, left office under a cloud of scandal that year, later being convicted of racketeering and fraud charges. By 2004, it was clear that something had to be done to save the PKI effort, whicht was failing despite the fact that Illinois was distributing certificates for free.

“We called this our ‘IT rationalization,’” says Mark Anderson, head of the PKI project. Basically, the state agencies and the IT department settled on a last-ditch plan to centralize the administration of PKI at the CMS level, having CMS do the technical work on behalf of the state agencies.

Whitepapers

• The Trend from UNIX to Linux in SAP(r) Data Centers
• Getting in Compliance With Government Data Regulations By Leveraging Online Security Technology
• How to Offer the Strongest SSL Encryption
• Maximizing Site Visitor Trust Using Extended Validation SSL
• Seven Steps to Reducing your Security Risk
• The Latest Advancements in SSL Technology

View more SECURITY whitepapers

Webcasts

• The Secure Web Gateway. Mission Critical For Business - Webcast
• Mobile Data Security
• Best Practices for Deploying WAN Optimization for Disaster Recovery
• Key Considerations for a Successful 802.11n Deployment
• Solutions to the Toughest IT Challenges in Remote Offices
• Lowering the Cost of Email Archives

View more SECURITY webcasts

Special Reports

• The Evolution of Network Security
• Taking Virtualization Up a Notch
• The self-managed network

View more SECURITY special reports