2005 Illinois Code - 5 ILCS 175/ Electronic Commerce Security Act. Article 15 - Effect Of A Digital Signature
(5 ILCS 175/Art. 15 heading)
ARTICLE 15.
EFFECT OF A DIGITAL SIGNATURE
(5 ILCS 175/15‑101)
Sec. 15‑101.
Secure electronic record.
A digital signature that is
created
using an asymmetric algorithm certified by the Secretary of State under
item (2) of subsection (b) of Section
10‑105 shall be
considered to be a qualified security procedure for purposes of detecting
changes in the content of an
electronic record under Section 10‑105 if the digital signature was created
during the operational period of
a valid certificate, and is verified by reference to the public key listed in
such certificate.
(Source: P.A. 90‑759, eff. 7‑1‑99.)
|
(5 ILCS 175/15‑105)
Sec. 15‑105.
Secure electronic signature.
A digital signature that is
created
using an asymmetric algorithm certified by the Secretary of State under
item (2) of subsection (b) of
Section
10‑110 shall be
considered to be a qualified security procedure for purposes of identifying a
person under Section 10‑110
if:
(1) the digital signature was created during the |
|
operational period of a valid certificate, was used within the scope of any other restrictions specified or incorporated by reference in the certificate, if any, and can be verified by reference to the public key listed in the certificate; and
|
|
(2) the certificate is considered trustworthy (i.e.,
|
|
an accurate binding of a public key to a person's identity) because the certificate was issued by a certification authority in accordance with standards, procedures, and other requirements specified by the Secretary of State, or the trier of fact independently finds that the certificate was issued in a trustworthy manner by a certification authority that properly authenticated the subscriber and the subscriber's public key, or otherwise finds that the material information set forth in the certificate is true.
|
|
(Source: P.A. 90‑759, eff. 7‑1‑99.)
|
(5 ILCS 175/15‑115)
Sec. 15‑115.
Secretary of State authority to adopt
rules.
(a) The Secretary of State may adopt rules applicable to both the
public and private
sectors for the purpose of defining when a certificate is considered
sufficiently trustworthy under Section 15‑105
such that a digital signature verified by reference to such a certificate will
be considered a qualified
security procedure under Section 10‑110. The rules may include (1)
establishing or adopting
standards applicable to certification authorities or certificates, compliance
with which may be measured
by becoming certified by the Secretary of State, becoming accredited by one or
more independent
accrediting entities recognized by the Secretary of State, or by other
appropriate means and (2) where
appropriate, establishing fees to be charged by the Secretary of State to
recover all or a portion of its
costs in connection therewith.
(b) In developing the rules, the Secretary of State shall endeavor to
do so in a
manner that will provide maximum flexibility to the implementation of digital
signature technology and the
business models necessary to support it, that will provide a clear basis for
the recognition of certificates
issued by foreign certification authorities, and, to the extent reasonably
possible, that will maximize the
opportunities for uniformity with the laws of other jurisdictions (both within
the United States and
internationally).
(c) The Secretary of State shall have exclusive authority to adopt
rules authorized by
this Section.
(Source: P.A. 90‑759, eff. 7‑1‑99.)
|
(5 ILCS 175/15‑201)
Sec. 15‑201.
Reliance on certificates foreseeable.
It is foreseeable
that
persons relying on a digital signature will also rely on a valid certificate
containing the public key by
which the digital signature can be verified, during the operational period of
such certificate and within
any limits specified in such certificate.
(Source: P.A. 90‑759, eff. 7‑1‑99.)
|
(5 ILCS 175/15‑205)
Sec. 15‑205.
Restrictions on publication of certificate.
No person
may publish a certificate, or otherwise knowingly make it available to anyone
likely to rely on the
certificate or on a digital signature that is verifiable with reference to the
public key listed in the
certificate, if such person knows that:
(1) the certification authority listed in the |
|
certificate has not issued it;
|
|
(2) the subscriber listed in the certificate has not
|
|
|
(3) the certificate has been revoked or suspended,
|
|
unless such publication is for the purpose of verifying a digital signature created prior to such revocation or suspension, or giving notice of revocation or suspension.
|
|
(Source: P.A. 90‑759, eff. 7‑1‑99.)
|
(5 ILCS 175/15‑210)
Sec. 15‑210.
Fraudulent use.
No person shall knowingly create, publish,
alter, or
otherwise use a certificate for any fraudulent or other unlawful purpose. A
person convicted of a
violation of this Section shall be guilty of a Class 4 felony. A person
convicted of a violation of this
Section who previously has been convicted of a violation of this Section or
Section 10‑140 shall be guilty of a
Class 3 felony. A person who violates this Section in furtherance of any scheme
or artifice to defraud in
excess of $50,000 shall be guilty of a Class 2 felony.
(Source: P.A. 90‑759, eff. 7‑1‑99.)
|
(5 ILCS 175/15‑215)
Sec. 15‑215.
False or unauthorized request.
No person shall knowingly
misrepresent his or her identity or authorization in requesting or accepting a
certificate or in requesting
suspension or revocation of a certificate. A person convicted of a violation
of this Section shall be
guilty of a Class A misdemeanor. A person who violates this Section 10 times
within a 12‑month period, or in
furtherance of any scheme or artifice to defraud, shall be guilty of a Class 4
felony. A person who
violates this Section in furtherance of any scheme or artifice to defraud in
excess of $50,000 shall be
guilty of a Class 2 felony.
(Source: P.A. 90‑759, eff. 7‑1‑99.)
|
(5 ILCS 175/15‑220)
Sec. 15‑220.
Unauthorized use of signature device.
No person shall
knowingly access, alter, disclose, or use the signature device of a
certification authority used to issue
certificates without authorization, or in excess of lawful authorization, for
the purpose of creating, or
allowing or causing another person to create, an unauthorized electronic
signature using such signature
device. A person convicted of a violation of this Section shall be guilty of
a Class 3 felony. A person
who violates this Section in furtherance of any scheme or artifice to defraud
shall be guilty of a Class 2
felony.
(Source: P.A. 90‑759, eff. 7‑1‑99.)
|
(5 ILCS 175/15‑301)
Sec. 15‑301.
Trustworthy services.
Except as conspicuously set forth in
its certification practice statement, a certification authority and a person
maintaining a repository must
maintain its operations and perform its services in a trustworthy manner.
(Source: P.A. 90‑759, eff. 7‑1‑99.)
|
(5 ILCS 175/15‑305)
Sec. 15‑305.
Disclosure.
(a) For each certificate issued by a certification authority with the
intention that it will be
relied upon by third parties to verify digital signatures created by
subscribers, a certification authority
must publish or otherwise make available to the subscriber and all such relying
parties:
(1) its certification practice statement, if any, |
|
|
(2) its certificate that identifies the
|
|
certification authority as a subscriber and that contains the public key corresponding to the private key used by the certification authority to digitally sign the certificate (its "certification authority certificate").
|
|
(b) In the event of an occurrence that materially and adversely affects a
certification
authority's operations or system, its certification authority certificate, or
any other aspect of its ability to
operate in a trustworthy manner, the certification authority must act in
accordance with procedures
governing such an occurrence specified in its certification practice statement,
or in the absence of such
procedures, must use reasonable efforts to notify any persons that the
certification authority knows
might foreseeably be damaged as a result of such occurrence.
(Source: P.A. 90‑759, eff. 7‑1‑99.)
|
(5 ILCS 175/15‑310)
Sec. 15‑310.
Issuance of a certificate.
A certification authority may
issue
a
certificate to a prospective subscriber for the purpose of allowing third
parties to verify digital signatures
created by the subscriber only after:
(1) the certification authority
has received a request for issuance from the prospective subscriber; and
(2) the certification authority has:
(A) complied with all of the relevant practices and |
|
procedures set forth in its applicable certification practice statement, if any; or
|
|
(B) in the absence of a certification practice
|
|
statement addressing these issues, confirmed in a trustworthy manner that:
|
|
(i) the prospective subscriber is the person to
|
|
be listed in the certificate to be issued;
|
|
(ii) the information in the certificate to be
|
|
|
(iii) the prospective subscriber rightfully
|
|
holds a private key capable of creating a digital signature, and the public key to be listed in the certificate can be used to verify a digital signature affixed by such private key.
|
|
(Source: P.A. 90‑759, eff. 7‑1‑99.)
|
(5 ILCS 175/15‑315)
Sec. 15‑315.
Representations upon issuance of certificate.
(a) By issuing a certificate with the intention that it will be relied upon
by third parties to
verify digital signatures created by the subscriber, a certification authority
represents to the subscriber,
and to any person who reasonably relies on information contained in the
certificate, in good faith and
during its operational period, that:
(1) the certification authority has processed, |
|
approved, and issued, and will manage and revoke if necessary, the certificate in accordance with its applicable certification practice statement stated or incorporated by reference in the certificate or of which such person has notice, or in lieu thereof, in accordance with this Act or the law of the jurisdiction governing issuance of the certificate;
|
|
(2) the certification authority has verified the
|
|
identity of the subscriber to the extent stated in the certificate or its applicable certification practice statement, or in lieu thereof, that the certification authority has verified the identity of the subscriber in a trustworthy manner;
|
|
(3) the certification authority has verified that
|
|
the person requesting the certificate holds the private key corresponding to the public key listed in the certificate; and
|
|
(4) except as conspicuously set forth in the
|
|
certificate or its applicable certification practice statement, to the certification authority's knowledge as of the date the certificate was issued, all other information in the certificate is accurate, and not materially misleading.
|
|
(b) If a certification authority issued the certificate subject to the
laws
of another jurisdiction,
the certification authority also makes all warranties and representations, if
any, otherwise applicable
under the law governing its issuance.
(Source: P.A. 90‑759, eff. 7‑1‑99.)
|
(5 ILCS 175/15‑320)
Sec. 15‑320.
Revocation of a certificate.
(a) During the operational period of a certificate, the certification
authority that issued the
certificate must revoke the certificate in accordance with the policies and
procedures governing
revocation specified in its applicable certification practice statement, or in
the absence of such policies
and procedures, as soon as possible after:
(1) receiving a request for revocation by the |
|
subscriber named in the certificate, and confirming that the person requesting revocation is the subscriber, or is an agent of the subscriber with authority to request the revocation;
|
|
(2) receiving a certified copy of an individual
|
|
subscriber's death certificate, or upon confirming by other reliable evidence that the subscriber is dead;
|
|
(3) being presented with documents effecting a
|
|
dissolution of a corporate subscriber, or confirmation by other evidence that the subscriber has been dissolved or has ceased to exist;
|
|
(4) being served with an order requiring revocation
|
|
that was issued by a court of competent jurisdiction; or
|
|
(5) confirmation by the certification authority that:
(A) a material fact represented in the
|
|
|
(B) a material prerequisite to issuance of the
|
|
certificate was not satisfied;
|
|
(C) the certification authority's private key or
|
|
system operations were compromised in a manner materially affecting the certificate's reliability; or
|
|
(D) the subscriber's private key was compromised.
(b) Upon effecting such a revocation, the certification authority must
notify the subscriber
and relying parties in accordance with the policies and procedures governing
notice of revocation
specified in its applicable certification practice statement, or in the absence
of such policies and
procedures, promptly notify the subscriber, promptly publish notice of the
revocation in all repositories
where the certification authority previously caused publication of the
certificate, and otherwise disclose
the fact of revocation on inquiry by a relying party.
(Source: P.A. 90‑759, eff. 7‑1‑99.)
|
Disclaimer: These codes may not be the most recent version. Illinois may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.
