2013 Illinois Compiled Statutes
Chapter 5 - GENERAL PROVISIONS
5 ILCS 175/ - Electronic Commerce Security Act.
Article 15 - Effect Of A Digital Signature

(5 ILCS 175/Art. 15 heading)

5 ILCS 175/15-101

(5 ILCS 175/15-101)
Sec. 15-101. Secure electronic record. A digital signature that is created using an asymmetric algorithm certified by the Secretary of State under item (2) of subsection (b) of Section 10-105 shall be considered to be a qualified security procedure for purposes of detecting changes in the content of an electronic record under Section 10-105 if the digital signature was created during the operational period of a valid certificate, and is verified by reference to the public key listed in such certificate.
(Source: P.A. 90-759, eff. 7-1-99.)

5 ILCS 175/15-105

(5 ILCS 175/15-105)
Sec. 15-105. Secure electronic signature. A digital signature that is created using an asymmetric algorithm certified by the Secretary of State under item (2) of subsection (b) of Section 10-110 shall be considered to be a qualified security procedure for purposes of identifying a person under Section 10-110 if:
(1) the digital signature was created during the

operational period of a valid certificate, was used within the scope of any other restrictions specified or incorporated by reference in the certificate, if any, and can be verified by reference to the public key listed in the certificate; and

(2) the certificate is considered trustworthy (i.e.,

an accurate binding of a public key to a person's identity) because the certificate was issued by a certification authority in accordance with standards, procedures, and other requirements specified by the Secretary of State, or the trier of fact independently finds that the certificate was issued in a trustworthy manner by a certification authority that properly authenticated the subscriber and the subscriber's public key, or otherwise finds that the material information set forth in the certificate is true.

(Source: P.A. 90-759, eff. 7-1-99.)

5 ILCS 175/15-115

(5 ILCS 175/15-115)
Sec. 15-115. Secretary of State authority to adopt rules.
(a) The Secretary of State may adopt rules applicable to both the public and private sectors for the purpose of defining when a certificate is considered sufficiently trustworthy under Section 15-105 such that a digital signature verified by reference to such a certificate will be considered a qualified security procedure under Section 10-110. The rules may include (1) establishing or adopting standards applicable to certification authorities or certificates, compliance with which may be measured by becoming certified by the Secretary of State, becoming accredited by one or more independent accrediting entities recognized by the Secretary of State, or by other appropriate means and (2) where appropriate, establishing fees to be charged by the Secretary of State to recover all or a portion of its costs in connection therewith.
(b) In developing the rules, the Secretary of State shall endeavor to do so in a manner that will provide maximum flexibility to the implementation of digital signature technology and the business models necessary to support it, that will provide a clear basis for the recognition of certificates issued by foreign certification authorities, and, to the extent reasonably possible, that will maximize the opportunities for uniformity with the laws of other jurisdictions (both within the United States and internationally).
(c) The Secretary of State shall have exclusive authority to adopt rules authorized by this Section.
(Source: P.A. 90-759, eff. 7-1-99.)

5 ILCS 175/15-201

(5 ILCS 175/15-201)
Sec. 15-201. Reliance on certificates foreseeable. It is foreseeable that persons relying on a digital signature will also rely on a valid certificate containing the public key by which the digital signature can be verified, during the operational period of such certificate and within any limits specified in such certificate.
(Source: P.A. 90-759, eff. 7-1-99.)

5 ILCS 175/15-205

(5 ILCS 175/15-205)
Sec. 15-205. Restrictions on publication of certificate. No person may publish a certificate, or otherwise knowingly make it available to anyone likely to rely on the certificate or on a digital signature that is verifiable with reference to the public key listed in the certificate, if such person knows that:
(1) the certification authority listed in the

certificate has not issued it;

(2) the subscriber listed in the certificate has not

accepted it; or

(3) the certificate has been revoked or suspended,

unless such publication is for the purpose of verifying a digital signature created prior to such revocation or suspension, or giving notice of revocation or suspension.

(Source: P.A. 90-759, eff. 7-1-99.)

5 ILCS 175/15-210

(5 ILCS 175/15-210)
Sec. 15-210. Fraudulent use. No person shall knowingly create, publish, alter, or otherwise use a certificate for any fraudulent or other unlawful purpose. A person convicted of a violation of this Section shall be guilty of a Class 4 felony. A person convicted of a violation of this Section who previously has been convicted of a violation of this Section or Section 10-140 shall be guilty of a Class 3 felony. A person who violates this Section in furtherance of any scheme or artifice to defraud in excess of $50,000 shall be guilty of a Class 2 felony.
(Source: P.A. 90-759, eff. 7-1-99.)

5 ILCS 175/15-215

(5 ILCS 175/15-215)
Sec. 15-215. False or unauthorized request. No person shall knowingly misrepresent his or her identity or authorization in requesting or accepting a certificate or in requesting suspension or revocation of a certificate. A person convicted of a violation of this Section shall be guilty of a Class A misdemeanor. A person who violates this Section 10 times within a 12-month period, or in furtherance of any scheme or artifice to defraud, shall be guilty of a Class 4 felony. A person who violates this Section in furtherance of any scheme or artifice to defraud in excess of $50,000 shall be guilty of a Class 2 felony.
(Source: P.A. 90-759, eff. 7-1-99.)

5 ILCS 175/15-220

(5 ILCS 175/15-220)
Sec. 15-220. Unauthorized use of signature device. No person shall knowingly access, alter, disclose, or use the signature device of a certification authority used to issue certificates without authorization, or in excess of lawful authorization, for the purpose of creating, or allowing or causing another person to create, an unauthorized electronic signature using such signature device. A person convicted of a violation of this Section shall be guilty of a Class 3 felony. A person who violates this Section in furtherance of any scheme or artifice to defraud shall be guilty of a Class 2 felony.
(Source: P.A. 90-759, eff. 7-1-99.)

5 ILCS 175/15-301

(5 ILCS 175/15-301)
Sec. 15-301. Trustworthy services. Except as conspicuously set forth in its certification practice statement, a certification authority and a person maintaining a repository must maintain its operations and perform its services in a trustworthy manner.
(Source: P.A. 90-759, eff. 7-1-99.)

5 ILCS 175/15-305

(5 ILCS 175/15-305)
Sec. 15-305. Disclosure.
(a) For each certificate issued by a certification authority with the intention that it will be relied upon by third parties to verify digital signatures created by subscribers, a certification authority must publish or otherwise make available to the subscriber and all such relying parties:
(1) its certification practice statement, if any,

applicable thereto; and

(2) its certificate that identifies the certification

authority as a subscriber and that contains the public key corresponding to the private key used by the certification authority to digitally sign the certificate (its "certification authority certificate").

(b) In the event of an occurrence that materially and adversely affects a certification authority's operations or system, its certification authority certificate, or any other aspect of its ability to operate in a trustworthy manner, the certification authority must act in accordance with procedures governing such an occurrence specified in its certification practice statement, or in the absence of such procedures, must use reasonable efforts to notify any persons that the certification authority knows might foreseeably be damaged as a result of such occurrence.
(Source: P.A. 90-759, eff. 7-1-99.)

5 ILCS 175/15-310

(5 ILCS 175/15-310)
Sec. 15-310. Issuance of a certificate. A certification authority may issue a certificate to a prospective subscriber for the purpose of allowing third parties to verify digital signatures created by the subscriber only after:
(1) the certification authority has received a request for issuance from the prospective subscriber; and
(2) the certification authority has:
(A) complied with all of the relevant practices and

procedures set forth in its applicable certification practice statement, if any; or

(B) in the absence of a certification practice

statement addressing these issues, confirmed in a trustworthy manner that:

(i) the prospective subscriber is the person to

be listed in the certificate to be issued;

(ii) the information in the certificate to be

issued is accurate; and

(iii) the prospective subscriber rightfully holds

a private key capable of creating a digital signature, and the public key to be listed in the certificate can be used to verify a digital signature affixed by such private key.

(Source: P.A. 90-759, eff. 7-1-99.)

5 ILCS 175/15-315

(5 ILCS 175/15-315)
Sec. 15-315. Representations upon issuance of certificate.
(a) By issuing a certificate with the intention that it will be relied upon by third parties to verify digital signatures created by the subscriber, a certification authority represents to the subscriber, and to any person who reasonably relies on information contained in the certificate, in good faith and during its operational period, that:
(1) the certification authority has processed,

approved, and issued, and will manage and revoke if necessary, the certificate in accordance with its applicable certification practice statement stated or incorporated by reference in the certificate or of which such person has notice, or in lieu thereof, in accordance with this Act or the law of the jurisdiction governing issuance of the certificate;

(2) the certification authority has verified the

identity of the subscriber to the extent stated in the certificate or its applicable certification practice statement, or in lieu thereof, that the certification authority has verified the identity of the subscriber in a trustworthy manner;

(3) the certification authority has verified that the

person requesting the certificate holds the private key corresponding to the public key listed in the certificate; and

(4) except as conspicuously set forth in the

certificate or its applicable certification practice statement, to the certification authority's knowledge as of the date the certificate was issued, all other information in the certificate is accurate, and not materially misleading.

(b) If a certification authority issued the certificate subject to the laws of another jurisdiction, the certification authority also makes all warranties and representations, if any, otherwise applicable under the law governing its issuance.
(Source: P.A. 90-759, eff. 7-1-99.)

5 ILCS 175/15-320

(5 ILCS 175/15-320)
Sec. 15-320. Revocation of a certificate.
(a) During the operational period of a certificate, the certification authority that issued the certificate must revoke the certificate in accordance with the policies and procedures governing revocation specified in its applicable certification practice statement, or in the absence of such policies and procedures, as soon as possible after:
(1) receiving a request for revocation by the

subscriber named in the certificate, and confirming that the person requesting revocation is the subscriber, or is an agent of the subscriber with authority to request the revocation;

(2) receiving a certified copy of an individual

subscriber's death certificate, or upon confirming by other reliable evidence that the subscriber is dead;

(3) being presented with documents effecting a

dissolution of a corporate subscriber, or confirmation by other evidence that the subscriber has been dissolved or has ceased to exist;

(4) being served with an order requiring revocation

that was issued by a court of competent jurisdiction; or

(5) confirmation by the certification authority that:
(A) a material fact represented in the

certificate is false;

(B) a material prerequisite to issuance of the

certificate was not satisfied;

(C) the certification authority's private key or

system operations were compromised in a manner materially affecting the certificate's reliability; or

(D) the subscriber's private key was compromised.
(b) Upon effecting such a revocation, the certification authority must notify the subscriber and relying parties in accordance with the policies and procedures governing notice of revocation specified in its applicable certification practice statement, or in the absence of such policies and procedures, promptly notify the subscriber, promptly publish notice of the revocation in all repositories where the certification authority previously caused publication of the certificate, and otherwise disclose the fact of revocation on inquiry by a relying party.
(Source: P.A. 90-759, eff. 7-1-99.)