Illinois General Assembly

  Bills & Resolutions  
  Compiled Statutes  
  Public Acts  
  Legislative Reports  
  IL Constitution  
  Legislative Guide  
  Legislative Glossary  

 Search By Number
 (example: HB0001)
Search Tips

Search By Keyword

Illinois Compiled Statutes

Information maintained by the Legislative Reference Bureau
Updating the database of the Illinois Compiled Statutes (ILCS) is an ongoing process. Recent laws may not yet be included in the ILCS database, but they are found on this site as Public Acts soon after they become law. For information concerning the relationship between statutes and Public Acts, refer to the Guide.

Because the statute database is maintained primarily for legislative drafting purposes, statutory changes are sometimes included in the statute database before they take effect. If the source note at the end of a Section of the statutes includes a Public Act that has not yet taken effect, the version of the law that is currently in effect may have already been removed from the database and you should refer to that Public Act to see the changes made to the current law.

GENERAL PROVISIONS
(5 ILCS 175/) Electronic Commerce Security Act.

5 ILCS 175/Art. 15

 
    (5 ILCS 175/Art. 15 heading)
ARTICLE 15. EFFECT OF A DIGITAL SIGNATURE

5 ILCS 175/15-101

    (5 ILCS 175/15-101)
    Sec. 15-101. Secure electronic record. A digital signature that is created using an asymmetric algorithm certified by the Secretary of State under item (2) of subsection (b) of Section 10-105 shall be considered to be a qualified security procedure for purposes of detecting changes in the content of an electronic record under Section 10-105 if the digital signature was created during the operational period of a valid certificate, and is verified by reference to the public key listed in such certificate.
(Source: P.A. 90-759, eff. 7-1-99.)

5 ILCS 175/15-105

    (5 ILCS 175/15-105)
    Sec. 15-105. Secure electronic signature. A digital signature that is created using an asymmetric algorithm certified by the Secretary of State under item (2) of subsection (b) of Section 10-110 shall be considered to be a qualified security procedure for purposes of identifying a person under Section 10-110 if:
        (1) the digital signature was created during the
    
operational period of a valid certificate, was used within the scope of any other restrictions specified or incorporated by reference in the certificate, if any, and can be verified by reference to the public key listed in the certificate; and
        (2) the certificate is considered trustworthy (i.e.,
    
an accurate binding of a public key to a person's identity) because the certificate was issued by a certification authority in accordance with standards, procedures, and other requirements specified by the Secretary of State, or the trier of fact independently finds that the certificate was issued in a trustworthy manner by a certification authority that properly authenticated the subscriber and the subscriber's public key, or otherwise finds that the material information set forth in the certificate is true.
(Source: P.A. 90-759, eff. 7-1-99.)

5 ILCS 175/15-115

    (5 ILCS 175/15-115)
    Sec. 15-115. Secretary of State authority to adopt rules.
    (a) The Secretary of State may adopt rules applicable to both the public and private sectors for the purpose of defining when a certificate is considered sufficiently trustworthy under Section 15-105 such that a digital signature verified by reference to such a certificate will be considered a qualified security procedure under Section 10-110. The rules may include (1) establishing or adopting standards applicable to certification authorities or certificates, compliance with which may be measured by becoming certified by the Secretary of State, becoming accredited by one or more independent accrediting entities recognized by the Secretary of State, or by other appropriate means and (2) where appropriate, establishing fees to be charged by the Secretary of State to recover all or a portion of its costs in connection therewith.
    (b) In developing the rules, the Secretary of State shall endeavor to do so in a manner that will provide maximum flexibility to the implementation of digital signature technology and the business models necessary to support it, that will provide a clear basis for the recognition of certificates issued by foreign certification authorities, and, to the extent reasonably possible, that will maximize the opportunities for uniformity with the laws of other jurisdictions (both within the United States and internationally).
    (c) The Secretary of State shall have exclusive authority to adopt rules authorized by this Section.
(Source: P.A. 90-759, eff. 7-1-99.)

5 ILCS 175/15-201

    (5 ILCS 175/15-201)
    Sec. 15-201. Reliance on certificates foreseeable. It is foreseeable that persons relying on a digital signature will also rely on a valid certificate containing the public key by which the digital signature can be verified, during the operational period of such certificate and within any limits specified in such certificate.
(Source: P.A. 90-759, eff. 7-1-99.)

5 ILCS 175/15-205

    (5 ILCS 175/15-205)
    Sec. 15-205. Restrictions on publication of certificate. No person may publish a certificate, or otherwise knowingly make it available to anyone likely to rely on the certificate or on a digital signature that is verifiable with reference to the public key listed in the certificate, if such person knows that:
        (1) the certification authority listed in the
    
certificate has not issued it;
        (2) the subscriber listed in the certificate has not
    
accepted it; or
        (3) the certificate has been revoked or suspended,
    
unless such publication is for the purpose of verifying a digital signature created prior to such revocation or suspension, or giving notice of revocation or suspension.
(Source: P.A. 90-759, eff. 7-1-99.)

5 ILCS 175/15-210

    (5 ILCS 175/15-210)
    Sec. 15-210. Fraudulent use. No person shall knowingly create, publish, alter, or otherwise use a certificate for any fraudulent or other unlawful purpose. A person convicted of a violation of this Section shall be guilty of a Class 4 felony. A person convicted of a violation of this Section who previously has been convicted of a violation of this Section or Section 10-140 shall be guilty of a Class 3 felony. A person who violates this Section in furtherance of any scheme or artifice to defraud in excess of $50,000 shall be guilty of a Class 2 felony.
(Source: P.A. 90-759, eff. 7-1-99.)

5 ILCS 175/15-215

    (5 ILCS 175/15-215)
    Sec. 15-215. False or unauthorized request. No person shall knowingly misrepresent his or her identity or authorization in requesting or accepting a certificate or in requesting suspension or revocation of a certificate. A person convicted of a violation of this Section shall be guilty of a Class A misdemeanor. A person who violates this Section 10 times within a 12-month period, or in furtherance of any scheme or artifice to defraud, shall be guilty of a Class 4 felony. A person who violates this Section in furtherance of any scheme or artifice to defraud in excess of $50,000 shall be guilty of a Class 2 felony.
(Source: P.A. 90-759, eff. 7-1-99.)

5 ILCS 175/15-220

    (5 ILCS 175/15-220)
    Sec. 15-220. Unauthorized use of signature device. No person shall knowingly access, alter, disclose, or use the signature device of a certification authority used to issue certificates without authorization, or in excess of lawful authorization, for the purpose of creating, or allowing or causing another person to create, an unauthorized electronic signature using such signature device. A person convicted of a violation of this Section shall be guilty of a Class 3 felony. A person who violates this Section in furtherance of any scheme or artifice to defraud shall be guilty of a Class 2 felony.
(Source: P.A. 90-759, eff. 7-1-99.)

5 ILCS 175/15-301

    (5 ILCS 175/15-301)
    Sec. 15-301. Trustworthy services. Except as conspicuously set forth in its certification practice statement, a certification authority and a person maintaining a repository must maintain its operations and perform its services in a trustworthy manner.
(Source: P.A. 90-759, eff. 7-1-99.)

5 ILCS 175/15-305

    (5 ILCS 175/15-305)
    Sec. 15-305. Disclosure.
    (a) For each certificate issued by a certification authority with the intention that it will be relied upon by third parties to verify digital signatures created by subscribers, a certification authority must publish or otherwise make available to the subscriber and all such relying parties:
        (1) its certification practice statement, if any,
    
applicable thereto; and
        (2) its certificate that identifies the certification
    
authority as a subscriber and that contains the public key corresponding to the private key used by the certification authority to digitally sign the certificate (its "certification authority certificate").
    (b) In the event of an occurrence that materially and adversely affects a certification authority's operations or system, its certification authority certificate, or any other aspect of its ability to operate in a trustworthy manner, the certification authority must act in accordance with procedures governing such an occurrence specified in its certification practice statement, or in the absence of such procedures, must use reasonable efforts to notify any persons that the certification authority knows might foreseeably be damaged as a result of such occurrence.
(Source: P.A. 90-759, eff. 7-1-99.)

5 ILCS 175/15-310

    (5 ILCS 175/15-310)
    Sec. 15-310. Issuance of a certificate. A certification authority may issue a certificate to a prospective subscriber for the purpose of allowing third parties to verify digital signatures created by the subscriber only after:
        (1) the certification authority has received a
    
request for issuance from the prospective subscriber; and
        (2) the certification authority has:
            (A) complied with all of the relevant practices
        
and procedures set forth in its applicable certification practice statement, if any; or
            (B) in the absence of a certification practice
        
statement addressing these issues, confirmed in a trustworthy manner that:
                (i) the prospective subscriber is the person
            
to be listed in the certificate to be issued;
                (ii) the information in the certificate to be
            
issued is accurate; and
                (iii) the prospective subscriber rightfully
            
holds a private key capable of creating a digital signature, and the public key to be listed in the certificate can be used to verify a digital signature affixed by such private key.
(Source: P.A. 90-759, eff. 7-1-99.)

5 ILCS 175/15-315

    (5 ILCS 175/15-315)
    Sec. 15-315. Representations upon issuance of certificate.
    (a) By issuing a certificate with the intention that it will be relied upon by third parties to verify digital signatures created by the subscriber, a certification authority represents to the subscriber, and to any person who reasonably relies on information contained in the certificate, in good faith and during its operational period, that:
        (1) the certification authority has processed,
    
approved, and issued, and will manage and revoke if necessary, the certificate in accordance with its applicable certification practice statement stated or incorporated by reference in the certificate or of which such person has notice, or in lieu thereof, in accordance with this Act or the law of the jurisdiction governing issuance of the certificate;
        (2) the certification authority has verified the
    
identity of the subscriber to the extent stated in the certificate or its applicable certification practice statement, or in lieu thereof, that the certification authority has verified the identity of the subscriber in a trustworthy manner;
        (3) the certification authority has verified that the
    
person requesting the certificate holds the private key corresponding to the public key listed in the certificate; and
        (4) except as conspicuously set forth in the
    
certificate or its applicable certification practice statement, to the certification authority's knowledge as of the date the certificate was issued, all other information in the certificate is accurate, and not materially misleading.
    (b) If a certification authority issued the certificate subject to the laws of another jurisdiction, the certification authority also makes all warranties and representations, if any, otherwise applicable under the law governing its issuance.
(Source: P.A. 90-759, eff. 7-1-99.)

5 ILCS 175/15-320

    (5 ILCS 175/15-320)
    Sec. 15-320. Revocation of a certificate.
    (a) During the operational period of a certificate, the certification authority that issued the certificate must revoke the certificate in accordance with the policies and procedures governing revocation specified in its applicable certification practice statement, or in the absence of such policies and procedures, as soon as possible after:
        (1) receiving a request for revocation by the
    
subscriber named in the certificate, and confirming that the person requesting revocation is the subscriber, or is an agent of the subscriber with authority to request the revocation;
        (2) receiving a certified copy of an individual
    
subscriber's death certificate, or upon confirming by other reliable evidence that the subscriber is dead;
        (3) being presented with documents effecting a
    
dissolution of a corporate subscriber, or confirmation by other evidence that the subscriber has been dissolved or has ceased to exist;
        (4) being served with an order requiring revocation
    
that was issued by a court of competent jurisdiction; or
        (5) confirmation by the certification authority that:
            (A) a material fact represented in the
        
certificate is false;
            (B) a material prerequisite to issuance of the
        
certificate was not satisfied;
            (C) the certification authority's private key or
        
system operations were compromised in a manner materially affecting the certificate's reliability; or
            (D) the subscriber's private key was compromised.
    (b) Upon effecting such a revocation, the certification authority must notify the subscriber and relying parties in accordance with the policies and procedures governing notice of revocation specified in its applicable certification practice statement, or in the absence of such policies and procedures, promptly notify the subscriber, promptly publish notice of the revocation in all repositories where the certification authority previously caused publication of the certificate, and otherwise disclose the fact of revocation on inquiry by a relying party.
(Source: P.A. 90-759, eff. 7-1-99.)