To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://management.silicon.com/government/0,39024677,39131128,00.htm

Police get 'smart' warrant cards
Case study: cops use smartcards to access offices and systems

By Steve Ranger

Published: Friday 10 June 2005

Hampshire Police has rolled out 6,500 smartcards to officers and staff for access to its offices and IT systems.

The force is using the smartcards to tighten up access to IT systems by eliminating weak passwords and account sharing, and will also save money by reducing calls to the helpdesk asking for password resets.

Steve Gover, IT service project manager at Hampshire Police, said there are national and local drivers behind the move to smartcards.

At the national level the Unified Police Security Architecture (UPSA) guidelines are demanding better security, and following the Bichard Inquiry there is a drive to get police forces more joined up from the information perspective, he said.

"Strong two-factor authentication is one of the key requirements of the UPSA," said Gover. "What we decided to do was go down the smartcard route and integrate physical access control with access into force information systems. We are ahead of the game nationally."

The force had already deployed smartcards for secure access to police offices, so it looked like a good extension to use them for logical access, Gover said.

The force had to give all officers a new warrant card which doubled as a smartcard. "It serves as a visual identification and the chip also holds the credentials they need to access the force network. We had to give every officer a new warrant card," Gover said.

The force has also just completed rolling out the cards to partner agencies such as the Crown Prosecution Service so that they can access police systems.

But the force is not going to use biometrics with the smartcards: "We looked at that but we didn't think it was something that is robust enough or will have high availability for five to 10 years. The product is not really quite mature enough yet. It's something that we will keep an eye on as something that will develop in the future as another security layer," Gover said.

The force aims to get a return on the £500,000 spent on the project - based on technology from ActivCard - over about two years.

Gover said the next steps will include looking to use some of the self-service functionality in the system so that if officers lock themselves out they can reset their passwords without calls to the helpdesk.

Before the smartcards were introduced around 40 per cent of calls to the helpdesk were requests for password resets.

"We've already cut the calls we get to the helpdesk. What we are going to do now will reduce the calls further," added Gover.