Aladdin's eToken is simply a USB device for storing an identity certificate, which, in my case, was issued from Thawte.
The eToken fits nicely on a keychain and is plugged into a USB port of the workstation or laptop. In order for the eToken to work, a program called eToken Run Time Environment must be installed on the computer that the eToken is going to be used on. Without eToken Run Time Environment, Windows will not recognize the eToken.

With eToken Run Time Environment, you can load your digital certificate onto the eToken and be nearly portable. After you've installed your digital certificate onto the eToken, you will likely not need to use the eToken Run Time Environment ever again.

However, unfortunately, the eToken Pro, which is shown above, and which is the unit I am using, only holds 16kb of information. Yes, 16kb! Thus, if you wish to take the eToken on the road with you and use it on a computer, say your aunt or at an internet cafe, you will need to have some other method of installing the eToken Run Time Environment because, as mentioned, the eToken RTE must be installed on the computer in order for the eToken to work. The RTE is the management tool for the eToken properties.

Given this constraint, I imagine most individuals using this device will likely do as I do and use their eToken on their workstation at their job and also on their computer at home. Although I wish it were more portable, I can understand some of the constraints involved in the process and I recognize that, at this point, I actually do not need to use my certified identity every place I go. For those reasons, I can accept this shortcoming.

Moreover, I'm rather assured that since there is required software in order to interact with the eToken the information stored therein is actually safer. Unlike other USB devices, the eToken does not show up automatically as a drive in the Windows Browser. Hackers would have to first hack the eToken Run Time Environment in order to get at the information contained on the eToken. They might also take the device apart, but Aladdin has made this rather difficult, for obvious reasons.

Aladdin offers a couple of programs that actually can fit on the 16 kilobyte eToken. And these programs are appear to be quite brilliant! I've got to admit, however, that I've only tested out one — the Web Sign-On (WSO). If anyone has experience with the other programs (i.e. Secure Network Logon (GINA API), Simple Sign-On (SSO)), please let me know as I would love to have reason to push for expanded use around my organization.

With Web Sign-On, a user's single sign-on to the WSO will grant access to the logon credentials of the websites that you save into the WSO/eToken. Web Sign On is similar to the save password feature built into most browsers nowadays, but the WSO is much more secure since the credentials remain on the eToken, not on the workstation. WSO also acts as a bookmark repository for these sites. However, like the eToken Run Time Environment, WSO must be installed on the computer; it does not run from the eToken itself.

Currently, I have saved my logon credentials for fifteen websites in WSO, including my Blogger online logon. If I have not reached the maximum number of saved sites, I know I am very close to the limit because I have already had to delete one or two. Being able to surf to those sites that I frequently visit but no longer have to log on to each time I visit them is, well, very cool.

Related postings:
Securing Your Email
Internet Explorer 7 Beta
Troubleshooting eToken

Advertisements