Skip to main content

Search this Site

DartPulse Alerts

Chrome Printing Issues

 

DartPulse Outages

Overall System Status:

Upcoming Scheduled Outages

New to Dartmouth?

Resources for:

Information Security

Connect with Computing

facebook twitter Wordpress Blog

Using eTokens

An eToken with a Public Key Infrastructure (PKI) security certificate provides two-factor authentication, thereby reducing the chances of someone being able to impersonate you. Someone would need both your eToken and your password in order to impersonate you when accessing systems that require eToken authentication.

eTokens allow you to access the Dartmouth Secure wireless network, identify (authenticate) yourself to some applications, digitally sign e-mail and other electronic documents and transactions, encrypt data traffic (either on-campus wireless using 802.1x or all traffic when off campus using VPN), and encrypt e-mail and other documents to prevent unauthorized access (note: this is risky because if you lose your key, there is no recovery).

Note: If you have an eToken, you do not need to download a private software certificate to your machine because a certificate will be added to your eToken when it is created for you.

Also see:

About eTokens

An eToken is a device that plugs into a USB port on your computer. It is designed to hold a Public Key Infrastructure (PKI) security certificate, which is an electronic certificate that uniquely identifies individuals to computers. A rough analogy would be that an eToken is part of an electronic Identification Card that is completed or enabled when you enter your password. The eToken is about the size of a house key and can be kept on your key ring.

Top of page

Obtaining an eToken

Students can purchase an eToken from The Computer Store, located in the lower level of McNutt Hall.

Faculty and staff should contact the IT Call Center at 646-2999, or call your department's IT support office for more information on getting an eToken.

Installing the eToken Software

The Aladdin eToken software must be installed for your eToken to work on a computer. Version 5.0 of the Aladdin eToken for Windows package works with Windows 2000, XP, Vista, and Windows 7. Aladdin eTokens are interchangeable across Windows, the Macintosh, and Linux computers when using this software.

  1. Before you install a new eToken, you should remove the old one: go to Start, Settings, then Control Panel. Click the Add or Remove Programs link. Scroll down to the eToken entry, click once on it to highlight it, then click the Remove button.
  2. To install the driver and eToken applications, double-click the installer to run it. Accept all the default settings.

Download the Aladdin eToken Software for Windows

Top of page

Configuring Your Web Browser

Regardless of which browser you use, you will need to have the Dartmouth Root Certificate installed on your computer. If the Dartmouth Root Certificate has not already been installed on your computer, see the instructions for Acquiring the Dartmouth Root Certificate.

Acquiring a Private Certificate

To obtain an eToken and have the electronic certificate installed on your eToken, you must first purchase one from Computing Sales and Service at 001 McNutt Hall. After purchasing the eToken, go to the IT Walk-in Center in 178J Berry Library. Everyone needing a certificate on their eToken will need to show their Dartmouth I.D. card or other form of picture identification, such as a driver's license or passport, to verify that you are the person whose name is going to be put on the eToken.

Your eToken password is important. For help with selecting a good password, see Selecting a Password. If you want to change the password on your eToken sometime in the future, go to the eToken Properties application in your Programs or Applications listing and change it, but be sure to keep the password strong. This does not affect the value of the private key on the eToken, just access to the other information on the eToken.

Top of page

Acquiring the Dartmouth Root Certificate

To use your personal certificate, you may also need to install the Dartmouth Root Certificate in your web browser’s certificate store. This root certificate helps your computer determine whether Dartmouth-issued certificates are trustworthy.

Go to the Dartmouth Root CA web page and follow the instructions below, depending on which browser and operating system you are using. Note: if you use Firefox or Netscape, you have to import the root certificate for each browser.

Internet Explorer for Windows

Under the "Download certificates" section of the Dartmouth Root CA web page, click the Dartmouth CertAuth1 CA (Dartmouth Root CA) link. A File Download window will open. Click Open, then Install Certificate, then Next, Next, and Finish. You will get a pop-up box that says, "The import was successful." Click OK to close the pop-up box, then OK to close the Certificate Import box.

Firefox and Netscape for Windows

Under the "Download certificates" section of the Dartmouth Root CA web page, click the Dartmouth CertAuth1 CA (Dartmouth Root CA) link. A Downloading Certificate box will open. Put a check mark beside each of the three options in the center of the box, then click OK.

Top of page

Using Your eToken

For normal use, insert the eToken into a USB port on your computer before you start your applications. The red LED light on the eToken will flash while loading, then stay on once loaded. When an individual application requires the use of a certificate in the eToken, a box will appear asking for the password for the eToken. Each separate application requires entering the password to unlock your certificate on the eToken. Most applications will only ask for the password once per session.

When you are finished using your eToken, simply unplug it from the computer’s USB port.

You will select a password when configuring the eToken. It is not related to any other password, and should be different from your DND password. Do not forget the password or enter the wrong password more than 15 times in a row. If you do, the eToken will become unusable and require reformatting (you will need to go to the IT Walk-in Center to have it reformatted, or you can contact your department's IT support office). This is a security feature that prevents misuse of lost or stolen eTokens. You may, however, change the password by using the Aladdin eToken Properties program, which has to be installed on your computer for the eToken to work.

Helpful hints:

  • eTokens can be used to log in to the Windows operating system, but only if you are a member of the Kiewit.dartmouth.edu Active Directory domain. Students typically are not Active Directory members, but faculty and staff are. To use it, start your computer and when it asks for an eToken, insert it. You will then see an eToken password screen, and from there, your computer will start up. If you do not want to use it, just use the standard [Ctl+Alt+Del] keys to get to the login screen.
  • If the USB slot is in an inconvenient location on your computer, USB extension cables are available at The Computer Store in 001 McNutt Hall. If you do not have a USB slot or you run multiple computers, the IT Call Center can assist you.
  • Occasionally, laptops may not provide enough power to their USB ports to operate the eToken. In this case, the LED on the eToken will not light up and the computer will not recognize the device is present. To solve the problem, get an external USB hub that uses an independent power supply.
  • We do not recommend you encrypt e-mail messages or files with your eToken as you may lose the ability to decrypt that data if you lose your eToken or your eToken fails.

Top of page

What Can Be Done with an eToken

With your eToken, you can:

  • Access the Dartmouth Secure wireless network.
  • Access protected web pages or central systems that are protected by eToken access. Currently, BannerStudent and Blackboard allow, but do not require, eToken access.
  • Get VPN access while on or off campus with the Juniper VPN.
  • Sign your e-mail using your Dartmouth PKI certificate that is stored on your hardware token.
  • Encrypt your e-mail with your PKI certificate. Using your eToken for this can be risky, because if you lose your eToken, you may not be able to read any of the encrypted e-mail in your In Box. But, it is quite useful to send somebody a quick note with a password or a note that does not need to be preserved.

Note: Both of the above e-mail applications (sign and encrypt) will work on Macintosh computers. You just need an S/MIME compatible e-mail client, such as Thunderbird or Safari. The BlitzMail client on Windows is not S/MIME compatible at this time.

Maintaining Your eToken

You can use the Aladdin eToken Properties application to change your eToken's password or name, to view the contents of your eToken, and remove keys and certificates from it. If it is not already on your computer, you can download it from the web; see Aladdin eToken Runtime Environment.

If you remove your certificate from your eToken, a new certificate can be installed for you onto your eToken; please visit the It Walk-in Center in 178J Berry Library, contact the IT Call Center at 646-2999, or call your department's IT support office.

Note: Any e-mail messages or files encrypted with the previous certificate may no longer be able to be decrypted. We recommend you only encrypt a file if you have an unencrypted backup or you do not care whether you lose the document, or if you have a backup of your private key. An example of using encryption might be sending somebody a password; you don't care if you lose your encrypted copy as you can make another and send it.

Try not to get the eToken wet or dirty. If it gets wet, dry it out before using it.

Top of page

Last Updated: 2/6/13