HTRI HASP Manual

4/8/01

This document is based on copyright information provided to HTRI by Aladdin

Knowledge Systems. HASP , TimeHASP , and NetHASP are trademarks of
Aladdin Knowledge Systems. All rights reserved.

HTRI software is protected with blue TimeHASP devices and red NetHASP devices.
TimeHASP devices protect your software investment on a standalone basis while the
NetHASP devices protect software access connected on a network. Both types of devices
are connected to the parallel printer port and can be daisy chained with a printer cable or
protection keys from other vendors.

Files Distributed On Media

----------------------------------

HTRI Software distribution media include several utilities for the HASP devices. They
can be found in the folder labeled "Net Disk" on the media root.

Folder: \Net Disk\NetHASP Configuration File Wizard

Contents This folder contains a utility that is used to generate a client
configuration file, NETHASP.INI, on computers that authenticate
against a NetHASP device. Normally, the NETHASP.INI file is not
required for client computers. You may need to create this file if you
wish to access a specific NETHASP device or encounter problems
connecting to a NETHASP device.

Folder: \Net Disk\NetHASP Device Drivers

Contents: This folder includes software necessary for the device to communicate
with the computer. This software is required for any computer on which
a HASP device is connected.

Folder: \Net Disk\NetHASP Diagnostic Tools

Contents: This folder includes a diagnostic tool that is used to troubleshoot and
diagnose HASP connections.

Folder: \Net Disk\NetHASP License Managers

Contents: This folder includes software necessary for network authentication.
This software must be installed on computers to which red NetHASP
devices are connected.

HASP Installation
----------------------

HTRI attempts to automate the installation process as much as possible. However, in

some cases, manual interaction is required. TimeHASP devices require installation of the
HASP device driver. NetHASP devices require installation of the HASP device driver
and license manager on the computer on which the device is attached.

TimeHASP Installation and Configuration

-----------------------------------------------------

The HTRI setup program automatically loads the latest tested device driver. However, it
might be necessary to update device drivers with versions released after HTRI software is
distributed or the device driver may need to be reinstalled. The latest device driver can
be obtained directly from Aladdin Knowledge Systems through the internet link listed
below.

http://www.aladdin.co.il/support/hasp/enduser.asp

The HASP device driver interfaces HASP-protected applications and the HASP. In other
words, protected applications communicate with the HASP through the HASP Device
Driver. The device driver is installed on Windows 95/98/ME and Windows NT/2000
computers through a program named HINSTALL.EXE.

Command: HINSTALL.EXE -i
Operation: Installs device driver.

Command: HINSTALL.EXE -computertype=NEC -i

Operation: Installs device driver on NEC computertype.

Command: HINSTALL.EXE -?
Operation: Views the full list of options available.

Command: HINSTALL.EXE -info

Operation: Queries the computer for resident device driver information.

Command: HINSTALL.EXE -r
Operation: Removes the resident device driver.

Command: HINSTALL.EXE -kp -r

Operation: Kills any process attached to the resident device driver and
removes the resident device driver.

The HASP Device Driver loads dynamically under Windows 95/98/ME if it has not been
previously installed on the computer. After HASP Device Driver installation, HASP
applications require that you reboot your system (one time only per station). The HASP
Device Driver loads dynamically as soon as the HASP is accessed following the system
reboot. If you install an upgraded version of the HASP Device Driver after running a
HASP-protected application, you must reboot your system in order for the new driver
version to load dynamically.
No reboot is required if the device driver is installed or updated on Windows NT4 or
Windows 2000.

NetHASP Installation and Configuration

---------------------------------------------------

NetHASP devices require installation of the device driver and license manager on the
computer on which the red NetHASP device is attached. No software installation is
required on the client computers. The only HTRI software that needs to be installed on
the computer that acts as the network key server are the device driver and license
manager. Because network configurations vary quite significantly from one enterprise to
another and the NetHASP is typically configured on one computer in a workgroup, the
HTRI setup program does not automatically configure the HASP software.

Installation and configuration of the NetHASP device is dependent on the network

system.

Windows 95/98/ME
--------------------------
1) Connect the red NetHASP device to the parallel port.

2) Locate the program LMSETUP.EXE in the folder "Net Disk\NetHASP License

Managers\Win32" on the distribution media.

3) Run LMSETUP.EXE.

4) Click Yes at the prompt.

5) Select the typical installation, custom installation (if you want to use command
line switches), or removal of the license manager.

6) Select the installation folder and program folder for the license manager.

7) Select the option to load the device driver.

Windows NT, Windows 2000

-------------------------------------
1) Connect the red NetHASP device to the parallel port.

2) Locate the program LMSETUP.EXE in the folder "Net Disk\NetHASP License

Managers\Win32" on the distribution media.

3) Run LMSETUP.EXE.

4) Click Yes at the prompt.

 5) Select typical installation if you want to manually load the license manager or
custom installation if you want to use command line switches. You also have the
option to install the NetHASP License Manager as a Windows NT service. HTRI
recommends loading the license manager as a Windows NT service through the
custom installation option.

6) Select the installation folder and program folder for the license manager.

7) Select the option to load the device driver.

Novell Netware
--------------------
1) Connect the red NetHASP device to the parallel port.

2) Copy HASPSERV.NLM to the system directory of the file server. The file is
located in the folder "\Net Disk\NetHASP License Managers\Novell on the
HTRI distribution media.

3) Load the NetHASP License Mangager (LM) by entering "load haspserv"

(without quotes).

4) Copy the above command into the autoexec file of the Netware server. It is
recommended to put it at the end of the file.

DOS
------
1) Connect the red NetHASP device to the parallel port.

2) Copy HASPSERV.EXE to the hard drive. The file is stored in the folder "Net
Disk\NetHASP License Managers\DOS" on the HTRI distribution media.

3) Run HASPSERV.EXE

Authentication and Operation

-------------------------------------

The most critical stage in NetHASP system installation is ensuring that the NetHASP
client (the station activating the protected application) finds the NetHASP License
Manager. A communication session can begin only after the NetHASP License Manager
is found.

The NetHASP automatic search lets you connect the NetHASP, load the NetHASP
License Manager, and activate the protected application, without any changes to the
NetHASP system or the environment in which it is installed. Nevertheless, the search
mechanism allows fine-tuning of the NetHASP system with simple client-server
adjustments. This is implemented by the NetHASP custom search.

Both the automatic and custom mechanisms are described below. An automatic search
takes place when the NetHASP client does not find a NetHASP configuration file (such
as nethasp.ini). The NetHASP-protected application then uses the following algorithm to
search for the NetHASP License Manager:

Begin
Detect the active communication protocols;

Loop up to 3 times on the procedure below:

1) perform a NetHASP LOGIN using the IPX protocol,

allow n seconds for success;
if LOGIN succeeds continue using IPX;
else
2) perform a NetHASP LOGIN using the TCP/IP protocol,
allow n seconds for success;
if LOGIN succeeds continue using TCP/IP;
else
3) perform a NetHASP LOGIN using the NetBIOS protocol;
if LOGIN succeeds continue using NetBIOS;
else
4) return beginning and double the value of n;

if all fails after the 3RD loop, return a NetHASP error.

End

Initially, when beginning the NetHASP search loop, n=2 seconds. Before following the
automatic search algorithm, the NetHASP system first checks which protocols are
installed, and performs only the relevant steps. For example, if only the TCP/IP protocol
is detected, only step 2 in the above algorithm is performed. It is performed up to 3 times
(if needed), doubling the value of n each time.

Automatic Search Under IPX

-------------------------------------
Under IPX the NetHASP system uses a SAP broadcast mechanism to automate the search
for the NetHASP License Manager. That is, the NetHASP client broadcasts, while all IPX
active NetHASP License Managers listen in. The first one to answer the client, enabling a
NetHASP login, provides the NetHASP services. With the automatic search under IPX,
clients and NetHASP License Managers on separate segments can communicate.

Automatic Search Under TCP/IP

-----------------------------------------
Under TCP/IP the NetHASP system uses a UDP broadcast mechanism to automate the
search for the NetHASP License Manager. That is, the NetHASP client broadcasts, while
all TCP/IP active NetHASP License Managers listen in. The first one to answer the client,
enabling a NetHASP login, provides the NetHASP services.

With the automatic search under TCP/IP, NetHASP clients cannot access NetHASP
License Managers which are located in other subnets or on the Internet. To cross
subnets/Internet you need to customize the search mechanism.

Automatic Search Under NetBios

------------------------------------------
Under NetBIOS the NetHASP system:

Does not limit the search to n seconds. The search time remains 4 to 6 seconds during
each segment of the loop.
Determines which lana numbers (communication channels) are in operation and uses
them for communication.
Uses the default NetHASP NetBIOS name ("AladdinHaspV012.0").

Under NetBIOS, the automatic search mechanism operates according to the application
type running on the NetHASP client:

Software searches on all detected lana numbers for a NetHASP key. That is, the search
does not end when a NetHASP License Manager answers, but rather when a NetHASP
License Manager with the right NetHASP key answers. The Win32 NetHASP License
Manager listens on all detected lana numbers.

Because communication on all detected lana numbers takes time, an attempt is made to
communicate on a single lana number per iteration session. If communication fails, the
next iteration session uses the next detected lana number. If more than three lana
numbers are detected and the algorithm loop terminates its three iterations, step (3) in the
algorithm is performed again using the remaining unchecked lana numbers.

NetHASP Custom Search

--------------------------------
Under various environments you might want or need to customize the NetHASP search
mechanism. This is done by setting keywords in the NetHASP configuration file (i.e. the
nethasp.ini file). The nethasp.inifile is read by the NetHASP client (the protected
application) to customize the search mechanism. If the NetHASP client finds a
nethasp.ini file, it reads it and uses the information. If not, an automatic search takes
place.

The "Net Disk\NetHASP Configuration File Wizard" folder on the HTRI distribution
media contains a utility, NHINIWIZ.EXE, that steps through a series of questions to
generate a base configuration file. No installation or setup is required to run the utility.
The utility can be copied to a local drive and invoked or it can be invoked off of the
distribution media.
The NetHASP client searches for the nethasp.ini file in the following locations:

Executable folder
Current folder (usually start directory specified in shortcut)
Windows system folder
Windows operating system folder
Folders in %PATH% environment variable

General Custom Search Block

--------------------------------------
You can change the initial value of n, the first search period in the NetHASP algorithm
loop, from its default value of 2 seconds.

To change the initial value of n:

In the [NH_COMMON] section, set NH_SESSION = <seconds>

where <seconds> is the desired initial search period. Setting the NH_SESSION keyword
in the NH_COMMON section, applies to all protocols. To set the session value for each
protocol independently, set the value of NH_SESSION in each protocol section
separately.

Custom Search Under IPX

---------------------------------
* The procedure for using broadcast services to locate the NetHASP is listed below.
1) Load the License Manager with the -ipx switch
2) Edit the NETHASP.INI file as follows:
* In the [NH_COMMON] section, set NH_IPX=Enabled
* In the [NH_IPX] section, set NH_USE_BROADCAST=Enabled
3) Copy the file to a location accessible by the application.

* The procedure for instructing the client to use the address file is listed below.
1) Load the License Manager with the -ipxnosap switch
2) Edit the NETHASP.INI file as follows:
* In the [NH_COMMON] section, set NH_IPX=Enabled
* In the [NH_IPX] section, set NH_USE_BROADCAST=Disabled
3) Copy the file to a location accessible by the application.

This causes the client to look for the address of the computer with the License Manager
in the newhaddr.dat file. Note that HTRI programs cannot use the Bindery to locate the
License Manager.

Custom Search Under TCP/IP

-------------------------------------
NetHASP will not cross most firewalls or packet filters. To support UDP most firewalls
use packet filtering, TCP connections can be supported with either proxies or packet
filtering. NetHASP uses port 475 for both TCP and UDP. To configure your firewall to
allow NetHASP to work, please consult your network administrator. The NetHASP
License Manager defaults to port number 475.

* The procedure for locating a computer with a specific IP address that acts as the
License Manger is listed below. This allows the client to cross subnets to contact the
NetHASP key server.
1) Load the License Manager using the -tcpip switch
2) Edit the NETHASP.INI file as follows:
* In the [NH_COMMON] section, set NH_TCPIP=Enabled
* In the [NH_TCPIP] section, set NH_TCPIP_METHOD=TCP
* In the [NH_TCPIP] section, set NH_SERVER_ADDR=ip address
of the key server
3) Copy the file to a location accessible by the application.

* The procedure for using a port besides 475 for TCP/IP authentication is listed below.
1) Load the License Manager with the -tcpip and portnum=<port number> switches
2) Edit the NETHASP.INI file as follows:
* In the [NH_TCPIP] section, set NH_PORT_NUMBER=<port number>
3) Copy the file to a location accessible by the application.

Custom Search Under NetBIOS

----------------------------------------
The NetBEUI protocol does not cross segments. If you are activating the protected
application in a NetBEUI environment, where the NetHASP License Manager and the
NetHASP clients are on separate segments, the NetHASP clients cannot find the
NetHASP License Manager. In this case, you need to load the IPX/SPX compatible
transport with NetBIOS and set it as the default protocol to enable the communication
to cross segments.

HASP Diagnostic Utility

------------------------------
There is a HASP diagnostic utility, AksDiag.exe, distributed on the HTRI distribution
media in the folder labeled "\Net Disk\NetHASP Diagnostic Tools" that can be used to
collect information regarding HASP authentication problems. HTRI recommends
running the utility to generate a report that can be sent by email to Technical Services
(support@htri.net).

AksDiag.exe is a setup program that installs the utility. The installation procedure is
listed below.

1) Invoke the AksDiag.exe program.

2) Select the 'Next' button at the Welcome dialog.
3) Specify the installation path to the utility and select the 'Next' button.
4) Specify whether you wish to save files replaced during installation to a backup
location. You can select the button labeled "Browse" to specify the location
 where replaced files will be stored. Select the 'Next' button.
5) Specify the location of the replaced files will be stored and select the 'Next'
button.
6) Select the 'Next' button to copy the files into the utility directory.
7) Select the 'Finish' button to close the installation program.

Generating a Diagnostic Report for HTRI Technical Services

-----------------------------------------------------------------------------
The procedure of generating a diagnostic report for troubleshooting is listed below. This
report can be sent to HTRI Technical Services as an aid in resolving HASP problems.

1) Launch the program, AksDiag.exe, installed as described above

2) Select the button labeled 'Create Report' in the main window.
3) The report is displayed in the Notepad program.
4) Select the "Save As..." menu item from the 'File' pull down menu.
5) Specify the storage location for the diagnostic file.

NetHASP Configuration Files

-------------------------------------
The NetHASP system implements two configuration files. The client configuration file,
NETHASP.INI is primarily used to direct the client to the key server. The server
configration file, NHSRV.INI, can be used to configure the license manager.

Detailed Discussion of Client Configuration File (NETHASP.INI)

-----------------------------------------------------------------------------------
The client configuration file consists of four sections as listed below.

[NH_COMMON] settings common to all protocols

[NH_IPX] settings specific to the IPX protocol
[NH_NETBIOS] settings specific to the NetBios protocol
[NH_TCPIP] settings specific to the TCP/IP protocol

There is a base NETHASP.INI file in the folder labeled "\Net Disk\NetHASP License
Managers" that includes the options that can be configured. Each line in the file begins
with a ';' mark indicating that the line is commented and inactive. The keywords in the
file are not case sensitive.

A complete listing of all configuration options is listed below.

[NH_COMMON] section

Keyword: NH_IPX
Possible values: enabled, disabled
Description Use the IPX protocol.

Keyword: NH_NETBIOS
 Possible values: enabled, disabled
Description: Use the NetBIOS protocol

Keyword: NH_TCPIP
Possible values: enabled, disabled
Description: Use the TCP/IP protocol

Keyword: NH_MACHINE
Possible values: IBM, NEC
Description: Set the type of computer from which the protected
application is activated.
Default: IBM

Keyword: NH_SESSION
Possible values: <number>
Description: Set the maximum length of time during which the
protected application tries to establish communication
with the NetHASP License Manager.
Default: 2 seconds

Keyword: NH_SEND_RCV
Possible values: <number>
Description: Set the maximum length of time for the NetHASP License
Manager to send or receive a packet.
Default: 1 second

[NH_IPX] section

Keyword: NH_USE_BINDERY
Possible values: enabled, disabled
Description: Use IPX with bindery. Ignored under Win32 API. This
switch replaces the older switch named NH_USE_SAP.
Default: disabled

Keyword: NH_USE_BROADCAST
Possible values: enabled, disabled
Description: Use the IPX Broadcast mechanism.
Default: enabled

Keyword: NH_BC_SOCKET_NUM
Possible values: <number>
Description: Set the socket number for the broadcast mechanism. The
number is hexadecimal.
Default: 7483H

Keyword: NH_USE_INT
 Possible values: 2F_NEW, 7A_OLD
Description: 2F_NEW means that the IPX protocol will use interrupt
2Fh ONLY. 7F_OLD means that the IPX protocol will
use interrupt 7Ah ONLY. disabled
Default: 2F_NEW

Keyword: NH_SERVER_NAME
Possible values: <name1>, <name2>,...
Description: Communicate with the NetHASP Server with the specified
name.
Maximum: 6 names, up to 7 case insensitive characters each.

Keyword: NH_SEARCH_METHOD
Possible values: localnet, internet
Description: Determine whether the protected application
communicates with only NetHASP License Managers on
the local network, or with any NetHASP License Manager
on the internetwork.
Default: internet

Keyword: NH_DATFILE_PATH
Possible values: <path>
Description: Specify the location of the NetHASP License Managers
address file.

[NH_NETBIOS] section

Keyword: NH_NBNAME
Possible values: <name>
Description: Assign a name to the NetHASP License Manager.
Maximum: 1 name, up to 8 case insensitive characters.

Keyword: NH_USELANANUM
Possible values: <number>
Description: Assign a lana number to be used as a communication
channel.

[NH_TCPIP] section

Keyword: NH_SERVER_ADDR
Possible values: <address1>, <address2>
Description: Set IP addresses of all the NetHASP License Managers
you want to search. Unlimited addresses and multiple
lines are possible.
Possible address format examples include:
IP address: 192.114.176.65
 Local hostname: ftp.aladdin.co.il

Keyword: NH_SERVER_NAME
Possible values: <name1>, <name2>,...
Description: Communicate with the NetHASP Server with the specified
name(s).
Maximum: 6 names, up to 7 case insensitive characters each.

Keyword: NH_PORT_NUMBER
Possible values: <number>
Description: Set the TCP/IP port number (optional).
Default: 475

Keyword: NH_TCPIP_METHOD
Possible values: TCP, UDP
Description: Send a TCP packet or a UDP packet.
Default: UDP

Keyword: NH_USE_BROADCAST
Possible values: enabled, disabled
Description: Use the UDP Broadcast mechanism.
Default: enabled

NetHASP License Manager Configuration File

-----------------------------------------------------------
In the NetHASP License Manager configuration file you can fine-tune settings for the
NetHASP License Manager. The filename of the NetHASP License Manager
configuration file is NHSRV.INI.

A copy of NHSRV.INI is included with the HASP utilities in the folder labeled "Net
Disk\NetHASP License Managers" on the HTRI distribution media. Each line in the file
begins with a ';' mark indicating that the line is commented and inactive.

A complete listing of all configuration options is listed below.

[NHS_SERVER] section

Keyword: NHS_IP_LIMIT
Possible values: <IpAddr>,<IpAddr>,...
Description: Specify the range of stations the NetHASP License
Manager serves. Applicable for the Win16 and Win32
License Managers.
For example: 10.1.1.1,10.1.1.*

Keyword: NHS_ADAPTER_IP
Possible values: <IpAddr-SubMask>,<IpAddr-SubMask>,...
 Description: Specify the IP address of one or more network cards to
which the NetHASP License Manager listens. Applicable
only to the Win32 License Manager.
For example: 10.1.1.111-255.255.0.0

Frequently Asked Questions

-----------------------------------

Question How can I determine whether a HASP Device Driver is

installed on my customers computer?

Answer Run hinstall /info. Hinstall displays installation status

information such as the HASP Device Driver installation
date and version number.

Question Does the HASP Device Driver support bi-directional

communication?

Answer Yes. The HASP Device Driver automatically recognizes

the settings of the parallel port and operates accordingly.
In cases where the HASP Device Driver cannot recognize
the parallel port settings, you can customize the Hinstall
utilities to instruct the HASP Device Driver to work according
to the parallel port configuration. The customization is
performed with the -portmode switch. For further information
about the -portmode switch, please refer to hdd.hlp stored
in the folder "\Net Disk\NetHASP Device Drivers" on the
program distribution media.

Question Does the HASP Device Driver load dynamically?

Answer Yes, under Windows NT/2000, the HASP Device Driver

loads dynamically. This means that you do not need to
reboot your system after installing the driver. Under
Windows 95/98/ME, the HASP Device Driver loads
automatically when it has not been installed on the computer
previously.

Question Do I have to install the HASP Device Driver on each computer

in my network that accesses the NetHASP key?

Answer No. The HASP Device Driver only needs to be installed

on the computer that acts as the NetHASP License Manager.